Is Skype a security risk that endangers your privacy?

Is Skype a security risk that endangers your privacy?.

-- Tom

 

rather than the tool itself it is the one that abuses it that is the threat

 

Chinese spying on Skype was confirmed in 2008 by Skype themselves, where subsequently it was admitted their chinese "partner" corporation TOM would act as censor for unpleasant ideas. On one hand it is amazing how determined some corporations are to reach China, and on the other hand how much integrity they are willing to compromise to get there.

 

I've never trusted Skype and I think anyone who uses it for really sensitive communications (dissidents in oppressive regimes, for instance) is an idiot. It's closed source, for one, so decompiling it and thoroughly examining it would be next to impossible. Some reverse engineering has been done, but such analysis cannot provide much assurance as to the presence (or lack thereof) of a backdoor.

The Austrians have also confirmed that Skype is "no problem" for them as well.

And as for pandering to oppressive regimes, Microsoft is the latest player to throw their hat into that ring. I am not one to talk about "evil corporations" as has become so popular among youth of today, but in this instance I can make an exception. Do these people have no principles? How can one sleep at night knowing they may be putting lives at risk all for a dollar?

 

People these days are probably watching TV and uncensored videos in the internet. -__- These guys need to step up, they even began to lack focus in school.

 

The usuall chronomatic rant about closed source, productive input.

I guess I'll make him happy by saying Mumble is probably the most secure you're going to get, but it isn't peer-to-peer. No one has access to your certificate (like the Skype owners do) and also since it's a constant bit rate stream, doesn't suffer from the theorized "variable bit rate prediction" flaw.

Also, Mumble is open source, so naturally, it's better than everything else.

 

Let's stop and think about this for a moment, look at how big Skype is.

If Skype was doing something that could be proven as placing in their own backdoor and dropping in on conversations and spying, Skype would have one of the biggest lawsuits on their hands you've ever seen probably in Internet history.

I too as an advocate of OpenSource have spewed this nonsense in the past about trusting Skype and to be honest I think it would be foolish to consider the size of this company doing something illegal.

For one, the Chinese put a backdoor in Skype all on their own, this had nothing to do with Skype themselves participating in this, that is down right absurd to think otherwise...

So we really need to look at this with some level of intelligence, talking about not trusting Skype because we think they are spying on us at this point in time, without any hard facts to back up Skype's illegal participation is foolishness.

So does anyone have any facts to backup their paranoia?

Believe me I would truly love to have a open source alternative that was a good as Skype but there is none.

Also if Skype did put a backdoor in on their own, then where are the greatest hacking minds of our time at, who have not hacked this code to reveal it to us?

Don't you think that would be one great prize for the hacker community to reveal to the world?

 

What's wrong with Mumble posted by elapsed ?

 

Well the fact is, we're sitting here saying, or thinking that a company as big as Skype has a backdoor/trojan built into Skype...

I think it's a bit absurd for the moment to think this, until some hacks the program and shows us otherwise...

 

Woo I haven't been paying attention to the news, I will certainly not care to use Skype if it becomes a M$ product, I think this is even worse news for Skype users around the world, but then again the average consumer could care less about all of this...

The world really needs a serious open-source alternative to Skype....

HELLO CANONICAL!

 

Yes please. Buy it, get rid of the dumb advertisements (that even use flash ) and build it into Windows 8 with proper support for the latest anti-exploit technologies so it doesn't crash when I add it to EMET.

 

Well MS is buying it so your worries should be over...


http://www.bbc.co.uk/news/business-13343600

 

https://www.wilderssecurity.com/showthread.php?t=298926

 

I just gave you a link, no need to give me a link back, hehe...


CHEERS

 

Skype Security: Flaws

A friend asked me to find a video or web chat software that can't be dropped in on.
So far, Skype looks pretty evil to me, won't be recommending them.

 

i'm no big fan of Big Brother but really, i am not that important enough to warrant surveillance.

they can forward all my boring Skype conversations with my relatives to the NSA for all i care.

'1984' is here, Big Brother is watching, and you better get confortable with the idea.
that's the price we have to pay when we live in a world where anyone can learn to make bio-chemical-nuclear weapons on the 'net.

you too, in times, will learn to love the 'machine'.

 

I hate having a program like Skype on my computer. But I have to.

EMET helps, though I have to turn EAF off. No biggy there.

 

True but the average joe user has no idea.

 

Yes and now that Microsoft owns it,i wouldnt wanna use it!!!

 

but you are using Windows, aren't you?

 

Skype and any voip that doesn't use ZRTP is useless IMO. I only use VOIP system's that use proven and secure encryption methods and are opensource or have been reviewed.

I have had a similar experience with Skype and haven't used it since. What I have been using are RedPhone on android (by Moxie/Whispersys) and Jitsi on Mac/Linux both use ZRTP and have anti-MITM features. Redphone doesn't use VBR not sure about Jitsi I haven't looked into it much yet.

There are plenty of other ways to do this like setting up a PBX server with ZRTP or using a VPN or even a combination of both. For work I use a PBX + VPN for double encryption.

Personally MS buying Skype is a mistake for Skype especially after the patent MS filed for intercepting VOIP communications.

 

Off topic, but can you say more about using EMET? I installed EMET 2.0 some time ago but didn't configure it. I just updated to 2.1 and see that most of the features are "opt in" by default. Do you "opt in" all of your internet facing apps? I have DEP On for all apps, but not all the other features. Regarding compatibility how do you figure out which features are safe to enable for a specific application?

 

There are dedicated threads for EMET you can participate in.

 

Quite right - I should have asked for a link, and in case others are interested:

https://www.wilderssecurity.com/showthread.php?t=289086&highlight=EMET