Skype / Social apps privacy update

I searched the forum for info on privacy in Skype but couldn't find anything recent. What is known about the privacy of the current versions. Are there backdoors? Is it possible to read contents through Deep Packet inspection at the ISP level or somewhere else across networks?

How about Facebook? How secure are facebook chat and messaging?

Thanks

 

Granted I'm not an expert, but I haven't heard anything negative about Skype security. Skype is encrypted end-to-end so no, no packet sniffing isn't going to be effective. I seem to remember a couple years ago some LEA somewhere were almost demanding that Skype Corporate install a backdoor for LEA use, but I'm pretty sure it wasn't done.

Facebook in and of itself is not secure, so I doubt its chat and messaging is. Face it, its a social networking site, assume everything entered in any facebook page is public, because as we've seen over the past few years.. it probably is.

 

I wouldn't be so sure about Skype.

This one: http://www.securityfocus.com/columnists/357

Owned by Ebay/ Paypal who generously share information.

The Skype protocol is closed-source.

Plenty of posts on the internet suggest there are backdoors or something similar.

I don't know about Facebook. But given its privacy issues I wouldn't trust it.

 

Skype I guess is located in Luxembourg. I wonder what that means as far as privacy and data retention laws?? Who knows?

There may or may not be some kind of back door. But if you sign up while connected to Xerobank, don't give them any personal info, and never connect unless through Xerobank, I don't see how they could ever know who you are. They may be able to get the conversations though. But hopefully not just casually. I mean I would assume that there would have to be some kind of legitimate warrant or something, but you never know. I wish Xerobank would create a VOIP service. That would be pretty cool.

 

Saying there's a backdoor in Skype makes about as much sense as saying there's a backdoor in Windows. Also as stated above, voice conversations are encrypted. But I have no clue about text conversations.

 

Are you saying that both obviously have backdoors, or that neither does?

Encryption means nothing if the keys/certificates aren't secure.

 

Guess.

What? They are unique per login identity.

 

No idea what you are thinking, how should I? OK, you give some hints. But where is the proof? To me it's not clear at all. Any cryptanalysis you could show us? There are hundreds of ways to create a backdoor, no matter how secure the crypto itself or the key exchange on paper. Most backdoors and more importantly bugs are in the implementation, not the maths. Even if all is true and secure, you use their proprietary client and their infrastructure. What's stopping Skype to flip a switch on a case to case basis and remotely override all the privacy protection?
In defense of your position, there's also no proof of the contrary, only rumors. You are the one to make definite claims however, it's your turn to prove them.

Or am I misunderstanding you and your seriously claim there's a backdoor in Windows?
(Well, technically there is, it's called Windows Update, but they'd never use it for anything like that. It would be the end of a multibillion dollar empire, not worth it whatever big target you are.)


Found a bit technical analysis: http://www.secdev.org/conf/skype_BHEU06.pdf
Supports my point: We don't know. You need to trust them, if you don't trust Skype Inc don't use them for sensitive communication.
I'd recommend GPG.

 

Thanks for the replies. Skype's encryption appears to be secure and I'm sure it is as there are several sources on the web that have examined and evaluated. I've also seen cases of governments (Italy and Germany) publically asking for some sort of access. I suppose however, that if a government gave ebay a compelling reason, e.g. give us a backdoor or we ban your services in our country, then that government might get some sort of backdoor that can be used under the proper legal scenario. such a backdoor would let them listen to communications, read chats etc. Such backdoors could also easily be abused.

Re: Facebook, yes, I guess since even the login is not ssl encrypted, we can't hope for much there. Maybe it is all http traffic.

How about google chat inside of gmail. If the appropriate settings are used (all https, unlogged chat) I've heard that it can be quite secure. any comments on that?

 

It is, but it's not forced.
https://login.facebook.com/login.php

 

Thanks elapsed, I'll have to try that. I guess it's too much to hope for that the whole session is encrypted.

re: Skype: Chats are encrypted too.

@caspian: I suppose that if they knew your skype username (gotten by searching on your email or looking for other names you commonly use) and they have a backdoor, they could listen in on your conversation.

It's really interesting to see which topics in this forum get attention. Social Media, skype, IM are all gaping privacy chasms and this thread only gets a fraction of the attention of VPNs - which are only of limited protection when using the social stuff.

It seems like Facebook's achille's heel is aleady apparent and it's called privacy. what number of facebook users over the age of 21 wouldn't jump ship immediately and go to another social media app that was designed with privacy and mind + had equal or better usability and sociability as facebook?

 

No one should trust FACEBOOK!

Its just a data mining ground!!!!!

 

Designing that and then still coming up with a sustainable business model is a lot harder than it might sound.
Technically we'd need an open source decentralized system based on strong transparent encryption and PKI. We already have some very secure systems but they are completely lacking in terms of ease of use and marketing.

Seems to me the demand isn't there yet.