skype security

Discussion in 'privacy technology' started by tehit, Jan 12, 2012.

Thread Status:
Not open for further replies.
  1. tehit

    tehit Registered Member

    Joined:
    Nov 17, 2004
    Posts:
    14
    when logging into skype I suppose you are sending usn and pass in text form unless in skype options you set a https proxy(if your provider offers one)?
    Are there any free https available for this purpose and what if prior to skype you fire up vidalia+tor and put 127.0.0.1/8118 in skype options?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Did you check that skype is sending info in clear (use a sniffer like wireshark)? I don't think it does. Everything is encrypted.
     
  3. tehit

    tehit Registered Member

    Joined:
    Nov 17, 2004
    Posts:
    14
    even if not in text form surely it can be skype decrypted by someone who wants to listen in to your conversation?
    what is https proxy in skype options for anyway and what about inputting tor?
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Skype encryption is proprietary and they are now owned by MS. MS filed a patent for technology that intercepts all VOIP traffic. Connect the dots.

    PD
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    I have often wondered if there is "third party" software encryption that you could employ and use via Skype. Sort of like having encryption on a cellphone. Especially an open source "known" product.

    If such a product existed and then both parties accessed Skype via vpn tunnels you would think the communication was "under the radar", along with the physical position of the two parties.

    I certainly have no use for something of the "stealth" level. Its simply fun to imagine the possibilities. Truth be told, noticing that level of stealth would likely make you a big target going forward.

    Just a thought.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If you had some way to encrypt it on your end and decrypt it on theirs, sure. But both users would need to have that program installed.

    Skype already encrypts though.
     
  7. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    I haven't tried this, but I should think it would be possible to connect via VPN first which would change your IP/location and then run Skype...?
     
  8. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Everything in Skype is encrypted. Logging in, sending text, sending files, sending video, sending voice.
     
  9. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Skype uses AES-256 encryption....but....is owned by Microsoft. User public keys are certified by the Microsoft-owned Skype servers.

    I wouldn't use Skype.

    There are a few really good alternatives. I'll list them later.
     
  10. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Please do. Right now I use Hamachi with a VOIP/Video program from NCH. It allows calling an IP, which in this case is the Hamachi 5.x.x.x.x addresses.

    I'm looking at LinPhone and Jitsi (both cross platform) but need to find out if there is a basic SIP Server (easy, not Asterisk) that I can run on Server 2008R2. LinPhone offer free SIP registration as well and the application level ZRTP/SRTP may be good enough...still researching.

    That MS patent should make anyone run from Skype as fast as possible...AES-256 or not. They *want* to MITM it.

    P
     
  11. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Really? Why would Microsoft care?
     
  12. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Look, I'm not going to try to convince people to think one way or another, but some of us want our private communication to be just that...private.

    That MS patent does one thing...it has 'Intercept' in it's name for a reason. It's a Man in the Middle agent. As far as the 'Legal' part, color me skeptical after the 100's of thousands of National Security Letter violations that have taken place in the last 10 years, thanks to section 215 of the PATRIOT Act.

    Maybe you're fine with that, cool, rock on. People like me are not. Do you support key escrow for PGP? Why does MS care? Money. When you're on Big Gov's side, you make more money (and get less law suits filed against you), than when you're not on their side.

    The following link is the distance between a brand new MS data center, and a national intelligence agency annex:

    https://maps.google.com/maps?saddr=...xIe-imBLLBd7UJchjF2PHEbIJCBwA&mra=pd&t=h&z=13


    And some more links that must just be coincidence when discussing Microsoft and 'privacy'.


    http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/

    http://www.wired.com/threatlevel/2010/02/microsoft-cryptome/

    https://www.networkworld.com/community/blog/microsoft-spying-users-free

    https://www.networkworld.com/community/blog/microsoft-patent-may-ruin-skype-may-make-voip

    http://www.conceivablytech.com/8108/products/microsoft-may-add-eavesdropping-to-skype

    PD
     
  13. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Thanks for the links. I can't say any of it surprises me, but I wasn't specifically aware of how Microsoft participates in the government surveillance machine. I'm not fine with it, but the big picture is complex and trying to live under the radar is difficult if not impossible especially if you want to use the internet. Still, I admire that some people try.
     
  14. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Pauly, I think you have misread my posts. I agree with you 100%. I said I wouldn't trust Skype with the MS situation. They own the servers. I was supporting what you wrote. If you've read much from me at all, you'll know I am one of the fiercest privacy advocates here.
     
  15. addi6584

    addi6584 Registered Member

    Joined:
    Jan 3, 2012
    Posts:
    58
    Location:
    United States
    look into using ZRTP.
    http://www.voip-info.org/wiki/view/ZRTP

    jitsi.org for win and linux comes with the GNU implementation of ZRTP

    skype does NOT support ZRTP. I am note sure of the pros and cons of running skype through a vpn but conceivably you could make intercepting the traffic more difficult if MS does in fact have a way to capture it etc.
     
  16. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    The biggest way to put a dent in Microsoft's pocket is to simply not support their products, use them and use an alternative OS like Linux...

    The less people use M$ the better off! :thumb:
     
  17. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Sorry Lock, that reply was for Victek, we're good! :D

    Spot on Das, I went full time to Ubuntu because of this very patent and the data center location. Read James Bamford's 'Shadow Factory'. The writing is on the wall, but most non-Wilders type people refuse to read it.

    PD
     
  18. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    What do you see as a practical response?
     
  19. tehit

    tehit Registered Member

    Joined:
    Nov 17, 2004
    Posts:
    14
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
  21. addi6584

    addi6584 Registered Member

    Joined:
    Jan 3, 2012
    Posts:
    58
    Location:
    United States
    yes its encrypted however no one knows what method of encryption they're using. furthermore the links above indicate pretty big intent to circumvent whatever encryption is is being used.

    thus ZRTP is probably the best option for voip communication tunneled through a vpn. you could setup your own vpn server and have your peers vpn into you assuming you have the bandwidth with a ZRTP enabled phone/softphone, You'd have a pretty nice direct connection that way and it's encrypted twice while being able to monitor for man in the middle attacks.
     
  22. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    ot post removed. As the question is more or less answered and with some suggestions for alternative software this thread is closed.
     
Loading...
Thread Status:
Not open for further replies.