when logging into skype I suppose you are sending usn and pass in text form unless in skype options you set a https proxy(if your provider offers one)? Are there any free https available for this purpose and what if prior to skype you fire up vidalia+tor and put 127.0.0.1/8118 in skype options?
Did you check that skype is sending info in clear (use a sniffer like wireshark)? I don't think it does. Everything is encrypted.
even if not in text form surely it can be skype decrypted by someone who wants to listen in to your conversation? what is https proxy in skype options for anyway and what about inputting tor?
Skype encryption is proprietary and they are now owned by MS. MS filed a patent for technology that intercepts all VOIP traffic. Connect the dots. PD
I have often wondered if there is "third party" software encryption that you could employ and use via Skype. Sort of like having encryption on a cellphone. Especially an open source "known" product. If such a product existed and then both parties accessed Skype via vpn tunnels you would think the communication was "under the radar", along with the physical position of the two parties. I certainly have no use for something of the "stealth" level. Its simply fun to imagine the possibilities. Truth be told, noticing that level of stealth would likely make you a big target going forward. Just a thought.
If you had some way to encrypt it on your end and decrypt it on theirs, sure. But both users would need to have that program installed. Skype already encrypts though.
I haven't tried this, but I should think it would be possible to connect via VPN first which would change your IP/location and then run Skype...?
Everything in Skype is encrypted. Logging in, sending text, sending files, sending video, sending voice.
Skype uses AES-256 encryption....but....is owned by Microsoft. User public keys are certified by the Microsoft-owned Skype servers. I wouldn't use Skype. There are a few really good alternatives. I'll list them later.
Please do. Right now I use Hamachi with a VOIP/Video program from NCH. It allows calling an IP, which in this case is the Hamachi 5.x.x.x.x addresses. I'm looking at LinPhone and Jitsi (both cross platform) but need to find out if there is a basic SIP Server (easy, not Asterisk) that I can run on Server 2008R2. LinPhone offer free SIP registration as well and the application level ZRTP/SRTP may be good enough...still researching. That MS patent should make anyone run from Skype as fast as possible...AES-256 or not. They *want* to MITM it. P
Look, I'm not going to try to convince people to think one way or another, but some of us want our private communication to be just that...private. That MS patent does one thing...it has 'Intercept' in it's name for a reason. It's a Man in the Middle agent. As far as the 'Legal' part, color me skeptical after the 100's of thousands of National Security Letter violations that have taken place in the last 10 years, thanks to section 215 of the PATRIOT Act. Maybe you're fine with that, cool, rock on. People like me are not. Do you support key escrow for PGP? Why does MS care? Money. When you're on Big Gov's side, you make more money (and get less law suits filed against you), than when you're not on their side. The following link is the distance between a brand new MS data center, and a national intelligence agency annex: https://maps.google.com/maps?saddr=...xIe-imBLLBd7UJchjF2PHEbIJCBwA&mra=pd&t=h&z=13 And some more links that must just be coincidence when discussing Microsoft and 'privacy'. http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/ http://www.wired.com/threatlevel/2010/02/microsoft-cryptome/ https://www.networkworld.com/community/blog/microsoft-spying-users-free https://www.networkworld.com/community/blog/microsoft-patent-may-ruin-skype-may-make-voip http://www.conceivablytech.com/8108/products/microsoft-may-add-eavesdropping-to-skype PD
Thanks for the links. I can't say any of it surprises me, but I wasn't specifically aware of how Microsoft participates in the government surveillance machine. I'm not fine with it, but the big picture is complex and trying to live under the radar is difficult if not impossible especially if you want to use the internet. Still, I admire that some people try.
Pauly, I think you have misread my posts. I agree with you 100%. I said I wouldn't trust Skype with the MS situation. They own the servers. I was supporting what you wrote. If you've read much from me at all, you'll know I am one of the fiercest privacy advocates here.
look into using ZRTP. http://www.voip-info.org/wiki/view/ZRTP jitsi.org for win and linux comes with the GNU implementation of ZRTP skype does NOT support ZRTP. I am note sure of the pros and cons of running skype through a vpn but conceivably you could make intercepting the traffic more difficult if MS does in fact have a way to capture it etc.
The biggest way to put a dent in Microsoft's pocket is to simply not support their products, use them and use an alternative OS like Linux... The less people use M$ the better off!
Sorry Lock, that reply was for Victek, we're good! Spot on Das, I went full time to Ubuntu because of this very patent and the data center location. Read James Bamford's 'Shadow Factory'. The writing is on the wall, but most non-Wilders type people refuse to read it. PD
for the time being is there a way to login into skype program by logging in at https://login.skype.com/account/login-form?return_url=https://secure.skype.com/account/login ? Tryed skype with tor in https but did not notice any audio/video slowdown so I suppose it did not use the tor network
yes its encrypted however no one knows what method of encryption they're using. furthermore the links above indicate pretty big intent to circumvent whatever encryption is is being used. thus ZRTP is probably the best option for voip communication tunneled through a vpn. you could setup your own vpn server and have your peers vpn into you assuming you have the bandwidth with a ZRTP enabled phone/softphone, You'd have a pretty nice direct connection that way and it's encrypted twice while being able to monitor for man in the middle attacks.
ot post removed. As the question is more or less answered and with some suggestions for alternative software this thread is closed.
