Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Won't Say If Skype Is Secure Or Not. Time To Change?

Unknown Lamer posted more than 2 years ago | from the disinfo-campaign dept.

Communications 237

jetcityorange writes "When asked repeatedly a Microsoft spokesperson refused to confirm or deny that Skype conversations [could be monitored]. Microsoft was granted a patent a month after purchasing Skype that covers 'legal intercept' technology designed to be used with VOIP services. Is it time to consider more secure alternatives like Jitsi like Tor's Jacob Appelbaum suggests?"

cancel ×

237 comments

Sorry! There are no comments related to the filter you selected.

Seriously? (5, Insightful)

Anonymous Coward | more than 2 years ago | (#40745337)

The more shocking idea is the assumption that any major VOIP service based in a major country does not allow intercepting on their services.

Re:Seriously? (5, Informative)

arbiter1 (1204146) | more than 2 years ago | (#40745363)

agreed, its dumb to assume your calls can't be tapped. Its like your using WIFI at McDonald's and thinking you are 100% secure. MS has to work within the law.

Re:Seriously? (3, Insightful)

Anonymous Coward | more than 2 years ago | (#40745401)

Yeah, another non-story.

And no, we will not switch to your unheard-of, no-name, pet-fav, video conferencing software. Definitely not because some guy from the tor project said we should.

Our families all use Skype and it works fine.

Re:Seriously? (5, Insightful)

Anonymous Coward | more than 2 years ago | (#40745573)

This is the sort of thing that should be attacked at the source, which is the government, not the companies/people that are obliged to abide by the laws set out by that government.

Re:Seriously? (2)

Tough Love (215404) | more than 2 years ago | (#40746143)

Our families all use Skype and it works fine.

Skype used to work fine. Lately it drops a lot of calls on me and sound quality seems to be going downhill, lots of stutters and outright strange garbage. And lag on the presence notifications has gone through the roof. Now I really can't trust what I see when Skype tells me somebody is on or offline. And it's not my network, Google talk works just fine including video.

Another thing that's gone downhill on Skype: nobody seems to hang out there any more. It used to be, I'd see all my contacts whenever they are online, now it seems like most of them don't bother to start Skype or they switched computers and just didn't bother setting it up. Nowadays, if I want to "Skype" someone I find myself needing to send an email first, or call them on their home phone, which kind of defeats the purpose.

Re:Seriously? (0)

Anonymous Coward | more than 2 years ago | (#40746189)

Really? Because I've had an increase in call quality and a decrease in dropped calls. For my job I have to go on a skype conference with 6+ people at a time every week twice a week for 3-4 hours. I have not ONCE had a call drop in the past six months. I also do not have any problems with seeing offline vs online people, and everyone I know still uses skype and didn't quit using it.

Re:Seriously? (4, Interesting)

houstonbofh (602064) | more than 2 years ago | (#40745373)

I guess that is why the OP mentioned Jitsi. That and a server of several different types, or direct site to site, and there is no "service."

Re:Seriously? (-1, Offtopic)

Anonymous Coward | more than 2 years ago | (#40745671)

I am a regular user of Jitsi, in fact it has replaced my day-to-day use of Skype.

I am in a long-distance relationship, so video chat is essential. My girlfriend, a snow-white Swedish woman, lives in New York City. We had arranged to do a little "naughty" video chat later in an evening, and so I was please to find her in a lacy bra and her hair done all nice. She told me that there was something she wanted to show me, and I eagerly awaited what it was...was she gonna play with herself? Did she buy a new toy?

No, she did not. Instead, she brought a naked, well-hung African male from Ghana. Ghana. Those motherfuckers are the biggest, ugliest, monkiest motherfuckers of them all. And she proceeded to suck his cock. All nine inches of it. My heart was every bit as torn as that tight vagina of hers being ravaged by a black pole the length and girth of a 24oz. can of Miller. And I could not stop watching. I was crying as my pants were tightening, and I was kneading my dick uncomfortably as her screaming became more loud with every thrust. It seemed as if a dark brown elephant leg was trying to step out of a pink stocking, over and over again, as I wailed.

So I became a faggot. And that's why I'm posting this from a Mac. No, really, I am.

-- Ethanol-fueled

OP is a fag (1)

Anonymous Coward | more than 2 years ago | (#40746121)

Jesus when did 4chan get a moderation system and how did I manage to mistype slashdot.org?

Re:OP is a fag (2)

Tablizer (95088) | more than 2 years ago | (#40746159)

You must be using a leaking Skype browser

Re:Seriously? (1, Funny)

Chrisq (894406) | more than 2 years ago | (#40746153)

.....So I became a faggot. And that's why I'm posting this from a Mac. No, really, I am.

-- Ethanol-fueled

if its any consolation that well-hung Ghanan swings both ways and would like to meet you!

Re:Seriously? (1)

Anonymous Coward | more than 2 years ago | (#40745385)

The more shocking idea is the assumption that any major VOIP service based in a major country does not allow intercepting on their services.

Yeah I know, friend. The hard reality for you and me to accept is that the average person is so stupid, so lazy, so conditioned, so bovine, so naive, so dumb, so self-centered, so thoughtless, so ignorant, so uninformed, so unaware of history, so unresearched, so easily surprised, that any of this would be of any surprise to any of them.

It's a very tough thing, trying to comprehend such drastic stupidity. It is widespread, yet does not fit into any framework you would personally consider valid. That makes it ... quite difficult to deal with.

VOIP (1)

Taco Cowboy (5327) | more than 2 years ago | (#40745395)

Anything transmitted online - whether it be VOIP or cleartext or whatever - can be tapped
 
Even when you tunnel your channel, even when you employed all the evading/security technologies that you can think of, if TPTB wants to know what you do, they could find ways to _CAN_ tap you
 
But of course, we _are_ talking about Microsoft in this case, which makes it even more poignant to understand how frail our security situation really is, online
 

Re:VOIP (4, Insightful)

houstonbofh (602064) | more than 2 years ago | (#40745409)

However, with minimal security, you can at least avoid any automated eavesdropping. And arguably, there is consumer level security that can stand up to almost anything short of someone hitting you with a wrench.

VOIP-A majour impact. (0)

Anonymous Coward | more than 2 years ago | (#40745459)

I have a helmet that'll deal with the wrench.

Re:VOIP (4, Insightful)

Minupla (62455) | more than 2 years ago | (#40745565)

And if we're to the wrench hitting level, breaking into your house and installing a mic bug in your keyboard works a treat for tapping your VOIP conversations.

Min

Re:VOIP (3, Insightful)

Sir_Sri (199544) | more than 2 years ago | (#40745483)

But of course, we _are_ talking about Microsoft in this case

Which comes with benefits too. Microsoft being a big, publicly traded company with offices in all major countries has to follow consumer protection and privacy laws too, and they can be in for a world of hurt if they don't. Using some 'inherently private' setup runs the risk that somewhere along the line that system both has a bug in it, and that bug is being actively exploited against you - and you have no recourse against the company running it (or the peers).

Re:VOIP (5, Insightful)

davester666 (731373) | more than 2 years ago | (#40745821)

That's funny.

What 'world of hurt' would Microsoft be in for?

Don't you remember what the US gov't did to help out their friends at AT&T and the rest of the 'conventional' phone industry when they happened to get caught assisting the gov't in mass recording of phone calls?

Is there any gov't that is not interested in even occasionally listening in some Skype calls? No. Any countries passed a law preventing wiretapping VOIP calls? No. So having a back-door into every call is legal around the world.

All that's left to argue about is how that back-door is used. And surely you can trust Microsoft to do what's right.

And I'm sure they've only occasionally wiretapped calls where neither user is within the borders of the requesting country.

Re:VOIP (3, Informative)

Sir_Sri (199544) | more than 2 years ago | (#40745959)

caught assisting the gov't

That is, immediately, a separate problem from one of them just spying on you for their own purposes, selling that information to other people or the like.

Wiretap (and intelligence) are lawfully chartered, you may not like it, but you have to accept that governments can do those things, because they've given themselves the right to. They also tell companies what they can't do, and penalize them for such behaviour if they are so inclined, an entity not attached to country where you have legal standing can basically do whatever the hell it wants to you and you can't do anything about it.

Re:VOIP (0)

Anonymous Coward | more than 2 years ago | (#40746089)

What 'world of hurt' would Microsoft be in for?

Non-compliance with privacy laws.

Don't you remember what the US gov't did to help out their friends at AT&T and the rest of the 'conventional' phone industry when they happened to get caught assisting the gov't in mass recording of phone calls?

So we should just forget about laws and justice because the US government is corrupt? Not every government in the world is as corrupt as the US (and of course there are more corrupt ones in the world too).

Is there any gov't that is not interested in even occasionally listening in some Skype calls? No. Any countries passed a law preventing wiretapping VOIP calls? No. So having a back-door into every call is legal around the world.

All that's left to argue about is how that back-door is used. And surely you can trust Microsoft to do what's right.

And I'm sure they've only occasionally wiretapped calls where neither user is within the borders of the requesting country.

If you really are concerned then use something like Jitsi (or similar) on Tor. Why did you believe that Skype couldn't record calls before? Because they said so?

Re:VOIP (2)

gl4ss (559668) | more than 2 years ago | (#40746333)

USA government can make things legal retroactively IF they get caught pants down. they've done it before and will do it again. moreover they're giving de facto immunity to companies helping them trample on international and domestic law every single day.

Re:VOIP (4, Insightful)

EdIII (1114411) | more than 2 years ago | (#40745595)

That's a rather defeatist attitude.

Sure, the government could fake an anal probing and install their monitoring infrastructure in my nether cavities, but is it worth all that trouble?

It's not about if you can be tapped, but how much resources were used to do the tapping. ZRTP (endpoint-to-endpoint encryption) mentioned in their alternative Jitsi, would substantially raise the bar for casual automated interception.

That's the idea really. Make it to where everything they intercept is heavily encrypted with well used, well scrutinized encryption methods. If they want to bypass that encryption it will require having direct control over your device, to have direct influence on the platforms and software, or well known backdoors in software. That substantially raises the bar on multiple fronts since it will require specially crafted malware, special legislation (boy will that be unpopular), and maintained secrecy (conspiracy theorists say that have it already) with cooperating companies. As for the secrecy, we are discussing patented technology to help the government automate eavesdropping right? Not like it is a big secret....

The article has the answer already. It is time to move on. Find a newer platform that will not allow eavesdroppers and act only as a middleman to setup heavily encrypted communications. There are plenty of SAAS providers that only store encrypted data so they can turn over that data on demand to law enforcement and not have the keys.

What may help the most, is what is lagging ass... IPv6. I can see a future with DNS records and open source P2P services that will allow us to directly control who can initiate communications with us. Once you get around not requiring a middleman to punch through NAT for VOIP services it becomes substantially easier to perform call setup and tear down.

Re:VOIP (4, Insightful)

Nursie (632944) | more than 2 years ago | (#40745659)

"Anything transmitted online - whether it be VOIP or cleartext or whatever - can be tapped"

I would dispute this. Or do you mean "They could tap it given several centuries and all the computing power on the earth" ?

Some of encryption is that good, and no I don't believe that the secret, shadowy, magical NSA have backdoors in every encryption library on the planet.

Re:VOIP (0)

Anonymous Coward | more than 2 years ago | (#40746111)

"Anything transmitted online - whether it be VOIP or cleartext or whatever - can be tapped"
I would dispute this. Or do you mean "They could tap it given several centuries and all the computing power on the earth" ?

They can still tap you, whether or not they can do anything with the captured data is a different concern.

But really, I'm not exactly worried about the government randomly listening in to my gaming chatter, which is all I use Skype for, myself. If I was going to be discussing anything which I felt required ANY level of security, I sure as hell wouldn't use Skype or any other centralized service. But then again, I'm not going to go through the effort of setting up a highly secured comm channel just so I can hurl insults at the people who are shooting me in the back instead of laying down covering fire.

Re:VOIP (0)

Anonymous Coward | more than 2 years ago | (#40746421)

I would dispute this. Or do you mean "They could tap it given several centuries and all the computing power on the earth" ?

Some of encryption is that good, and no I don't believe that the secret, shadowy, magical NSA have backdoors in every encryption library on the planet.

Encryption is not a silver bullet. Just like any form of security, it's only as good as it's weakest link. Often the weakest link is because the people implementing encryption don't have the first clue about how to do it properly or securely. How often have you seen "encrypted" databases compromised because some idiot used symmetric encryption and didn't protect the key?

Re:VOIP (1)

Tough Love (215404) | more than 2 years ago | (#40746173)

Anything transmitted online - whether it be VOIP or cleartext or whatever - can be tapped. Even when you tunnel your channel, even when you employed all the evading/security technologies that you can think of, if TPTB wants to know what you do, they could find ways to _CAN_ tap you

I would say you're overestimating the capabilities of your friendly neighbourhood spooks just a tad. Perhaps what you really meant to say is, anything you transmit online using Windows can be tapped. That's probably pretty accurate. See, security starts at the endpoints.

Re:Seriously? (2)

stms (1132653) | more than 2 years ago | (#40745621)

I know this is /. and all but come on this has been the case with Skype for years the editor had skimmed the wiki [wikipedia.org] they would know this is not News. Do we really need an anti-Microsoft story everyday?

Re:Seriously? (-1, Troll)

oakgrove (845019) | more than 2 years ago | (#40745789)

Hey, dumbfuck, if you are offended like the good little halfwit fanboy you are then procede to the firehouse so you can mod up the anti-Linux stories. Don't forget to tighten that clothespin on your penis while you click the plus buttons.

Re:Seriously? (3, Insightful)

Zemran (3101) | more than 2 years ago | (#40746015)

For personal, of interest to no one, type communication your point is valid but if I am communicating with regard to trade secrets it is very important to me to know that my communication is secure. Skype used to be secure and therefore this is an issue.

Re:Seriously? (0)

Anonymous Coward | more than 2 years ago | (#40746125)

For personal, of interest to no one, type communication your point is valid but if I am communicating with regard to trade secrets it is very important to me to know that my communication is secure. Skype used to be secure and therefore this is an issue.

No, Skype has never been secure, and neither has any other VOIP service, especially not any one which uses a centralized server.

POWER TITS! (-1)

Anonymous Coward | more than 2 years ago | (#40745369)

It's like a nigga, who's in the hole,
It's like a nigga, he's on the dole!

It's like a nigga, he's fantastic,
It's like a nigga, he's niggatastic!

seriously? (5, Insightful)

GNULinuxGuy (2483278) | more than 2 years ago | (#40745371)

If you are serious about privacy Skype was never even an option! ;)

Re:seriously? (1)

justforgetme (1814588) | more than 2 years ago | (#40745769)

Privacy, self esteem, independence... Problem is that video over IP is/was notoriously difficult to make plug and play and every non technical person can only go as far as DLing on program without shopping around so they would just install Skypee and be done with it, which arguably is the `safe` in the "non time consuming" way choice. No matter that centralized communications like these are wrong from inception on they are the wide standard because it made sense to some company and said company invested into it to makei it a "sort of" standard.
It like religion only in the digital age.

Re:seriously? (1)

FireFury03 (653718) | more than 2 years ago | (#40746209)

Problem is that video over IP is/was notoriously difficult to make plug and play

The thing is, it shouldn't be - the "difficulty" is largely down to the shitness of the software. I've got hardware VoIP phones from Grandstream that pretty much "Just Work" (you plug 'em in, enter your SIP login details and they do what they are supposed to). Meanwhile all the softphone software I've tried is pretty much balls: on Linux, Ekiga is "ok" but rather too buggy for every day use. On OS X I've yet to find any SIP software that does video except for Xmeeting, which is buggy as hell (to the point of being practically unusable) and doesn't seem to be under development any more. Also, none of the SIP softphones I've come across have half-decent echo cancellation which makes using them as speakerphones a non-option.

Re:seriously? (0, Troll)

GNULinuxGuy (2483278) | more than 2 years ago | (#40745915)

Probably wasting my time asking, but why was I modded down for this comment? The lack of proper peer review has always been why I've not recommended Skype for any situation where privacy is important.

If there is a third party... (4, Insightful)

houstonbofh (602064) | more than 2 years ago | (#40745381)

If there is a third party running the server in the middle, there can be no trust. Run your own server if you need security. There are lots...

Re:If there is a third party... (1)

Anonymous Coward | more than 2 years ago | (#40745455)

If there is a third party running the server in the middle, there can be no trust. Run your own server if you need security. There are lots...

Then now you just have to worry about how reliable the isp of the server is, if they log your activities and will turn it over in a heartbeat.

Re:If there is a third party... (1)

FireFury03 (653718) | more than 2 years ago | (#40746227)

If there is a third party running the server in the middle, there can be no trust. Run your own server if you need security. There are lots...

Then now you just have to worry about how reliable the isp of the server is, if they log your activities and will turn it over in a heartbeat.

If all communication to the server is encrypted and you've configured the server not to record your calls then you can be pretty confident that the security services can't find out what you talked about _before_ you became an interest to them. Of course, once you've become an interest to them they can get the ISP to give them physical access to the machine and you're screwed on any future conversations.

Re:If there is a third party... (5, Informative)

silas_moeckel (234313) | more than 2 years ago | (#40745665)

I would have to disagree. I can insure that my communication is not tapped between me and other parties even going through third parties. This is the basis of public key crypto. The third party can still track who I communicated with but not what was said. Tor and similar systems are meant to take care of that (if your seriously paranoid systems to connect two parties have existed since well before the modern computer).

Re:If there is a third party... (-1)

DogDude (805747) | more than 2 years ago | (#40745813)

You keep telling yourself that, if it makes you feel better.

Re:If there is a third party... (1)

jones_supa (887896) | more than 2 years ago | (#40745909)

What do you mean?

Re:If there is a third party... (3, Interesting)

Parafilmus (107866) | more than 2 years ago | (#40746047)

You keep telling yourself that, if it makes you feel better.

What do you mean?

He means he doesn't understand public key cryptography.

Re:If there is a third party... (0)

Anonymous Coward | more than 2 years ago | (#40746213)

You keep telling yourself that, if it makes you feel better.

What do you mean?

He means he doesn't understand public key cryptography.

And you don't understand what a tap is. A tap is when you intercept someone's communications, it doesn't have anything to do with being able to read the contents.

Re:If there is a third party... (1)

Tom (822) | more than 2 years ago | (#40746349)

That's totally wrong and everyone who modded that up should go sit in the corner and re-read "Applied Cryptography".

You can build a service providing data exchange between two parties with a server handling the connection without that server (or anyone else) being able to listen in. What we don't know if Skype was built this way or not. And that's the problem.

I'm actually relieved to hear this (4, Informative)

guises (2423402) | more than 2 years ago | (#40745423)

It's been assumed for a long time that Skype is insecure, as one would expect from a prominent closed-source solution like that. The thing that's new (to me, I hadn't heard it) is that Microsoft purchased Skype. I have no particular fondness for Microsoft but they're more upstanding than Ebay, which gave up a lot of customer information after 9/11 without warrants and denounced other companies for not doing the same.

Re:I'm actually relieved to hear this (5, Funny)

tooyoung (853621) | more than 2 years ago | (#40745777)

The thing that's new (to me, I hadn't heard it) is that Microsoft purchased Skype.

Who know what wonders the rest of 2011 will bring for us!

Re:I'm actually relieved to hear this (1)

DogDude (805747) | more than 2 years ago | (#40745823)

I'd ask the question of any provider of any free service. Skype, web-based email, Facebook, Twitter, etc. You generally get what you pay for, and if you're not paying for anything, you'd be a fool to expect a solution with no downsides at all.

Re:I'm actually relieved to hear this (3, Informative)

readandburn (825014) | more than 2 years ago | (#40746353)

You do realize a lot of people pay for Skype, right?

Is there an OTR for video? (1)

93 Escort Wagon (326346) | more than 2 years ago | (#40745425)

We've used OTR when we want to IM about something sensitive - is there any sort of similar plugin for Skype? It appears there's a text chat OTR plugin... but a video version would be more useful for most people.

Re:Is there an OTR for video? (2)

DarwinSurvivor (1752106) | more than 2 years ago | (#40745561)

I don't think there are any that use the major video chat clients (skype, etc), but you can set up a private ejabberd server fairly easily and do video-chat over SSL using that. I've actually set that up in the middle of a park with no internet connection (ejabberd was pre-configured on a laptop). Best part is there are xmpp/jabber clients for just about ANY platform (including iOS and android). Blackberry is the only one we haven't tried yet.

Is Jitsi more secure? (4, Insightful)

tftp (111690) | more than 2 years ago | (#40745427)

I just tried Jitsi while /. was in maintenance mode. It does not work on this very standard Win7 box. Incoming audio is missing; logs are missing. Uninstalled already - not usable. Bria works fine. My VoIP server (3CX) is on the local subnet.

But even beyond that, Jitsi is not a solution; it's a component. The only way to make it into a solution is by selling your soul for cheap to the likes of Google and Facebook. That would be counter-intuitive for a product that sells itself as a secure thing.

The only reasonably secure way is to run Jitsi on your own SIP server. However that is not an exercise for everyone. A geek can deploy a SIP server, but a common man cannot even understand what we are talking about here.

I'd say that 3CX people already have a solution. First, they have a TCP tunnel that you can use to go through firewalls and specifically NAT. Then they support encryption [3cx.com] . And finally, their stuff works. (This is important, despite what some geeks say.) They also have a client for Android (besides the usual suspects.)

However in terms of simplicity Skype leads the pack.

Try Ovoo (1)

Anonymous Coward | more than 2 years ago | (#40745791)

I just tried Jitsi while /. was in maintenance mode. It does not work on this very standard Win7 box. Incoming audio is missing; logs are missing. Uninstalled already - not usable. Bria works fine. My VoIP server (3CX) is on the local subnet.

But even beyond that, Jitsi is not a solution; it's a component. The only way to make it into a solution is by selling your soul for cheap to the likes of Google and Facebook. That would be counter-intuitive for a product that sells itself as a secure thing.

The only reasonably secure way is to run Jitsi on your own SIP server. However that is not an exercise for everyone. A geek can deploy a SIP server, but a common man cannot even understand what we are talking about here.

I'd say that 3CX people already have a solution. First, they have a TCP tunnel that you can use to go through firewalls and specifically NAT. Then they support encryption [3cx.com] . And finally, their stuff works. (This is important, despite what some geeks say.) They also have a client for Android (besides the usual suspects.)

However in terms of simplicity Skype leads the pack.

I have been using Oovoo for a number of years now. It has a better interface than Skype, and you have a number of security options.

Re:Is Jitsi more secure? (3, Informative)

Anonymous Coward | more than 2 years ago | (#40745805)

I tried Jitsi like you did. I've been looking for an alternative to Skype for a while but could not find one.

I consider myself to have above-average knowledge of computers. However, compared to a pro, I'm just an average person.

I ran in the exact problem you describe: I figured out that while Jitsi lets me use many different services to log in with (e.g. msn, yahoo, etc.), the only really secure ones were SIP and XMPP.
The problem was, I couldn't figure out how to use these (what are they anyway? protocols?).

Reading your post, I now understand that I need to set up my own SIP server. I figured it would be something complex like this, but thanks to you I at least have a general idea of what I'm supposed to do. I'll never set one up on my own, just like I will never set up my own e-mail server even though I've been wanting to do so (so as not to have a third-party like hotmail store my e-mails).
I will ask a friend who works in IT if he can help me, but I'm pretty sure he will tell me that he's not familiar enough with SIP to help me out.

Bottom line, it's exactly as you said: a very good solution, but too impractical to use for the average person. I'm not entirely sure why it's so complicated in this day and age to cut out the middle men and connect with your relatives directly through the Internet, but well, that's the way it is at the moment.
And it's a shame really that protecting our privacy online, while still having access to all the useful technology the Internet enables, is so difficult to do for average people.

I'm looking forward to having e-mail and VoIP service companies setting up in Switzerland and promising to protect their user's privacy. That might be the most realistic solution.

Re:Is Jitsi more secure? (2)

FireFury03 (653718) | more than 2 years ago | (#40746265)

they have a TCP tunnel that you can use to go through firewalls and specifically NAT.

Sending voice/video over TCP is a monumentally silly idea, (and doesn't really offer an advantage over UDP for NAT traversal)

Re:Is Jitsi more secure? (2)

tftp (111690) | more than 2 years ago | (#40746405)

Perhaps, but you need to tell that to 3CX developers. It was them, not me, who added the tunnel. As they say themselves [3cx.com] , there is a reason for the madness:

We are pleased to announce a new release of 3CXPhone for Android, build 1.3.1, which includes the 3CX Tunnel. With the 3CX Tunnel feature, you can proxy all SIP and RTP traffic over a single port and bypass any restrictions that telecom providers implement to block VoIP calls. Often telecom providers will block common VoIP ports.

I have it configured on my Android tablet, and it works fine when I connect from a remote location. A TCP connection is a tad more reliable than a bunch of hacks upon hacks (also known as NAT, STUN and other stuff.) At least proper routing of packets of an established connection is a required and supported function of every router, very much unlike handling of UDP pseudo-connections.

Like any of my conversations . . . (5, Insightful)

Nostrada (208820) | more than 2 years ago | (#40745439)

. . . with my Family are of interest to any government. Come on, Skype is for keeping in touch with the old folks at home. For anything serious you would use something more peer to peer without any 3rd party involved. And even then . . .

Re:Like any of my conversations . . . (0)

Beryllium Sphere(tm) (193358) | more than 2 years ago | (#40746071)

OK, suppose you're planning a wedding.

Then suppose "wedding" is an al-Qaeda code word for a planned outrage.

Then suppose someone in government is capable of making a mistake.

Or, what if you were talking to family about one of those things you only talk about within the family? Could something like that be used against you?

Someone who would get credit if I could remember their name pointed out that the more the authorities know about you, the more incorrect information they have.

Re:Like any of my conversations . . . (0)

Anonymous Coward | more than 2 years ago | (#40746167)

Like any of my conversations...with my Family are of interest to any government.

Who said *anything* about it being *just* government?
Your conversations, no matter how inane, are of interest to both spooks and advertisers, spooks;even if you're not on their 'POI' list, they do like to keep tabs on everyone 'just in case' (it's a spook thing), and, as a means of seeing how well their current 'Black Propaganda' schemes are working; advertising wonks, they want to know which products to target you and yur family with, and to see how well their current ad campaigns are working..'
Oh, governments are interested as well, you know, keeping an eye on the real 'vox populi', seeing how much of the crap they're getting away with really filters through...
(and yes, spooks != government, they may occasionally work for them...)

Ok... (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#40745451)

Here we go: Microsoft is a major multinational corporation, with a substantial base, substantial assets, most of their higher-ups, and a fat load of juicy contracts within the jurisdiction of the United States(and a number of other countries that have less clout; but are no more savory)...

Now, according to the feds [fcc.gov] "CALEA Compliance for Packet Equipment, And Equipment for Facilities-Based Broadband Internet Access Providers and Providers of Interconnected VoIP

All facilities-based broadband Internet access providers and providers of interconnected[with the POTS legacy telephone system] VoIP service have until May 14, 2007 to come into compliance with CALEA."

So, how lucky do you feel? Skype in and Skype out are definitely 'interconnected VoIP service', but it isn't entirely clear whether PC-PC skype connections would be treated as part of that 'interconnected VoIP service' or whether, because they aren't directly interconnected, they are treated separately. Do you fancy hoping that Microsoft feels like belaboring that decision in court to no obvious benefit for themselves?

Re:Ok... (5, Informative)

starfishsystems (834319) | more than 2 years ago | (#40745955)

It isn't entirely clear whether PC-PC skype connections would be treated as part of that 'interconnected VoIP service' or whether, because they aren't directly interconnected, they are treated separately.

As someone involved with engineering a CALEA intercept appliance, I can offer a practical answer to your question. If you operate a network under jurisdiction of the United States and you receive a court-ordered request to intercept packets transiting that network to or from an IP address or a person as identified in that court order, you must intercept those packets and only those packets, and you must make them available for retrieval by the law enforcement agency identified in the order. If you fail to do so, you're subject to a substantial fine for each day of non-compliance.

It doesn't matter what data the packets may be carrying, or whether the LEA knows how to interpret them. Your responsibility is simply to perform the packet capture and make the data available. What Microsoft thinks about this has absolutely no bearing on the problem.

why are we using centralized voice services? (0)

Anonymous Coward | more than 2 years ago | (#40745473)

It makes sense if you need to interact with the POTS network. But if you're calling someone else who's also using the internet, it shouldn't require anything more than software running on the two end machines, with strong end to end encryption. There shouldn't NEED to be anybody in the middle skimming off dollars and possibly intercepting traffic.

This never made sense to me. People seem really keen on letting third parties control their internet activity. It's the same with chat, and with a bunch of other things. The main strength of the internet could have been letting anyone in the world communicate with anyone else without having to ask permission or open their communication to prying eyes. Instead, everyone went the other way. It's tragic, and may become much more tragic in the future.

Re:why are we using centralized voice services? (0)

Anonymous Coward | more than 2 years ago | (#40745515)

That's because those third parties make the services more stable and reliable than adhoc peer-to-peer systems usually have been.

Re:why are we using centralized voice services? (1)

Entropius (188861) | more than 2 years ago | (#40745815)

You don't need a third party. For some reason we have gotten away from the very sensible solution of direct connections. We're not talking adhoc peer-to-peer in the Gnutella sense, we're talking about "I open a port and you connect to me". The only thing you need the cloud for is a way for two people to exchange IP addresses.

Re:why are we using centralized voice services? (0)

Anonymous Coward | more than 2 years ago | (#40745853)

because, I open a port to a specific hosted service is relatively "safer" and easier situation than, "I open a port to the world" which I expect to only use for this service but further exposes me to the world at large.

Could a 3rd party wrap Skype? (4, Interesting)

5ynic (755747) | more than 2 years ago | (#40745539)

Here's my question - I'm hoping some knowledgeable slashdotter with some IP nouse can clear up my confusion. Are there any technical, or any legal reasons, why a 3rd party app cannot simply wrap Skype, at least for voice calls (leave video aside for now). Lots of 3rd party apps present as printers to the OS, and when you print to that virtual printer, they create an eps file or a PDF file or whatever.... Why is it hard for a 3rd party app, similarly, to present as a headset (mic + speakers) to the OS, allowing the user to run Skype as well as the 3rd part VOIP app, and select that headset in the Skype audio options. You could then run your 3rd party VOIP solution, and have Skype set up to start in the background. calls in either direction to others on Skype could be handled transparently in the 3rd party VOIP app, and that would give users the chance to gradually get their network of friends and family swapped over to open, standards compliant VOIP solutions, without having to give up on contact with those running Skype (face it, that's everyone), or switch between 2 apps for calls (I understand the API already exposes things like accept call...) If this is a viable way to overcome the powerful networking externailities that Skype now has working in its favour as a barrier to new entrants, has it not been done because of a)legal b)technical c)marketing or d)other issues?

Re:Could a 3rd party wrap Skype? (0)

Anonymous Coward | more than 2 years ago | (#40745783)

Mod parent up

Re:Could a 3rd party wrap Skype? (0)

Anonymous Coward | more than 2 years ago | (#40746031)

That's called a gatekeeper.

http://voices.yahoo.com/voipsipgatewaysgatekeepers-codecs-take-me-away-4756916.html

On equal footing. (1)

Ostracus (1354233) | more than 2 years ago | (#40745581)

Microsoft Won't Say If Skype Is Secure Or Not. Time To Change?

Can all the alternatives solemnly promise me that they're secure too? And to jump to the end of the ensuing discussion, where do I gain the expertise to be a subject matter expert (in several areas) and length of time in which to review all relevant code?

Time to change? (1)

fustakrakich (1673220) | more than 2 years ago | (#40745607)

Into what?

Interception has likely be present for a long time (3, Insightful)

gweihir (88907) | more than 2 years ago | (#40745613)

If you are getting concerned _now_, then you have been asleep at the wheel.

Re:Interception has likely be present for a long t (2)

ohnocitizen (1951674) | more than 2 years ago | (#40746077)

We need to be reminded constantly, because of our short attention kittens.

Why not pre encrypt. (1, Informative)

Anonymous Coward | more than 2 years ago | (#40745641)

Encryption is not illegal in the U.S.
Why doesn't someone create an open source encryption solution which encrypts the conversation with a public key prior to routing it over Skype then decrypts on the other end with the private key. I know encrypted land line phones exist i've seen and used one, any intercept or wire tap just gets something similar modem sounds. Their major disadvantage is the encryption key has to be set in advance of the call usually by sneaker net. When someone listens in, warrant or not all they get is nonsense. A truecrypt for VOIP.

If its not possible than we may see the return of the land line for secure conversations.

Re:Why not pre encrypt. (2)

TheRealMindChild (743925) | more than 2 years ago | (#40745717)

Because it is a voice service, not a data service. The system compresses the "sound" going across the line, and sometimes even drops bits to keep the latency bearable. You could use some sort of analog device which can survive through such things, but then we are right back in the early 1980's.

Re:Why not pre encrypt. (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40745723)

Because it is a voice service, not a data service. The system compresses the "sound" going across the line, and sometimes even drops bits to keep the latency bearable. You could use some sort of analog device which can survive through such things, but then we are right back in the early 1980's.

Sometimes the best move forward is a brief step backward.

stands to reason (1, Insightful)

roc97007 (608802) | more than 2 years ago | (#40745673)

When I heard Microsoft had purchased Skype, my first thought was "Skype is dead". It only remained to find out in what way it met it's demise.

Re:stands to reason (4, Funny)

Chrisq (894406) | more than 2 years ago | (#40746157)

When I heard Microsoft had purchased Skype, my first thought was "Skype is dead". It only remained to find out in what way it met it's demise.

Yes its back to using my Nokia ... oh wait!

Missing the point (0)

Anonymous Coward | more than 2 years ago | (#40745801)

I think we are missing the point.
The question should not be "Is it secure?".
The question should be "Why isn't it secure?"

There was a time when only a judge could order a wiretap.
The privacy of my snail mail is protected by federal law.
When did that all get scrapped?
Why can I not expect the same privacy simply because of a different medium.

The big companies are trying to have their cake and eat it.
When it comes to things that benefit them, they are happy to move with the times.
When it comes to "copyright" and "intellectual property", then they want us to stick with the old rules.

New rules for everything, or old rules for everything.
Microsoft, you choose!

Public forum (0)

EzInKy (115248) | more than 2 years ago | (#40745803)

The internet is a public forum, and it is absurd to think that anything you say in public will not be heard.

Re:Public forum (0)

Anonymous Coward | more than 2 years ago | (#40746017)

"The Internet" is NOT "a public forum". The internet consists of public forums, private forums, private 1-to-1 messages, and a whole gob more.

If that's confusing, just stick with your usual definition of "the internet" as the browser icon on your desktop. Yeah, it's totally wrong, but it's actually less dumb than "the internet is a public forum".

Do you trust Phil Zimmermann? (5, Informative)

jhaar (23603) | more than 2 years ago | (#40745833)

Then check out his latest venture

https://silentcircle.com/

Re:Do you trust Phil Zimmermann? (0)

Anonymous Coward | more than 2 years ago | (#40746181)

Do you trust his business partners?

Oh come on (0)

Anonymous Coward | more than 2 years ago | (#40745883)

If you thought you could trust it (why? duh.) in the past, I don't know how anyone would use it for anything sensetive
after the german government did their dont-throw-us-in-the-internet-briar-patch move and announced frustration with cracking
skype encryption. If true they would never have admitted it.

Microsoft is on your side (4, Funny)

guttentag (313541) | more than 2 years ago | (#40745919)

They patented VOIP wiretaps so no one else could do it. You can sleep soundly tonight knowing that if anyone* even tries to wiretap your calls, they'll slap them so hard with a patent infringement suit their grandkids will still be indebted to Microsoft.

*The term "anyone" does not include government agencies, Microsoft business partners, affiliates or Microsoft itself.

Huh? (1)

humanrev (2606607) | more than 2 years ago | (#40745953)

Perhaps it's not the intention of the Slashdot editor who titled this story, but you know the saying where if a news title is phrased as a question the answer is always "No"? Well this is the case here as well.

You should always have been aware that Skype might be monitoring your calls, since you don't control the network. Nothing has changed ever since Microsoft took over, so what makes it the case that NOW it's time to change? Besides, change to what? There's nothing else out there which is accessible to most locations around the world with the ease of use and easy of configuration which is comparable to Skype (along with video support). What, Google Voice? How is that better for secure communications? Ekiga? No-one uses it because it doesn't fucking work properly.

Wasn't the FSF supposed to be working on some sort of free Skype alternative? Yeah, go them. In the end you need to bring people across from Skype in addition to finding alternative software, and if those apps aren't even available for your Phone for example, then you'll be hard pressed to get anyone to convert.

Whee (0)

Anonymous Coward | more than 2 years ago | (#40745957)

The method of claim 1, wherein receiving data regarding establishing a communication session between two entities comprises receiving the data at a recording agent logically disposed between a requesting entity of the at least two entities and a call server that is involved in establishing the communication session.

I think the problem might be right here.. Since the communication between two devices must use a method to request and grant the request generally it is from point A to point B .... But since it is using a third party server, THAT server grants the request, not the individual.... Meaning THAT server has the rights to all data that is being streamed during the session

-- SnappleX

Re:Whee (0)

Anonymous Coward | more than 2 years ago | (#40746009)

communication protocol to establish the connection via a path that includes a recording agent that is capable of silently copying the communication between the at least two entities
states right there that the protocol goes through a path that includes a recording agent that is capable of silently copying. You think Microsoft is doing it to use extra bandwidth, storage space, etc? Nope. lolz

My advice is to read the terms of service with Skype, Be careful of this: "another embodiment" ... This declares that other definitions may be used for what you are reading..

kind of freaky! :o)
Although Microsoft is a very trustworthy company, and I highly doubt they are doing this for malicious purposes, it is always good to RTFM or read the fine print! When it comes to your privacy and safety there is no such thing as a stupid question!!!

Either way, it doesnt really matter. If you are under investigation for something you shouldn't be doing you can bet your sweet cheeks the your ISP will be handed a subpoena duces tecum to furnish all documents as evidence.

-- SnappleX

One Key (1)

terbeaux (2579575) | more than 2 years ago | (#40745963)

All of their conversations are encrypted with the same key. If they had any interest in protecting your privacy then they would have built in OTR or some other FOSS end to end encryption.

It's not; non-free software is never secure (0)

Anonymous Coward | more than 2 years ago | (#40745969)

Only stupid people would rely on Skype for security. It's got nobody looking at the code other than those who are obliged to NOT reveal publicly insecurities. If it's not free software maintained in a public manor (public CVS, etc) so that other developers can scrutinize the source code easily as changes are made you have to assume it's comprised. That is why our dependent on nVidia, ATI, and other proprietary software is so dangerous. We really need to be more concerned about the BIOS and other non-free microcode your system depends on. None of us really know whats inside our computers. Richard Stallman might be a paranoid individual. However he is not wrong about these issues. His concern is completely valid. Your phone IS a tracking device, it IS being used by the government to track people, it IS being used in investigations, those cameras on the roadway ARE being used by lawyers to attack exs in divorce situations, our privacy IS non-existent. All of these things don't concern the majority of us until after we have been involved in legal matters. My mom thought I was nuts until she had a school pupil's mom threaten legal action (not that she did anything wrong). The point is even in cases where there is nothing wrong you are doing these legal actions WILL expose information that aught to be private. And keeping that information private is something near impossible to do. We have the largest incarceration rate in history (USA at least) and just about anybody can be brought up on serious criminal charges. AND depending on your skin color/sex/and a handful of other factors your chances of seeing jail time are astronomical.

A black male born in 1991 has a 29% chance of spending time in prison at some point in his life.

http://www.buildingblocksforyouth.org/overrepresentation.htm

Skype has never been secure (2)

Penurious Penguin (2687307) | more than 2 years ago | (#40746025)

Aside from not padding its encrypted packets, thus leaking data via phonemes, etc., MS will certainly be complying with the "law" to furthest of their abilities -- and then some, I suspect. MySpace was known to essentially gift-wrap user data and send it to law-enforcement, probably with chocolates too. Although it's not an entirely unreasonable question, I think paranoia can be liberally applied to the question of Skype's security.
One thing that really peeves me about Skype is their assignment of a generic number which my contacts sometimes receive. If a contact attempts to return my call, an audio recording essentially indicts the user with a ridiculous legal disclaimer, blabbing about illegal activity and so on. A little vid I made describes it: http://www.youtube.com/watch?feature=player_embedded&v=9ie_0aY1DM4 [youtube.com] -- I would love an alternative to Skype, but such would require a serious amount of funding.
It is also odd that the NSA offered so much money to get into Skype, all whilst it was leaking. Perhaps I am missing something.

Re:Skype has never been secure (2)

Penurious Penguin (2687307) | more than 2 years ago | (#40746115)

Oh dear, I forgot to add this: http://www.youtube.com/watch?v=qc8i7C659FU&NR=1&feature=endscreen [youtube.com] -- Finspy, man-in-middle (Skype) attack promo video. I am not sure why, but I always chuckle when I watch it. Under the guise of "terror", which by my perspective could be just about anything lately, this stuff might get deployed more often than gets reported. I figure if it's it's in the category of terrorism/domestic-extremism, it is likely exempt from transparency.

Yes, it's time to change (0)

Anonymous Coward | more than 2 years ago | (#40746027)

The first word in the article title is "Microsoft". Whatever the topic that follows, it's obviously time to change.

Other security considerations (2)

Phroggy (441) | more than 2 years ago | (#40746039)

My mom's Skype account was recently hacked. Apparently the hackers were able to abuse the Skype Manager [skype.com] system to gain control of her account without her authorization, transfer her account balance, and reset her password. Skype's customer service has acknowledged the problem but has not been able to restore access to the account yet.

(I don't know any more details than that, as I haven't been involved.)

Again, MS buys into something and loses interest (1)

Karmashock (2415832) | more than 2 years ago | (#40746061)

Either get in and be serious or don't.

Stop buying up companies only to mismanage them into oblivion.

Skype is insecure. (5, Insightful)

bmo (77928) | more than 2 years ago | (#40746065)

"When asked repeatedly a Microsoft spokesperson refused to confirm or deny that Skype conversations [could be monitored]

Then it's not. When you have to guess, in this case, whether skype is secure, assume the worst. Absence of proof of security is proof of no security.

--
BMO

YouZ fail 1t (-1)

Anonymous Coward | more than 2 years ago | (#40746243)

practic4L purposes,

Security? (1)

Wowsers (1151731) | more than 2 years ago | (#40746341)

Skype is about as secure as your mobile phone's GSM chip which has a deliberate flaw (backdoor) to allow hacking of your phone call.

Is it time? What? (2)

Sam H (3979) | more than 2 years ago | (#40746361)

Is it time to consider more secure alternatives

Why now? How does Microsoft change anything? It was time to consider more secure alternatives from day zero!

They can listen if they like.. (1)

Starfleet Command (936772) | more than 2 years ago | (#40746371)

The only thing I use Skype for is to talk to my litle boy who lives with his psycho...er..um, I mean mother in Finland (step-dork works for an American company there) and to talk to my oldest son who lives in Kentucky. No high security stuff there. Younger son talks about who he has "pwned" in HALO. Older son talks about married life and jobs stuff... So, if they have to listen in on that...then, as my teen daughter would say, "It's like, whatever"
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?