Wednesday, October 17, 2012

Think no one can listen to your Skype calls? Think again!

For many years, Skype has served as the workhorse of Internet telephony. Not only was it used by grandmas wanting to keep in touch with their grandchildren who lived thousands of miles away, but it was also used by security conscience dissidents in repressive regimes to communicate because it was widely known as untappable.  Last year, American software giant Microsoft bought Skype from the group who held IP rights to the system and it looks like they've made some subtle changes that may have rendered the software's legendary security a thing of the past.

As an article published in July by Slate magazine states, Microsoft has refused to say whether it can listen in to Skype calls or not. But the new Skype privacy policy seems to indicate that, under certain circumstances, Microsoft may provide law enforcement with personal information about you including the content of your communications. Microsoft has since come forward and admitted that they log ever single text message sent through Skype but it's reasonable, in light of other changes, to assume they might have access to substantially more.

Shortly after the acquisition, Microsoft began phasing out Skypes 'super nodes'. Super nodes are what, in essence, gave Skype the ability to punch through firewalls. But they also helped make Skype harder to tap. Over the course of a few months, Microsoft centralized Skype around a series of servers that replaced super nodes and implement other technology to keep Skype's firewall punching abilities active. Since we really don't know what all of those changes were, we can't say how vulnerable Skype has become but we can say this: Skyoe calls are most likely able to be listened to and Skype should no longer be trusted for secure, important, or sensitive, communications. Certainly nothing where life or death might be involved should ever be discussed over Skype.

Thankfully, there are alternatives for people looking for a truly secure alternative to Skype.  Personally, I run and recommend the Jitsi program.  Formally SIP Communicator, Jitsi offers users the ability to use a variety of networks (Google Talk. Yahoo, AIM, Facebook, SIP,. etc) while securing communications through those channels using strong encryption. So, while a normal text, voice, or video, call made using Google Talk is not secure, doing that same call through Jitsi using its built in encryption makes it so secure that even Google can't listen in to your calls. It's easy to use, runs on all platforms (it's written in Java) and installs in minutes.

In closing, I'd like to urge anyone who relies on Skype to stop doing so immediately. Especially for any kind of secure communication. Find something else but do not trust Skype with anything sensitive. It's too big of a risk to take and the stakes are simply too high.

No comments: