Article is from 2007 and most of it turned out to not be true . When Skype is served a subpoena, they can only return account information, they are unable to intercept or log voice or video calls[1] [2].
This is a big deal in China and Russia[3] where they block the service since they have no way of intercepting it (ie. it is secure enough for two very large governments to have no way of dealing with it).
Further proof is that there are no publicly known cases where skype call or chat logs have been submitted as evidence, while you see google, microsoft, ebay, craigslist etc. appear all the time.
Skype is an independent company again - and the reason why eBay bought it back then is revenue ($850M pa last year), not some conspiracy theory
outside of the odd client exploit, skype is safe. I would trust it if I was a dissident in an unfriendly foreign country and needed to communicate securely.
1. Skype is not blocked in Russia. Federal security officials voice their concerns about Skype every once in a while, which causes rumors about possible blockage in media. Although nothing came out of it yet.
2. In China all skype servers redirect to their Chinese partner http://skype.tom.com/
Tom Skype has everything that you would expect in QQ or other Chinese IM's, namely intrusive ads and content filtering.
There is research showing how much data is leaked by the Tom Skype and how insecurely it is stored.
http://www.nartv.org/mirror/breachingtrust.pdf
It is quite worrying that Skype has a such partner. Although it makes me think that Google would have more success in China if it found a Chinese partner like Tom Google.
In a previous startup I spent a long time talking to TOM about taking our product into the Chinese market. It comes down to them knowing people, and they are very very good at what they do and very reasonable. I have no doubt that because of the culture in the country and the way that business is done that having somebody like TOM would be a huge gain for Google. Kai Fu-Lee was supposed to be that, but he left. You can't really send Americans out there to establish a business
There's nothing in your post that actually rules out the possibility that the NSA has access to Skype conversations--the NSA doesn't generally share intel with law enforcement, much less Russia and China.
Indeed, the fact that Skype was spun off by Ebay, and is preparing for an IPO with close to $1Bn in revenue, contradicts a significant part of this conspiracy theory. Although, it still could be true.
I'm so tired of articles how bad/evil/insecure Skype is, while not suggesting any usable alternative. Skype, whether you like it or not, has no viable competition, almost 8 years after its initial release. By "usable" I have the following requirements in mind:
* Cross platform: It has to offer clients for Linux, Win, OSX.
* It has to support voice and video.
* Easy to install: Even grandparents in Australia have to bee able to install it. No NAT and other configuration bullshit, just enter a name, a password and ready to go.
Skype has helped connect my all over the world scattered family for more than half a decade now. I am absolutely willing to give up any kind of privacy and security in order to be able to video-phone my family living thousands of miles apart whenever I want at absolutely no cost. No, absolutely no free software system has yet been able to provide the above 3 minimum requirements for me to consider ever leaving skype.
No free software. Theres no point in replacing one closed system by another, especially when the first one works much better. Googles system is only accessible through Gmail, is very awkward to use and has the "irrelevant addon" feel. Had Google _ever_ intended to offer widescale Voice&Video, they'd have built video into Gtalk when they had the chance.
The NSA (and FBI et al.) have a pretty workable solution for strong encryption on the wire - they attack the client. The client computer (or mobile) is pretty much full of holes, if someone wants in they'll get in, and sooner rather than later.
Granted, none of this enables the wholesale monitoring of skype communications. Practically, even if the NSA had access to individual signing keys or some kind of side channel leakage it probably wouldn't be getting used en masse. The computation requirements of decrypting all traffic are likely significant, and operational security would discourage the wide use of a closely held leakage bug in fear of disclosure like happened with the domestic wiretapping scandal.
As an aside, I found it quite amusing to read "For example, a person in Germany, talking to a person in Russia using land-line phones would previously have been out of reach for NSA" - ultraparanoid? Pshaw.
Well, the main message still holds true though: if you need to make sure nobody can eavesdrop your communications, you'd better off with open source software.
If you need to _make sure_ nobody can eavesdrop on your communications, you better be ready to design and manufacture all hardware and software you're using yourself.
I wouldn't be so extreme. It's reasonable to assume that a properly encrypted connection is secure form entry to exit. You would have to use proprietary tools only at the extremities then, which is actually quite feasible nowadays.
anyway: after learning that not even Osama wasn't even encrypting his shit my view on security is slightly different.
As long as you understand the code line by line and as an overall entity, otherwise you are no better off. Just because you can read the source doesn't mean you actually can.
Even if you can not read and understand the code you are still better off with the open source. Due to the fact that independent researchers or programmers unaffiliated with developers will be able to audit the code. While with the closed source software, the only information you have about the inner workings of the software is provided by the developing company.
With open source, the chances that somebody will catch a security flaw are generally much higher. It's not necessary for each individual user to understand the code as long as some people do.
Slipping a little of topic: my main reason for distrusting Skype is that it is currently owned by eBay. eBay are a very good company, in that they are very good at being a company that does good for itself with little care elsewhere while occasionally pretending otherwise (like every now and then they have a "no PayPal feeds on donations to charity X" run).
i spent a half hour reading that skype reverse engineering pdf a week ago and just for kicks took a look at http://en.wikipedia.org/wiki/Skype_protocol and it doesn't appear to me that the private keys are shared nor that they're generated in an insecure manner... so how would skype be eavesdropping? the article makes the case that skype is evil due to an intentionally weak protocol but doesn't back it up with a technical argument as to what's wrong with it. i'm not defending skype, just confused.
This is a big deal in China and Russia[3] where they block the service since they have no way of intercepting it (ie. it is secure enough for two very large governments to have no way of dealing with it).
Further proof is that there are no publicly known cases where skype call or chat logs have been submitted as evidence, while you see google, microsoft, ebay, craigslist etc. appear all the time.
Skype is an independent company again - and the reason why eBay bought it back then is revenue ($850M pa last year), not some conspiracy theory
outside of the odd client exploit, skype is safe. I would trust it if I was a dissident in an unfriendly foreign country and needed to communicate securely.
[1] http://www.voiptechchat.com/tech/34/skype-says-no-to-wire-ta...
[2] http://news.cnet.com/8301-13578_3-9962106-38.html - see skype only IM company that does not comply with wiretap requests
[3] http://arstechnica.com/telecom/news/2009/07/russia-not-the-f...