Skype's Crypto Revolution
Mass encryption. 1.15 billion downloads. Hundreds of millions of people are using Skype's strong cryptography to talk. Encrypted for the very first time. Thanks to Skype. This is a notable achievement.
The last successful mass distribution of cryptography was SSL (secure sockets layer). Browsers alert you are talking securely to a web site by the little closed padlock icon. SSL let the world feel safe to share secrets. Banking. Taxes. Voting. Medical records. Divorce. School.
Skype's encryption gives people the same freedom to talk.
Most people don't know Skype safeguards their calls. There is no "padlock" to show that the other people in your conversation are also using secure Skype clients.
America's "founding fathers" would have liked cryptography a lot. They would have viewed it as protected under the Second Amendment where "the People" are guaranteed the right to bear arms, not just for personal defense (which was obvious to them), but also because politicians prefer unarmed peasants. An unarmed populace is much easier to dominate. And so is a populace without the ability to have privacy.
— Hudson Barton
What data does Skype keep?
Clearly Skype has call records from SkypeIn and SkypeOut, so they can bill for time according to their tariffs and charge appropriate taxes. They also have records of when you log in through a client or the web to the authentication service.
Skype may keep a copy of the material in your account that's backed up onto Skype servers (profile, contacts, history, preferences like call forwarding). However that data may be encrypted so Skype wouldn't have the burden of sharing the data under a subpoena or be exposed to financial risks in the event of a security breach.
While it's not impossible for Skype to have engineered tattle-tale features into the client, reporting on p2p activity, there is no evidence of spyware in research done by independent researchers or by anyone else.
Skype has compelling business interests to assure customer privacy. Unless you're from China, you don't load Skype with the assumption your government, your employer, your priest, your ex's private detective, your insurance company, your political party, your local police department, or anyone else has the ability to know who you talk with or what you say to each other. You trust your phone company and Skype to keep your confidences as much as physically and legally possible. Unlike your phone company, Skype has done more to encrypt conversations.
Skype is legally better off not keeping any data it does not absolutely need to keep. And there is no technical reason for Skype to keep a log of your in-Skype-network chats or calls.
Labels: freedom, privacy, security, skype, technology
Join the Skype 5.X Text Chat Room
2 Comments:
Are you really comparing skype's "cryptography" to SSL? China's clients are nothing special or different, they just handed over the keys to the backdoor in it's "encryption" to the chinese goverment. This only proves the backdoor has been there from the beggining. If it hadn't, it wouldn't have been possible to provide that to china while mantaining backwards compatibility.
Resports have also arisen that it had also been in talks (and complied) with the FBI regarding it's backdoor, so don't be so smug about not being chinese.
Sure, they won't analise every single call, and whenever you talk you can probably be 99.9999% sure no-one is listening. But "good enough" privacy isn't privacy. Just as security by obscurity doesn't work.
Skype is a fantastic tool and a very convenient one to stay in touch with friends and loved ones, but to tout it as anything else, even as some sort of "ultimate privacy app" is just a lie, and irresponsible.
Hi, Anon! Happy RSA Week!
Yes, I guess I am comparing the two. Both were projects (one open, one closed) to put background encryption in the hands of as many people as possible. If you want to look at the millions of people using consumer and commercial off-the-shelf VoIP, how many of those people have even the slightest bit of protection?
I'm with you that nothing, let alone Skype, is perfect. And perfect safety and privacy is an illusion.
Nevertheless, Skype has done a very good thing. They made casual interception very very very very very very very difficult. So we can feel a wee bit safer (the illusion) than before. Maybe even be a little bit safer in practice.
Post a Comment
We've started to moderate comments to avoid spam. Please excuse the short delay. We'll get your post online a quickly as possible.
Links to this post:
Create a Link
<< Home