Ever had Skype ask for your feedback on a SkypeOut call? That's more than AT&T ever did for me. Would be nice if it used a secure browser page (SSL, https) instead of posting my skypedout phone number in the clear. The url leading to the form:

http://www.skype.com/feedback/survey/calls/? service=skypeout & version=2.0.0.103
& username=YOURSKYPENAMEHERE
& call_date=1147565396
& cpu=0
& bandwidth=0
& a_number=+DIALEDPHONENUMBERHERE
& call_type=outgoing
& provider=
& status=
& result=FINISHED
& log_ringing=0
& log_answer=12
& log_finished=145
& pstn_feedback_info=

Lots of unencrypted personal info floating from users to Skype over the Internet daily, where anyone with a packet sniffer can assemble and read the data.

This data is exposed before you even see the form.

Fortunately the fix is easy to recode, a small change. But it's an indicator of how hard it is to keep complex information systems in full compliance with all regulations and company policies.

As of post time:

• SkypeOut data is still being posted in the clear.
• Skype is working on a client hot fix.
• The number of calls and callers exposed is still unknown.
• This doesn't compromise call security, just the metadata describing the caller (skype name, IP address) and call (phone number, start time, duration).

One last note. The timing of this report is an accident. I noticed this privacy problem around 3am Pacific Sunday morning.