Free Speech Activists Use Skype Data Channel To Bypass Government Censorship

Skype Journal is blocked by China's government. Millions work around censorship and monitoring with networking tools like GTunnel. The GTunnel proxy on your PC connects to GTunnel servers. The client connects directly, through the TOR network, or through the Skype network. Connecting through Skype assures your packets are encrypted from beginning to end. This hides your IP address from servers. This also circumvents blockades of target servers like mine.

GTunnel is run by Garden Networks for Freedom of Information, a member of the Global Information Freedom Consortium. When you combine GTunnel with UltraSurf, FreeGate, FirePhoenix, GPass, and Ranking you get a complete suite for surviving online censorship and monitoring.

Caution for Chinese users: Skype cannot assure what you download from TOM-Skype does not include spyware. So download the international version from the Skype.com site or another independent source.

tags: security, censorship, iran, china, gfw, encryption, anonymity, gtunnel, anti-jamming system, jamming, blocking, blocks, blocked, globalinformationfreedom, gift

Call me at +1-510-316-9773, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private technologist roundtable, one of the longest running public Skype chats.

Indian spies ask to block Skype; Skype denies sharing code with China, US governments

A Times of India report claims Skype shared its encryption with the U.S. and Chinese governments. A Skype spokesperson denies this:

"Reports that Skype has shared its code with the US, China and other governments are groundless.”

The story leads with the Indian Intelligence Bureau asking the Department of Telecommunications for permission to block Skype to deter terrorists. Skype says:

"Skype is aware of reports that certain Intelligence agencies in India have asked the government there to block the use of Skype.  While we do not have confirmation of these reports or any directive by the authorities to block Skype, we don’t believe any country or operator should impede consumers’ choice to use Skype or other Internet applications to improve their communications."

Skype won't say if Indian intelligence agencies have asked Skype for help with interception or tracking criminals, if Skype has helped them, or if Skype is talking with Indian officials about broader policy issues.

The Times says agile criminals are shifting from easy to intercept to harder to intercept technologies. Authority for Indian government interception lies in the definition of telephony. At the moment phones don't include "over the top" apps like Skype. Ability to intercept rests in domestic control over PSTN termination gateways and the theoretical ability to discover, reassemble, and decrypt Skype packets travelling within India.

"The Cabinet Committee on Security has accepted the recommendation in principle but has not set a date for initiating action" says the story.

There appear to be two forces at work.

One is a law enforcement and intelligence community drive to forbid the ability for citizens to keep secrets. In their values, good people don't have secrets and bad people's secrets should be exposed so government can protect the country. This is a generalization but their advocacy to politicians is consistent with that philosophy.

The other force is the telecom industry defending itself. Lobbying has a high return on investment and is more effective at protecting incumbents than changing business models or innovating aggressively. Skype, Yahoo, Microsoft, AOL, and Google's IM/VoIM teams have more designers/engineers innovating in this space than AT&T, Sprint, and Verizon. So they lobby governments to raise barriers to entry (emergency calling, for example).

These two forces produce politicians in Russia lip syncing to Russian telecoms that Skype is unpatriotic, a threat to national security, a threat to the economy, a foreign intrusion. You get politicians in England, Italy, and Germany enlarging police surveillance powers proffering the critical need to bypass Skype encryption to undermine terrorists. Banning or constricting Skype adds to candidates' "law and order", "strong leader", and "national security" credibility, and pays off their obligations to the communications industry.

India is the world's second largest mobile market (after China, ahead of the USA), according to Telecom Regulatory Authority of India. Trai has defended VoIP from barriers to entry to India's markets. More than 300 million Indians have phones. Customers of India's telephone and cable ISPs use home grown internet telephony at the rate of 130 million minutes for the year ending 31 March 2009. Skype served 25,500 million Skype-to-Skype minutes in 2009Q2.

Skype has no operations or personnel or portal partners in India.

See also:

• Spooks want govt to block Skype, Mohua Chatterjee, The Times of India
• Indian government pondering blocking Skype, Sean P. Aune, Tech.Blorge
• IB asks govt to block Skype, VoIP services, Dhirendra Singh, Jai Bihar
• Skype: People want total control over mobile phone apps, Matthew Lasar , Ars Technica
• Indian Intelligence asks government to block VoIP calls, siliconindia news bureau
• Indian govt plans to block all Internet telephony for security purposes, Mihir Patkar, Think Digit.
• IB calls for block of VoIP services citing security concerns, TeleGeography

tags: skype, intelligence, security, police, wiretap, intercept, encryption, decryption, india, voip, dot, ib

Call me at +1-510-316-9773, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

From Russia with Love: Hitler and Skype

33x3sketch published Гитлер и Скайп (Hitler and Skype) two weeks' ago. Over 800 thousand people have seen it since. This blog post has hundreds of comments.

The mostly German overdub of "Der Untergang" (2004) parodies Russia's major mobile operators lobbying to ban Skype.

I'd love an English transcript or highlights, but it looks hilarious.

tags: skype, hitler, video, youtube, untergang, parody, comedy

Call me at +1-510-316-9773, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

Can digital pipes handle swine flu epidemic spikes?

Pandemics change human behavior for millions of people. Our networks may not be ready for those changes.

Just stay home. Wash your hands. Advice from the US CDC for people at risk of the 2009 swine flu. Mexican authorities urge avoiding face-to-face contact in many-to-many places like hospitals, museums, theaters, cinemas (releases of X-Men Origins and Star Trek are postponed), churches, sports events, public markets.

 Working at Home. While television (or streaming video) might substitute in sports and music events, bringing other work home is harder.

• Can mobile phones and the Internet create alternatives for information, education, service, and entertainment workers?
• Can employers keep workers home?
• Can employers quickly offer full digital command, communications, collaboration, coordination, and control services to sites scattered throughout a city?

Online communities swarm in response to emergencies and threats. 9-11, Tsunami relief, Katrina, Mumbai invasion, Southern California wildfires had four stages.

1. Spreading alarms ("hey did you see?") through many online media to trigger swarming. today, this includes tags and #hashtags, improving discoverability and transmissibility of the event and the event's memes. People want to know more. As people flock to the news, they create an overwhelming amount of repetition and echo and noise. So people start... 
2. Organizing to improve/concentrate/filter information. People want to make sense of the spew. At the start people create new topical blogs, email lists, facebook forums, YouTube channels. Volunteers transcribe television and radio reports, retweet headlines and commentary, timelines of government responses. In short filtering, digestion, and meaning step in. Then people want to help other people (and themselves). So you see
3. Online serves offline. Volunteers build specific services connecting online news/community to local people/places/activities. For Tsunami relief I participated in an instant call center via Skype community volunteers. Other services put together online databases of victims, or geomashups of hotspots, or fundraising projects, or medical information.
4. Aftermath. People are helped, most of the online world goes back to their lives, and some of the legacy systems persist to serve those still concerned or affected by the event.

By contrast, people shun common places and take refuge in their homes in a biological outbreak/epidemic/pandemic.

This creates new problems.

• Stage Leapfrogging. Surprise! Step 1 (alarming, swarming) will take place in hours. You'll move immediately to Step 2, managing information overload. You could wake up having missed your chance to shape your community's and business's response. Or first access to preventive measures. 
• Social Infrastructure Demand Scales. While millions are affected by most major disasters, pandemics could affect hundreds of millions, especially those in big cities where people congregate. Is twitter ready for 100 million new users? Facebook? CDC.gov? Amazon and Google cloud computing?
• Infrastructure Demand Shifts Home. Capacity is in the wrong place. Are the nation's ISPs ready to move data to residential pipes at workplace speeds, without residential caps, all day, every day? How fast can mobile carriers supplement residential coverage? Who would fund this buildout? Can we beef up the last mile faster than an epidemic spreads? Can we allocate resources based on where an epidemic hits first and worst, instead of using pure market forces?
• Cannot Filter Meaningful Signal from Abundant Noise. Today's tools don't help people consistently and reliably pick the vital, life changing information from the ordinary. So you'll miss product recalls, medical updates, neighborhood alerts in the lossy spew of mailing lists, social updates, and newsfeeds. Would you trust your family's life to a #hashtag ?
• Local Focus Without Local Filters. Many of our systems depend on hundreds or thousands of people looking intently at one topic. What happens when we have must hyperlocalize news and community? The ratio of participants-per-topic falls fast as people focus on their own lives, their own work, their own neighborhoods. Does your block have enough people updating the network so the social network benefits kick in? We clearly don't have tough, accurate filters/readers to help us focus by:
  • Geography (streets, blocks, buildings, neighborhoods),
  • Topic (all those people who might have congregated at baseball games, pubs, museums, city hall), and
  • Occupation (by employer, workplace, team, process, project, agency)
  • Clinic (chains of information, care, supplies, volunteers, alerting)
• Service Gaps. The digital divide has dramatic health effects on the poor, homeless, and underclasses. Tens of millions of the vulnerable are without mobile phones, email, or any frequent internet access. How do you connect offline people to online services?

What can we do to prepare?

See also:

• Ushahidi: Emergency Information Patterns and Thoughts on Swine Flu
• US: PanedemicFlu.gov, CDC.gov/swineflu
• UK: Health Protection Agency
• NYTimes: Swine Flu Cases Map
• HufPo: Swine-Flu News Channel
• iPhone: Swine Flu Tracker
• Google: Flu Trends
• Flu Fashion N95 masks

photos credit cc:by Randal Sheppard 

tags: skype, H1N1, google, wireless, mobile, isp, breakout, epidemic, pandemic, disaster, disasterplanning, infrastructure, disasterpreparedness, scenarios, flu, influenza, swineflu, cdc, who, hyperlocal

Call me at +1-510-455-4384, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

Skype's Crypto Revolution

Mass encryption. 1.15 billion downloads. Hundreds of millions of people are using Skype's strong cryptography to talk. Encrypted for the very first time. Thanks to Skype. This is a notable achievement.

The last successful mass distribution of cryptography was SSL (secure sockets layer). Browsers alert you are talking securely to a web site by the little closed padlock icon. SSL let the world feel safe to share secrets. Banking. Taxes. Voting. Medical records. Divorce. School.

Skype's encryption gives people the same freedom to talk.

Most people don't know Skype safeguards their calls. There is no "padlock" to show that the other people in your conversation are also using secure Skype clients.

America's "founding fathers" would have liked cryptography a lot.  They would have viewed it as protected under the Second Amendment where "the People" are guaranteed the right to bear arms, not just for personal defense (which was obvious to them), but also because politicians prefer unarmed peasants. An unarmed populace is much easier to dominate. And so is a populace without the ability to have privacy.

— Hudson Barton

What data does Skype keep?

Clearly Skype has call records from SkypeIn and SkypeOut, so they can bill for time according to their tariffs and charge appropriate taxes. They also have records of when you log in through a client or the web to the authentication service.

Skype may keep a copy of the material in your account that's backed up onto Skype servers (profile, contacts, history, preferences like call forwarding). However that data may be encrypted so Skype wouldn't have the burden of sharing the data under a subpoena or be exposed to financial risks in the event of a security breach.

While it's not impossible for Skype to have engineered tattle-tale features into the client, reporting on p2p activity, there is no evidence of spyware in research done by independent researchers or by anyone else.

Skype has compelling business interests to assure customer privacy. Unless you're from China, you don't load Skype with the assumption your government, your employer, your priest, your ex's private detective, your insurance company, your political party, your local police department, or anyone else has the ability to know who you talk with or what you say to each other. You trust your phone company and Skype to keep your confidences as much as physically and legally possible. Unlike your phone company, Skype has done more to encrypt conversations.

Skype is legally better off not keeping any data it does not absolutely need to keep. And there is no technical reason for Skype to keep a log of your in-Skype-network chats or calls.

Wishlist: Solve Skype SPIT (Spam over Internet Telephony)

Guest post by Katherine Robinson in response to SkypeIn number used by con artists, Skype Journal, 24 March 2008.

I just got a Skype online number and I love it. I want to use it for both business and personal. But there is no way to opt out of allowing my number to be given out to complete strangers by Skype or some Skype affiliate or provider (21st century telco? Level 3 Communications?) other than to say "only people in my contacts can use my number." Business users to whom I have given the number may not yet be in my contacts —  I don't want them to have problems reaching me, so I am forced to leave my number "open for all takers."

I have already gotten a spam call (voice mail recording — arrived at 5AM! — stating that I am pre-approved for a credit card) and I have only had this number ten days. Another friend of mine who has one also gets spam calls regularly — and in the middle of the night!

I can't agree about support tickets. I think Skype purposely answers them so badly (late, inappropriate, canned responses) as to intentionally discourage people from submitting support requests. I am exhausted — just like they want me to be — from my efforts to get questions answered or fix problems via Skype "support."

Skype's parent company, eBay, is just notorious for not caring what works for their customers and only about what works easiest and cheapest for them. What a shame! I really want to increase my use of Skype and am very wiling to pay for services from them. I just am waiting in hopes that the new Google phone features are managed with a bit more consumer respect.

Thanks again!

Katherine Robinson
Determined But Discouraged Skype User

see also:

• The Skype Journal Evil Genius Award: Sexy SPIM for Skype, March 2008
• Skype Spam, February 2005

tags: skype, spam, telemarketing, demon dialing, customer service, google, ebay inc

Call me at +1-510-455-4384, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

Monday reading

Business

Skype's 2008Q4 contribution falls from Q3, but still profitable. (Jean Mercier)

20% off the Emerging Communications Conference with 'skypejournal' discount code. See you at the SFO Marriott this week.

UK's O2 and Orange oppose Nokia+Skype phones, T-Mobile support them, and Vodafone hasn't said. "if you spend upwards of £40m per year building your brand, you don’t want to be just a dumb pipe do you?" Sounds like hard bargaining to me. (P.S. Wishing/Branding you're not a dumb pipe doesn't make it so.)  (Mobile Today)

AIM for iPhone comes out. AIM Free is ad supported. AIM Paid is... price TBD. Now supporting multiple accounts and free SMS to people in your iPhone contact list. (Ars Technica)

Community in action

Eurojust retracts news release attacking Skype. "NOTE: This is an update of the press release issued on Friday 20 February 2009. Some of the information in this press release was issued prematurely and is therefore incorrect, as there is not yet an official case reported to Eurojust." If only the Sopranos or The Wire were still running. (Government Technology) SJ:Eurojust coordinating anti-Skype project; SJ:Evildoers trust Skype encryption, Cops seek more power

DataPortability.org calls for volunteers to fill a steering committee vacancy. One conference call per week until elections. [disclosure: I'm on the steering committee.]

Twitter Friends and the Influence of Influentials in Word of Mouth Marketing. On research performed by the HP Social Media Lab and explained by BT's JP Rangaswami. (Skillful Minds). Attention to statistics describing social conversation behavior can improve the choice of features in software like Skype.

Future visions

Theme for Supernova 2009 is "Change Networks." Think innovation/value networks but looking at how change propagates. December 1-3 in San Francisco.

Microsoft Office Labs vision 2019. Utopian vision, clutter-free, ten years' out, all feasible, if only for the wealthy. Videos and screenshots. (istartedsomething)

Marriage beginnings and endings

Father (Poland) gives daughter (Texas) away at wedding over Skype. (Killeen Daily Herald)

Ex-Wife Haunts House over Skype. (Ask Bossy column)

So you want an encrypted mobile phone?

Echelon Conspiracy opens today. An untraceable mobile phone shows up in the mail. And then the texting begins...

Echelon will be in some theaters this weekend. If we survive eComm's arduous schedule next week, and you're not going to CeBit in Hannover, maybe we can see it in the Bay Area.

P.S. Skype Lite was not included on this phone.

P.P.S. Can you name the phone used in the production?

tags: skype, mobile, fun, movies, echelon conspiracy, echelon, conspiracy, security, anonymity, privacy

follow @skypejournal and @Phil Wolff or and ask for an invitation to the Skype Journal private roundtable.

Freedom Wins Down Under

The Australian Communications Ministry's censorship scheme died in the senate today. Good on ya, Senator Nick Xenophon. Only you know if it was an open mind or reading the polls, but you stood up for civil liberties and the freedom to communicate against the Right Evil Stephen "Cleanfeed" Conroy.

Eurojust coordinating anti-Skype project

In response to evildoers trusting Skype encryption and police seeking more power, Eurojust, the Europe's Union's judicial cooperation unit, set three goals last week:

1. Overcome technical obstacles to intercept Skype calls
2. Overcome judicial obstacles to intercept Skype calls
3. Prevent criminals from using Skype

"Skype remains interested in working with Eurojust despite the fact that they chose not to contact us before issuing this inaccurate report," a Skype spokesperson told TechRadar.
Skype's Brian O'Shaughnessy told National Journal Online "It is unfortunate that Eurojust chose to release this inaccurate report without first contacting us. Skype has extensively debriefed Eurojust on our capabilities and programs. Skype cooperates with law enforcement where legally and technically possible."
Heise Online reports a "trojan is one of the solutions being discussed for intercepting internet telephony before it is encrypted." 
From the Eurojust news release:

NOTE: This is an update of the press release issued on Friday 20 February 2009. Some of the information in this press release was issued prematurely and is therefore incorrect, as there is not yet an official case reported to Eurojust.

Ms Carmen Manfredda, acting National Member for Italy, will take the lead in coordinating a Europe-wide investigation on internet telephony (VoIP).
At the request of Direzione Nazionale Antimafia in Rome, the Italian Desk at Eurojust will play a key role in the coordination and cooperation of the investigations on the use of internet telephony systems (VoIP), such as “Skype”. Eurojust will be available to assist all European law enforcement and prosecution authorities in the Member States. The purpose of Eurojust’s coordination role is to overcome the technical and judicial obstacles to the interception of internet telephony systems, taking into account the various data protection rules and civil rights.
Background
Criminals in Italy are increasingly making phone calls over the internet in order to avoid getting caught through mobile phone intercepts. Police officers in Milan say organised crime, arms and drugs traffickers, and prostitution rings are turning to Skype and other systems of VoIP in order to frustrate investigators. Skype's encryption system is a secret which the company refuses to share with the authorities. Investigators have become increasingly reliant on wiretaps in recent years. Customs and tax police in Milan have highlighted the Skype issue. They overheard a suspected cocaine trafficker telling an accomplice to switch to Skype in order to get details of a 2kg drug consignment. Investigators are convinced that the interception of telephone calls have become an essential tool of the police, who spend millions of Euros each year tracking down crime through wiretaps of landlines and mobile phones.
Following a meeting with the judicial authorities in Milan, Italy, Ms Manfredda commented: “The possibility of intercepting internet telephony will be an essential tool in the fight against international organised crime within Europe and beyond. Our aim is not to stop users from taking advantage of internet telephony, but to prevent criminals from using Skype and other systems to plan and organise their unlawful actions. Eurojust will make all possible efforts to coordinate and assist in the cooperation between Member States”.

tags: skype, eu, europa, eurojust, police, mafia, privacy, security, events, voip, freedom

Tweet with Phil Wolff on @evanwolf, talk on FriendFeed, or Skype me to join the Skype Journal private chat room.
Follow @skypejournal on twitter

Evildoers trust Skype encryption, Cops seek more power

BBC News reports:

Officers in Milan say organised crime, arms and drugs traffickers, and prostitution rings are turning to Skype in order to frustrate investigators.

The police say Skype's encryption system is a secret which the company refuses to share with the authorities.

Investigators have become increasingly reliant on wiretaps in recent years.

http://en.wikipedia.org/wiki/Milan have highlighted the Skype issue.

They overheard a suspected cocaine trafficker telling an accomplice to switch to Skype in order to get details of a 2kg (4.4lb) drug consignment.

So:

1. Get your friends to use Skype!
2. Police don't like to tap PCs – harder, more dangerous for officers.
3. Police should enjoy intercepting Skype Lite for mobiles and Skypephones since gateways run by Skype or iSkoot should be convenient and safe.
4. Police and intelligence agencies in the UK (explained more recently), Germany, the US,  and now Italy are trying to pressure the public to give them more surveillance power, using Skype's encryption as the pretext.
5. Word Of Mouth Works!

tags: encryption

Talk with Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

Weekend Reading

Crash witness speaks out via Skype on CNN. TV news continues to pipe Skype video.

Ear Candy makes your Gnome Desktop a little bit smarter. Turns off your music or video when Skype rings, for example. 

NSA offering 'billions' for Skype eavesdrop solution. Hallway talk at the Counter Terror Expo in London.

Skype Growing by 380,000 Users a Day. "The number of its users is growing by the population of Singapore (more than four million) every 12 days and nearly a third of its registered subscribers now use it for business purposes."

Pamela 4.5 shipped Wednesday. The new Call Scheduler and Conference Call Manager look handy. Still the best for recording Skype video calls.

Tip: How to run two Skype 4.0 instances at the same time.

Skype Your Stylist: Cyber Cuts in the New Age. 15 minute previews of your new hair.

Star Trek USB Communicator. Generic USB speakerphone, volume controls, with velcro for mounting.

tags: skype, cnn, video, earcandy, linux, nsa, security, terrorism, stats, statistics, pamela, tip, startrek

Talk with Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

China requires real names of online gamers

Online gamers have to give real names (China Daily), eroding the privacy that comes with anonymity and pseudonymity. How long until TOM-Skype is required to compel its users to give up their identities too?

Anonymous communication is a right. It allows political free speech. It protects people who blow the whistle on evil. It lets people call for help without retribution. It empowers people to explore their wild sides. Privately.

So anonymity in Skype is important. Skype users can be anonymous on Skype up to the point they spend money. Will Skype comply when China asks for your real name? Will Skype require TOM-Skype users to give real names too?

That's Skype's next moral challenge.

tags: skype, china, tom-skype, privacy, security, freedom, identity, id, regulation, anonymity, pseudonymity

Talk with Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

photo: Scott Beale / Laughing Squid

die... now

tags: skype, spim, spam, spit

Talk with Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

Would you trust Skype with your vote?

I've been wracking my brain for the defining Skype moments of 2008.

It comes down to Skype's identity. The marketing, psychology, defining oneself sense; not the login, badge sense.

Brand marketers may talk of lovemarks, but trust comes before love. We trust Coke products to be Coke-like in taste, feel, fragrance, color, and packaging, for example. We trust products not to hurt or endanger us (unless you're into that kind of thing). We trust brands to keep their promises.

The people of Estonia trust their electronic voting systems with the fate of their nation. In a country that recently survived cyberwar, that's a lot of trust.

Estonia conducts elections online.  Building on successes in 2005 and 2007 they recently approved voting with mobile phones by 2011. The Estonian National Electoral Committee (VVK) will provide SIM chips to Estonian voters for free. The special chips from AS Sertifitseerimiskeskus (SK) will authenticate voters and keep vote transmissions secret using public key encryption.

Would you trust Skype's technology and Skype's business with your vote?

If you asked me in 2007, I'd have said yes. Skype's brand promises privacy and safety. Outside security experts applauded Skype's authentication, strong encryption, and ability to bypass most obstacles. Skype is an eBay company (though few people know this) and borrows some of our trust of eBay and PayPal.

I'm unsure now, as 2009 starts.

Skype's technology is strong but incomplete. Skype's encryption is end-to-end, from Skype client to Skype client. Nobody can listen in. So the weak points are the end points: a user's PC or Skype-enabled device and the gateway to the the voting system. Secure those end points and you'd have a pretty secure system.

That's not the whole story, though. We learned in 2008 that Skype shared a copy of their desktop source code with the TOM-Skype joint venture in China. That includes Skype's authentication (proving who you are) and encryption (foiling eavesdroppers) code.

We don't know how many people, including TOM-Skype former employees, contractors, and members of Chinese security services, have access to that code. (Hypothetically, if I offer a $1000 bounty, would someone sell me a copy?) Many people have the means to interfere with an election conducted through Skype. Given time, we know a way finds itself in the hands of those with a will. 

Speaking of intent, let's return to the joint venture. Skype's founding executives traded code for access to China. China is now Skype's largest market. The new executive team tightened up operational security, minimizing unauthorized access to log files, surveillance, and source code.

Despite Skype's 2008 policy review, the original deal stands:

• TOM-Skype gets a copy of Skype's source code with each major release,
• TOM-Skype modifies the Skype software to comply with China's government agencies,
• TOM-Skype shares data collected with users with Chinese agencies,
• TOM-Skype does not disclose that privacy breach to customer before or after sharing. 
• Skyper's talking with a TOM-Skype users are surveilled like TOM-Skype users

This is the arrangement we know of. We don't know if Skype agreed to similar arrangements with, for example, EU law enforcement or USA intelligence agencies.

Landline and mobile phone companies have long given keys to their networks to law enforcement and communications intelligence agencies. We're accustomed to the rule of law applying to our phones. We hope, we assume, we believe, perhaps naïvely, that our phone company keeps our secrets.

It is sad to let go of those illusions regarding Skype.

So this goes back to Skype's brand promise of privacy and security.

Do you trust Skype? 

Would you trust Skype's corporation with your vote?

With your country? With your liberty and freedom?

I'm less certain.

 

photo: Coca-Cola Blāk by The Rocketeer

Skype sued for old money

Do you want your money back after 180 days?

Skype's long taken credits from accounts it deems abandoned. Seattle lawyer Roger M. Townsend filed suit Friday on behalf of all Skype users in Washington who lost money this way.

The plaintiffs say a Skype account should be treated like a merchant's gift certificate. In Washington state, all gift certificates are refundable by law (and balances are turned over to charity 24 months after being abandoned). So Skype should be giving back a Washingtonian's money instead of keeping it.

If Skype broke the law, then plaintiffs want triple damages, legal fees, and for Skype to stop the practice. "Our goal is to get a fair disposition" Townsend said to Skype Journal.

The claim says Skype has billing information good enough to identify and notify all Washington Skype users about the suit. 

A similar suit in Germany ordered Skype to stop this in 2006.

So how could this affect Skype and Skype users?

The suit may not find a legal nexus. But Skype does business with Washingtonians daily.

Skype may win. It's not clear Washington's gift certificate laws apply to something that is neither a gift certificate nor a bank account. However there are enough similarities that Skype may be held to that standard.

Should Skype lose, while this class action is limited to one US state, suits in other populated states may follow. Other states have similar gift card consumer protection laws, but terms vary a lot from state to state.

I don't imagine the business impact would be severe. Skype has been driving customers to switch from Skype credit accounts to signing up for pay-as-you-go subscription plans for years.

Has Skype taken your money? How did it feel? Would you like it back?

2008 Skype Class Action

Publish at Scribd or explore others: Business Skype Journal Skype s

tags: skype, security, law, terms, conditions

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

Laptop thief, caught by Skype users, sentenced

We reported Utah actor arrested in laptop theft; caught answering Skype video call in July. Michael Birkeland pleaded no-contest to Class A misdemeanor theft charges Wednesday. Full story on the Deseret News.

tags: skype, utah, security

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

GMail Voice and Video Chat: Threading Voice and Video Into Email Dialogues

Earlier this week the GMail weblog announced GMail voice and video chat; basically they are designed to add voice and video modes to an email thread; from the GMail blog post:

... today we're launching voice and video chat -- right inside Gmail. We've tried to make this an easy-to-use, seamless experience, with high-quality audio and video -- all for free. All you have to do is download and install the voice and video plugin and we take care of the rest. And in the spirit of open communications, we designed this feature using Internet standards such as XMPP, RTP, and H.264, which means that third-party applications and networks can choose to interoperate with Gmail voice and video chat.

This afternoon I had an opportunity to try it out with Hudson Barton; publisher of the Borderless Communicator weblog and tracker of "Real Skype Users". We had a 20 minute conversation using my Logitech QuickCam Pro for Notebooks on a Wiindows laptop and the webcam on Hudson's MacBook. There are two viewing sizes available: a 225 x 140 window inside the GMail tab of a Firefox (or other browser) session and an optional pop-up window that goes to 430 x 270. We were only able to determine that it provides a "letterbox" 1.6 width-to-height ratio (as opposed to the 1.33 ratio of "standard" video), but not the frame size or frame rate actually being transmitted over the Internet. As for CPU usage, the "googletalkplugi.exe" was using between 10% and 17% of my CPU. With no accessible statistics along the line of Skype's option to display call statistics, it was not possible to drill down further. Both audio and video quality were clear and crisp - quite acceptable for a basic one-to-one conversation. Echo cancellation was apparent; Hudson was using the native speakers and mic of his MacBook with no perceivable echo..

It's definitely not up to the feature set of Skype but here's where it fits in:

• GMail certainly has a large user base, same order of magnitude as Skype.
• It's easy to forward your standard POP/IMAP email account to GMail; I use this feature both for the resulting search capability and the available access to GMail on multiple devices, including smartphones.
• It provides real time conversation mode options for GMail threads being read on a PC. While reading an email and running the cursor over the sender's name, an option pops up to respond to the email message by email, Chat or Voice/Video based on the sender information as shown in the graphic above.

I would classify GMail Voice and Video Chat as a very mild competitor to Skype, suitable for basic "free" voice and video as a conversation enhancer. There's no way to establish or check audio and video settings; there's no access to the PSTN; we are not aware of the security level of the conversations. While the video is quite good, it certainly does not meet Skype's High Quality Video standards. It's a perfect example of embedding voice and video into an application as a feature but it's not a standalone real time conversation software application. When I consider the rejuvenation of Global IP Solutions and look at its customer base, I can foresee many other forthcoming instances of embedded voice and video as a feature within an application.

Note: as for the installation issues that Aliza encountered, I simply went to the URL suggested in the GMail weblog post and installed the plug-in (with the browser open). But then you have to restart your browser (in my case Firefox); initially the "video availability indicators" (as represented in the graphic above) were not present but I had to head out from my office at that point. When I came back to my PC four hours later, they had appeared. Chat pixel dust from the (Google) cloud in the interim is my only explanation. At the time of writing this post, its availability should have spread to many GMail accounts by the usual Google osmosis process.

Full disclosure; the author has had previous first hand experience with what was thought to be an application but turned out to be a feature. Quarterdeck's mid-90's effort at building a web browser as an application was thwarted when Microsoft decided to make its web browser (aka MS Internet Explorer) a feature within the Windows operating system.

Powered by Qumana

TOM-Skype Breach: Nart's Recommendations to Skype

This is the fourth and final of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".

Having discussed some background to Nart's research, the activities of the Citizen Lab and answers to Phil's questions, Nart had a couple of recommendations for Skype going forward. As background, the Citizen Lab is a affiliated with the BerkmanCenter for Internet & Society's "Principles on Free Expression and Privacy" initiative"to protect and advance individuals' rights to free expression and privacy on the Internet through the creation of a set of principles and supporting mechanisms for ICT companies".

The goal of this project is:

Through the articulation of a broad set of common principles, the development of resources for implementation and a compliance structure, this collaborative effort is working to formulate an industry-wide response to guide businesses when they encounter laws and practices that may contravene international human rights standards or be at odds with law or culture in their home jurisdiction.

Participants in this project include Microsoft, Google, Yahoo along with several human rights organizations. It is hoped that having a joint industry-activist initiative would help companies avoid situations similar to the one which Skype has encountered in its TOM-Skype relationship.

Update: as I was writing this post today, a New York Times story on this initiative, now called the Global Network Initiative, broke and has more details.

An initial draft document (update: final document to be released tomorrow) is under review amongst the participants but Nart brought out three recommendations for Skype that would be consistent with the guidelines in the draft document:

1. Include in Skype and/or the TOM-Skype client, as appropriate, an ability to provide notification to all participants in a conversation that a contact is participating in the conversation via the TOM-Skype client. In effect, this could be included in a more general identification of the version of Skype that other participants in a conversation are using. The reasoning for the providing version information was to let other participants know, via the version number, which feature set a participant can use in their Skype client installation.
   
2. When a user types a message that is diverted via the TOM-Skype filter, a message, indicating that the recipient is missing content due to government regulations, comes back to the initiating party. For example: "To comply with local laws, this message has not been displayed to your contact." Often Nart found conversations where someone would type a message repeatedly when it was apparent the receiving party was not understanding the message being sent, yet the sender did not realize that the message was being filtered.
   
3. Become a participant in the Global Network Initiative and its dialogue.

The hope is that, through an industry-wide initiative, foreign companies entering the Chinese market would have more negotiating power and a protocol for addressing issues that are raised in the process of establishing a business relationship in countries where the climate for free expression and human rights is restrictive. In an Opinion piece today, Om has other thoughts on the morality of this approach.

Tags: TOM-Skype, Skype, Nart Villeneuve, Citizen Lab, Global Network Initiative

Powered by Qumana

great googly moogly

(have you seen non-sexual skype spam?)

TOM-Skype Breach: Answers to Phil's Questions from 2006 SJ Post

This is the third of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".
Two weeks ago Phil republished an April 2006 Skype Journal post with about sixteen questions related to the TOM-Skype security breach discovered by Nart. My interview provided answers to several of these questions but I ran them by Nart for more completeness, where an answer or response was feasible.
1. Is TOM only filtering chats where at least one of the callers' accounts were signed up by TOM Online?
A: One party must have the TOM-Skpe client installed. For example, if you (a normal skype user) sign in via a friends Tom_Skype client you'll be filtered. If you (tom user) sign in on a normal Skype client, you won't be filtered.
2. Will TOM filter chats if both parties are Chinese nationals but outside the PRC, say traveling in the US?
A: It is all dependent on which client software is installed. If you are using TOM-Skype you'll be filtered no matter where you are (although the degree to which you are filtered may be dependent on your IP address). TOM-Skype would definitely have the Call Detail Record associated with the call.
3. Is TOM only filtering conversations where at least one of the parties are using the custom [TOM-Skype] version of the Skype client written for the joint venture?
A: Yes
4. Will TOM filter conversations using the TOM client being used by non-PRC nationals who are outside of China?
A: Since you have a TOM-Skype client here, Yes.
5. Does TOM's contract with Skype provide for disclosure to Skype and Skype users when their information is provided to a government official? Not at this time.
A: I don't know. It would be nice to have a Chinese speaker read the EULA you agree to on the install.
6. Are records of what the filter does kept? If so, by whom? Does Skype have or keep copies of those records?
A: Yes: TOM-Skype’s servers: unknown.
7. Does the filtering mechanism use a list of keywords? If so, is the list public? May I have a copy? Who has the list? How often does it change?
A: There is an encrypted keyfile that the TOM-Skype client downloads that I believe contains the keywords. There are also a few entries from the keyfile hardcoded in skype.exe (TOM-Skype version)
8. Are the keywords only in Simplified Chinese or are they in other languages too?
A: All languages but 60% English and 40% Chinese for the majority of conversations. English appears to be swear words, Chinese appears to be political.
9. Is China the only country where Skype and Skype's partner have set up filtering? Have you done any testing for any other countries?
A: I haven't tested any others.
10. Do all Skype chats have the potential for a hidden participant, whether human or a robot? ??
A: I don't know.
11. Are filenames for transfer subject to filtering?
A: There are logged messages that are essentially the "this file was shared with participants of this conversation" message.
12. Are people's names among the keywords?
A: Possibly SkypeID's (but not real names), but also names of Chinese political people e.g. Hu Jintao
13. Are the content of files transferred via Skype also subject to filtering?
A: Unknown.
14.. Does Skype encrypt end-to-end the IMs that are subject to filtering? ??
A: Yes. TOM added an addition layer to the client that uploads the messages.
15. In a multiparty, multinational chat, can I as an American citizen have my text to a British subject filtered if someone from Shanghai is in that chat too?
A: I am not sure about it being filtered (such as not to be displayed in the recipient's chat window) but it can be logged.

16. Are audio conversations, where at least one party is in China, being listened to, filtered or recorded?

A: Only the Call Detail Record, there appears to be no interception of the voice stream.
17. Are all calls filtered, or only if users meet certain criteria, or are conversations selected for filtering randomly?
A: Other than the call detail record I don't have evidence that suggests the content of voice calls were being filtered or monitored, but I wouldn't rule it out as a possibility.
Bottom Line: If your chat conversation includes someone using TOM-Skype, you can assume there may be filtering of chat messages and/or logging of Call Detail Records. Conversations where all participants are using the normal Skype client cannot be filtered or logged.
Next post: Nart's recommendations to Skype.
Tags: Skype, Citizen Lab, Breaching Trust, TOM Online, TOM-Skype, Nart Villeneuve, china, privacy, security, regulation

Powered by Qumana

garbled skies

"Report from 40,000 ft on AA's new WiFi service: It's very fast (YouTube works great) but Skype is blocked (calls are garbled)." - Philip Kaplan

TOM-Skype Breach: The Citizen Lab

This is the second of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".

After discussing the report itself and some of the follow up activity, we went on to talk about The Citizen Lab, its mission and its activities. From their own website they are "focusing on advanced research and development at the intersection of digital media and world civic politics". Nart described their activity as research on the politics of technology.
Under the leadership of Professor Ronald Diebert, their activities are carried out by graduate students with an undergraduate degree in either computer science or political science who join the lab to build up expertise in the other discipline while carrying out their research. They explore issues using their strong understanding of technology to "lift the hood" behind various politically and/or economically motivated intervention of web-based information exchange by governments and other agencies.
Assisted by a worldwide network of volunteers and a check list of relevant websites, they can develop a sense of the content that governments are censoring. According to Nart, all governments do some form of surveillance but definitely not to equal levels of resulting actions. At one extreme one finds outright blocking of content but the UAE has economic motivation to block Skype to protect a local communications monopoly. Apparently the Saudis are most interested in blocking porn. China obviously allows "uncensored" content to pass through but we are aware that Skype Journal is often blocked.
They will look at filtering techniques used by various countries, the type of content being blocked and try to determine the "local" government's policy environment in which filtering is taking place. At this point in time most filtering addresses websites but gradually some countries are moving into screening applications (as we have seen with TOM-Skype). There is also "social filtering" censorship activity that involves blocking of porn, drugs and gambling.
At this point companies, such as Google, Microsoft and Yahoo, are modifying their products to address various "local" issues. For instance, Google has modified their process for enquiries from designated countries to "pre-filter" results delivered from their own servers in the U.S.. But then they put out a notification for "filtered" results with the wording for some search results: "to comply with local law, some results are not displayed". On the other hand Google will not offer GMail accounts with a ".cn" domain name and does not make Blogger available in China.
The Citizen Lab also participates in a broader effort to develop guidelines for Internet companies operating in China. But, given that has much broader implications, it will be the subject of another post.
Next post: Answers to Phil's Questions

Tags: Citizen Lab, censor, filter, Nart Villeneuve, Ronald Diebert

Powered by Qumana

TOM-Skype Breach: Meeting the Primary Investigator

This is the first of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".

Last Tuesday afternoon I returned to a University of Toronto building I had last visited in its role as an engineering students' residence in the mid-1960's. Abandoned as a residence in the 1980's, the building was restored in the late 1990's to house the Munk Centre for International Studies, when the university's Centre for International Studies was designated as a strategic priority for future growth. In the basement of the former Devonshire Place South House, I found the Citizen Lab, "an interdisciplinary laboratory focusing on advanced research and development at the intersection of digital media and world civic politics".


I spent 90 minutes with Nart Villeneuve, the PhD student and Psiphon Fellow, who was the principle investigator resulting in the Citizen Lab's recently published "Breaching Trust: An analysis of surveillance and security practices of China's TOM-Skype platform". We covered a wide range of issues related to this report, from the initial contact with New York Times through to the follow up activities as a result of the report's release. We also discussed the broader mission of the Citizen Lab and some recommendations for how Skype should address the challenge of participating in the China market while making all parties aware that their conversation activity may be tracked.

Key points about the report and the follow up activity:

• A major issue to address in dealing with the media has been the confusion resulting because there is a need to separate out the security breach that allowed Nart to gather the data he has gathered and the functionality of the TOM-Skype servers resulting in the capture and logging of chat conversations and Skype calling activity. (There was no evidence of capturing voice calls themselves).
• As a result of reporting this breach prior to release of the document to New York Times, the security breach itself has been closed but there is no evidence that the actual information capture activity has ceased. Nart has been checking periodically to confirm that the security breach remains closed.
• There was a period of several hours between finally establishing contact with someone at Skype who could initiate action to address the security breach and the final close down of the breach. During this time Nart observed blocking of read access to the directories but since he knew the file names he was still able to follow a reconfiguration of the web servers, removal of sensitive files, such as an encryption key, and disappearance of the log files such that they were not accessible.
• While they have captured a significant quantity of call log data going back a year, they are being careful not to expose any of the detailed information which comprised both chat message logs and what amounts to call detail records for voice calls; more details are in the report itself. Basically they don't want to compromise anyone individually.
• While the log files are still under analysis, they have been encrypted while he continues to mine them for any additional information they may expose. Eventually it is his intention to destroy even these files.
• Messages were about 40% Chinese, 60% English with a small smattering of other languages.
• While it would be very difficult to reconstruct an entire conversation thread, as only each individual message was logged with no ready reference to other messages within the thread, they could build social graphs of conversing parties.
• There are at least two versions of the TOM-Skype client: a normal version and a second version with additional features such as a Baidu Toolbar; however, the promote.dll module in this can trigger off anti-virus scanners such as Norton.
• Other evidence that the servers had been compromised was the discovery that the servers were hosting "pirate" movies and had the appropriate software to support Bit Torrent transfers.

Nart had three definite recommendations for Skype; we also covered the broader issue of global enterprises doing business in China. These will be covered in future posts.
Next post: The Citizen Lab: Its broader mission and findings.
Tags: Skype, Citizen Lab, Breaching Trust, TOM Online, TOM-Skype, Nart Villeneuve, Munk Centre for International Studies

Powered by Qumana

Michael Robertson: Use Skype - Go Directly To A Chinese Prison

Reposted with permission from Michael Robertson's blog.

A research firm recently revealed that eBay and TOM are colluding with the Chinese government to spy on users of Skype. Together they monitored user's text chats and stored those containing politically sensitive topics like freedom, democracy, Tibet, opposition to the communist party and Falun Gong. They also track voice call participants. Presumably they turned this data over to the government and it's impossible to track how that data has been used.

“What people have been implicated by their Skype usage and subsequently interrogated, imprisoned or executed?”

If history can be a guide it's logical to assume that the data resulted in prison terms or worse. In 2005, Yahoo was involved in a similar disclosed incident in which it turned over emails to authorities which netted a 10 year prison sentence for a reporter who dared to talk about democracy. I wrote about it when it happened and questioned where one draws the line chasing the almighty dollar (or Yuan). Two years later Yahoo CEO Jerry Yang was in front of Congress explaining the situation and apologizing to the mother of the imprisoned.

In response to the revelation of spying on calls and instant messages a spokesman for Skype incredibly stated that Skype is "the most secure forum of publicly available communication." eBay points the finger at their Chinese partner TOM claiming they had "no knowledge or consent" of this privacy breach. This level of compromise requires access to source code which eBay would have had to provide them. Maybe eBay didn't have direct knowledge of these alterations. However no one can deny China's well known efforts to police and censor their citizens net activities which surely eBay executives know about. To provide the source code with no auditing or oversight shows at best a convenient excuse. One wonders how long this would have continued without the whistleblower and how many other countries Skype cooperates with to allow the same spying.

More likely at least some within eBay/Skype knew exactly what TOM was doing and consented because it gave them access to the enormous Chinese market. Its estimated that nearly half of Skype users are from China. This is why Cisco and others design special networking equipment enabling the Chinese government to snoop and lock down their country's net activities. Similar to Skype they are lured by the dollars awaiting any country that cracks the Chinese market.

I would call on eBay to be forthcoming with information on this situation by publicly disclosing details of this situation which will require tough questions of their partner and Chinese government. This would demonstrate that eBay's publicly stated "concern" is more than a press tactic. Specific questions eBay should answer include:

1. When did this spying start?
2. What users did it affect?
3. When specifically did it stop? Has it stopped?
4. What specific terms were monitored? (Users have a right to know if their messages have been implicated.)
5. What people have been implicated by their Skype usage and subsequently interrogated, imprisoned or executed?
6. What steps will be taken to defend these people or get their convictions overturned?
7. Has previously stored data been deleted? How can users be sure?
8. What will eBay do to insure that this spying isn't reactivated as soon as the press attention subsides?
9. What other companies and countries are monitoring Skype communications?
10. What auditing steps is eBay implementing to make sure this does not happen again?

Let me be clear about Gizmo5's policy and refute Skype's spokesman's claim that Skype is the "most secure". Gizmo5 doesn't spy on calls and messages and we wouldn't give that info to any government. We encrypt calls between Gizmo5 users and have given no one the decrypt key. We would not allow a partner or government to do wholesale monitoring of communications - no matter how many billions of prospective customers they have. If ordered to take action by a government that defies basic Western freedoms we would do it only under threat of imprisonment and the information would then be disclosed in this blog condemning the action and striving to defend any of those adversely impacted. I challenge eBay/Skype to do the same. Defend their users. Defend their brand. Defend freedom.

-- MR

Michael Robertson is an entrepreneur, co-founder of Linspire, SIPphone, and MP3tunes.

tags: skype, gizmo5, china, freedom, encryption, privacy, censorship

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter