The video calling service Skype recently made a change to how it routes calls.

Yawn, right? But here’s where it get a little juicier: Hackers and bloggers are saying the changes, which push some of the video calling process onto Skype’s own computers instead of onto random machines on the Internet, could help the app spy on users’ calls, presumably at the request of a court or government.

“Reportedly, Microsoft is re-engineering these supernodes to make it easier for law enforcement to monitor calls by allowing the supernodes to not only make the introduction but to actually route the voice data of the calls as well,” Tim Verry, from the website ExtremeTech, wrote last week…

“In this way, the actual voice data would pass through the monitored servers and the call is no longer secure. It is essentially a man-in-the-middle attack, and it is made all the easier because Microsoft — who owns Skype and knows the keys used for the service’s encryption — is helping…”

Historically, Skype has been a major barrier to law enforcement agencies,” writes Ryan Gallagher at Slate. “Using strong encryption and complex peer-to-peer network connections, Skype was considered by most to be virtually impossible to intercept….”

Peter Eckersley of the Electronic Frontier Foundation…already does not recommend that people who live in authoritarian regimes use Skype, because of the relative likelihood that communications could be tapped…

“As of 2012 we don’t believe the Skype architecture is secure,” he said. “There are a lot of people out there, a lot of governments out there, that have the means to break Skype, and this remains true regardless of whatever Microsoft just changed.”

Mission accomplished, eh?

  1. McCullough says:

    Don’t take this the wrong way, but I’m beginning to understand what Kazinsky was referring to.

    Now where is that cave opening again?

  2. The Monster's Lawyer says:

    If you think anything you do over the internet is private, you are insane or supremely naive.

    • spsffan says:

      Well, yes. But consider that you have just described 90% of the American people.

      If you want at least the possibility of privacy, use corded, land line phones. On both ends of the conversation.

      If you’d prefer not to pay the price, be prepared to be listened to. Simple as that.

      • Glenn E. says:

        “If you want at least the possibility of privacy, use corded, land line phones. On both ends of the conversation. ”

        No, think again. Try two drinking cups and some string. The NSA monitors ALL telephone signals. Not just the cordless and cellphone kind. You want a private conversation? Go to a large public water fountain (working). So the background noise masks against telescopic mics (why do you think they build and maintain those eyesores?). And both parties must hide their mouths, while speaking. So a video camera can’t be use to read lips.

    • dusanmal says:

      Skype (if used with proper encryption) was private to the extent that many controlling regimes banned its use in their countries.
      Problem is deeper and more obvious than article states. I do not have a link but am 100% certain that I heard/seen MS itself stating that it will cooperate with FBI and like and install a back door into Skype software (news came very soon after they bought it) to facilitate easy wiretapping. This new development may simply be extension to previous versions of software over which MS didn’t have control.

    • sheila says:

      amem brother

  3. NewformatSux says:

    Anyone who uses Skype is guilty of outsourcing.

    • orchidcup says:

      Getting something for free is not outsourcing.

      Outsourcing is corporations that take jobs away from Americans and give them to foreign countries.

      The CEO’s of corporations don’t seem to grasp the simple concept that outsourcing to produce cheap goods that are sold here does not provide them with much of a customer base to consume their cheap crap.

      • NewformatSux says:

        You are taking business away from the local phone company that hires local employees, and giving that business to a foreign service provider to save some money.

        • orchidcup says:

          I won’t give my business to a company that charges $220 per month for a landline phone anyway. They didn’t lose any business they didn’t have in the first place.

  4. bobbo, the pragmatic existential evangelical anti-theist says:

    I just gave up my phone for Skype. Plan on saving $700 per year with no spam calls during dinner. Callee’s say I break up a bit–could be my 10 yo door stop of a microphone.

    during the set up Skype shows a signal strength meter of the microphones reception. Sure would be nice if the same thing would appear while a call is being made. I like meters and stuff.

    … and yes==one is a fool to operate as if anything was private. Its good to lead a virtuous life like I do…. as we all do. Privacy concerns—the concerns of who exactly?

    • Uncle Dave says:

      $700/yr? I’ve been cell phone-only for years so I don’t know the costs of a landline, but I don’t remember paying anywhere near that much.

      • orchidcup says:

        Try $220 a month for landline because I live in an area where virtually every call is considered long distance, including a town 6 miles down the road.

        I have used Skype since day three and I have saved a bundle on phone calls.

        With broadband internet, nobody knows I use Skype except for the funny numbers that pop up on caller I.D.

        I don’t give a crap if somebody taps my Skype because I have nothing to hide from the government except my guns, income, and extensive library of blasphemous books.

        Privacy? Since the so-called Patriot Act went into effect, I don’t know why anyone would have an expectation of privacy, online or not.

        They are watching and listening to my every move. Good for them.

        • Agent In Charge Barnes says:

          And you are one boring SOB, let me tell you.

          • orchidcup says:

            Yep. I bore you bastards to tears.

            Stop whacking off to kiddie porn and go catch some of them Al Qaeda terrorists that are roaming the streets in droves.

      • bobbo, the pragmatic existential evangelical anti-theist says:

        Comcast triple play puts phone at 40 per month and wifey calls England 3 times a day just to stay in touch.

        I only make one call a month to Comcast to confirm how long the internet will be down.

        Did record my phone call using my soundcard recorder. My cheapo microphone sounded pretty good. My breaking up must be downstream somewhere.

        It was over 15 years ago using Win 95 that I first made a video call linking to a young girl in Rio. There was a 1-2 second lag in reception both ways. She turned her webcam around and we watched the Sun come up on Ipanema Beach.

        Don’t know why it took so long to make the switch.

      • NewformatSux says:

        Bobby gets charged $10k for a cavity filling. People take one look at him and add zeroes to the price tag.

  5. WmDE says:

    Moving the “supernodes” to Microsoft servers will probably make government spying easier, but it is probably not the main reason.

    Formally if Skype found you had a lot of bandwidth and lots of cpu cycles available your computer would wind up switching calls for Skype. Microsoft probably doesn’t want this to continue because it makes them squatters on other peoples machines. Not good PR.

  6. WmDE says:

    A Google Voice number with an Obihai adapter is very hard to beat.

    Thinking of letting my Skype number go. Starting to get telemarketing calls on it.

  7. NewformatSux says:

    This is the subject of JCD’s latest PC Magazine column, and he thinks it is good if Skye is being wiretapped, as it forces MS to keep the product at high quality.

    • orchidcup says:

      Yep. I like to tap into my audio loop and play several hours of girls moaning and groaning from one of those free porn sites between phone calls.

      High fidelity erotica courtesy of yours truly.

      It drives the spooks crazy.

  8. sargasso_c says:

    Skype is banned from many government and corporate IT infrastructures and it is actively firewalled out by many IT managers. They’ve known all along that it’s an information hole.

  9. nunyac says:

    Email is still the best for secure communication. Attach a self decrypting message. Use your imagination for conveying the key. Some of the PGP algorithms are pretty hardy.

    • orchidcup says:

      If I belonged to a terrorist cell or any criminal network, I would not communicate across any network by any means, whether cell phone, landline phone, or internet.

      I would meet my buddies in a noisy crowded restaurant or coffee shop and communicate face to face.

      I don’t care if the spooks read my dirty jokes to friends or my happy birthday wishes to Aunt Martha.

  10. Glenn E. says:

    Nothing! Repeat nothing, gets a license to operate commercially in the US, without cooperating with the Federal Govt. When it comes to allowing live monitoring. So no doubt Skype has an unencrypted back channel for the FBI and/or NSA, to monitor everything said, via it. And I’m betting every form of VPN is compromised.

    Steve Gibson was working on his own VPN called Cryptolink. But then he unofficially stopped developing it. I suspect he got the visit. And not being willing to adulterate his code. He just dropped the project, and obeyed the gag order. Because “they” don’t even want you to know that they do this sh*t. They’ve been doing it since 1945. So there really is NO “going dark”. As far as communications monitoring. They just want you to think there’s privacy. I wouldn’t even trust PGP, 100%. If it really worked, they wouldn’t allow you to have it. Some update, probably screwed with it.


Bad Behavior has blocked 6825 access attempts in the last 7 days.