Beware of Privacy Issues with Skype

no_skypeSkype was a wonderful decentralized peer-to-peer system that allowed voice calls between computers anywhere in the world. It even encrypted the voice conversations, making it difficult for anyone else to tap in and listen. Unfortunately, I have to say it “was a wonderful decentralized peer-to-peer system” as things have now changed. Worst of all, privacy and security seem to have suffered.

Microsoft purchased Skype in May 2011 for $8.5 billion. Since then, the previous decentralized peer-to-peer system that worked well has been converted to a new topology powered entirely by Microsoft-operated supernodes since May 2012. The 2013 mass surveillance disclosures revealed that Microsoft had granted intelligence agencies unfettered access to supernodes and Skype communication content. See How Microsoft handed the NSA access to encrypted messages in The Guardian at https://goo.gl/zWQOCh for details.

Ars Technica is reporting (at http://goo.gl/s117cB) that Microsoft has finalized the switch. From the article:

Microsoft has developed a more conventional client-server network, with clients that act as pure clients and dedicated cloud servers. The company is starting to transition to this network exclusively. This transition means that old peer-to-peer Skype clients will cease to work. Clients for the new network will be available for Windows XP and up, OS X Yosemite and up, iOS 8 and up, and Android 4.03 and up. However, certain embedded clients — in particular, those integrated into smart TVs and available for the PlayStation 3 — are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.

The issue, as the report points out, is that Microsoft is strangely not talking about privacy and security concerns. The article adds:

The Ed Snowden leaks raised substantial questions about the privacy of services such as Skype and have caused an increasing interest in platforms that offer end-to-end encryption. The ability to intercept or wiretap Skype came as a shock to many, especially given Skype’s traditionally peer-to-peer infrastructure. Accordingly, we’ve seen similar services such as iMessage, WhatsApp, and even Facebook Messenger, start introducing end-to-end encryption. The abandonment of Skype’s peer-to-peer system can only raise suspicions here.

Matthew Green, who teaches cryptography at Johns Hopkins, said: “The surprising thing here is not that Microsoft can intercept Skype calls (duh) but that they won’t just admit it.”

I deleted Skype from my computer and from my smartphone.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s