[liberationtech] The security and ethics of mapping in repressive environments

[Danny O'Brien]

On Feb 9, 2011, at 9:19 AM, Jacob Appelbaum wrote:

On 02/08/2011 01:29 PM, Katrin Verclas wrote:
Would love to hear what the list thinks of this post:

http://blog.standbytaskforce.com/?p=259


They suggest using Skype for sensitive content - this is a horrible
idea. Skype is absolute garbage if you're worried about state sponsored
attackers. It's probably absolute garbage if you're worried about some
people from the Chaos Computer Club too.


<sticks head above parapet>

I wouldn't mind someone spelling out the practical (or potential practical) attacks on Skype in more detail. Skype use is incredibly prevalent among at-risk media and activists. Right now I'd say people feel it falls in the  "gmail" category – not the best thing to use by a long chalk, but certainly better than nothing.

In particular, I haven't seen a good outlines of how the Skype protocol itself is compromised or could be (though there's a fair bit of work on reverse-engineering it). The in-the-wild attacks on Skype users I *have* heard all involve attacks that compromise the client or obtain user passwords through malware. That combined with the circumstantial evidence that of state-actors' apparent fury at Skype for not providing intercept access would seem to point that it's not *garbage* per se. Or at least make it hard to compellingly onvince people to move off it.

d.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110208/a17bbaee/attachment.html>