[liberationtech] The security and ethics of mapping in repressive environments
Jacob Appelbaum
jacob at appelbaum.net
Tue Feb 8 19:35:31 PST 2011
On 02/08/2011 07:11 PM, Danny O'Brien wrote:
>
> On Feb 9, 2011, at 9:19 AM, Jacob Appelbaum wrote:
>
> On 02/08/2011 01:29 PM, Katrin Verclas wrote: Would love to hear what
> the list thinks of this post:
>
> http://blog.standbytaskforce.com/?p=259
>
>
> They suggest using Skype for sensitive content - this is a horrible
> idea. Skype is absolute garbage if you're worried about state
> sponsored attackers. It's probably absolute garbage if you're worried
> about some people from the Chaos Computer Club too.
>
>
> <sticks head above parapet>
>
> I wouldn't mind someone spelling out the practical (or potential
> practical) attacks on Skype in more detail. Skype use is incredibly
> prevalent among at-risk media and activists. Right now I'd say people
> feel it falls in the "gmail" category – not the best thing to use by
> a long chalk, but certainly better than nothing.
>
I'd start here:
http://www.google.com/search?&q=skype+traffic+analysis
I'd also read this:
http://en.wikipedia.org/wiki/Skype#Security_and_privacy
Gmail is very different from Skype in so many ways that it's not a
meaningful comparison. It uses only open standards for the transport
layers and then it is like most other email systems - there is simply no
protection. It doesn't really do voice, etc - though I suppose Google's
voice service is worth looking at - I bet it does not provide very many
security properties that are useful for activists.
As a point - Google really understands authentication and security
though - so it's less likely that your account will get popped by some
script kiddies.
> In particular, I haven't seen a good outlines of how the Skype
> protocol itself is compromised or could be (though there's a fair bit
> of work on reverse-engineering it). The in-the-wild attacks on Skype
> users I *have* heard all involve attacks that compromise the client
> or obtain user passwords through malware. That combined with the
> circumstantial evidence that of state-actors' apparent fury at Skype
> for not providing intercept access would seem to point that it's not
> *garbage* per se. Or at least make it hard to compellingly onvince
> people to move off it.
>
You're certainly not alone but that does not make Skype secure. Issues
like Tom Skype are perhaps the most well known and it seems to show
evidence of a trend that is probably worth extrapolating.
It also seems quite clear to me that Skype needs to prove that they are
secure and the burden is not on us to prove it insecure. In any case,
I'd love to link you to a serious architectural example. For example, if
Skype uses a VBR codec, we know that this will have serious security
ramifications:
http://www.technologyreview.com/Infotech/20913/?a=f
http://zfoneproject.com/faq.html#vbr
And sure enough - Skype's use of a VBR codec means that even if their
crypto isn't backdoored to high heaven, we have... bad news for users:
"Skype's VBR codec leaks information
regardless of the quality of the
encryption, which may allow phrases to
be identified with an accuracy of 50-90%"
In summary - stop using Skype - it's closed source, proprietary garbage.
Zfone is also non-free software but at least it's an open spec with
people who absolutely refuse to backdoor or bugdoor their software.
Seriously. If you do high risk work and you use Skype - you are probably
putting people at risk - stop doing that!
All the best,
Jacob
More information about the liberationtech
mailing list