[liberationtech] Debate brewing on @Liberationtech Twitter

[Nathan Freitas]

> On Fri, 4 Mar 2011 11:59:32 -0800
> Yosem Companys <companys at stanford.edu> wrote:
>> Is Skype not safe for activists?  Perhaps folks can chime in here, and we

For many activists, it is really the best option out of a selection of
no good option.

On 03/04/2011 04:56 PM, katmagic wrote:
> The short answer is no. The long answer is that it depends on who you want to
> be safe from. If you trust Skype Limited, Skype seems relatively secure against

Excellent comments from katmagic, but the actual threat I have seen
many, many times is simple social engineering.

Skype has the poor design of emphasizing the "Full Name" (which can be
anything) over the actual username/handle (which is unique). In the
default buddy list view historically, it has shown the "Full Name" only,
and the actual username only came up if you did a "View Profile".

This means that it is very, very easy to impersonate another user to the
untrained eye, especially with the default Skype "Let anyone chat with
me even if they aren't my friend" mode set to true.

The resulting scenario is that anyone can impersonate you, contact your
friends via chat, gain their full trust, and very quickly send an
infected file transfer to them or ask them any question they'd like.

This is not theoretical - it has happened countless times within Tibetan
activist groups, who rely upon Skype pretty heavily (unfortunately).

The take away is then, that you might not be able to get people to stop
using Skype, but at the very least, you should help others lock it down,
form better habits around verifying identities, and form non-realname,
non-obvious handles/usernames.

+n