[liberationtech] skype

Thu Mar 21 05:29:18 PDT 2013

On 13-03-21, at 06:58 , Andreas Bader <andreas.bader at nachtpult.de> wrote:

> Louis Suárez-Potts:
>> One is tempted to suggest using other than Skype. Alternatives exist, and these are secure, at least according to their claims. As well, Skype's code is not transparent, in the way that other, open source, applications' are. 
>> 
>> louis
> 
> What alternative do you exactly mean?
> I know some of them running under Linux, but I rarely know people using
> them.

I was pointed to: 
http://wiki.ictd.asia/Secure_VoIP_Discussion_and_Tips

It's a pretty good page and I thank the suggester! 

BTW, the issue that Eric mentioned to me off list was that, of course, even though everyone knows it's probably imperfect, and lack of certain knowledge leads to the anxiety of imperfection, we all still use it. 

When I worked for large corporations, the policy was not to use it, regardless of whatever security provisions were tacked on (for one, we used OTR). No way to scrutinize proprietary works. Oddly, telephone was preferred! (Perhaps b/c the anxiety was related to enduser recordings….) What I personally used to use, and still do, on occasion, is SIP, in particular, SIIP+ZRTP. It's not even a pain to use. But if one is doing journalism (or any other kind of communication where there are constraints, exigencies), then we're back with Skype. It's not bad. It's just not as verifiably not-bad as one would like.

-louis

> 
>> On 13-03-20, at 22:39 , "Eric S Johnson" <crates at oneotaslopes.org> wrote:
>> 
>>> Dear LibTechers,
>>> 
>>> When Microsoft applied in 2009 for a patent on “recording agents” to surveil peer-to-peer communications, it was assumed they were talking about something they might implement in Skype.
>>> Skype in 2010 started rearchitecting its use of supernodes “to improve reliability.”
>>> MS stated in 2012 that the re-engineering is “to improve the user experience.”
>>> The recent report in the Russian media that MS can trigger individual users’ Skype instances to establish session-specific encryption key exchange not with “the other end” but with intermediate nodes (thus making possible inline surveillance of Skype communications—presumably VoIP, since MS already stores Skype IM sessions “for 30 days”)—dovetails nicely with suspicions that MS is making (or has made) Skype lawful-intercept-friendly.
>>> 
>>> But wouldn’t the above evolution require changes in the Skype client, too? Does anyone know of any work to identify whether it’s possible to say “if you keep your Skype client below version 4.4 [for instance], any newer capability to remotely trigger individually-targeted surveillance-by-intermediate-node isn’t (as) there”?
>>> 
>>> Best,
>>> Eric
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech