[liberationtech] skype

[Jacob Appelbaum]

Eric S Johnson:
> Dear LibTechers,
> 
>  
> 
> When Microsoft applied in 2009 for a patent on "recording agents" to surveil
> peer-to-peer communications, it was assumed they were talking about
> something they might implement in Skype.
> 

Perhaps.

> Skype in 2010 started rearchitecting its use of supernodes "to improve
> reliability."
> 

It is a matter of total control as much as anything, I think.

> MS stated in 2012 that the re-engineering is "to improve the user
> experience."
> 
> The recent report in the Russian media that MS can trigger individual users'
> Skype instances to establish session-specific encryption key exchange not
> with "the other end" but with intermediate nodes (thus making possible
> inline surveillance of Skype communications-presumably VoIP, since MS
> already stores Skype IM sessions "for 30 days")-dovetails nicely with
> suspicions that MS is making (or has made) Skype lawful-intercept-friendly.
> 

I believe that Skype has been interception friendly in various meanings
of the phrase for quite some time, if not always.

>  
> 
> But wouldn't the above evolution require changes in the Skype client, too?
> Does anyone know of any work to identify whether it's possible to say "if
> you keep your Skype client below version 4.4 [for instance], any newer
> capability to remotely trigger individually-targeted
> surveillance-by-intermediate-node isn't (as) there"?
> 


No, I don't think so.

As a side note, older versions of Skype have the added benefit of being
targets for attack that will allow someone to use it as a malware vector.

All the best,
Jacob