[liberationtech] skype

Michael Carbone michael at accessnow.org
Thu Mar 21 18:36:47 PDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anyone looked into the reports that Skype leaks your IP address?
Apparently you do not have to interact with the person whose location
you are interested in to be able to get their IP address.

https://krebsonsecurity.com/2013/03/privacy-101-skype-leaks-your-location/

http://blogs.wsj.com/cio/2012/05/01/skype-knew-of-security-flaw-since-november-2010-researchers-say/

Michael

On 03/21/2013 07:12 PM, Yosem Companys wrote:
> Yes.  I meant that the superior technical solution could not
> provide better branding/usability in my hypothetical example.
> There are plenty of examples of superior technologies having great
> branding. Case in point is Procter & Gamble, which is successful in
> part because it only makes marketing investments in products with
> superior technologies because its research has consistently shown
> that consumers aren't loyal to a product unless it demonstrates
> technical merit in use.  In other words, you can persuade people to
> try your product, but if it is not technically superior, they will
> use your competitor's,
> 
> On Thu, Mar 21, 2013 at 4:04 PM, Brian Conley
> <brianc at smallworldnews.tv> wrote:
>> +1 Yosem, except I take issue with the last point.
>> 
>> I don't think its always that superior technical solutions
>> *can't* provide better branding/usability, its that they choose
>> NOT to, or in the past have even demonized anyone who thinks
>> there is value in such things.
>> 
>> luckily this is changing!
>> 
>> B
>> 
>> On Thu, Mar 21, 2013 at 2:36 PM, Yosem Companys
>> <companys at stanford.edu> wrote:
>>> 
>>> Rich, that's because you're not thinking like the average
>>> non-technical user, who usually does the following:
>>> 
>>> The user hears from a friend that she can make calls for free
>>> over Skype. So she clicks on the Skype link.  Skype has
>>> millions of users, meaning it will be around for a while. The
>>> Skype website looks visually attractive, meaning that it must
>>> have a lot of developers.  More recently, it is owned by
>>> Microsoft, which the user trusts for similar reasons.  "Most
>>> large, stable, visually-striking brands can be trusted," the
>>> user thinks.  She doesn't think for she doesn't know that
>>> "Microsoft has been attacked a lot."
>>> 
>>> Now, the user installs Skype.  She clicks through a few steps,
>>> easy enough.  That's a low barrier to adoption.
>>> 
>>> Next, the user sees all their family and friends on there.
>>> "Great," she thinks. "Now I can call that friend who told me to
>>> install it."
>>> 
>>> After that, the user reads in a news article that Skype is
>>> insecure. "That sucks," she thinks. "But it's not like I do
>>> anything confidential on there anyway."  Or, perhaps, she
>>> thinks, "I haven't done anything wrong, so who cares if I'm
>>> being watched. I'm glad the government is looking out for those
>>> terrorists."
>>> 
>>> To the extent that the user cares about security, now she needs
>>> to figure out what's the best secure alternative out there.
>>> But notice what happens: There's no large, established
>>> competitor that is secure.  Those competitors don't have
>>> brands.
>>> 
>>> To the extent that the user finds a secure competitor, say
>>> because Consumer Reports published an article on it (for the
>>> average non-technical user may not know of EFF), then she might
>>> click and check it out.  She might ask her family and friends.
>>> But their family and friends have never heard of it and, even
>>> worse, are not on it.
>>> 
>>> "I care about my security," she may think. "So I will try it
>>> anyway."  But all the time it gnaws at her that she doesn't
>>> know the competitor's name and that she has to take a leap of
>>> faith to install it.  The company says it's open source.  "What
>>> the heck does that mean?"  She thinks.  "What if this company
>>> is untrustworthy?  What if this company goes under and sells
>>> my data?  What if..."  Too many barriers to adoption.
>>> 
>>> We always think, "let's make the most private and secure
>>> solution," forgetting that users care about many brand
>>> attributes that the most superior technical solution can't
>>> provide.
>>> 
>>> On Thu, Mar 21, 2013 at 1:05 PM, Rich Kulawiec <rsk at gsp.org>
>>> wrote:
>>>> On Wed, Mar 20, 2013 at 11:17:03PM -0400, Louis Su?rez-Potts
>>>> wrote:
>>>>> One is tempted to suggest using other than Skype.
>>>>> Alternatives exist, and these are secure, at least
>>>>> according to their claims. As well, Skype's code is not
>>>>> transparent, in the way that other, open source, 
>>>>> applications' are.
>>>> 
>>>> I'm more than tempted: I can't understand why anyone would
>>>> even consider using Skype.  It's closed-source, therefore it
>>>> must be presumed insecure. Nothing Microsoft says about it
>>>> can be trusted.  There is reason to believe that it's been
>>>> successfully attacked by third parties.  &etc.
>>>> 
>>>> I dunno 'bout y'all, but I think that's enough to blacklist
>>>> it permanently. Done.  Over.  Next?
>>>> 
>>>> ---rsk -- Too many emails? Unsubscribe, change to digest, or
>>>> change password by emailing moderator at
>>>> companys at stanford.edu or changing your settings at 
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> 
>>> 
>>> -- Too many emails? Unsubscribe, change to digest, or change
>>> password by emailing moderator at companys at stanford.edu or
>>> changing your settings at 
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
>> 
>> 
>> 
>> --
>> 
>> 
>> 
>> Brian Conley
>> 
>> Director, Small World News
>> 
>> http://smallworldnews.tv
>> 
>> m: 646.285.2046
>> 
>> Skype: brianjoelconley
>> 
>> 
>> 
>> -- Too many emails? Unsubscribe, change to digest, or change
>> password by emailing moderator at companys at stanford.edu or
>> changing your settings at 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> -- Too many emails? Unsubscribe, change to digest, or change
> password by emailing moderator at companys at stanford.edu or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 

- -- 
Michael Carbone
Manager of Tech Policy & Programs
Access | https://www.accessnow.org
michael at accessnow.org | PGP: 0x81B7A13E
PGP Fingerprint: 25EC 1D0F 2D44 C4F4 5BEF EF83 C471 AD94 81B7 A13E

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRS7WgAAoJEDH9usG3Jz33KiMQAKpnwGI5j4ZaRUHBKAWVnQ9B
sIAMbe8hKyLHv2YpN3F/aBG/pVZS0xIqFjB/7606CkAamZoxWk6Gj0GItP5INOfE
AT+jrC7OJFHS3zIMZXsdCnOkwuuQaYYFd5uFomKgjiVnvcDPDF1OdV7+CmskXgq3
pWOWSQpUhIGPJjvyaM7gG0ezH6O3L1sd+5iFD1pIUYBOZHVeVLVuBbfUOMnLcFEi
IOY+tIj7t8oa7NeaUev2bds+cClEWCE/fzRJXk6rLyK2+/54B0uWFsjCZ6DWNmoD
tr/7ao0FNn+nIrLg4IvJ+leAwa95m1aQiO+DZi/348jMTWLu+aOASzCGqO+pNZJ8
11fDNsKjaCAB2fp9Y5VXQm5LVdx9QJESrbWxBTGXOpJ0nqO7/8kvleE3tsLdfTDn
AziJSuhsq0vSeWb7ZJppt62flfPl6T6e4oDm/sdIpmJOkkSz8g0geOO5wxNosfIV
NTKVb1cU2oStwNNQLcdZRBxWNLVnH0kSKwmMzLaGKoBCiaLtdjAAUiS/Wpr/EOsx
o/CVv4u058LZk5rIHtr39pKTSWhelPhED4VtJa/nuK8tv44IeHsfrJCjvsgff3Cl
FbR7OLhEQbUEcJqqsT8mK2vwq+spcrbKlmf6SG/nvs046w1e2fSmoZ4DeGCP1J+y
yY+HNfCZP/Zw8VGNBp3A
=wJru
-----END PGP SIGNATURE-----

More information about the liberationtech mailing list