Skype is not only dangerous from a security by policy perspective, but is also dangerous from a security by design perspective — whereas they promise that conversations are encrypted, due to their closed-source nature this encryption cannot be studied or verified.
There are certain other projects have unverifiable encryption claims (no security by design,) but that go uncriticized due to good security by policy. One of those projects has so far also avoided criticism, even though it advocates itself as a secure Skype alternative *marketed especially at activists in dangerous situations*, due to its creators being good personal friends of many of the main critics in the security community. That being said, there still does remain a few projects that offer Skype-like functionality with *both* security by design and security by policy: Jitsi: https://jitsi.org/ Lumicall: http://www.lumicall.org/ RedPhone: http://www.whispersys.com/ NK On Sat, Dec 22, 2012 at 4:42 AM, Christopher Soghoian <ch...@soghoian.net>wrote: > Jake, > > The section of Skype's privacy policy that describes (with no real detail) > the assistance they provide to law enforcement agencies is exactly the same > text that was present before Microsoft bought the company. > > (See, for example: > http://web.archive.org/web/20100701074213/http://www.skype.com/intl/en-us/legal/privacy/general/ > ) > > I am just as skeptical of Skype's security as anyone else on this list. > This lack of trust pre-dates the purchase by Microsoft. > > I've tried, and failed over the years to get any data at all about Skype > and law enforcement surveillance from the company. > > I have better relationship with Microsoft, who are surprisingly open with > me when discussing privacy and surveillance issues relating to > hotmail/live/outlook and Bing. Unfortunately, I've not been able to learn > anything from my existing contacts at Microsoft about Skype. That part of > the company seems to be continuing their long practice of secrecy regarding > surveillance issues. > > Regards, > > Chris > > > On Fri, Dec 21, 2012 at 2:49 AM, Jacob Appelbaum <ja...@appelbaum.net>wrote: > >> Hi, >> >> In light of the recent thread on journalism, I wanted to share this link >> about Skype: >> >> >> >> https://en.greatfire.org/blog/2012/dec/china-listening-skype-microsoft-assumes-you-approve >> >> "With 250 million monthly connected users, Skype is one of the most >> popular services for making phone calls as well as chatting over the >> Internet. If you have friends, family or business contacts abroad, >> chances are you are using Skype to keep in contact. Having said that, >> you are probably not aware that all your phone calls and text chats can >> be monitored by the censorship authorities in China. And if you are >> aware, chances are that you do not consent to such surveillence. >> Microsoft, however, assumes that you do consent, as expressed in their >> Privacy Policy: >> >> "Skype, Skype's local partner, or the operator or company facilitating >> your communication may provide personal data, communications content >> and/or traffic data to an appropriate judicial, law enforcement or >> government authority lawfully requesting such information. Skype will >> provide reasonable assistance and information to fulfill this request >> and you hereby consent to such disclosure. >> >> All the best, >> Jacob >> -- >> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
