[ale] Skype on Linux

JD jdp at algoloma.com
Fri Apr 20 09:54:34 EDT 2012


<snip>

> Security concerns noted and appreciated.  While I understand where you're coming
> from, (and each user is different), I don't use Skype for sensitive comms.  
> Mainly business stuff between colleagues (and Skype is the standard where I
> work, so I more or less have to use it for that), and talks to my family about
> dull family stuff when I'm away from the house.
> 
> Given that Skype's data goes through a (large?) number of different routers,
> networks, and such before and after it hits Skype's/MS' servers, worrying about
> MS specifically recording my calls is actually the least of any worries I'd have
> (if I had any to begin with).
> 
> In short, I'm less concerned about THAT attack vector on my calling since I
> believe there are so many other easier ones*.  And the NSA has  all my data already.
> 

<snip>

Main points about using Skype now that MS owns them was concern over good Linux
platform support.  In my use of SisToSip, I learned that most businesses using it
* setup skype on Linux servers
* used an old, now unavailable, version of Skype for the best sound and
stability - v2.0.0.72 (I believe, but this is from memory)
* were extremely concerned that MS would introduce incompatibilities so their 3+
yr old version that doesn't crash and doesn't need to be rebooted weekly/daily
no longer worked

In my months of using it inside a VM, I ended up having to automatically restart
skype daily so it didn't crash and inbound calls would ring. I also had it setup
to send and receive normal POTS telephone calls. Picking up any regular handset
in my home and using the dialpad to make calls worked ... once I started the
daily reboot and if there wasn't a Skype system-wide outage. Early on it was
often frustrating when the first inbound/outbound call of a day failed until I
killed Skype on the server and restarted it.

I haven't used Skype much the last year, so perhaps it is better?

As to whether MS can or will be able to record skype calls ... if they have a
court order and I'm inside the USA, then I don't have any issue. Of course, I
have an expectation of privacy in any form of communication, especially voice,
regardless of the actual technology employed.

It is when they do it as a favor for any government anywhere or just for fun,
that I'm concerned. I haven't read the methods proposed to record calls by MS. I
thought that if one side of the skype call had an open inbound port, then no
"supernode" was involved in the call, so no 3rd party would be needed after the
initial "what is your IP" was determined. I thought that opening an inbound port
for skype turned the system into a supernode for others to leverage, so this
isn't a perfect solution. Seems that recording would need to happen on one of
the systems involved in the call and transmitted to a remote system.

I also read that a team had reverse engineered the Skype encryption and released
the code
http://www.h-online.com/security/news/item/Skype-s-encryption-procedure-partly-exposed-1034577.html
. That doesn't mean the encryption has been cracked.


More information about the Ale mailing list