Sophie - Skype - and why I'm not going to be using it any more
browse
my journal
September 2016
 

Date: 2014-08-01 12:47
Security: Public
xposthttp://soph.livejournal.com/237593.html
Tags:big posts, internet, link, nsa, privacy, request for comments, skype
Subject: Skype - and why I'm not going to be using it any more

If you use Skype, you may have noticed the number of people online on your contacts list dwindling a little lately.

I myself was signed out of Skype last night. I can no longer log in; my old version of Skype, 5.10, is now considered to be too old.

I can't say I'm *entirely* surprised about this; I was given ample warning that this would happen, and I just didn't heed it because the older version still worked long past the cutoff dates given to me. Unfortunately, this has left me with the problem of how to tell everybody that I'm probably not going to be using it any more. This is a shame, because I actually used it quite a lot.

Why will I not be using it any more? Why can't I just update to the newest version?

Well, for some people the answer will be that they're still using Windows XP, which the newer versions of Skype don't support. That's not the case for me, but if you know that a contact of yours has Windows XP and you haven't heard from them for a bit, that may be why.

But no, the thing for me is that I've been hearing a lot about how Skype is connected to the NSA. I probably don't need to explain why this is a bad thing, but it's possible some people reading this may not realise that the NSA collects data about you in bulk, including recording audio of phone calls, recording IMs, web sites you visit, and a lot of other things. Recently news came out that they were targetting the privacy-conscious.

To put it lightly, the NSA are violating your privacy quite deliberately and knowingly - even if you live in the US. (The NSA's states that it only applies data gathering to foreign countries, but I'm willing to bet that there are sites you visit that aren't sited in the US. Same applies if you live outside of the US and thought you were safe; if you use sites sited in the US (note: Dreamwidth is such a site), then the NSA is interested in you.

The NSA also lies about how much data is collected. It was thought that the NSA "only" recorded metadata about phone calls such as time/date, phone numbers of each party, etc. Turns out that's untrue; apparently, "At least 80 percent of all audio calls, not just metadata, are recorded and stored in the US". I am a little doubtful about that figure (and there is no evidence for this, unlike with Edward Snowden's leaked files), but if the figure is off then it probably isn't off by much. Even if the figure was 60%, that's still a frighteningly large amount.

I see no reason to believe that Skype is exempt from this, especially as there are news stories about Skype being connected to the NSA. (The linked article is just one such article.)

I also found out today that Skype comes pre-installed with Windows 8.1, which follows their phase-out of Windows Live Messenger (also known by many as MSN Messenger). This makes Skype an incredibly attractive target for not just the NSA but also for hacking/cracking groups. Mostly the NSA, though.

So what is someone to do? I believe I can no longer use Skype as a permanent solution. Note that using an alternative Skype client will not solve the problem; any recording of data would be server-side, so it really doesn't matter what client you use to connect to it. (Not that Skype has exactly had the best of compatibility with third-party clients anyway.)

Does anyone have any ideas?

Post A Comment | 9 Comments | Add to Memories | Tell Someone | Link



Plures House: Kerry - retroface
User: [personal profile] we
Date: 2014-08-01 15:22 (UTC)
Userpic:Kerry - retroface
Subject: (no subject)

I'd heard about them forcing people off older versions (and we hate the most recent versions of Mac Skype), but not them being so tied in deeply with the NSA. There really needs to be a good alternative audio/texting service that's rather less linked in with the NSA than Skype and Google Hangouts currently are.

~K.

Reply | Link

brainwane
User: [personal profile] brainwane
Date: 2014-08-01 16:08 (UTC)
Subject: (no subject)

Sorry, this is a very quick link because I'm in a hurry at the moment, can talk more about this is you have questions: https://blog.mozilla.org/futurereleases/2014/05/29/experimenting-with-webrtc-in-firefox-nightly/

Reply | Thread | Link

Sophie
User: [personal profile] sophie
Date: 2014-08-02 01:35 (UTC)
Subject: (no subject)

Interesting.

Do you know how exactly this would work? Would it be a programmatic API thing like WebSockets, or would it be an actual client built into the browser?

I will admit that the fact that this is going to be widespread - even across browsers - makes me nervous. The fact that it's peer-to-peer helps but is not going to stop a determined NSA - especially because it's going to have to have some sort of NAT traversal functionality (unless it'll be on IPv6 only, of course...) and that's going to be a weak spot.

Reply | Parent | Thread | Link

brainwane
User: [personal profile] brainwane
Date: 2014-08-10 21:38 (UTC)
Subject: (no subject)

I'm sorry that I don't know quite enough to answer your question. The Mozilla and Chrome blogs have more information, I think, as does Chris Ball.

Reply | Parent | Link

MM Writes
User: [personal profile] marahmarie
Date: 2014-08-01 22:16 (UTC)
Subject: (no subject)

Oh Lord... *sigh* ... where to begin...

I'm going to get this off my chest and just say Skype sucks, anyway, simply because VOIP sucks. You'll recall I could not even barely make out a voicemail you left me using Skype years ago, and have still not called you back because of it (though that's not strictly true: my life got in the way of calling you back, if I recall correctly; also, neither here nor there, but I don't have that phone or phone number anymore).

Aside from that, I'm not sure why you would single out Skype for disuse besides the 'XP/incompatible OSs in general' issue. We can probably agree, as you said yourself (more or less, if not exactly) in your post that the NSA watches, records, and stores pretty much everything. Win 8.1 is known to ship with NSA backdoors. Routers are known to ship with NSA firmware; laptops sold online are guaranteed to come with the NSA pre-installed. Why single out Skype when it is the NSA backdooring/strong-arming their way into everything they can get into without limit? What is the point?

You're not going to gain privacy with any alternative that they can hammer their way into (and I personally think the NSA is where the world's best/most determined hackers work these days, so they're going to hammer their way into it, whatever it is).

Also, I have to thank you for one of your last posts on the NSA, because how else would I have ever learned I'm already a suspected terrorist just because I have ever once looked at the Linux Journal? Which, though I can't exactly recall, I probably have? Really, singling out Skype for avoidance, to me, is like singling out a kayak among a fleet of naval vessels attacking your shores. It's not going to amount to a hill of beans as far as protecting you from, uh, our friendly, helpful government that of course is simply looking out for our best interests. :)

Edited 2014-08-01 10:26 pm (UTC)

Reply | Thread | Link

Sophie
User: [personal profile] sophie
Date: 2014-08-02 01:19 (UTC)
Subject: (no subject)

Of course, you're right that the NSA is strong-arming its way into everything, and that they're going to be putting a LOT of energy into cracking/decrypting things.

However, to simply give up trying because of that is, I believe, not the best course of action. (Neither is simply searching for alternatives, of course; the *best* course of action would be to actively campaign against it. I have not ruled out such a course of action, but for now posts like these are the best I can do.)

There are still things that the NSA cannot decrypt. The NSA is not (yet) all-powerful; there is a modicum of privacy left in the world. (I am convinced that the recent shutdown of TrueCrypt is due entirely to the NSA being scared of something it cannot control.)

Why single out Skype? Two answers. Firstly, it's widespread, especially with its inclusion in Windows 8.1. It's a fact of security that the more widespread and popular a program is, the more scrutiny it's going to get. (That's why up until Mac OS X there weren't very many Mac viruses.)

Secondly, it has a major company behind it - one that's long been suspected of being in bed with the NSA. Microsoft, of course, denies that they're helping the NSA. They may even believe it officially - what the higher-ups don't know won't affect the stock prices. But somewhere Microsoft has their Room 641A, I can pretty much guarantee it.

The same thing, of course, applies to Google Hangouts. Heck, Hangouts is probably worse; Google know a lot more than Microsoft do about people and I have no doubt that Google's data collection is something the NSA very much want their hands on (and probably already do to some extent).

I'm talking about smaller things; Ventrilo, TeamSpeak, Mumble, etc. Of course, even those three names are relatively well-known, but it's far, far less likely that the people behind them have deals with the NSA; the NSA would probably have to resort to storing the encrypted audio streams as they flow and attempting to decrypt them later. [edit: They're also not centralised services, unlike Skype and Google Hangouts.]

So yeah, I do respectfully disagree that there's no privacy to be gained. I think there is; it's just difficult to find.

Edited (Linking an article related to TrueCrypt.) 2014-08-02 01:26 am (UTC)

Reply | Parent | Thread | Link

MM Writes
User: [personal profile] marahmarie
Date: 2014-08-02 01:48 (UTC)
Subject: (no subject)

The Sneakernet offers privacy. I trust nothing beyond that. I assume there's a backdoor on DW. On Yahoo. On Live. I assume all major companies are in bed with the NSA. I assume whatever the NSA hasn't cracked or hasn't pre-installed on at this point is simply because they don't have enough cooks in the kitchen to get it done. They will hire more cooks. It will all be accomplished. You're also forgetting that even if the program, app or tool you're using isn't explicitly in bed with the NSA doesn't matter because the NSA is spying over HTTP and all other protocols they've managed to crack/infiltrate/snoop on/whatever (or maybe you just missed this article). The tool you're using is always only half the story. Also, there's always a chance that those companies explicitly (knowingly) in bed with the NSA fear government takedown if they don't cooperate. Why else would they willingly allow it, especially after formally speaking out against it/denying at least some knowledge of it up to a point? Yeah, maybe corruption (money/payoffs) is at play but that can't be the full story. There is a culture of tremendous fear at work here. Corporations with everything at stake - their entire user bases who depend upon them, their profits - cannot possibly be immune from it.

*takes a deep breath*

Sorry to go off on a tear (and please know it's not against you personally and will never be) but I just want to get where I'm coming from on this more out in the open.

Edited (clarity, more info (link added)) 2014-08-02 02:11 am (UTC)

Reply | Parent | Thread | Link

Sophie
User: [personal profile] sophie
Date: 2014-08-02 02:35 (UTC)
Subject: (no subject)

I didn't miss that the NSA are spying over HTTP and other network protocols; that's why I mentioned the possibility that the NSA *could* store the encrypted streams even with products that might not explicitly have deals with the NSA.

I can't deny that it's true that we live in frighteningly non-private times, however. How do you feel about activism?

Reply | Parent | Thread | Link

MM Writes
User: [personal profile] marahmarie
Date: 2014-08-02 06:04 (UTC)
Subject: (no subject)

I feel like my government (not necessarily yours, as we live across the pond from each other) would put me in jail for it. Terrorism, you know. But other than that, yes on activism. I'm all for it and even want to do it. But I feel our problems (in the US at least) are much bigger than the NSA. Specifically, we have the power here, guaranteed in our own Constitution (ETA: I thought to look this up) written into our Declaration of Independence, to throw out everyone in office and start over and I think we should. And I'd much rather do that than protest the damn NSA since it might solve both problems - bad government and spying government - all at once. So I'm quite torn which problem to become most (or rather: at all) activist over since there is probably no point in wasting my time on both, as I feel even more strongly about the latter than I do the former.

*sigh*

Sometimes I wish it was still 2006. The relative innocence we enjoyed until then was both passing and priceless. I never wanted all that much to protest anything about government; I never had any real reason to.

Edited (self-correction) 2014-08-02 06:57 am (UTC)

Reply | Parent | Link