Is Skype really secure? Skype and its privacy…

You all know the Wall Street Journal, one of the biggest and famous newspapers in the World. I have read an article in their web site titled “Spying on Chinese Skype“, I knew already about the Iran case, with the Iranian Government spying and/or cencuring their calls and/or text messages, whatever they are doing, people are not free andin my opinion it is not a democratic way for Iran.

These days I am reading with interest the forum “Anonymous in Iran” which my friend told me about. I think that forum is a very good source of informations not only for Iran but for Chinese people as well.  I hope I will be able to give my support to them and their questions as well, since this is a delicate subject and they have to legally be anonymous on the web.

All of you should know that there are two versions of Skype, there is the normal version and the Tom-Skype Version. The second one was developed for the Chinese market. Before going on reading this post, please read this, you will see what is Tom-Skype, and I would like you to comment this post and tell me whether you have found any words about loggin Tom-Skype chats, about censure for the Chinese user or something that makes us understand that Tom-Skype can be considered as the “end” of privacy of its users. Why I would like a comment? Because I read it once and I didn’t find anything, but maybe I didn’t read it properly… just curious to know what you think.

You all know about the Skype downloadable from www.skype.com, but you don’t know yet about the http://skype.tom.com/. As you could read, Skype and the Tom company work now together and they have more or less half of the revenue for the Chinese market. You would think it’s normal, but somebody thinks that it’s not so normal. Wasn’t it enought the normal Skype for Chinese people? Probably something is hidden? Mmmm… strange… reading the Wall Street Journal article about Tom-Skype there is a link to a study-report about it.
As we can see from the investigation conducted by Nart Villeneuve, the CTO of psiphon inc and the psiphon research fellow at the Citizen Lab, Munk Centre for International Studies, University of Toronto,
skype reported that:

• The text filter does not affect in any way the security and encryption mechanisms of Skype.
• Full end-to-end security is preserved and there is no compromise of people’s privacy.
• Calls, chats and all other forms of communication on Skype continue to be encrypted and secure.
• There is absolutely no filtering on voice communications.

But he says that:

• The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and
if present, the resulting data are uploaded and stored on servers in China.
• These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to
decrypt the data.
• The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party
of China.
• Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are
captured by the system.

Please, read the whole investigation process from the very beginning to the very end here: http://deibert.citizenlab.org/breachingtrust.pdf.

I am now thinking… If skype says that Tom-Skype is secure and there is no risk for privacy, but as we can see from this investigation it’s not right, can we trust the normal skype at www.skype.com?

About Skype Security I have read also that in Italy and other European countries like Germany and probably also Austria and or Switzerland are able to capture all the data from Skype, so Skype, the traffic of the most famous secure VOIP in the world can be captured and read easily by Scientific Police even if the connection is SSL encrypted. In the Italian most famous newspaper we can read that Italian Police persuaded eBay (Skype) to give them the telephone numbers of the callers, but in that article it is not specified whether they mean stationary phone or Skype phone numbers, but probably both; by the way Skype didn’t give the decryption key, so both the conversations and chats cannot be decrypted.

By the way, the Digitask company cooperates with the International Police forces to build and maintain some kind of trojan that the Police needs to install in the computer of the victim they want to control, but the Digitask want high money for this. You can read more about the Digitask controlling skype here: http://wikileaks.org/wiki/Skype_and_SSL_Interception_letters_-_Bavaria_-_Digitask, http://skypejournal.com/blog/2008/01/the_bavarian_intercept_proves.html.

How to be secure in internet? I don’t know… but we can try to encrypt all of our internet traffic…

If you are using a proxy, you have to pay attention because the traffic can be encrypted, but probably the DNS requests are not and your internet provider has a track of the websites/connections you made. When you use proxies, you need to redirect to the proxy also the DNS requests… I have written a guide for SSH tunnels, but it will be very useful for you if you have a Linux Server abroad. The guide is here: http://www.security-exchange.net/news/ssh-tunnel-connect-using-a-remote-internet-conncetion/.

If you are interested in the development of the future security that can make China and Iran citizens 100% secure on the internet is the Psiphon projet, please read here.
What we know is that in Europe probably Skype will be under control, surely not for everybody, but when there will be some suspected person as terrorists for example, skype can be controlled for those people. This will be the future war between World governments to the Skype owners, we still don’t know who will win in this war, but we know for sure that there are good reasons to control Skype for some people, but it should be strictly controlled so that there won’t be any kind of abuse of the control of the communication by any government authorities, so that normal people, a mother that talks with the children doesn’t have to feel controlled in the intimity.

Iranian and Chinese citizens, please read here: http://citizenlab.org/

I hope you have found here good informations. I would be grate if you could leave a comment. If I wrote something wrong, please tell me.

Thank you.

Any question? You need our FAST help? Go to our forum and as for FREE!