Safety of Skype Overseas

Let me preface this post with the following caveat. I am not an expert in internet security and what I present is my impressions of what I’ve read on the internet. Just recently I received an e-mail from a colleague asking if it is safe to use Skype to communicate with people in China. She had heard from friends that in spite of point to point encryption they had heard that there there were security concerns with Skype reported recently. Very good question. I had heard the same reports and vaguely recalled that it had something to do with Skype servers hosted in China. I did some research last night and found out the following.

It sounds like the major issue back in October 2008 (when all this broke out) is in text messaging or Skype chat when you or the person you are communicating with is using china’s TOM software in contrast to the official Skype softare from Skype in the U.S.  (see message from the President of Skype,  http://share.skype.com/sites/en/2008/10/skype_president_addresses_chin.html).

According to the original white paper “Breaching Trust” on the topic by Nart Villenveuve of the University of Toronto Citizen Lab as reported on by http://www.fiercevoip.com, there are two ways that privacy was breached. First in text chatting, the Chinese software TOM (licenced by Skype in China to act as a official Skype software connector) was monitoring for specific words (mostly political) and if they found any of these words they censored the words and then logged the message and the user information of people. Once tagged, the text chat activities of these people into China were logged. For voice, there is no evidence of direct spying but there was a privacy breach in that TOM did log all user information of callers. So, they log who is calling who but not what they are saying to each other. So… Don’t use TomSkype software. It is not secure. According to Skype, if you use just pure Skype software from Skype itself it is okay.

Skype is one of the more secure ways of communicating with students and friends in other countries and yet as we see here even they can have some security weaknesses. I guess it goes to show we always have to be careful when we are using any communication system (even phones) as all these systems use common open wires or airwaves which can be hacked at any time.

One tip for this sort of thing is whenever communicating to people in places where there are security concerns (e.g. where, a spybot might be looking for words to look for good spam victims) use a code for speaking to each other.  If you have to use “dangerous, politically charged words” when on text chat you should disguise it using agreed upon substitute words or at least using weird letters in the words (e.g. Using “Ti~bet” for “Tibet” or something like that).

It sounds like in the above scenario direct Skype to Skype voice communication was fine and encrypted end to end using SSL technologies. Still, no encryption is perfect and if a large well resourced entity really wanted to get something from the internet they could. So I would be a little careful but for now I would trust Skype for most communication.

As I said before, this is one man’s opinion. I would love to hear your comments about this important topic.

Be Sociable, Share!

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.

Comments

No comments yet.

Leave a comment

(required)

(required)