This is totally nit-picky, but strange use of the word "backdoor." When I read "backdoor" I was expecting to read about some malware-like functionality within the Skype client itself, but instead this is just telling us that Microsoft can read content after it is sent to them via the client and decrypted.
I would prefer Microsoft stopped scanning/reading my conversations, and I agree that what they're doing (e.g. accessing URLs) is a problem (and arguably illegal, given the recent case about someone accessing insecured AT&T URLs and going to jail).
Just think the original title could have been more clear.
A backdoor in their encryption protocol. They claim it is secure.
"The Skype Security Policy is:
...
4. Messages transmitted through a Skype session are encrypted from Skype-end to
Skype-end. No intermediary node, if any exist, has access to the meaning of these
messages. [1]"
The document you are referring to is from 2005. It is no longer end-to-end encrypted. Microsoft not only can intercept your communications, but in fact stores them for 30-90 days per their publicly posted privacy policy.
Oh, that quote from the security policy finally explains why this is so big news. MSN still doesn't use SSL and that's not big news in anyway. But MSN never promised to use end-to-end encryption...
No. No. No, no, no, no. These are two different things.
One is a feature designed to allow them to check URLs, fetch thumbnails, etc. The other is a very pivotal core decision in how Skype works.
Skype has always been primarily node-to-node. Doing p2p connections like that required signaling/directory services. In the past, users' computers were used for that functionality. After their purchase, Microsoft transitioned those signaling/directory services to the cloud.
At worst, this gives Microsoft the ability to see who is calling who, I'll grant that. Worst case scenario, you can't negotiate via STUN and UDP hole punching or UPnP port forwarding, then you will get stuck with TURN and that will route through Microsoft's servers.
So, unless someone has proof of a connection that should have established peer-to-peer and instead the call itself was routed through MS's servers TURN style.... then can we ALL please stop repeating this obnoxious rumor about MS eavesdropping on all Skype calls. Or worse yet tying it to some URL lookup service?
I think you are missing the point - the article proves (unless the author is flat out lying) that text chat through skype, which is claimed to be end-to-end encrypted, is not, as requests are being made to the URL.
It may currently be for innocent purposes (check URLs, thumbnails etc as you said). However the fact is that they can make these requests at all show that the encryption is not end-to-end, otherwise they wouldn't know the URL to make a request to at all! The request isn't being made from the client, the IP shows it comes from Microsoft's servers.
So, you're talking about voice, but this is proof that the textual chat connection that should be secure end-to-end is decrypted and routed through Microsoft's servers.
Considering there was an article just a few days ago in NYTimes [1] claiming that "Skype is so secure because of its decentralization" that law enforcement tries to pass laws against it, I'd say a lot of people aren't aware that Microsoft does have access to all the information at this point thanks to their "super-nodes", but even NYTimes writers aren't aware of it (or maybe it was just a cloaked advertorial for Skype).
I'll also continue to say how extremely disappointed I am that none of the major IM players (not Google, not Apple, not Microsoft, not Yahoo, not Facebook) wants to implement OTR encryption in their chat apps. Google even removed their fake "OTR" from the new Hangouts app, which I believe only hid your logs from yourself, not from Google themselves.
I was thinking about MTUA, mail, crypto/privacy and bitsync yesterday and was wondering if there could be a new mail system that would be encrypted and decentralized by default (à la bitsync/bittorrent).
Bitmessage seems to closely match what I had in mind.
I believe the differentiation is that Skype routes calls p2p by default, so wiretapping them is hard. It may be possible for Skype to record calls, but only when it's routed through Supernodes - a mode usually reserved for when firewalls prevent a p2p connection.
Call metadata like to/from, time, and call length are stored - as is all text.
But the whole purpose of the new handouts app is that all clients are syncd. That's kind of hard if 3rd party apps don't have the same ability. Then all you're left with is useless encrypted messages.
I don't think it's nitpicky at all - it would be different if Skype, Microsoft or anyone else had actually made a promise that messages that pass through their service are unreadable to them.
While it's technically possible it's not the norm and it's hard to come up with examples of services that actually do make this promise - tarsnap is one that comes to mind.
While both Skype and Gmail store your messages (if you Skype across multiple devices, you'll see logs of conversations that happened on different devices), I don't think Gmail probes every URL you send in your messages. Also, SMTP is not always done under SSL, so, privacy cannot be assured.
But that's easily testable. I'll get back to you in a couple hours.
I am struggling to under the distinction you're trying to portray.
One automatically scans your email to show related ads, another does a HTTP HEAD request to URLs for only the server headers, which they say is for malware scanning purposes. Both are automated jobs.
See my other post to see how Google employees have access to all your email, documents, chat transcripts, Google Voice calls, Youtube videos etc. and how a few abused it to stalk teens.
As usual, Google gets a free pass and Microsoft gets demonized(they should stop claiming it's end to end encrypted, though). Looking at your HN profile, it's not hard to understand why. Thanks for being honest about disliking Microsoft but please try not to let that color your objective opinions and playing favorites regardless of facts.
What do you mean by 'using GET requests for verification'?
I think you are mixing different concepts. The problem is caused by URL encoded credentials and has nothing to do with GET requests. It is perfectly fine (and often desirable) to authorize GET requests.
You can only encode credentials in a URL via GET. Therefore if people stop using GET and start using POST (aka forms) for authentication this issue goes away. Even just a simple pin.
GET issues are primarily related to the fact that an attacker can automate their access. So they could trick a user into going to a specially crafted site, and then request content on that user's behalf via GET forgery, and return it to the web-server you control.
I'm thinking of building a WebRTC-based service to do just that, can you point me to an existing service that does similar things, so I don't waste my time? Thanks!
Would anyone here use a WebRTC-based service that also encrypted the file in transit, thus making it pretty hard for anyone other than the recipients to see it?
Then you have to give the URL to the recipient (over a secure channel), but the app will optionally allow you to not automatically send the file, but tell you how many people are connected (e.g. if there are two when you're expecting one) and begin transfer manually.
Also, I'm planning to make it all a single HTML file so you can download/verify it and store it somewhere to use whenever you like.
I wrote a few paragraphs but don't want to talk past you, that sounds fine for a secure channel, but are you going to warn users against using Skype for example? I mean, I don't know if someone has tried Google Docs with Skype, but I know I posted a GDoc link somewhere a while back only to have a bot pop into the doc. So, if the same happens with Skype, someone "joins" this shared resource... and you hit "Transmit"... who or what received it?
Of course, Skype's bot won't implement WebRTC.
They'll implement the proprietary blend that they told no one they were working on until everyone else was making serious progress with the implementation that everyone else collaborated on...
Yes, I'll make sure to tell users to share the link over a secure channel, or to verify each other's IDs. So, even if a bot does join, it ostensibly won't MITM the intended recipient when they say "my ID is ZXCV-BNMA", so you can still tell if the recipient is in.
Obviously it's not going to be secure against coordinated attacks by governments (which I will also make clear), but my intention is to have it be secure enough for 99% of people while being easy to use. It'll at least be more secure than Dropbox/Box/Skype/whatever, which aren't secure in the slightest.
Mega, for example, might be secure, but I haven't personally seen their implementation, don't trust them not to implement any backdoors, and don't trust them not to change it. I'm aiming to make mine as small as possible, so you can verify it at pretty much a glance.
Retention of Instant Messages, Voicemail Messages, and Video Messages (Skype internet communications software application only)
Your instant messaging (IM), voicemail, and video message content (collectively “messages”) may be stored by Skype (a) to convey and synchronize your messages and (b) to enable you to retrieve the messages and history where possible. Depending on the message type, messages are generally stored by Skype for a maximum of between 30 and 90 days unless otherwise permitted or required by law. This storage facilitates delivery of messages when a user is offline and to help sync messages between user devices...
From Section 8 of that same document:
Skype may use automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or (b) identify URLs that have been previously flagged as spam, fraud, or phishing links. In limited instances, Skype may capture and manually review instant messages or SMS in connection with Spam prevention efforts.
The article is fear-mongering with a drip of reality, too much like commercial news.
If someone didn't think all of their personal electronic interactions: SMS, gmail (if you still have one), banking info weren't being cursorily evaluated by echelon or other tinfoil hat system ... blackball the moron.
I'm interested in by-invite-only HN alternatives w/ lower noise and higher signal. (I'm no longer using HN as a primary news source and refuse to disclose which I do use.)
"A US government-mandated backdoor allowed China to hack into Gmail"
"In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access."
This is the company currently running ads positioning itself as a company that holds privacy dear.
"At Microsoft, we take our responsibilities for protecting your privacy very seriously. It’s a priority across all our businesses, and an area where we continue to work closely with others throughout academia, government and industry."
"Your Privacy is Our Priority"
"The lines between public and private may never be perfect, but at Microsoft we are going to keep on trying, because your privacy is our priority."
https://www.youtube.com/watch?v=bt51MWll1oY
That's the most annoying thing about Microsoft's campaigns. Sure they may be slightly better in some areas than Google, but overall they are just as bad, or worse than Google when it comes to privacy.
Maybe I'd get it if those campaigns came from Mozilla or DuckDuckGo (even though they are still done in poor taste, and resemble too much negative political campaigns), but Microsoft? I just can't take them seriously in regards to that. Microsoft is throwing stones from a glass house, and they should stop.
It would be interesting to see a comparison of Bing search and ads privacy vs. Google's in the same areas. My hunch is that Microsoft would not come out ahead.
Seriously, outside of politics they are the most negative ads I've ever seen. Even rival dishsoap or gym ads never get that extreme; nothing else compares. Did they actually hire a political advertising team or something?
Nothing else explains why Microsoft would pay US $8 Billion for Skype. Profit margins are either exactly zero or near-zero for every call; this is not 1995 when telco call termination was 20x more expensive.
The simplest explanation is that reliable incumbent Microsoft was hired in some way to conveniently consolidate Skype. With as many channels through which Microsoft does business with the US government, favorable contract terms here and elsewhere could easily make the whole package worthwhile.
NSA was already ready to pay billions of dollars for a Skype eavesdropping solution [1]. One could wonder if that's one way Microsoft wanted to recover some of the cost of their investment, and why they were so willing to pay twice as much as Google wanted to pay. I mean what company outbids another by 2x/$4 billion for a company with not that much revenue and profit?
No need to hide anything. An extra billion or two per year going forward would provide a respectable ROI on $8 billion. Surely there are countless wholly open ways to accomplish that with a customer the size of the US gov't.
> Nothing else explains why Microsoft would pay US $8 Billion for Skype.
Really? Nothing else explains why Microsoft wanted to buy talented development staff and software that was becoming the defacto name brand for video communication in homes and businesses, and which was taking market share away from Microsoft's own suite of communications solutions?
Very strange article. It only re-does what all other news sources already stated.. plus, i think that commonly a backdoor is understood as something in the software itself that let's someone get access from the outside, which doesn't appear to be the case.
Plus, to think that skype would be exempt from the governments claim to get access to all communications and messaging data is very simple-minded. The guy does realize that today governments can access all his mails, right? SSL/TLS or not.
I have reason to believe that the government cannot access all my mails. But if it could, I’d be even happier, as it would either prove a fault in GPG (unlikely) or a working quantum computer implementing e.g. Shor’s algorithm. And who wouldn’t want to hear of the latter?
I have reason to believe that you're wrong, because if you're under surveillance by the FBI or whatever, they will be able to read your mail. Unless you're the ultra-paranoid guy there are ways to get to your password physically :(
(so, since you're coming up with GPG which i obviously was not referring to i can also come up with some unlikely scenario, ok?)
Enough alcohol will leave me unable to recall several of my longer passwords. I find it hard to believe that they have a drug that will 1) not trigger that, 2) not leave a hangover of any sorts, 3) render me entirely unable to remember the incident, 4) make me inclined to tell them the password.
That would basically be a wonder drug, the ultimate truth serum.
1) Barbiturates induce a hypnotic state that has widely been reported to improve subjects ability to recall details. Published work on human subjects more or less dried up in the early 70s for ethical grounds (cf. http://ist-socrates.berkeley.edu/~kihlstrm/exhumed.htm "There is, unfortunately, a virtual lack of controlled clinical studies on the accuracy of hypnotically refreshed memories."), but I bet the military have classified knowledge. Also, there's been quite a bit of published work on recall under barbiturates in dogs and rats.
2) So, you wake up with a hangover, a blackout, some bruises, and an attractive stranger in your bed. What do you assume?
4) Barbiturates, yet again, are well-documented to improve compliance, though at the expense of an apparent willingness to cause you to believe what you think will please the interrogator rather than what you would normally believe to be true.
> So, you wake up with a hangover, a blackout, some bruises, and an attractive stranger in your bed. What do you assume?
Unless I was out clubbing, taking drugs without knowing what they were, (I am not in the habit of doing this...), I would get myself to a hospital and probably call the police. I'm fairly familiar with what truly excessive amounts of alcohol will do to me and that list of symptoms does not include truly blacking out without the presence of some other pretty extreme symptoms. Of course I have not gotten this drunk in years because I am an adult who knows how to moderate my own drink intake, so I would assume I was drugged regardless (if nothing else, had my drinks spiked)...
Regardless, any drug-induced blackouts that leave you coherent enough to participate in complex tasks (including recall) are unreliable at best; there is a strong chance that the victim will remember that something bad happened. Honestly it would be better to just give up on the "black out" part, drug the guy conventionally, then beat the password out of him. You will undoubtedly have better results by giving yourself fewer restrictions.
Speaking of passwords, or: how I detest them so...
Passwords ... other people can watch you enter them, even at distance, and are easily forged, once known.
Pen & ink signatures ... the results can be replicated and are hard to verify algorithmically.
Other solutions ... meh.
Hand gesture inside a box, more inventive than the bird, determined by cameras. 3D gestures like if android unlock worked in augmented reality.
The "box," not of the Dune kind, would start folded flat and open to be sure nothing else were inside of it. Sadly, not even Thing. Folds up to create a completely discrete puppetry stage for god knows what, but sadly it wouldn't be all that interesting.
The point being that it's harder to fake or compel a performance that would basically be impossible to observe (assume trust of the system, of course, like anything... imperfect) rather than something tangible like an iris, print, voice, etc.
I'm sure the DDR ATM will be next at airports, but passwords still suck.
So when you say you actually have to type a password you're screwed in our hyptothetic scenario anyway. You think it's hard to sniff what you type into your keyboard[1]? To install a camera watching you enter a password? And now don't tell me you're using Wifi, that'd be a security nightmare then ;)
There is a drug called Scopolamine, which pretty much does that. Vice made a documentary about it called "World's Scariest Drug" - http://youtu.be/ToQ8PWYnu04
All of our intra-company email is accessed via terminal, with pine - and since it is intra-company, it doesn't generate network traffic - it is just an append operation on different files (mail spools).
So I have reason to believe, even if we were being surveilled[1] by the (insert TLA), that they would not be able to read our email.
[1] Network only. If they're videotaping our screens, all bets are off.
The point is that noone should act surprised because the laws already demand that communications can be intercepted and read.
Of course that excludes GPG (or pasting encrypted text into your skype chat). And that is only true as long as your law enforcement doesn't have you on surveillance. Or unless you can be 100% sure that the NSA really really really can't crack your encryption. And even Bruce Schneier isn't sure about that: https://www.schneier.com/blog/archives/2012/03/can_the_nsa_b...
It really depends on what you're doing. The NSA doing something like breaking GPG/PGP encryption would be like breaking the Enigma during WW2. You don't want to tip your hand to your opponents that you can read their communications. IIRC, the Allies sometimes had to not act on information that could save lives because those actions would reveal how much they knew to the Axis powers. So basically you only end up acting on really valuable information.
Agreed. This is one of those "improve the service things".
GOOG would do the same, but then sell ads against the data and everyone would say the ads are ok, because they're also operating a free, and very useful service.
Checking URLs passed in messages isn't incompatible with secure communication. It's easy enough to look at a text message that's going to be sent and break it into parts (URL and non-URL). Encrypt point-to-point the non-URL parts, and encrypt the URL parts such that the central servers can read them (and verify that they're not pointing to bad stuff, which is a very valuable service to provide to the vast number of readers).
We might find somewhere in Skype's ToS a reference to URL checking, for any URLs you send through the service.
"Checking URLs passed in messages isn't incompatible with secure communication"
I guess that depends on your definition of "security," and perhaps of "practicality." Where I'm from (i.e. a grad student whose research is on practical secure multiparty computation), a practical system for checking URLs in a privacy-preserving fashion is still very much a research topic.
"It's easy enough to look at a text message that's going to be sent and break it into parts (URL and non-URL). Encrypt point-to-point the non-URL parts, and encrypt the URL parts such that the central servers can read them"
How is that secure? Now the third party knows what URLs you are sending in your messages.
"The URL checks could also be anonymized."
Sure, but that is not what you are seeing here. You would need a mix-net of some kind, one in which the users themselves are participating (to ensure that there is at least one honest party). It is technically possible...but you're not going to see it happen, not any time soon. With the FBI talking about building back doors into everything, what incentive is there for a company like Microsoft to actually make such a secure system?
When it comes down to it, most Skype users are too uninformed to even know how their software might betray them. On the other hand, the Justice Department could create plenty of difficulty for Microsoft if they failed to cooperate. Whose side do you think Microsoft will choose?
I'm not arguing that the communications stay theoretically secure. If there's any processing going on, they clearly don't. What I'm saying is that you break the message up into risk and non-risky parts, and the risky parts (URLs) can be treated differently. That different treatment is very valuable to the vast majority of users that don't care about complete security, but do care about having their systems compromised.
Which "betrayal" is worse -- Skype being able to look at messages, or compromised systems?
In terms of implementation, it's interesting to think about the design space.
Actually, being able to tell anything about a message is incompatible with secure communications. Even the fact that there's a URL in there is more than I want you to know. It's all it would have taken to get shot in Iran in 2009.
There's a good way to do this though - give the users a local URL classifier and push updates to it. Then the client software is free to block dangerous URLs by default without hurting anyone's privacy. This works, and is used by many AV companies.
In fact, because of the way the system is centralized they could be sure the updates would reach users before another message did - providing the same level of safety as scanning the users' messages for them.
I wouldn't be surprised it this was intended to help bing discover deep web. If it's the case, combine that with the ability on bing to do "ip:<ip>" searches, and you have a formidable tool for forensics.
I agree with this. I know that when I've done webdev and when I check out a unique sandbox url (like jumbled letters with no backlinks) for a page I'll design, I use to see GoogleBot crawl that page eventually in the logs. (guess what browser I was using...Chrome)
Chrome has all kinds of services like "resolve navigation error", "URL prediction" and "usage statistics".
That Chrome sends your URLs out there on the Internet isn't exactly a secret.
If it bothers you, you can disable some of the features under 'Privacy' on:
chrome://settings/
The difference here is that Chrome doesn't pretend to be a secure communication channel like Microsoft claims Skype is.
If the URL is scraped from the message as it passes through Microsoft's servers, then Microsoft's servers have direct access to your chat text (i.e. not an encrypted channel from client-to-client).
If the URL is sent from the receiving client to Microsoft for analysis, then Microsoft has a list of all URLs that have been communicated to you via Skype.
Either of these scenarios chips away at / tears down the idea that Skype is a 'secure' communications platform.
Don't be surprised. While I can see 2 sides to this argument (it was discussed earlier here on HN, link below), we shouldn't be too surprised by what some companies do to "optimize," their products. Microsoft autocrawling http(s) links could be either for obtaining new bing search results (and it could make that result relative to your conversation), or it could be for security to screen links.
I don't know, but I agree that if you have a secret conversation, take steps like PGP to keep it secret. Big Brother is ALWAYS listening :: usually a good preventative security motivation ;)
The main problem is most of my friends (even those who are programmers) cannot be bothered to spend the 20 minutes picking up alternative software so I'm stuck with Skype and Facebook as my primary means of talking to people.
Not surprising at all.
Skype has been saving chat logs for its China expansion since a few years ago. It's an existing function of their network and probably just a simple switch on their server.
No, it was reported that Chinese version of Skype spies on client site. If somebody would get international version of Skype in China, it would not spy.
I tried testing sending a private link to my server to one of my friends over Skype after reading the first Heise article. To get a response from Skype, I contacted them. I think you might find the following very interesting:
"You are correct, Skype chats and conversations are encrypted. Your chat can only be read when you sign in using your Skype name and password. Not even Skype or Microsoft has access to your chat history. "
Has anyone developed a user friendly encryption layer that works on top of Skype? PGP or otherwise. Skype is useful, and it would be nice to have the option to use it for private conversations.
>Google acknowledged Wednesday that two employees have been terminated after being caught in separate incidents allegedly spying on user e-mails and chats.
>David Barksdale, 27, was fired in July after he reportedly accessed the communications of at least four minors with Google accounts, spying on Google Voice call logs, chat transcripts and contact lists, according to Gawker, which broke the story Wednesday.
No, but it would win huge bonus points if it did, over other chat apps. I think we all know Google won't bring OTR encryption to Hangouts, though, which is most unfortunate.
The best I ever saw was when I had a subtle weird issue with a windows graphics driver. The only place I could find on google that looked like it had the answer was a Filipino gamer board... but the only problem was that the thread was a mix of English, Tagalog, and l33tspeak. I could tell that the answer was probably there, but I couldn't interpret it...
I would prefer Microsoft stopped scanning/reading my conversations, and I agree that what they're doing (e.g. accessing URLs) is a problem (and arguably illegal, given the recent case about someone accessing insecured AT&T URLs and going to jail).
Just think the original title could have been more clear.