ianG wrote: > Skype made their reputation as being free and secure (e2e) telephony. > The latter was something that many people bought into. It is now the > largest telco in the world, by minutes, in no small part because people > enjoyed both security as well as free calls to their friends.
Yes. A typical luring strategy. First you offer something good and e2e secure (even confirmed by independent auditors), build a huge base of users, then by "Important Security Updates" you actually remove the luring part i.e. the e2e security. > If indeed they have done this, then people like us -- the security community -- are entitled to report the deception widely. In the awareness rising I see several options: 1. Indeed these discussions among the security community 2. Eventually some contacts with journalists will help the cause (one live demonstration on some security/crypto conference like Usenix, Black Hat, Crypto, ... will do the job). 3. I see a chance for some other product like: Zfone (that never took significant popularity),maybe Pidgin, maybe Cryptocat, ... 4. Even some open source security plugin for Skype. Danilo! _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography