>I missed that one--do you have a URL? (I don't know German.) Sure, here is the translated quote from Kurt Sauer, head of the security division of Skype:
ZDNet: What is the answer to my question, even if you can not listen to > Skype calls? > Sauer: We answer to this question: We provide a safe communication option > available. I will not tell you whether we can listen to it or not. or in original German ZDNet: Was ist dann die Antwort auf meine Frage, ob selbst Sie > Skype-Telefonate nicht abhören können? Sauer: Wir antworten auf diese > Frage: Wir stellen eine sichere Kommunikationsmöglichkeit zur Verfügung. > Ich werden Ihnen nicht sagen, ob wir dabei zuhören können oder nicht. found here http://www.zdnet.de/39151472/telefonieren-uebers-internet-wie-sicher-ist-skype-wirklich/ >Again--not a religious/ideological question; merely, "is there any evidence of Skype ever having been in-line-intercepted"? I can't find it. I would agree there is no smoking gun, but there is not likely to be smoking gun. The question is can skype if it wanted to, could it allow a third party to intercept your communications and the answer is yes. The second question is would it do so, if you believe their privacy policy which might be there to just cover their ass, then the answer is yes. Finally what have companies in similar situations done in the past, and the answer is that they have always cooperated. This shouldn't be shocking, skype helps with Chinese government censorship. The central issue for me is that skype can force update itself ( http://community.skype.com/t5/Windows-desktop-client/Forced-update-done-with-Skype/td-p/108692). Such a capability is a backdoor, the question is if they will feel compelled to use it. This is a much larger issue than skype, any software that can force update itself, like most modern software, has a defacto backdoor. How can we design systems that can be remotely updated by third parties without having to completely trust those third parties? On Fri, May 24, 2013 at 11:33 PM, Eric S Johnson <[email protected]>wrote: > > The evidence as I understand is this: > > 1. Skype has said in the german press that they can > > listen to communications > > I missed that one--do you have a URL? (I don't know German.) > > > 2. Russian intelligence has said in the Russian press that Skype > > allows them to listen to communications > > Well ... "the Russian press has reported ..." ... but do we consider the > Russian press a reliable source of information? Having lived in Russia for > many years (and reading the articles in the original), I'd say "not > particularly, no." (That Vedomosti report has been the subject of much > skepticism in the Russian blogosphere.) > > > 3. The Skype privacy policy explicitly states that they will allow LE > > access to all communication when feasable > > Right--but that's not evidence that "it's feasible," only that "if it were > feasible, Skype would do it when LEAs make a proper request." > > > 4. Skype appears to be able to read URLs sent > > which sparked this email thread > > Oh, it's been true for nearly 2 yrs that newer versions of Skype upload > copies of all IM sessions to MS's servers, and that's clearly stated in > Skype's Terms of Service. Sure. But that's not at all the same thing as > "intelligence agencies are intercepting and reading Skype." (I do think > it's > strange MS's transparency report a couple months ago says they've not > provided to LEAs any actual Skype content--only metadata; the existence of > those IM logs, even if only kept for 30 days, would be (you'd think) of > interest to LEAs.) > > Again--not a religious/ideological question; merely, "is there any evidence > of Skype ever having been in-line-intercepted"? I can't find it. (Am not > asserting it's the safest communications method in the world, just asking > this particular question.) > > As an aside, I bet we could easily identify older versions of Skype (which > still work fine) which don't upload IM session history to MS servers--in > case someone wants to effectively "turn off" that "feature." > >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
