Special report
Introduction
When communicating with the relatives or business partners via Skype, one supposes that his or her private life do remain private. But this assumption is actually not true.
The question whether Skype can be called a secure means of communication is a concern of many people. Here is an investigation of this problem to your attention.
Not peer-to-peer anymore
The big advantage of Skype as compared to other Internet telephony services was peer-to-peer system.
P2P implies that information is passed from user to user, avoiding central server. And that added a big plus to the Skype security.
However, Skype cannot be called a P2P service anymore. Earlier, before it was bought by Microsoft, Skype was using supernodes, made up of regular users. These supernodes then passed information to other supernodes using peer-to-peer model.
When Microsoft became a Skype owner, it started to use dedicated supernodes. This means more or less server-based approach, but in different wording.
Skype’s principal architect Matthew Kaufman explained: “Skype has switched to dedicated supernodes… [They] can handle orders of magnitudes more clients per host, are in protected data centers and up all the time, and running code that is less complex that the entire client code base”.
In terms of the traffic routes, the conversion from the “nearly impossible to catch” peer-to-peer model started long before Microsoft bought Skype, and now it is finished with “dedicated supernodesalways know where the traffic goes”.
Skype contends that supernodes are used only to receive information about users online, and nothing more. However, for the reasons of safety German corporations, for example, do not allow their employees to use Skype at work. This information provides food for thoughts.
Frequent changes in Privacy Policy
One should mention Skype owners in more details. Since its creation in 2003, Skype has been handed three times during a decade. Its founders Niklas Zennström and Janus Friis had an ambiguous reputation, since their former project Kazaa was mostly associated with piracy. After two years Skype founders sold their project to eBay for a nice sum of $2.6 billion.
EBay wanted to adapt Skype for its own needs, trying to make it a system for communication between buyers and sellers on the online auction. They never fulfilled their plans to the fullest extent, and after several money-losing years Skype changed its owner again. In 2009 it was purchased by a group of investors, including such well-known venture capital firm as Andreessen Horowitz (investor of Twitter in particular). And in 2011 the change of owner happened again: Microsoft paid a fabulous $8.5 billion for this popular program.
Microsoft cooperation with governments
And this all is directly connected with the security. Every time Skype was changing its owner, the Security Policy was being changed as well. Moreover, right now, being a part of Microsoft corporation, Skype must correspond to the main policy of the company. And this is a known fact that Microsoft extensively cooperates with NSA and other countries’ intelligence agencies (it was repeatedly stated by many reputable media resources in particular).
And it seems that Microsoft reads your messages at the end of the day.
It was an experiment in 2013, when a company Heis, together with German colleagues, found out by the simple test that Microsoft is actively “reading” users’ messages.
Almost immediately after sending a message via Skype with a link to a certain resource, this resource was visited from the Microsoft-owned IP.
After reporting about the experiment, they received a feedback from Skype with the link to the Privacy Policy paragraph about checking messages for spam. However, this explanation didn’t comply with some facts of the test (if you are interested in this experiment, look for the link in references below).
Hacking Skype as a daily exercise
Google offers multiple results on the request “hack Skype”, with videos and detailed guides. By the way, Skype is hacked regularly by the hackathon participants as one of the tasks. And it is hacked by the so called ethical hackers as well (these are the teams or companies that hack different programs to point out the security problems and report about them to the program owners first).
Non-certified Skype recorders
In addition, there are multiple Skype recorders, which can be plugged into the client. As easily as the owner himself can use such recorder, his competitor (or wife, government, etc.) can do it as well.
As for recorders, Microsoft says that “Third-party applications have not been checked, verified, certified or otherwise approved or endorsed by Skype. Applications may be subject to the third party provider’s own terms and privacy policy”. This means that one would never know who and how uses the recorded information.
Conclusion
So, if one discusses only his/her private affairs via Skype, one should not bother about the security of his/her conversation. However, a company CEO, for example, talking about business strategy with his partners, should definitely think twice before using Skype. Or better look for the more secure counterpart.
What other ways exist that can provide security and anonymity of your conversations, and are they available on the market, which guarantee absolute security?
You can read our reviews HERE