It has long been speculated that there might be a backdoor built into Skype, something that would allow Skype (the company) or the police to easily monitor Skype conversations. Skype is closed software and can therefore not be examined on the source level. In fact, the Skype executable code has been deliberately obfuscated to resist any attempt of analysis.
Skype claims that it uses strong encryption and that therefore your conversations are secure. But new indications have now emerged that it might not be quite as secure as they would like us to believe. According to this article here, police in Austria recently claimed that listening to Skype conversations is not a problem for them anymore. And Skype refused to comment on this or deny it.
Skype supposedly uses the AES encryption algorithm, which is open, has been thoroughly analysed and is generally found to be very secure. However, claiming to use an algorithm is different from actually implementing it. And besides, during setup of the conversation there is a key exchange phase, which is handled by an entirely different proprietary algorithm, which has not enjoyed the scrutinty of security experts.
Deliberate or just flawed?
So, assuming for a moment that the claim of the Austrian police is correct, there are two possibilities now: (a) Either Skype made a mistake somewhere in the implementation of their encryption algorithms and thus allowed a successful attack on their protocols. Or (b) they have deliberately provided a backdoor for law enforcement or other agencies.
By accepting the convenience of the easy install and painless operation of Skype (double-click to install and be done, no firewall configuration and fiddling - it just works) we have now been thoroughly locked-in to a fundamentally flawed communication platform.
With open-source this wouldn't have happened
Again, a story like this serves as a reminder of the dangers that come with closed-source software, specifically when it deals with your data or your communications. Both are very personal and valuable things and we trust them to software for which we have no idea of what exactly it is doing? That is just wrong.
If Skype were open-source, we would have had a chance to examine it for security vulnerabilities long ago. And if there is a backdoor built in, we would have found and eliminated that as well. If the company would have wanted to keep the backdoor they couldn't have done so, since a fork of the project would have been made with the problematic code removed.
But that's the problem with closed-source software: You can't fix its bugs, you can't find out how it works or what it does with your data, your communications, your social contacts and your life. Proprietary software provides anti-features, such as backdoors or DRM, which we cannot remove due to the closed nature of the code.
Software runs our lives, if we like it or not. It governs every aspect of it. We shouldn't allow corporations to wrest control over our lives away from us to further their profit margins. As Lawrence Lessig said: Free software is the answer to a world built in code.
So far, the open-source community has failed
The open-source community is called to provide an alternative to Skype. I am a very big fan of open source, but I have to say, as far as offering a Skype alternative, the open source community so far has failed. Sure, there are SIP soft-phones (Ekiga, etc.), which are all well and good. But can grandma install and use them? No. As long as those alternatives fail the "grandma test" they are not any serious competition to Skype. And of course, Skype is ubiquituous. If you want to talk to people, you need to use what they are using. And everyone is using Skype.
What does the open source community need to do?
- Provide a communication alternative for chat, voice and video. Ekiga and other packages show us that all the basic tools for this are present: We have the free codecs, which allow high quality voice and video. We know how to render voice and video smoothly and in high quality. We know how to design good GUIs and interfaces.
- Provide this in an easy to install package for all major OS platforms. Firefox is an example of an easy to install cross-platform open-source product.
- Most controversial: Come up with something else besides SIP. Skype works as well as it does because they decided to design something different from the ground up, even willing to bend some rules. Something that was optimised to make it easily work for ordinary home users. SIP was not designed for it and requires too much fiddling. We know how Skype does it: Fake TCP connections, using ports that are generally always open, a couple of super-nodes, etc.
Other related posts:
Skype surveillance: You can't trust closed-source software
Fake popup study: Users are idiots? I don't think so...
Google anonymises IP addresses in their logs? Not really...
Comment by ChriS, on 11-Aug-2012 12:38
Jitsi looks nice even though it is still developing fast. Hopefully it will be ready for the "grandma test" soon!
Add a comment
Please note: comments that are inappropriate or promotional in nature will be deleted.
E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.
Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and placed in the moderation queue for the blog owner's approval.