>You mean more paranoid interpretation.

honestly it amazes me that people still call such interpretations paranoid in a world where information about the rampancy of such programs is readily available, including for this specific application

Edit: it's not paranoia if there's demonstrable history of such things. It's making a reasonable assumption from available facts.

further, all the arguments against this interpretation assume that those introducing security vulnerabilities for surveillance purposes abide by some kind of logic - which by the very nature of such activities they demonstrate that they do not. They (3 letter agencies) want every possible vector of information gathering regardless of the privacy, security, and legal issues that arise.

It seems to me to be a paranoid interpretation because if Microsoft wants to hand Skype-related user data over to the NSA, they'll do so on the server side and not the client side.

Secondly, this is a pretty stupid way of doing it. 'If you use this client identifier than anything goes' seems vastly more like a stupid coding mistake than it does a sneaky covert backdoor into accessing Skype from the local machine.

If I wanted to hand user data over to a 3rd party that tapped the entire backbone, I'd make that user data unencryptable. Why would I want to send Gbps of traffic to that third party? Then everyone would know. If they can just analyze the recorded traffic, none has to know.

Intelligence agencies want as many possible vectors for attack as possible. Especially unknown ones that you are not prepared for them to exploit. Everyone is assuming they wouldn't bother with a client backdoor... That right there is enough reason for them to get a client backdoor!

>further, all the arguments against this interpretation assume that those introducing security vulnerabilities for surveillance purposes abide by some kind of logic

Of course they do. You may disagree with the logic, but it's there. Vectors of intelligence gathering have to be both sufficiently covert and useful for an agency to consider. This vulnerability is neither.

So far you haven't said anything more than "NSA exists, therefore all software insecurities are reasonably attributable to them".

It's the facts that are the problem with your weird theory: this doesn't even make sense as an NSA backdoor. It only works if they've already backdoored your computer.

If this comment made sense to someone else who could rephrase it for me, I'd be grateful.

I think he means 'if nsa were logical actors, they would patch vulnerabilities, not leave them to be exploited by anyone, and they would use NSLs/collaborators/special NSA Voodoo to get their data'.

This idea is built on the assumption that (1) they think their defensive role is as vital as their offensive one, (2) there is plenty of special NSA voodoo to go round. Which is false. In particular, it is better that a hack come from a vendor vuln that anybody could find than from crypto wizardry (e.g. Logjam or signed drivers with md5 collisions).

The NSA did an illogical thing, therefore everything they do is illogical. It is illogical to create a backdoor that requires already owning the machine, therefore the NSA did exactly that.

This is also the biggest fallacy in economic, and even political theory. The assumption of rational actors.

Just because it has happened doesn't mean it's always happening. Without any proof of intent, yeah, I'd consider it (plausible?) paranoia.

Exactly right. Skype used to do peer-to-peer connections with nobody in the middle. If you knew how to modify the port forwarding configuration of your router, you could get very high quality connections.

Now, everything goes through Microsoft servers where it can be conveniently wiretapped.

Skype used to do that ... with an obfuscated proprietary software blob. There's no reason to think they didn't have the ability to reroute on demand.

But if they wanted plausible deniability when they get caught...