Am I the only one seeing the background check of urls on IMs a good thing ? Those fake https fishing sites spread by a skype worm could really harm people.
Granted that they could do it like in chrome safe browsing feature without sending the actual url but a hash of it.
It's a positive thing from an anti-phishing and anti-spam perspective.
It's a negative thing from a surveillance perspective. Any government with at least some jurisdiction over Microsoft can request this information under their legal processes.
As you point out, there are ways to get the positive aspects while diminishing the negative. Hopefully MS will evolve the implementation.
It's okay, but including to the ajc article, Microsoft only checks https links - not http. If they were truly checking for phishing you think they would check all links.
Skype supports call forwarding which by necessity negates the end to end encryption. It could be that to tap a Skype users calls they modify the users on-line address book to make it appears to their client that all of their contacts have call forwarding set up. All voice data then gets sent to Skype HQ, decrypted and stored, before being forwarded on to the interned recipient.
The how is replacing ... volunteered ^_^ 3rd party supernodes with company provided ones. There were indeed good business reasons to do this as the Skype item Forbes linked to says, but it also obviously gives Skype complete control.
The supernodes are an orthogonal issue. If Skype is end-to-end secure then the location of the supernodes doesn't matter. And if Skype is not end-to-end secure (e.g. imagine if their CA issues MITM certs) then having supernodes in US university dorm rooms doesn't help you either.
You're confusing "provable security" with "effective privacy", and they aren't the same thing.
Having uncontrolled supernodes certainly does "help you", as it means Skype can't see the traffic without some other exploit to get it. Verbal communication is normally "insecure" and subject to eavesdropping, but if I have the conversation on a boat in the ocean I can be relatively certain that no one else is going to hear it.
I considered verbal communication as the most secure! I'm curious what would be considered more secure. The only method more secure that I can think of is sign language, but that doesn't translate electronically.
Pretty old ones can. My father's eyesight is a bit problematic now, and I have him running an old Windows version, perhaps as old 2007 or I think older, because their "New and Improved!" versions at least back then had impossibly small type.
Remember when in 2011 May Skype went down for a while (and before that, Vonage, and various other communications providers)? Yea, that was when they added the recording capability. Note that there was no client update, just a mysterious "network outage".
Unfortunately I don't know any other clients besides Jitsi, that work with ZRTP (it doesn't mean there aren't any, I just didn't find them).
Pidgin/libpurple don't support ZRTP yet, as well as Telepathy, which means all major clients based on them don't support it either (such as KDE Telepathy or Empathy for example).
There are long standing bugs about it, but nothing seems to be moving:
It was a sad day when Skype was bought by eBay. Prior to that, the CEO was asked what he was going to do about the new U.S. law requiring provision for wiretapping. He said "we're not a U.S. company, why would I care?"
Skype under Microsoft really infused itself with MS spirit.
- you cannot turn off Skype updates. Please try. For longer than 2 week, Skype will update itself anyways and will keep telling you "would you like to update". Totally deceiving. Turning Skype updates don't help. They are done through Windows 7 updates. Turning those does not help either LOL.
- on the top of those forces updates, each time (at least on Windows 7), you have to re-do the following: - delete "echo / test account", re-do your notifications, re-do sound settings, re-do all confirmations (delete contact, close skype, accept file, etc).
- I beg someone to give me a genuine, smoothly working alternative with ios app. Honestly at this point, security comes second as long as I can avoid Microsoft.
Do they have an archive of previous versions? Due to annoying incompatibilities between recent versions (6.0+) of Skype and skype4pidgin[1], I've been considering switching back to 5.0.
But they have stated that FaceTime uses end-to-end encryption and they can't decrypt the content. PRISM can only access data that the companies actually have.
This is why Google and Facebook are so dangerous - they are deliberately creating detailed profiles of each person's behavior.
The truth is, Apple has made a clear statement that they can't intercept the contents.
That's more than anyone else has said about their products. Saying 'nobody knows' is pure FUD. It's equivalent to saying nobody knows whether Google pipes all their data direct to the NSA even though they've denied it.
They have stated that, but no evidence of end to end encryption has been found by people reverse engineering FaceTime/iMessage. It appears to use SSL/TLS to and from Apple's servers, but there's no sign of it being encrypted otherwise.
Messages can be sent to all devices of a user, which means if there was end to end encryption the key would have to be distributed across those devices, which would presumably require it residing on Apple's servers at some point, where it could be stored.
And people have received other users' iMessages in the past, unencrypted.
