Skype has several properties, making it great for underground networks, even over purpose-built initiatives. It is:
- Ubiquitous. Everyone uses Skype, so its possession is not incriminating.
- User-friendly: running it is a no-brainer for an average non-technical activist.
- Secure. Its decentralized nodes and encrypted data streams make it near impossible to intercept and inspect the traffic.
- Extremely resilient. During network troubles, Skype is the last service to go down. Its P2P nature and non-standard protocol make it nontrivial to block even on purpose.
- Flexible. You get voice, video, instant messaging and file sharing services. All for free.
This all is pretty fascinating, considering that none of that was designed with clandestine operation in mind. However, there is one property that makes it unsafe, and indeed a lot of our friends in Belarus were burned by it during the last few weeks. It typically unfolds like this:
- Alice, an activist, is arrested by law enforcement, and her PC is seized.
- Skype installation is discovered. After some persuasion by a KGB investigator, Alice reveals her account details.
- An officer logs in with her Skype credentials. History is then searched for chat participations.
- When an old IM conversation with an activist Bob is opened, the history is accessible. But, even if history was wiped, it can be obtained when Bob comes online the next time.
- Bob is arrested by law enforcement and his PC is seized.
Of course the more participants were in the chat, the easier it is to obtain full history. You can see how a huge network can be easily uprooted with this simple approach. It is not really a flaw but a side-effect of a clever way Skype IM system works.
So if any Skype Inc. employee ever comes over reading this, I beg you to introduce a privacy option to IM. Please allow to create chatrooms with no history logging at all. This will probably be the biggest effect on people's lives you ever done with a single check-box.
Wow thats pretty huge. I hope they come through for you. Its a shame that its a proprietary thing. Like what if there was a whole bunch of independent skypes that all talked between each other or something? And on open source software. I dunno but I think that would mean that you could just switch to using a skype-like network that offered whatever level of privacy that you wanted.
ReplyDeleteFor *most* people, persistent chat history is a good thing.
ReplyDeleteI can't really remember the exact rules for when I worked for a listed US company (subject to SOX rules) but I do believe that it was a requirement for emails and chat logs to be accessible for retrieval for some set period of time, for legal purposes. If Skype wants to be taken seriously in the corporate marketplace they need to abide by that.
That said, those same corporations probably want to be able to get rid of the chats after a set period of time too. As I said, IANAL.