Skype has several properties, making it great for underground networks, even over purpose-built initiatives. It is:
- Ubiquitous. Everyone uses Skype, so its possession is not incriminating.
- User-friendly: running it is a no-brainer for an average non-technical activist.
- Secure. Its decentralized nodes and encrypted data streams make it near impossible to intercept and inspect the traffic.
- Extremely resilient. During network troubles, Skype is the last service to go down. Its P2P nature and non-standard protocol make it nontrivial to block even on purpose.
- Flexible. You get voice, video, instant messaging and file sharing services. All for free.
This all is pretty fascinating, considering that none of that was designed with clandestine operation in mind. However, there is one property that makes it unsafe, and indeed a lot of our friends in Belarus were burned by it during the last few weeks. It typically unfolds like this:
- Alice, an activist, is arrested by law enforcement, and her PC is seized.
- Skype installation is discovered. After some persuasion by a KGB investigator, Alice reveals her account details.
- An officer logs in with her Skype credentials. History is then searched for chat participations.
- When an old IM conversation with an activist Bob is opened, the history is accessible. But, even if history was wiped, it can be obtained when Bob comes online the next time.
- Bob is arrested by law enforcement and his PC is seized.
Of course the more participants were in the chat, the easier it is to obtain full history. You can see how a huge network can be easily uprooted with this simple approach. It is not really a flaw but a side-effect of a clever way Skype IM system works.
So if any Skype Inc. employee ever comes over reading this, I beg you to introduce a privacy option to IM. Please allow to create chatrooms with no history logging at all. This will probably be the biggest effect on people's lives you ever done with a single check-box.