Think Skype is safe? Think again

Skype logoSkype is incredibly popular for making calls and sending instant messages. Part of its attraction is because it’s cheap and easy to use. But many journalists and dissidents also use Skype because they believe it is safe from surveillance and eavesdropping. That simply isn’t true.

Ever since it was founded in 2003, Skype has been favored by journalists and human rights activists around the world because of its reputation for privacy and security. However, there are some things journalists should be clear on when using Skype.

Firstly, the company has long provided communications data to government authorities in response to court orders. Such data includes registration details, your IP address, who you called (including normal telephone numbers) and for how long.

Then there’s the major problem that it’s very easy for anyone (and I mean ANYONE!) to find out your computer’s IP address from your Skype user name when you’re logged in. Once they have your IP address, they can see where your are currently located and track your movements. For those who might be wanting to hide where they are, this is obviously a no-no.

Then there is the issue of Skype’s much touted encryption. Skype has been so dearly beloved by activists and dissidents because its end-to-end encryption was supposed to make its calls impregnable to listening ears. The theory was that even if Skype delivered information about who you were talking to, they couldn’t deliver information about the actual content of your call. As recently as July 2012, Skype representative Stephen Collins claimed before a UK parliamentary committee that “there are no keys held by Skype to decrypt communications.”

That’s the theory at least. In practice, it seems this isn’t true.

According to documents leaked by Edward Snowden, NSA agents have been successfully listening to Skype calls since 2010 as part of the PRISM project. This started happening even before Skype was bought by Microsoft in May 2011, the Guardian revealed earlier this year.

It is unclear, however, to what extent agencies or governments in other countries apart from the US have been given a backdoor to able to eavesdrop on Skype (although it is clear that Skype in China has been modified to allow for the scanning of certain keywords to filter out messages deemed sensitive by the Chinese government).

But even if we play naive and assume Skype isn’t cooperating with other countries, there’s a still a big hole in the belief it can’t eavesdrop on its own services. Earlier in 2013, it was revealed that Microsoft scans Skype instant message (IM) services for URL links. This is a common practice in many companies and isn’t necessarily a bad thing. Companies need to be able to check messages to make sure they aren’t carrying fraudulent links to phishing websites.

But in this case, the news that Microsoft was even able scan the messages set off alarm bells in the internet community. This is because it proves the company can convert Skype messages into human readable form even though it has always said it can’t.

It seems Skype does have a key to your messages after all.

The conclusion: Skype “can no longer be trusted to protect user privacy,” said Eric King, head of research at human rights group, Privacy International, in the Guardian.

What are the best Skype alternatives?

Jitsi screenshotOne of the most popular alternatives to Skype is Jitsi, which is also recommended by Tactical Tech, an international non-profit organization dedicated to the use of information in activism. Jitsi is free, open source software which allows for encrypted text chats, voice and video calls. Both ends need to be using the software to have private conversation though.

The Free Software Foundation also recommends Coccinella or Ekiga.

For chats, Tactical Tech recommends using Adium and Pidgin on your computer, ChatSecure for your mobile devices and RedPhone and Ostel.co for private calls from your mobile phones. You can also use the app TextSecure to encrypt your text messages.

And remember, if you have malware on your computer, any call can be intercepted, no matter what software you use. That’s why it’s crucial that you install the latest updates immediately and use a powerful anti-virus package.

Written by Kate Hairsine and Natalia Karbasova