Search Mailing List Archives
[liberationtech] The security and ethics of mapping in repressive environments
DObrien at cpj.org
Tue Feb 8 19:11:06 PST 2011
On Feb 9, 2011, at 9:19 AM, Jacob Appelbaum wrote:
On 02/08/2011 01:29 PM, Katrin Verclas wrote:
Would love to hear what the list thinks of this post:
They suggest using Skype for sensitive content - this is a horrible
idea. Skype is absolute garbage if you're worried about state sponsored
attackers. It's probably absolute garbage if you're worried about some
people from the Chaos Computer Club too.
<sticks head above parapet>
I wouldn't mind someone spelling out the practical (or potential practical) attacks on Skype in more detail. Skype use is incredibly prevalent among at-risk media and activists. Right now I'd say people feel it falls in the "gmail" category – not the best thing to use by a long chalk, but certainly better than nothing.
In particular, I haven't seen a good outlines of how the Skype protocol itself is compromised or could be (though there's a fair bit of work on reverse-engineering it). The in-the-wild attacks on Skype users I *have* heard all involve attacks that compromise the client or obtain user passwords through malware. That combined with the circumstantial evidence that of state-actors' apparent fury at Skype for not providing intercept access would seem to point that it's not *garbage* per se. Or at least make it hard to compellingly onvince people to move off it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech