Author: InvisibleUser Team
Categories: Communication Privacy
In this article, we will analyse how police wire-tap Skype and what Microsoft did to facilitate this intrusion of privacy.
We all use messaging services, like SMS, WhatsApp, iMessage, Google Hangouts and Facebook Messenger at work or for private conversations. Unfortunately, popular services are highly compromised when it comes to privacy. There are much better options. In this post, we will outline how big companies and governments eavesdrop on your Skype and Google Hangouts video chat.
TL;DR: They are closed-source and we do not know how secure they are. Additionally, the companies that developed them are big players in the data business and have installed backdoors. Skype is the most evil spyware Microsoft has ever created. Continue reading and we will explain why you must not use Skype and Google Hangouts for video ch_Ä##+#-+ä#–Äü´+ä- ##t.
The heading already says it, but let us explain why it is disgusting to abuse social apps in particular for surveillance.
We know that you have probably used Skype in the past and liked it, since it helps people reunite with friends and family. A video chat is much more personal than just a phone call and we humans have a basic need for close contact. The software lets you talk to your best friends and loved ones and satisfies your desire for social interaction. That is why it is really sad that Skype is so compromised and abused by companies and authorities alike.
“We provide a safe communication option. I will not tell you whether we can listen or not.” – Kurt Sauer (translated from German)
Skype, now a part of Microsoft, should not be used, because it can be wire-tapped. EU authorities issued an official complaint against Microsoft in 2009, because their video chat software allowed criminals to communicate safely. Skype decided to work together with the authorities. The complaint was withdrawn, which would not have happened if Microsoft refused to cooperate with law enforcement. It is very likely that they installed a backdoor to wire-tap Skype calls. We can expect that Microsoft changed the service’s infrastructure to ease various wiretapping requirements.
Eavesdropping by design.
Skype deny the claims, but do you really believe that? Let us continue:
The tool that police and intelligence agencies use to wire-tap Skype is called “Skype Capture Unit”. It is a software that lets you record the complete Skype session of suspects. It redirects video and audio chat over a police server, so you can listen to the conversations, before they even get encrypted. The malware is integrated so well into Skype that it could be possible that Microsoft even developed parts of the program. The software is in fact so easy-to-use that wire-tapping Skype is no longer reserved for high ranking intelligence agencies, but can be done by every village police officer.
“Video chatting on Skype equals reporting yourself to the police!” — InvisibleUser
Intelligence agencies in particular do not even have to do much work, because Skype officially participated in the NSA’s PRISM program, and shares all video traffic with US intelligence agencies. In fact, the NSA has direct server access. Of course, you as the user will not notice that while it is happening. Since they have direct access to Skype’s servers, they can collect all data in unencrypted form. It is as simple as watching a YouTube video.
In general, Skype is closed-source, so we know little about the deep, technical details of the software. The encryption methods used are not well documented. Personally, we think that has a reason and Skype want to cover up their eavesdropping.
Something that is even more worrying than the wire-tapping is that the encryption protocol that Skype uses is so flawed that wire-tapping is not only possible for government officials. Criminal hackers can also decrypt large parts of Skype calls by exploiting a vulnerability discovered by researchers from the University of North Carolina.
Microsoft additionally use device fingerprinting. Skype creates an executable file called 1.com on your machine, which is used to capture your BIOS information. That is low-level hardware information of your PC that can identify your computer through its hardware configuration. To cover up this activity, Skype actively tries to deny you access to the
1.com file to prevent being discovered.
On top of that, Skype has been criticised for being filled with security flaws, sharing too much data and trying to extract your passwords from Firefox browser (in the Linux version). That activity has been observed in action. The Skype software tried to gain access to the folder that stores all you Firefox passwords on Linux. It is likely that this data will also be shared with authorities if requested. We do not think that you need any more reasons to stay away from it.
Combine all that with the fact that it is not even a good video chat client and you get one of the worst programs ever made: Forced updates, an unusable UI on desktop PCs and a sluggish and unresponsive client app.
Go to our next article “The best Skype Alternatives for Privacy“ to read our final verdict on Skype and what alternatives you should use instead. You can easily replace the spyware with fantastic open-source tools.
Before you ask: No, we did not forget Google’s Skype competitor: Hangouts.
Google Hangouts attempted to get as big as Skype, but failed. It will probably be shut down this year or 2020 (confirmed by Google). Now, we do not need to tell you that Google is a big player, when it comes collecting personal data, so be sceptical. As with Skype, it is closed-source, so we cannot easily find out if there are backdoors. We would, however, be surprised if there are none. We sincerely hope that the low user count of Hangouts means that law enforcement is less interested in wire-tapping the service.
Another video conferencing client, especially for companies, is Amazon Chime. Its use is discouraged for the same reasons as Skype.
We have not heard many bad things about iChat on Mac, but it is closed-source as well, so please be sceptical. The same applies to ooVoo, Viber and of course Facebook Video Chat.