Skype Messages Monitored In China 223
Pickens writes "Human-rights activists have discovered a huge surveillance system in China that monitors and archives Internet text conversations sent by customers of Tom-Skype, a joint venture between a Chinese wireless operator and eBay. Researchers say the system monitors a list of politically charged words that includes words related to the religious group Falun Gong, Taiwan independence, the Chinese Communist Party and also words like democracy, earthquake and milk powder. The encrypted list of words inside the Tom-Skype software blocks the transmission of these words and records personal information about the customers who send the messages. Researchers say their discovery contradicts a public statement made by Skype executives in 2006 that 'full end-to-end security is preserved and there is no compromise of people's privacy.' The Chinese government is not alone in its Internet surveillance efforts. In 2005, The New York Times reported that the National Security Agency was monitoring large volumes of telephone and Internet communications flowing into and out of the United States as part of an eavesdropping program that President Bush approved after the Sept. 11 attacks. 'This is the worst nightmares of the conspiracy theorists around surveillance coming true,' says Ronald J. Deibert, an associate professor of political science at the University of Toronto. 'It's "X-Files" without the aliens.'"
Shocked, I am (Score:5, Funny)
Writing through a scribe over Skype from mainland China, I can confidently say that messages about Falun Gong are not being
Re: (Score:3, Funny)
the system monitors a list of politically charged words that includes words related to the religious group Falun Gong
I hope one of those words is 'lol'
Re: (Score:2, Funny)
Re: (Score:2, Insightful)
I honestly don't understand why people think the Falun Gong is great. They're honestly crazy, and while I don't think the Chinese government should stop them from practicing, I really think they should just let them be so people can see how crazy they really are. Most westerners are so enchanted with eastern cultures that have a cultish streak to it. Heck, most of the time they don't even know what it's it about. Ask an American to point out Tibet on a blank map.
What sucks about the Tibetan situation is
Re: (Score:3, Informative)
Tibetans make up 40% of the population in Lhasa.
It used to be 100%. That's sort of the problem.
The atrocities committed in Tibet by the Chinese are well-documented - the wilderness photographer Galen Rowell in particular took a large number of very damning photos, smuggled them out of the country, and when they were revealed to the world, the Chinese banned him for life from ever returning.
It doesn't really matter whether you think the Dalai Lama is a great guy or not, or whether the Iraq situation parallels it - two wrongs don't make a right, and many A
Re: (Score:2)
Re: (Score:2)
They've destroyed something alright...
Oh right. We kill and torture Iraqis for TALKING bad about the US. You are so right. That is so hypocritical.
Truth about Tibet? What like maybe they were always par
Re:Shocked, I am (Score:5, Insightful)
Other than your assertion, got anything to back that up? Certainly, other than China saying it, I see no evidence whatsoever of them having any aspects of being a cult.
I've known several people who were practitioners, and they were some of the nicest, kindest, straight up people I've known. I've skimmed their literature, and I don't see anything in it that I would classify as crazy.
But, the vast majority of what he says about the situation in Tibet is documented, historical fact. And, we listen to what he says because if you read the huge volume of Buddhist writings he's done, he's a very smart guy with a very broad and inclusive world view.
It's awfully hard to come to the conclusion that he's any of the things that China paints him as in light of the rest of the way he has lived his life. Even though it might appear that he has an incentive to distort the truth, the whole package makes it a little implausible that he's secretly evil and sneaky.
Cheers
Re: (Score:2)
Oh, look, it's the Michael Parenti article.
Funny how everyone who wants to make these assertions about Tibet trots out only this article -- which isn't peer reviewed, and is full of assertions that I'm not convinced he can back up. It's certainly written with a lot of innuendo and inference which I don't think is befitting of scholarly work.
His article has been excellently refuted here [studentsfo...etibet.org].
You seem to have a very strong agenda to further the Chine
Re: (Score:2, Insightful)
Why is that reply considered flamebait? Isn't that how it is, really? Recent debates in Sweden is at least about new signal analysis laws for all internationall computer traffic passing our borders. Much worse than just internet telephony alone, even.
Re:Shocked, I am (Score:5, Insightful)
The US taps phone calls in an attempt to uncover evidence of violent crimes, to prevent them from happening, and to prosecute and jail those responsible.
China taps phone calls so they can find out who is speaking out against the one-party government, or bringing up other embarrassing subjects, so that they can send police to drag them out of their house, and put them in front of a firing squad.
Clearly, the two are not at all different.
Re:Shocked, I am (Score:4, Insightful)
Don't bother.
The First rule of Slashdot (and US liberalism in general) is that it's ALWAYS the fault of the US.
The Second rule is that if it isn't the fault of the US, what he US does is equally bad or worse.
The Third rule is that, if a situation arises that doesn't fall neatly into the rules above, see the rules above.
Re: (Score:2, Informative)
>>>China tapes phone calls so they can find out who is speaking out against the [] government...
In the U.S. the PATRIOT ACT allows the current president, and the future 2009-2013 president to do the exact-same thing. The only difference is rather than drag the citizen in front of a firing squad, the president takes the citizen to Gauntanamo Bay and holds them in prison without lawyer or trial. Different ends; but same denial of basic human rights.
Don't you wish. (Score:5, Informative)
The US taps phone calls in an attempt to uncover evidence of violent crimes, to prevent them from happening, and to prosecute and jail those responsible.
And the US intelligence and law enforcement agencies - at all levels and over essentially all time - have a long track record of misusing their investigations for suppressing political enemies, both individual and movements.
This happens over and over and over. (For starters look at the FBI for a number of examples, including J. Edgar Hover's political blackmail files and the COINTELPRO program.) It normally comes to light only a decade or more later, because it happens in secrecy and is only discovered through chance or later examination of records. So it always looks like "It used to be that way but we've cleaned it up now."
You have to keep a tight rein on the government at all times because such power will ALWAYS be misused.
Re: (Score:2)
How do you know?
The Bush administration spent years denying it was tapping communications without warrants.
Then, when found out, their only defense was "It should be legal."
But, with no warrants, no oversight, no public records, even after the fact, there is no way to know what the phone calls are actually being tapped for.
The only support for your st
Re: (Score:2)
The US does not halt the messages and then jail its citizens for talking about its screwups. If it did, everyone hollering about the current financial crisis would be in jail right now and you wouldn't know about the crisis.
First post (Score:5, Funny)
In end-to-end security... (Score:5, Insightful)
...the last thing to trust is closed source implementation or even worse, proprietary protocol.
though I think real paranoid people won't trust something like Skype, right?
Re: (Score:2)
I think real paranoid people would hand-search the source code of everything. The rest of us would be more practical when it comes to risk management.
Re: (Score:2)
And even then, they are not safe!
You could hide a trojan in the compiler, such that it compiles the seemingly innocent programs with trojans inserted.
Then, you could also hide the trojan in the compiler itself, such that when it compiles the innocent-seeming compiler itself, it inserts the trojan-insertion code into it.
Re: (Score:2)
But the really cool one would be the compiler that secretly compiles the code for the compiler that secretly compiles the trojan insertion in the third compiler.
Re: (Score:2)
I do have coreboot a.k.a. LinuxBIOS, we do have some open source CPU design AFAIK, or i think we know enough about 386 which can also run Linux!
So building it end-to-end with just open source, or at least with something we surely know what's there, is technically possible.
Re: (Score:2)
How can you surely know what's there, on any media?
Maybe the guys who burnt the CD thought they were burning clean binaries, but they too compiled their binaries with a compiler binary that they got from somewhere else.
Who says that the original compiler binary they used wasn't tainted and tainted everything from there on?
Re:In end-to-end security... (Score:5, Insightful)
This is not about real paranoid people. The real paranoid people (like me) never trusted skype (encrypted, closed source binary blob).
This news is for the non-tinfoil-hat people. Now they too know, like us paranoid people, that their conversations are tracked, recorded, monitored and archived. For real. And now they know, if they read and understand the news, that what skype sad to us all ('full end-to-end security is preserved and there is no compromise of people's privacy.') was a lie. Skype (eBay) lied, maybe one time, maybe on other, more important things too, and maybe they will do it again.
Re: (Score:2)
Well, there is a possibility that end-to-end security goes for voice calls. Note that this story is about _text_ conversations.
I still refuse to use Skype for using a proprietary protocol and resent that the founders became millionaires by successfully getting the world to use a proprietary protocol for what was already being done using open protocols, _and_ I still maintain that trusting closed source software is more an act of faith than good security...but let's not go knocking Skype with false arguments
Re:In end-to-end security... (Score:5, Informative)
Except, even IF you could comb through the code, it doesn't mean that at some higher level your security isn't compromised.
I run a VOIP server and it's ridiculously easy to monitor everything going through it despite a TLS initiated client-server session.
- Text/sms/etc? In the database.
- Voice? Easy to keep a listener on the call. Very easy.
In both cases, there's encryption over the "public wire" but the server's got access to ALL of it. In the U.S., I imagine it's as simple as the NSA visits your CEO and gets full cooperation. CEO tells CTO to cooperate fully with the NSA. All of your communications are now monitored. That is, if the current monitoring at AT&T isn't enough somehow.
The "simple" answer is to decentralize VOIP. How you find and trust VOIP peers is where that ideas falls apart.
Another idea is to encrypt/decrypt the data on the client. Your sms would be good to go.. Encrypting the audio portion of the UDP packets would be very problematic. But it would work.
Running your own communications server is good too. A dumb old P3 with 1GB of ram will run VOIP and mail just fine. In that scenario, you own/control all the parts.
Re: (Score:2)
A good start would be AIM/Jabber/* video conferencing protocols using encryption and open source. In those protocols, the server helps you figure out the IP of the person you want to talk to, but otherwise doesn't see the messages (except in AIM for text messages when the user is offline).
End-to-end for IMs (Score:2)
A good start would be AIM/Jabber/* video conferencing protocols using encryption and open source.
Already exists.
It's a plugins called Off the record [cypherpunks.ca] which is supported in Pidgin (plugin), Adium (out of the box) and several other softwares (including as a stand alone proxy - although slightly less secure : it's still vulnerable to a binary client backdoor).
It doesn't break or change the protocol.
Instead, it works one layer above, encrypting messages before sending them and decrypting them after receiving them.
Indeed it works even with non open protocols, as long as Pidgin/Adium are able to communicate
Re: (Score:2)
In both cases, there's encryption over the "public wire" but the server's got access to ALL of it.
If you look at the summary, article, and this thread's subject line, they all say "end-to-end". That means the server doesn't have access to anything except the encrypted stream. Ignoring MITM attacks, you don't need to trust anything in the middle as long as they don't start dropping pakcets, just trust the software on the ends (which you can't do with proprietary software).
Another idea is to encrypt/decrypt the data on the client.
Yes, that's called end-to-end. :-P
Re: (Score:2)
What you are describing is not end-to-end encryption. TFA seems to indicate that the Tom-Skype software is end-to-end encryption. One end encrypts the message such that that only the other end (the person the user is talking to) can decrypt. This is the same as when you send a PGP encrypted e-mail: you don't have to worry about the mail servers in the middle reading your mail. In true end-to-end encryption, at no point do the servers in the middle normally handle un-encrypted messages. From TFA,
The encrypted list of words inside the Tom-Skype software blocks the transmission of those words and a copy of the message is sent to a server.
The user
I dont think End2end means what you think it means (Score:5, Informative)
Except, even IF you could comb through the code, it doesn't mean that at some higher level your security isn't compromised.
I run a VOIP server and it's ridiculously easy to monitor everything going through it despite a TLS initiated client-server session.
No, sorry no.
End-to-end has nothing to do with those application that provide some toy-protection by securing communication with the server (like IMAPS or SSL protection in stock MSN).
End-to-end means that the whole traffic is encrypted between both *end points*. A direct channel going from my software on my computer, all the way to your software on your computer. Every one else along the chain only sees crypted garbage.
You can't spy an End-to-end encrypted traffic (I mean you can record packets, but you can't understand them). If any one attempts a man-in-the-middle attack (at the server, for example), both end points will see the wrong encryption certificates. (Each end of the communication will see the middle-man's certificate, not the original one).
You could compromise the system :
- at the key exchange step the first time 2 previously unknown people get in touch (if you manage to trick each one into thinking that the key they recieved from *your* the first time they did exchange the key were their keys).
- at the end point of the communication. If something is compromised at the exit of the secure channel, no matter how the channel itself is secure.
The system could be root-kited, or the software could be not trustworthy.
How you find and trust VOIP peers is where that ideas falls apart
Building a chain of trust which tops at meeting the first key persons in real life in order to exchange keys (that as that portion of communication is secured, you can obtain further security tokens from other persons).
Or at least using a separate better trusted channel to confirm the keys' hashes.
Another idea is to encrypt/decrypt the data on the client.
Been done since ages on opensource implementations of IM clients. "Off the Record [cypherpunks.ca]" is currently a very popular application, running on Pidgin (plugin), Adium (out-of-the-box) and several others, and functioning as a layer above the message protocol.
(If both end points are running OTR, when you type a message in your client, the plugin converts it into a cyphered text. Then that message is sent using the classical route of whatever protocol you use underneath (MSN, Jabber, Whatever), the client at the other end receive it too, and its plugin decrypts the message back before displaying it, check also if the encryption key matches.
Regadless of what is the network used, the message that transist is only something looking like line noise. Microsoft's MSN server could log it, its still meaningless.)
Encrypting the audio portion of the UDP packets would be very problematic
Been done for ages too. You should google around for ZRTP (by nothing less than the author of PGP). Supported in several project, including the open source Twinkle, support comming in Ekiga next major release too. Nothing problematic.
Running your own communications server is good too.
...as long as you use end-to-end encryption between the people.
or at least as long as everyone exclusively use secure communications from/to the server.
(but then, *they* shouldn't trust it as they don't control what's happening on the server)
Sentries (Score:3, Funny)
I'm writing from China right now (Score:5, Funny)
Hold on, someone is at the door...
CHINA IS A GREAT NATION THAT WOULD NEVER INVADE MY PRIVACY. THIS ARTICLE IS UNFOUNDED AND BIASED.
Open source (Score:5, Insightful)
This is also an argument in favor of using open source software. I've been dubious in the past about claims that closes-source vendors couldn't be trusted, but apparently I was being naive.
Sounds like the FSF [fsf.org] got this one right.
Re: (Score:2)
Re: (Score:2)
I'd suggest that the app you use for politically-dangerous discussion and the app you use to do video chat with your grandparents should probably not be the same app.
Unless of course your grandparents are politically active and the video chat with them is the politically-dangerous discussion. But in that case, hopefully they retain enough flexibility of mind to learn something less user friendly.
Re: (Score:2)
It _should_ be the same app. If both "common chat/VoIP/webcam" traffic and sensitive info are equally well secured, there's no way of distinguishing the two.
Re: (Score:2)
Re: (Score:2)
But good security may well require extra steps on behalf of the user.
Take for example something like OTR [wikipedia.org]. OTR can be completely secure if used correctly, but correct use requires verifying other people's fingerprints and such. Blindly clicking through the security dialogs destroys the security of the system. Zfone [wikipedia.org] is another good example of this. In these cases your grandparents could use the same app, but their use won't be secure even if your use is.
More generally, I'm not sure that a system can be made u
Re: (Score:2)
> This is also an argument in favor of using open source software.
No it isn't, since simply no OSS application matches the features Skype provides accross platforms.
Please correct me if I'm wrong. Which non obscure open source program can I use myself and recommend to my Windows using friends to be able to do text chat, VoIP and webcam, with a easy to use interface, without the need to compile anything and which is actively developed and provided in standard package repositories and will be available in
Re: (Score:2)
I wasn't saying that such software exists at the moment. I was just making the more general point that an open-source application with Skype's functionality would be less likely to secretly harbor such snooping and filtering functionality.
They're trying [lwn.net]. Can they count on your donation?
Re: (Score:2)
Re: (Score:2)
Because it can be immediately forked, the "Skype shall always be treated as a totally trusted introducer" part can be removed, and replaced with something sane, such as an OpenPGP trust model.
Re: (Score:2)
``This is also an argument in favor of using open source software. I've been dubious in the past about claims that closes-source vendors couldn't be trusted, but apparently I was being naive.''
It's not that closed source cannot be trusted, it's just that you need to realize that's what you're really doing. You are trusting that code to do what you think it does, and not do what you think it doesn't do. But really, you have no idea. With open source, you and others can actually verify whether a given claim a
Open Source is not a panacea. (Score:2)
.
The source code doesn't tell you what resources the NSA or the Chinese can bring to the problem.
You control a single node or super node.
Your adversary controls ten thousand nodes or super nodes - whatever it takes to insure that almost nothing moving across the net escapes their eyes.
Not the same (Score:2, Insightful)
The NSA program was designed to listen in on US citizens talking to people on a known terrorist list. One part of the conversation was always international and one part was domestic. Telephone conversations are two ways and you kind of need to here both side to know what is going on. Now was this illegal? Maybe. Should it ha
Re:Not the same (Score:5, Insightful)
That's only if you trust the government's claims. They have a pretty bad track record. Just do some research on COINTELPRO or Mockingbird. Or realize that the FBI was openly recruiting people to spy on protest groups in Minnesota before the RNC.
Also remember that the patriot act has been used 1000's of times against people who have done nothing terror related. Elliot Spitzer was caught because of the patriot act. It has mostly been used to get drug dealers and shut down strip joints.
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2, Informative)
The reason people know of the existence of the classified warrantless surveillance program is, as every fool knows, because several concerned whistle-blowers came forward and disclosed illegal details of the program to the NYTimes. The NYTimes then wrote a famous article [nytimes.com] describing the known details of the lawless surveillance program. You should consider reading it. You might learn so
Re: (Score:2, Interesting)
So you are saying that we DO know the details, but you are criticizing the OP because the details are hidden? Which is it?
The OP put forth reasons why the US program was different from the Chinese program, and you dismiss him because the "real" reason and purposes behind the program are hidden due to its "beyond-top-secret" nature. But when I point out the level of secrecy you claim isn't real, you criticize me for ignorance of the very facts that the OP was using in his initial argument!
So the NYT articl
Re: (Score:2)
http://donklephant.com/2008/09/01/violent-protests-disrupt-rnc/ [donklephant.com]
http://www.timesonline.co.uk/tol/news/world/us_and_americas/us_elections/article4660503.ece [timesonline.co.uk]
Re: (Score:2)
Re: (Score:2)
Not at all. The government didn't come out and explain this secret program... The program was exposed by the press. Why is it that you believe the press can uncover this program in the first place, but only the relatively benign part, while the evil conspiracy is able to stay hidden?
After 9/11, FBI agents were sent out to go under-cover in just about e
Re: (Score:2)
"They aren't trying to track terrorists here. They are trying to play mind control. They are trying to censor the publics thoughts."
Do you really think the issue in america is really terrorists? terrorists are about a big a deal as asteroid hits, yes it could happen, yes it's good to watch for, no it isn't worth shitting all over peoples rights to deal utterly ineffectively with the slim chance of it doing any real damage any time soon.
In china the difference is that you can be defined as a terrorist if pow
How do you know? (Score:2, Insightful)
How do you know that? That's what they say, but how do you know that?
Was the program under some kind of oversight outside of the executive branch? No. Are the details of the program publicly available? No.
You don't actually know how the NSA program compares to the Chinese one. You just hope that's the way it is.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Compare and contrast this with the Chinese Program. This program exists to control the thoughts of the Chinese people. It censors them and prevents the flow of information. Then it reports on them simply because they are talking about things which in the United States are completely legal to talk about but in China are completely illegal to talk about. China has no freedom of speech. Their every move is watched to control them online. They aren't trying to track terrorists here. They are trying to play mind control. They are trying to censor the publics thoughts.
Is it "thoughts" when it's about China and not when it's about the USA? Why are you using such a strong words as "thoughts", when it's really about what they say?
But yeah, there is a difference in what kind of activities the two governments want to stop. In both governments, that definition is up to the government though, and they are no longer always obviously serving the people. "Terrorists" sounds all good and well, but there have been so many news about strange definitions of that.
Re: (Score:2)
That depends on whose propaganda you believe. Removing the red vs blue rhetoric, I'm not convinced there's much difference. There's theater and distraction tactics in both. It's safe to assume that both are censorship, and neither is a good thing, regardless of declared intentions.
Re: (Score:2)
Re: (Score:3, Insightful)
Are you sure you are not on the terrorist list? List time I checked the US had a do-not-fly list of 1 million names and the list continues to grow...
Re: (Score:2, Informative)
Riiiight.... Here's the problem: if you'd know that one end is a terrorist, you'd go and arrest them. That's because if you have enough information to understand that a specific IP is a terrorist, you know where that IP is coming from and who is sitting behind it. The only reason to eavesdrop in this case is to get more intel, and that's easily achieved with regular FISA-type warrants.
A blanket monitoring system outside of FISA supervision can only exist for one reason: there is not enough information about
Re: (Score:3, Interesting)
Re: (Score:2)
> The constitution specifically forbids it.
It also forbids warrentless wiretapping. Great job on following the Constitution the government has done since 9/11, wouldn't you say?
Re: (Score:2)
Please point out to me where wiretapping is in the Constitution. In fact the word "Privacy" is also NOT in there. Should it be? Probably but it is NOT.
Re: (Score:2)
I'll agree that the word "wiretap" does not appear in the constitution. That doesn't matter. I have no problems with this logically or truthfully. I think you missed the point though. Take a look at the 9th and 10th amendments to the Constitution. You know, the ones that the framers of the Constitution were around to argue about:
Amendment 9 - Construction of Constitution. Ratified 12/15/1791.
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Amendment 10 - Powers of the States and People. Ratified 12/15/1791. Note
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
In other words, the Federal Government, under the Constitution, does not have the right to wiretap anybody, if we are going to be literal and reject the common legal theory tha
Re: (Score:2)
Wow - you managed to completely miss the point of my post.
Whether the current approach is unconstitutional is completely irrelevant. It also has no impact on the evilness of Government. It simply is a surveillance systems that is forced to monitor EVERYTHING that it can, because it cannot possibly know enough to do the differentiation that the government claims it does. Simple as that. Once you monitor, you can intercept and censor. That's it. As for what is done with that capability, past experience is a g
Re: (Score:2)
i don't see how surveillance is mind-control. the Chinese government want to root out dissidents and suppress dissenting opinions, just as has been done in the U.S. throughout history. ever heard of COINTELPRO? this kind of blatant abuse of political power to actively suppress political dissent was most rampant during J. Edgar Hoover's reign of the FBI and slowly declined after his death. but in recent years such practices have been revived once again.
all governments, especially unpopular ones, fear dissent
Re: (Score:2)
I never said what the NSA did was right. I just said it's not the same. Secondly COINTELPRO targeted organizations such as the Klu Klux Klan and the Weatherman. Both of those organization were actually terrorist. Did the program get misused? Yes it did and I don't defend that. But
Re:Not the same (Score:4, Informative)
Secondly COINTELPRO targeted organizations such as the Klu Klux Klan and the Weatherman. Both of those organization were actually terrorist.
COINTELPRO also targeted the following non-violent groups:
They were also investigated by Congress by the Church Committee [wikipedia.org], which talked about COINTELPRO and drug experiments and mind control experiments [wikipedia.org].
So, given their secrecy and refusal to play ball with the courts, and the evidence that they keep of their own wrongdoing, away from public view, I'm not willing to extend them the benefit of the doubt.
If you don't like how the Government is then VOTE.
I have, and many others have. We still do. That doesn't mean we can't disagree and distrust. That doesn't mean we should just hang back and accept.
Re: (Score:3, Insightful)
BTW in theory the chinese citizens have votes too and can even stand for elections (in theory :) ).
http://en.wikipedia.org/wiki/Politics_of_the_People's_Republic_of_China [wikipedia.org]
http://www.china.org.cn/english/Political/26325.htm [china.org.cn]
They only have one party though.
They do have some form of accountability though. In the past few food scandals, the previous food safety chief was executed for corruption, and the current one has resigned.
It's not like they got USD20 million bucks for screwing up.
They most certainly don't e
Re: (Score:2)
The chinese program is an open-ended restriction. The rules are maintained exclusively by the chinese ruling political party. There is no "law" in a real sense.
The US/NSA programs still are restricted to USC18-118 [usdoj.gov]. I'm sure it's taken seriously in all agencies ;) . Yes, there's been report on abuses or violations of this law, and/or a political agenda to rewrite it and releasing any protections, but that's completely different discussion and usually involves a small number of powerful [corrupt] people.
Re: (Score:3, Interesting)
The NSA program was designed to listen in on US citizens talking to people on a known terrorist list. One part of the conversation was always international and one part was domestic.
Care to show me all of the national security letters that document this? Oh, wait, that's right, they're classified and impose an immediate gag order on anybody who receives one.
As we all know, the government would never lie to us [wikipedia.org], especially to go to war, and especially not the NSA [wikipedia.org]. Of course, when caught red-handed in their own documents, they claim that "The opinions expressed within the documents in both releases are those of the authors and individuals interviewed. They do not necessarily represent t [nsa.gov]
Re: (Score:3, Insightful)
Where to start.
None of what you say about US phone call monitoring applies, since Skype is not a phone call, it's an internet transmission. The law on collecting packets is a lot weaker than the law on collecting analog signals.
The point of this is that the "crypto" in Skype can be broken and has been broken per a government request. What this means is that virtually any Skype conversation since 2001 should be assumed to be available for review by the Feds. September 11 2001, the Feds installed packet sn
Surprise, surprise. (Score:2)
We already know that it's possible to listen in on Skype conversations. Is it any stretch of the imagination that China would be doing it?
A new arms race? (Score:4, Interesting)
There are a couple of messaging softwares that use encryption. People tend to simply not care in the west about things like Tor, Freenet, I2P and encryption options in text messaging but if more scenarios that are NOT linked to child porn arise, maybe people will start to consider the more legitimate reasons to fight for our right to privacy?
I believe we need more crypto-anarchists in this world. Where are the cypherpunks when we need them?
Not the worst nightmare at all (Score:5, Insightful)
'This is the worst nightmares of the conspiracy theorists around surveillance coming true,'
No. The worst nightmare would be when this comes true and no one cares.
Re: (Score:3, Insightful)
For the most part, John Q. Public is happy to hand over their rights, and they _don't_ care - and I am scared.
Either open-source the Skype engine or abandon it (Score:4, Interesting)
Either open-source the Skype engine or abandon it.
Skype devices could still be manufactured only under license, so their profit stream wouldn't dry up. No doubt it's all trademarked and copyrighted and patented to hell and back by the company anyway, so open-sourcing wouldn't be giving free reign to the competition.
But if they want to retain a trusting customer base, the only option now is to open-source the Skype engine and protocol, otherwise it's end of game.
I'll certainly be letting all my friends know about this. While they may be discussing only granny's Xmas presents or their boyfriends' vital measurements, it's no business of the snoop agencies to hear it.
Meanwhile, it's not as if VoIP didn't have any open alternatives. There is no need to support a vendor that cannot be trusted.
Also in Bavaria (Score:2, Interesting)
New? (Score:2)
Prudent individuals should assume that all of their actions, transactions, and speech are being monitored and recorded, either passively by devices that are coincidentally nearby, or actively by individuals and organizations that are collecting data for some particular purpose. T
Joke about freedom of mail (Score:4, Funny)
A communist from the West decides to move to USSR. He explained to his friends that he would write letters to them. Worried about freedom of mail, he explained them that if he writes anything in red ink, that would mean that reality is opposite from the written.
He moves there, and after a while, the first mail finally arrives. It says: "Everything is great here in USSR. People are happy, wealthy, there is a lot of everything in stores, freedom is enormous. The only problem I have seen here is that you cannot buy any red ink."
Re:Joke about US economy (Score:2)
He really should have stocked up before he left. There is LOTS of red ink here.
From Skype's Website (Score:2, Informative)
[Todayâ(TM)s Financial Times posted a story](http://news.ft.com/cms/s/875630d4-cef9-11da-925d-0000779e2340.html) about how Skypeâ(TM)s partner TOM Online is filtering text messages in China.
Skype has a joint venture with TOM Online. As part of that venture, we provide a co-branded version of Skype called TOM-Skype, which is the version of Skype that is available in mainland China.
As part of the joint venture, TOM provides guidance to Skype about how to co-operate with local laws and regulations in
Where is the insecurity? (Score:5, Interesting)
Maybe I'm missing something, but is this necessarily evidence that the Skype client and transmission are not themselves secure? The third link [skype.com] indicates that TOM-Skype uses TOM-specific client software that does the filtering (which Skype knew about). Isn't it likely that that software is also what's squealing to the monitoring system (which Skype apparently didn't know about) despite the supposed end-to-end security of the actual transmission over the Skype protocol? Is there any evidence that the monitoring is going on during the transmission, rather than this being a case of the TOM software phoning home separately?
I'm not suggesting that the Skype client should be trusted even outside of China—if it's closed-source, it might as well not encrypt anything at all—and this story certainly seems to cast additional doubt on it. But nonetheless, couldn't the foul play here be limited to the "TOM" side of TOM-Skype?
Who uses skype for TEXT messages anyways? (Score:2)
...Apparently, 166,000 messages were logged in two months. 88,000 messages/month.
Ebay said that the lack of security that allowed the monitoring to be uncovered was the problem and affirmed their concerns for the privacy of their users (then why did they LOG their messages to begin with?):
the company spoke to the accessibility of the messages, not their monitoring. The security breach does not affect Skypes core technology or functionality, she said. It exists within an administrative layer on Tom Online se
what a joke (Score:2)
a list of politically charged words that includes words related to Falun Gong ... the Chinese Communist Party ... the Tom-Skype software blocks the transmission of these words
So Skype believes either (1) nothing bad would be said about FLG and nothing good would be said about CCP; or (2) FLG and CCP are in fact allies and both are cults.
Bush approved eavesdropping program BEFORE 9/11 (Score:5, Informative)
If we're talking the NSA program to secretly mass-monitor electronic communications of US citizens **whether or not** they're guilty, and with no judicial oversight - this program was actually approved by Bush **right after he got into office in January 2001**.
http://www.truthout.org/article/jason-leopold-bush-authorized-domestic-spying-before-911 [truthout.org]
Declassified doc showing that's the case, here: http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB24/nsa25.pdf [gwu.edu]
This is an easy mistake to make - because whenever this program is mentioned, it's always deliberately mentioned in the context of 9/11, and mentions changes made after 9/11. But that is all spin.
It's a shame that we have to look that far into the details to find out when a program was started - but with this administration we apparently do.
And as a side note, it's important to know that this was started well before 9/11 - because it also proves it did nothing to stop the 9/11 attacks. This is more proof that this kind of mass warrantless eavesdropping with no oversight doesn't even make us safer from terrorists - it only puts us in more danger from our government.
Posting this note to the original article also.
I told you so!!! (Score:3, Interesting)
Re: (Score:2)
ho-wa ould-way o-da at-thay?
Re: (Score:2)
From the summary, it seems that this is being done on the client's computer, before encryption:
The encrypted list of words inside the Tom-Skype software blocks the transmission of these words and records personal information about the customers who send the messages
Re: (Score:2)
The encrypted list of words inside the Tom-Skype software blocks the transmission of these words and records personal information about the customers who send the messages.
Don't tell me they're encrypting the text word-by-word.
There's a list of banned words inside the Skype software. That list of banned words is encrypted in order to prevent someone from arbitrarily modifying it through a hex editor, etc. When using Skype, you type something (obviously in plain text) into the Skype program. The Skype program then scans over the plain text you typed, compares it against its word list -- which is decrypted for the comparison -- and takes appropriate action.
Re:Submitter is a troll (Score:5, Insightful)
I think the poster's point is that Skype is enabling this behavior, and Skype, in case you haven't noticed, has a presence all over the world.
Re: (Score:3, Insightful)
Damn foreigners.
Re: (Score:2)
> If you use regular Skype, or if you use Skype or TOM-Skype for voice
> (rather than text) communication, you are still secure.
Following up on my own comment, I should point out that you are not secure if you are having a text chat with someone who uses TOM-Skype, even if you yourself use the regular Skype.
You don't read the news? (Score:2)
That would be THIS NEWS. [google.com]
You don't get, uh, Google News down there?
No, (Score:2)
Re: (Score:2)
Back in the day, I used H.323. Nowadays, I use mostly SIP. Both are open standards that can be used with a variety of clients, such as Ekiga [ekiga.org], XMeeting [sourceforge.net], and Gizmo [gizmoproject.com].
By default, these protocols are unencrypted. I would run them over a VPN (I use OpenVPN [openvpn.net]) so that all communication is encrypted. This also solves some of the connectivity problems that Network Address Translation creates.