Campaigning group Privacy International is accusing Skype of putting its users at risk through a series of security holes.
“Skype’s misleading security assurances continue to expose users around the world to unnecessary and dangerous risk,” says
Privacy International’s human rights and technology advisor, Eric King.
“It’s time for Skype to own up to the reality of its security and to take a leadership position in global communications.”
PI’s main concern is the fact that Skype’s interface uses full names on the contact list, rather than unique user names, making it easy to impersonate other users.
Because Skype has no HTTPS download ervice, says PI, downloads can be tampered with by a third party. China, for example, has been known to produce its own trojan-infected version of Skype, exposing users to interception, impersonation and surveillance.
“It is impossible to know the extent to which other malevolent actors have done likewise,” says PI. “Why, given that Facebook, GMail and Twitter offer this HTTPS-level of protection, is Skype unprepared to do so?”
In addition, Skype’s VBR audio compression codec is particularly vulnerable, claims PI, regardless of how it’s encrypted. Indeed, it says, phrases can be identified between 50 and 90 percent of the time.
PI is calling on Skype to take action, particularly given that it’s known that China was filtering chats since 2006.
