NSA can wiretap Skype wholesale


Do these keys have anything to do with why Microsoft’s done nothing to close the backdoor Skype resolvers have been using with Microsoft’s full awareness for years?

I keep asking my IT director why we continue to choose the least secure software we can find.


the article speaks of voice over skype , but we all know what skype is really used for , mostly !! so , if there are like 5000 agents ’ assigned ’ to this task , and each one can watch 5 video streams at once , albeit not all with the same level of attention , for , maybe , 8 hours with breaks and , say , there are like 50,000 video feeds ’ of interest ’ running 24/7 ( not all the same feeds , but kinda when one drops , another starts ) then where do i go to try to sell kleenex ( tissues ) to these offices ?? ( all numbers used here are made up for illustrative purposes ~ no pet class animals were harmed in any way that can be proven , offer void in texas )

SIP is an open protocol that’s been available for years, you can use end-to-end encryption with it, there are lots of free clients for it and free account providers available – since all the central server needs to do is get one client in touch with the other.

Skype is yet another example of a proprietary product that’s entirely inferior to the free and open source alternatives, but people use Skype because of network effects and push advertising.


When eBay owned Skype the majority of traffic was routed through high performance, but decentralized supernodes not owned by eBay. There was still a project called redacted that could legally be subpoenaed, if a warrant were issued, but encryption keys were not disseminated for wholesale, bulk collection. Besides it would have been impossible to collect all of the flows.

When Microsoft purchased Skype they dismantled the decentralized supernode network, and centralized them on company owned assets. And who knows what happened with their keys.


From what I understand, this is mostly accurate, but not entirely. In general, Skype was originally mostly a peer-to-peer system, like SIP systems, with some centralized account processing for billing. It’s transitioned to a very centralized system in which calls are routed through large regional datacenters. The main reason for the change in architecture was to support mobile devices, which can’t necessarily handle all the distributed features of the original peer-to-peer clients. But, it’s hard not to suspect that ease of intercepting Skype calls for law enforcement was a consideration.

The transition to a more centralized architecture began before Skype was bought by Microsoft, though most of it has actually happened since the acquisition.

The super-nodes, though, don’t route calls. They only handle presence information.

1 Like

And the presence info is the lynchpin to further warrants and subpoenas.

I didn’t work directly for that team, just… Tangentially.

I’ve said too much :smile:


Stay safe. Watch the sky for lawyer-drones.


On a serious note nothing I’ve said couldn’t be inferred by business best practices.

On a silly note I know the guy that would be piloting said drone, and he is crap with technology.


Just as a reminder, we’ve known for years that if you put an https url in a skype message, something will ping the site and scrape the admin headers. Not for http, and they don’t grab the page content. Looks like they’re trying to save the cert info (and who knows what else) just in case they weren’t aware of that site yet.


I assume they did already!

You should have him check out RokaCom and ask them about their corporate plans. It encrypts directly between mobile devices using upgraded crypto. It uses open source libraries, which they upgraded the crypto and then republished on git hub. Our company switched to it and its great. I use it to call my wife when I travel over seas.

This topic was automatically closed after 5 days. New replies are no longer allowed.