Talk:Skype security

Misc

Hi:

Some clarity as to whether voice security and chat's instant message security are handled in the same ways could improve the article.

AG

Skype security on small devices

Could someone add a bit to clarify if Skype-to-Skype on smartphones and PSP units use encryption for voice, chat and file transfer like the larger OS versions do? Rearden9 (talk) 16:37, 11 July 2008 (UTC)

SQL lite logs

More information on how this could serve as a vector of privacy invasion? This single file contains all the chat history the user has, is not encrypted nor protected by strict user permissions by default. One would think that such an easy method of access would have been covered by the people who created skype. A method of protecting oneself from this would seem like common courtesy. --173.33.226.91 (talk) 02:58, 22 June 2010 (UTC)

"Completely private"?

The lede says that Skype provides "completely private" communication to its users, but references 8 and 12 claim that the Skype company is readily able to intercept calls. Contrasted with the threat model of other encryption systems like ZRTP, Off-the-record messaging, and PGP (whose developers have tried to ensure that they are unable to eavesdrop on communications), this is likely not what readers would expect "completely private" to mean. Schoen (talk) 06:30, 28 September 2010 (UTC)

Agreed. This "completely private" statement is very questionable, especially since Skype's encryption is not open source. Snowsong1 (talk) 22:59, 13 November 2010 (UTC)

EasyBits Go problem

There's been some clamor in the last 24 hours or so about an "EasyBits Go" program installing through Skype without users' permission -- it seems to be either malware exploiting a security flaw in Skype (impersonating the EasyBits company), or EasyBits itself acting not-so-ethically. This might well merit inclusion in the article. See: http://forum.skype.com/index.php?showtopic=821491&st=0 (Google and Google Realtime also show results). –The Fiddly Leprechaun · Catch Me! 05:12, 29 May 2011 (UTC)

Backdoor (for police) in Skype?

In Austria a former politician's Skype conversations have been tapped for months. Today Austrian medias have been reporting on this. Oh and this is a new case, not yet mentioned in the article. --Athaba (talk) 15:27, 18 August 2011 (UTC)

It is being reported that two of the founders of Megaupload had a Skype chat in 2007 whose contents have found their way into the hands of the FBI. http://torrentfreak.com/two-megaupload-ops-bailed-but-government-wants-surveillance-120126/ Can anyone find a reliable source for this? MrDemeanour (talk) 14:17, 31 January 2012 (UTC)

Article Neutral POV

Some of the points in this article appear to be written by someone particularly annoyed at Skype. The Skype client for Linux has been observed accessing the /etc/passwd file during execution.[24] This file contains a list of all user accounts on the system and may also include hashed passwords. Access to this file can be confirmed by tracing system calls made by the Skype binary during execution. As this file contains sensitive system information related to logins which are not used in the Skype system, there is zero legitimate use for accessing this file and thus Skype's motives for doing so must be questioned.

This definitely isn't an impartial tone. Impartial_tone — Preceding unsigned comment added by Adamncasey (talk • contribs) 17:43, 21 October 2011 (UTC)

In addition, the section on Automatic Updates makes the claim that they "cannot be disabled", with the quoted words emphasized. This is incorrect, under Windows at least. While it is difficult to prevent automatic updates, it can be done. Anecdotally, I have been able to do this by disabling the Skype Updater service and by adding an intentionally bogus entry to c:\windows\system32\drivers\etc\hosts . Needless to say, this sort of operation requires a certain minimum of technical skill, but it is still possible. Citation: ^[1]

38.99.56.154 (talk) 17:40, 24 August 2016 (UTC) Signed David Goodenough, 8/24/2016

References

1. https://community.skype.com/t5/Windows-desktop-client/Total-Stop-Skype-update/td-p/1999473

Flaws and potential flaws "The Skype client for Linux has been observed accessing the /etc/passwd file"

There are architectural reasons for the /etc/passwd file being read. Further down the source some of it is explained slashdot. "Just checking your own identity in unix requires a call to getpwnam, getpwent or their equivalent, which means that a function call in glibc has to read the password file. Practically every unix program does that... It reads in the whole file in memory and looks for you"

"Of course an ls command can trigger a read of /etc/passwd. ls -l shows owners as username rather than numeric UID - where do you think it gets that information from? This is why a shadow password file was invented in the first place." --Lyle Stephan (talk) 11:26, 10 August 2012 (UTC)

In case of "ls -l" there is a legitimate use of the unix username and id data just explained above, but in case of skype what is that use? did skype or their secret binary code explain what are they looking for? Certainly not.

Skype does not use unix usernames for their user logins, so what business they have in looking for unix userdata?

FUD about /etc/passwd

This is nonsense. The password file is public. If you call the getpwent API, it accesses the file. It is necessary for simple things like mapping the numeric user ID to a user name. I haven't seen a Linux installation in twelve years that put hashed passwords into /etc/passwd. Shadow files are now the norm. 24.85.131.247 (talk) 08:33, 20 August 2012 (UTC)

External links modified

Hello fellow Wikipedians,

I have just modified one external link on Skype security. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Corrected formatting/usage for http://forum.skype.com/index.php?showtopic=95261

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 05:18, 2 April 2016 (UTC)

Skype's 2FA, equaling the one in use by Discord and ICQ, SMS-Codes, ARE NOT SAFE TO USE in Germany, sorry

Here in Germany, SMS Codes are UNSAFE TO USE, we have wittnessed blackhat hackers to directly STEAL authentication codes so that users cannot use these to 2FA-authenticate here.

STRICTLY UNSAFE TO USE!

I do not recommend this method anylonger to nobody as the problem resides on SMS protocol side.

As this is a big issue for personal IT security, please make use of authenticators that use safer to use protocols, for instance Google Authenticator and Sophos Authenticator.

Mutahar from SomeOrdinaryGamers on Youtube recommends Google Authenticator to play safe here.

Mutahar seems to have the same level of IT security expertise as Sempervideo has it.--2001:16B8:57C5:1300:A670:2675:3CF3:69E4 (talk) 14:59, 18 July 2021 (UTC)