The whole part about being "hacked" is hilarious. It seems way more plausible that Skype internally uses fonts with special glyphs for its icons, and that when it couldn't find them for whatever reason, it defaulted to the next font on the font stack, which had Chinese characters on the codepoints where those glyphs were expected to be.
-- "In 2008, when the company was owned by eBay instead of Microsoft , a Skype spokeswoman told CNET : "We have not received any subpoenas or court orders asking us to perform a live interception or wiretap of Skype-to-Skype communications. In any event, because of Skype's peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request."
-- "After buying Skype, Microsoft dramatically overhauled its architecture, replacing peer-to-peer "super nodes" with thousands of servers run by Microsoft -- a more centralized approach that may have made it easier for government eavesdroppers. Around the same time, Microsoft would no longer stand by Skype's earlier claim to be wiretap-unfriendly."
I have a Skype subscription and I consistently receive complaints on the other end of the line. Skype worked well from 2007-2010 on Nokia N8x0 devices and Windows.
It's been god-awful since then. I think I've had one acceptable call. As for my point, eBay and Microsoft truly slaughtered Skype.
and now skype video calls actually work instead of playing "super node roulette" with quality and connectivity. Not to mention, being deemed a super node randomly at work and watching all your upload bandwidth being eaten by idle skype clients.
I have no idea if the new server-based system is wiretap friendly, but the old system was definitely 100% business unfriendly. Companies pay for GotoMeeting, Webex, Lync, voip video calls, etc for a reason. Skype had to be modernized to compete with other services. I don't see some grand conspiracy here. Why would MS spend all this money to just help the government? Its just asinine.
Those who need encrypted and secure communications were foolish to trust Skype in the first place. If you aren't rolling your own FOSS-based applications on your own hardware, you can expect zero privacy here. I imagine the "old" Skype was just as easily gamed. Sorry if I don't think some spokesperson's PR statement is proof that it was truly secure. Especially considering Skype was originally a Russian company. There's precedence for this, for example Blackberry's "unbreakable" peer-to-peer encryption scheme is regularly downgraded, invisible to the end user, to more breakable bitrates per national law. I believe India and Saudi Arabia do this.
> I imagine the "old" Skype was just as easily gamed.
Most European police forces would disagree. For years, they simply would not shut up about how Skype was such a pain in the neck to deal with. There were constant streams of interviews and talks about the need for, basically, either a Skype ban or some other form of pressure over the company. Skype alone was painted as the clear cause of pedophilia, drug and human trafficking, illegal arm trading, the works. This from people with little scruples in terms of enforcement -- French and Italian police are fond of seizing whole server farms when they need to check a few emails from "subversives", so they would have happily nuked Skype from orbit if given half the chance.
As soon as Microsoft "rearchitected" the protocol, poof! All lamentations stopped.
> Why would MS spend all this money to just help the government? Its just asinine.
I was reminded of an old 2009 article [0] that speculated that the NSA was willing to pay big bucks to any company that could make Skype easier for them to intercept.
Maybe Microsoft took them up on that offer, and made a profit with their restructuring of Skype's architecture.
"third-party Skype client (e.g. to have support in Pidgin)"
Funny because recently the old Skype plugin for Pidgin was re-written to utilize the new HTTP Skype. So now you have a nice client-less Skype chat in Pidgin. I'm certain someone could study it to write their own client.
I've been using the HTTP-based skype pidgin client. It seems to mostly work - the only show stopper is that file transfer requests fail silently. I had someone trying to send me a file. I had no idea. It was a little awkward.
The author cites Wikipedia. In the comments a poster claims to have added that bit to Wikipedia but was unable to cite any sources for it.
"Since i could not find any reference for it, I added it to the wikipedia page but was not fully certain i was right and that someone would remove it if i were wrong since i know really very little about how it works on the inside."
Really? They are sending messages as plain-text over the wire?
Now I was going to say encryption is pointless anyway as Microsoft (as did Skype previously) happily log everything and give it to more and less democratic governments all over the world. But at least use some encryption to keep the middle man out.
The very earliest versions used plaintext, but they started tunneling it over HTTPS a long time ago more due to firewalls than out of privacy reasons. I don't think people ever thought MSNP was end-to-end secured, and treated it more or less like an instant form of email.
On the other hand, authentication was always secured via HTTPS, so passwords were never sent in plaintext.
Looks like it's just a libpurple plugin, and should work in Adium as well. He's even got a .dylib build in the Makefile, but I can't get it to build after tinkering with it for a few minutes. Oh well.
The way the GitHub page is set up is weird. Basically two different plugins are hosted on one repo. The root tree you linked to has the original client required plugin. Go under "Skypeweb" folder and you'll see it's an entirely different plugin that you can compile and don't need a client (also has its own README).
IF I remember correctly, the P2P patents and technology where not included in the deals, only a licence. My guess is that Microsoft sees that as reason to "align" their technology stacks.
Zennström really made a number of good deals, selling the same thing several times.
• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;
• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;
• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".
Not just that, but there are still very few third party clients that speak version 24, which makes interop kind of difficult. See http://ismsndeadyet.com/
