Three Reasons Not to Use Skype and stay safe

Skype is one hell of a convenient tool. It’s easy to use, everybody has it, and the call quality is generally quite good. But for anyone concerned about privacy it’s one of the worst software applications you can use. Here’s three reasons to uninstall it and move on to something else

###1. Skype’s Resolver Bug

A lot of people don’t know it, but Skype dishes out its users’ IP addresses like candy on Halloween. Doing a quick Google search will bring up a long list of services which allow a Skype ID to be queried, returning a historical list of IP addresses from which that ID was last used. With that IP you can do any number of things, ranging from finding their approximate geographic location to launching a DDOS attack against them. Microsoft has known about this problem for years, and has failed to resolve what is a massive hole in their application for user privacy.

###2. The NSA Loves Skype

During 2011 Skype began working with the NSA to increase government access to ‘encrypted’ Skype video calls according to the Snowden documents. As a part of the PRISM program, the NSA has gone on to scoop up Skype chats and calls, both audio and video, in bulk. In fact, nine months after Microsoft bought Skype the amount of data being harvested from the service trippled due to continued effort to break their own systems. As The Guardian Reports, the resulting data is routinely shared with both the FBI and the CIA. In other words, Microsoft is actively working against its users.

###3. Closed Source

After reading the last point, do you really trust Microsoft’s closed-source code on your computer? When a company works to break it’s infrastructure to aid in government surveillance, I don’t believe it’s unreasonable to also think they’re breaking the endpoints. In fact, back in 2013 ArsTechnica found that Skype was actively scanning links sent in what were advertised as private chats. I’m not as radical as many others are when it comes to open-source being a necessity, but clearly Microsoft doesn’t have the track record to be in any way trusted.
But What Can We Move To?

When it comes to call quality, Skype is actually pretty good. But there are three notable projects that are definitely worth checking out. The first is Subrosa, a video call system that works inside your browser. It’s both open source and encrypted end-to-end. It’s no holy grail, but is an excellent alternative to Skype.

Tox is quite promising as well, as it operates without any centralized system and instead uses a distributed hash table to connect users directly to each other with end to end encryption. There’s a number of different clients which can be used, but they all lead back to the same piping. It’s absolutely worth checking out, though do note that it hasn’t received a proper audit yet, and from what I’ve heard some of the code could use quite a bit of cleaning.

Lastly, Firefox Hello is a WebRTC based addition to Firefox which allows voice and video calling. As a tool which is built into Firefox by default, this may be the system which ‘wins’ simply because of its ubiquity. Moreover, it doesn’t require the recipient to use Firefox either, so long as they’re using a WebRTC enabled browser such as Chrome. Firefox Hello is definitely still in its early days, but with a giant like Mozilla behind it I have little doubt that given time it will be a very viable Skype alternative.