I no longer trust, use, or recommend Skype. There’s toomuchevidence that new owners Microsoft are monitoring conversations. If they aren’t handing them over to governments today, it seems like only a matter of time before they do. My security conscious Fortune-500 employer long ago banned Skype for reasons of security.
I would welcome suggestions of more secure alternatives, particularly any that are equally easy to use across platforms and implement good end-to-end client side encryption so snooping on message contents is mathematically infeasible without compromising one end of the communication. That is, no one in the middle should have the keys. If this alternative system also protects end users’ locations from snoopers so much the better.
There’s too much evidence that new owners Microsoft are monitoring conversations.
And doing what exactly? Many different forms of communications can be monitored, tapped, or recorded. And sometimes you might have to worry about this… but first, you should ask who is doing it, and what they would care about.
If it’s Microsoft and/or governments, to be honest I feel relatively safe in most of my conversations, and I don’t see why CFAR graduates wouldn’t feel the same. People planning terrorist attacks would probably have a different opinion.
There’s two instances of snooping that I would worry about, and I don’t think they’re likely to happen through Skype:
Collecting personal data for various mass attacks (notably, spam). But just in case, don’t send your credit card information over Skype, that’s generally a good habit to have.
Information about my personal life being exposed to people I know. I’m having a hard time imagining the mechanism by which even my acquaintances working at Microsoft would end up having access to my Skype conversations.
I also feel somewhat safer having voice conversations than text-based ones, because these are harder to store, and harder to search through automatically. Neither of these would be an obstacle to a serious adversary, though.
Your security conscious Fortune-500 employer, and possibly CFAR as well, might also be worried about corporate secrets being stolen; but of the two, at least the latter doesn’t appear to be in direct competition with Microsoft, so that’s okay.
If it’s Microsoft and/or governments, to be honest I feel relatively safe in most of my conversations, and I don’t see why CFAR graduates wouldn’t feel the same. People planning terrorist attacks would probably have a different opinion.
Wikileaks came out of an enviroment of smart geeks who wanted to hack the political system.
It’s a possibility that you have smart CFAR graduates thinking: “Our politicians are really irrational. I could do clever hack XY and change politics for the better.”
But it’s not only about protecting yourself, it’s also about protecting other people. A bunch of people who use LessWrong do so under nicknames.
Some might be interested into doing something that their government doesn’t like. They might want to expose political corruption and have a need for their anonymity.
If you tell another person who’s real life persona connects to which LessWrong nickname over Skype and that Skype conversation get’s monitored by the government you just have given the government information that might help the government to track down the LessWrong person who engages in exposing political corruption.
You have to assume that every word that you communicate without encryption get’s stored forever on government servers. If you know have a conversation that links someone real world identity to someone nickname and in five years the political winds changed a bit and that person feels the need to engage in political action against their government you don’t want to be the person who made them vunerable by exposing their identity.
I personally don’t value my own anonymity but I don’t want to compromise the anonymity of other people.
I also feel somewhat safer having voice conversations than text-based ones, because these are harder to store, and harder to search through automatically.
Voice-to-text translation isn’t so bad and will become better in the coming years. You can assume your conversation stored by your government so that even if present day voice-to-text translation is too crapy that will change and the government will be able to rerun the translation.
And doing what exactly? Many different forms of communications can be monitored, tapped, or recorded. And sometimes you might have to worry about this… but first, you should ask who is doing it, and what they would care about.
If your jurisdiction’s law enforcement has access to your conversations, there’s this issue.
I guess, if you don’t particularly care whether or not your messages are being read, then it won’t matter too much to you. But if you do care—and some people care a lot—then Skype is very much the wrong platform to use. It might be the right platform to use if you particularly want Microsoft to read your message, for some reason.
Goodness knows Microsoft could do with some more rationality, even if they have to come by it illicitly ;)
Seriously though: no, don’t trust Skype (or Dropbox, or gmail for that matter) to keep your secrets. However, most communications aren’t secret, and discussions about rationality per se probably shouldn’t be.
I can only imagine that someone spying on rationality discussions with sinister intent is doing it for really irrational reasons, so the more they hear and understand, the more the problem solves itself.
Goodness knows Microsoft could do with some more rationality, even if they have to come by it illicitly ;)
I thought Microsoft had plenty of rationality. Their legendary market value reflects their ability to win; which is made more impressive by the fact that they have to overcome some rather severe technical flaws in their products.
Admittedly, they seem rather enamored of some forms of Dark Arts—which is one of the reasons why I won’t support them—but I can’t deny that they are astonishingly successful at what they do.
Microsoft used to win. Their stock has been roughly flat for about the last ten years while the rest of the market has gained tremendously. They are no longer the industry-dominating money machine they used to be in the pre-Ballmer days.
A quick google (i.e. I have used none of these myself) gives a few suggestions. Off-the-record messaging looks good at first glance, and comes with a plug-in for Pidgin, making it easy to use on any reasonably common operating system and probably possible to use on anything that can run a C compiler.
I also ran across chatcrypt and cryptocat, which might be worth investigation.
Cryptocat is an OTR implementation that happens to run as a browser plugin and has developers trying to work out how to have cryptographically secure group conversations. The cross-compatibility should be high.
+1 for OTR. Also, it works with XMPP, which has an A/V extension called Jingle for video calls. I don’t know if the two do the Right Thing when put together, but it’s worth looking into.
I’m not a huge fan of Skype either, but it’s extensively used. The requirement of most IM and call networks that the other party be using the same service is incredibly aggravating. Didn’t we learn anything from the email walled gardens of the 80s? (or early 90s, I forget)
I was unaware of Jitsi. At first glance it looks like it does basically what Skype does, but over XMPP and using an open source product. I assume since you brought it up, that you use it. Any impressions you’d care to share, especially regarding multi-user video chats?
(this may be relevant to the Less Wrong Study Hall project; one of the options kicked around was an XMPP based system. At the moment we’re not pursuing that route, but it’s early days yet.)
Video over TOR is equally hard to use across all platforms, and is the only way I know of to protect users’ locations without spreading the message as widely as possible.
Phone connections are equally insecure and harder to use than Skype. Tinfoil-lined dead drops encrypted with one-time pads seems to be your best bet.
I no longer trust, use, or recommend Skype. There’s too much evidence that new owners Microsoft are monitoring conversations. If they aren’t handing them over to governments today, it seems like only a matter of time before they do. My security conscious Fortune-500 employer long ago banned Skype for reasons of security.
I would welcome suggestions of more secure alternatives, particularly any that are equally easy to use across platforms and implement good end-to-end client side encryption so snooping on message contents is mathematically infeasible without compromising one end of the communication. That is, no one in the middle should have the keys. If this alternative system also protects end users’ locations from snoopers so much the better.
And doing what exactly? Many different forms of communications can be monitored, tapped, or recorded. And sometimes you might have to worry about this… but first, you should ask who is doing it, and what they would care about.
If it’s Microsoft and/or governments, to be honest I feel relatively safe in most of my conversations, and I don’t see why CFAR graduates wouldn’t feel the same. People planning terrorist attacks would probably have a different opinion.
There’s two instances of snooping that I would worry about, and I don’t think they’re likely to happen through Skype:
Collecting personal data for various mass attacks (notably, spam). But just in case, don’t send your credit card information over Skype, that’s generally a good habit to have.
Information about my personal life being exposed to people I know. I’m having a hard time imagining the mechanism by which even my acquaintances working at Microsoft would end up having access to my Skype conversations.
I also feel somewhat safer having voice conversations than text-based ones, because these are harder to store, and harder to search through automatically. Neither of these would be an obstacle to a serious adversary, though.
Your security conscious Fortune-500 employer, and possibly CFAR as well, might also be worried about corporate secrets being stolen; but of the two, at least the latter doesn’t appear to be in direct competition with Microsoft, so that’s okay.
Wikileaks came out of an enviroment of smart geeks who wanted to hack the political system.
It’s a possibility that you have smart CFAR graduates thinking: “Our politicians are really irrational. I could do clever hack XY and change politics for the better.”
But it’s not only about protecting yourself, it’s also about protecting other people. A bunch of people who use LessWrong do so under nicknames. Some might be interested into doing something that their government doesn’t like. They might want to expose political corruption and have a need for their anonymity.
If you tell another person who’s real life persona connects to which LessWrong nickname over Skype and that Skype conversation get’s monitored by the government you just have given the government information that might help the government to track down the LessWrong person who engages in exposing political corruption.
You have to assume that every word that you communicate without encryption get’s stored forever on government servers. If you know have a conversation that links someone real world identity to someone nickname and in five years the political winds changed a bit and that person feels the need to engage in political action against their government you don’t want to be the person who made them vunerable by exposing their identity.
I personally don’t value my own anonymity but I don’t want to compromise the anonymity of other people.
Voice-to-text translation isn’t so bad and will become better in the coming years. You can assume your conversation stored by your government so that even if present day voice-to-text translation is too crapy that will change and the government will be able to rerun the translation.
Also see http://www.overcomingbias.com/2013/05/us-record-all-calls.html and the comments.
If your jurisdiction’s law enforcement has access to your conversations, there’s this issue.
Visiting any https links that you might include in your messages, for a start.
I guess, if you don’t particularly care whether or not your messages are being read, then it won’t matter too much to you. But if you do care—and some people care a lot—then Skype is very much the wrong platform to use. It might be the right platform to use if you particularly want Microsoft to read your message, for some reason.
I’d be fine with switching, but don’t have the free energy to find a good replacement.
Goodness knows Microsoft could do with some more rationality, even if they have to come by it illicitly ;)
Seriously though: no, don’t trust Skype (or Dropbox, or gmail for that matter) to keep your secrets. However, most communications aren’t secret, and discussions about rationality per se probably shouldn’t be.
I can only imagine that someone spying on rationality discussions with sinister intent is doing it for really irrational reasons, so the more they hear and understand, the more the problem solves itself.
I thought Microsoft had plenty of rationality. Their legendary market value reflects their ability to win; which is made more impressive by the fact that they have to overcome some rather severe technical flaws in their products.
Admittedly, they seem rather enamored of some forms of Dark Arts—which is one of the reasons why I won’t support them—but I can’t deny that they are astonishingly successful at what they do.
Microsoft used to win. Their stock has been roughly flat for about the last ten years while the rest of the market has gained tremendously. They are no longer the industry-dominating money machine they used to be in the pre-Ballmer days.
You have a good point. So the winningness would all have been Gates, then.
Or Gates simply chose a good time to leave, or he left because MS was only going to go downhill.
The winningest time to leave.
A quick google (i.e. I have used none of these myself) gives a few suggestions. Off-the-record messaging looks good at first glance, and comes with a plug-in for Pidgin, making it easy to use on any reasonably common operating system and probably possible to use on anything that can run a C compiler.
I also ran across chatcrypt and cryptocat, which might be worth investigation.
Cryptocat is an OTR implementation that happens to run as a browser plugin and has developers trying to work out how to have cryptographically secure group conversations. The cross-compatibility should be high.
+1 for OTR. Also, it works with XMPP, which has an A/V extension called Jingle for video calls. I don’t know if the two do the Right Thing when put together, but it’s worth looking into.
I’m not a huge fan of Skype either, but it’s extensively used. The requirement of most IM and call networks that the other party be using the same service is incredibly aggravating. Didn’t we learn anything from the email walled gardens of the 80s? (or early 90s, I forget)
Jitsi is also relevant to this question, and I will concur that network effects are very frustrating.
I was unaware of Jitsi. At first glance it looks like it does basically what Skype does, but over XMPP and using an open source product. I assume since you brought it up, that you use it. Any impressions you’d care to share, especially regarding multi-user video chats?
(this may be relevant to the Less Wrong Study Hall project; one of the options kicked around was an XMPP based system. At the moment we’re not pursuing that route, but it’s early days yet.)
Video over TOR is equally hard to use across all platforms, and is the only way I know of to protect users’ locations without spreading the message as widely as possible.
Phone connections are equally insecure and harder to use than Skype. Tinfoil-lined dead drops encrypted with one-time pads seems to be your best bet.