Skype

[Dirk Koopman]

David Alban wrote:
> but, giving into paranoia, i'm careful not to skype anything i
> wouldn't want my company and/or ebay to see.  just in case They're
> Watching(TM).
>

If skype is behaving like a standard voip client (i.e. chit-chatting to 
a central "directory" server, then setting up an (encrypted) UDP/RDP 
point to point circuit for the actual conversation) then they (GCHQ) 
probably havn't "Mastered the Internet"[tm] (El Reg passim) sufficiently 
yet to be "Watching"[tm]. But you can bet they are running as fast their 
little legs can move to fix that (and they have a couple of billion £ 
available to make it happen).

However the Indian Government are/were prepared to ban and filter out 
skype (setup?) traffic unless they could get a backdoor. Make what you 
want out of that (again El Reg passim).

If skype circuit setup works like most voip systems, part of the 
chit-chat is devoted to agreeing a set of IP addresses and ports that 
each end is prepared to communicate on for the RDP conversation traffic. 
There is no reason why that chit-chat can't direct you via a suitable 
monitoring computer which sits there as a "man in the middle" to record 
your every utterance.

In fact there are all sorts of circumstances that, for standard voip 
systems, this happens as a matter of course, eg getting to/from phones 
behind NAT, doing protocol conversions (where neither phone has a codec 
in common that they are prepared (or allowed) to use).

Another common one is to manage conference calls. It is much more 
efficient to have a (set of) central "conference call" mule(s) in 
somewhere like TeleHouse which handles the 20 or so 64 Kb RDP input 
streams, mixing them together (in the audio sense) and outputting the 
result, down just one single RDP stream to your phone. The alternative 
would be for your phone/asterisk box to manage 20 duplex streams to each 
  other participant, which is 1.28Mb of real time RDP traffic in each 
direction.

Me Paranoid[tm] - never!