Tuesday, August 16, 2011

A few words on privacy

Just stumbled upon an article discussing skype's alleged security and how it was built into skype from day one (as opposed to being an afterthought), and felt like throwing my 2 cents on this.

For some bizarre reason, it is commonly thought that a skype p2p link offers anything and everything that can translate to "ultimate privacy" and some more, but this is... anything but. Here's the drill:
  1. privacy has two major components, the first of which is protecting your communication from potential eavesdroppers. On this front, skype praises itself with unbeatable encryption, which is technically true, but what skype omits to say is that a good encryption only servers to protect a link that already exists; in other words, if you talk to someone and wish to know that your communication is shielded from eavesdropping, then skype might be the real thing. However, what skype does not, and cannot, guarantee, is that you are indeed talking to the person you think you are: specifically, when you set up your communication link with your peer, the link setup stage is vulnerable to what is called a "man in the middle attack" which essentially means that someone has just placed a listening device between you and your peer, and everything that you'll be talking with your peer will in effect go through said man-in-the-middle eavesdropper. In the security world, this is called "the authentication problem" (i.e. making sure that what you're so carefully whispering to your peer indeed goes to your peer and not to someone else), and this is the hardest part (and philosophically unsolvable in the absence of a trusted third-party authority which knows you both) of the secure communications problem.
    • note: without entering into too many technical details, it may be technically true that skype itself cannot eavesdrop on your communication by having one of its engineers flip some switches at their headquarters, but what skype does not explicitly say is that what it can do if it so wishes (or is legally forced) is to provide third parties with a technical equipment (i.e. a piece of skype-certified software) that can eavesdrop on any communication whatsoever if some conditions are met (e.g. if this eavesdropping software is placed on your ISP's routers then there is absolutely no problem whatsoever to wiretap your communications)
  2. the second big issue related to communication privacy is whether or not a third-party can know who you're talking to, even if it won't be able to actually listen into your conversation. On this front, skype not only does not offer any protection, but its algorithms actually don't even make any effort whatsoever in this direction (e.g. along the line of Tor and the likes); in other words, there are absolutely no provisions in skype to even attempt to address the issue of protecting the identities of the two ends of a skype link.
To rise, none of the two fundamental attributes that could together label a communication link as "private" are present in skype, and while the "skype is encrypted" mantra is technically true, this mantra is blown out of proportions in terms of communication privacy.

P2P OS is different. I will not say much about the cornerstones (or implementation details) of P2P OS' security framework at this stage, but i will just say that it addresses both of the privacy issues described above, and it will [attempt to] provide the highest level of communication privacy that is philosophically achievable within the technical limitations of a given digital communications equipment.

Later edit
As i said in the post above, i don't want to get [too] technical here, but in light of some new developments i'll just mention that the cornerstone of skype's security model (and just about any security model out there for that matter) are the security certificates, and if a bunch of geeks can do things like this just imagine what a more potent attacker can do. And don't take my word on this, just look at what they say.
Needless to say (since i'm hereby flaming this model), P2P OS will not use this model.

No comments:

Post a Comment

You should receive an on-screen confirmation message after entering a comment in the comment form. If you do not see a confirmation message after you enter your comment, please make sure that you have both "cookies" and "third party cookies" enabled in your browser settings, as this is a mandatory condition for posting comments on all google-hosted blogs; additionally, if you found that the above-mentioned settings had to be changed, you'll have to close all browser windows and then restart the browser for the new settings to take effect.

All comments on this blog are moderated, i.e. they are set to only appear visible to the public after i approve them. The main reason i enabled comment moderation is to allow you to provide a contact e-mail address if you chose to, and if you'll ask in your comment (which contains your email address) that you do not want your email to become public i will delete the comment and thus protect your email address from being published.