Your Skype conversations could be eavesdropped upon

Jul 25, 2008 10:51 GMT  ·  By

If you are a security oriented PC user, then you take the necessary steps to stay safe, such as updating and patching your software regularly, and making sure that your private, confidential information does not fall into the wrong hands. So far it has been thought of encrypted IP calls, such as the ones made through Skype, as being very safe, since it is practically impossible for someone to listen in on your conversation. It has recently come to light that the Austrian Government could easily be listening in.

"There has long been speculation that Skype may contain a back door. Because the vendor has not revealed details of its proprietary Skype protocol or of how the client works, questions as to what else Skype is capable of and what risks are involved in deploying it in an enterprise environment remain open," says Heise Security. Skype has refused to confirm, deny, or comment on the current speculations. The Austrian Ministry of Interior has declared that intercepting Skype calls does not pose a significant problem.

The thing is that the British GCHQ (Government Communications Headquarters) can at any time intercept any land line or mobile phone call as well as e-mail traffic, so the question of them listening in on your Skype conversation is not such a big deal (as long as you do not have something to hide, that is). If you think about it, you pay for any mobile phone conversation that can be easily intercepted by the authorities, while Skype on the other hand is free. The big security question is who else can eavesdrop on you? If the authorities can do it, is there a back door that allows others to do the same?

According to Heise Security, there are some rumors going around about a "special listening device" that is offered by Skype to states interested in purchasing it.

Another security issue related to Skype is the fact that once you set up an account, you can never delete it. According to Skype, this is security measure put in place so as to safeguard against ID theft. But by not deleting said account, aren't they doing the exact opposite? Keep in mind that a user may have provided private information, and since the account is not deleted, that information stays on the Internet indefinitely.