« The Stockdale Paradox | Main | Content Management 2.0 »

2006.08.22

Comments

I totally agree with you. I also fully trust these companies, despite the paranoid approch I used in my previous post. I actually use both Google and Skype services :)

My goal was only to give an other point of view, and particularly the one some companies have on Skype.

Thank you for your well argued answer.

Great post Michael. I took a look at the Skype black hat reference and it was very interesting. Not being a black hat, white hat, or even yellow hat, it was a bit hard to follow even what the objective was. It seems that the greatest danger to an organization is an attack by packets masquerading as Skype. It looks like there is a simple way to shut off Skype, but not separate it from obfuscated noise. How probable is his?

Aside from that, there is a need to trust Skype, which means trust eBay. eBay is essentially a trusted financial institution and will ultimately be regulated as such. They have far more to lose by abusing that trust. Just look at the latest moves by AOL to protect its reputation after it inadvertently posted anonymized user records.

At the moment, the information I put into Google is more valuable than I put into Skype. I long ago made the decision to trust Google and now I trust Skype. Alfresco is better off for doing so.

In addition, the value of a network grows exponentially with its size. (Metcalf's law?) All our employees and most of our customers are on Skype and I can establish a crystal clear conversation with them at no cost. That is worth something. If they are abusing my bandwith or cycles, from what I have seen so far it is worth it.

Money is not the only issue with skype ...

I agree that this service is an incredibly cheap ans effective way to communicate. I really enjoy this new way of communicating and making conferences in one click !

But it also has serious security issues ...

Skype is using a proprietary (and heavily encrypted) protocol, wich does not let you monitor what happens "on the line".

A good way to learn about this protocol is http://www.secdev.org/conf/skype_BHEU06.pdf

This documents shows some security issues skype was not communicating on, because they think security is obscurity ...

What's more, by installing skype, you give them (skype company) the right to use your bandwith and your CPU for "other applications" than phoning or chatting ! Please read carefully the EULA ... Skype can use your computer for P2P applications your're not aware of ...

By using Skype, your machines become a node on the Skype network, which means that you become a forwarding point for ALL the traffic Skype decides to send you.

What's more, skype is built to bypass most of firewalls by using common ports as HTTP one.

This is why skype is totally forbidden in many corps, and why it's forbidden to install it in many Government Agencies in Europe !

There is the difference between a free (as a beer) application and an open project.

There is free AND open (source and protocol) alternatives to skype, with the same business model :
http://www.gizmoproject.com/
http://www.openwengo.org/

The "skype way of phoning" is really great, an I can't imagine returning to classical phones, but the way skype implements it is a real security concern you have to think of.

Regards,

Michael

The comments to this entry are closed.