Thanks for your clarifications.

Quote
Will you continue to operate in China?
Enquote

Frankly if you stopped operating in China for this reason then you should have done the same in Europe, the U.S. and everywhere else in the world.

This "China hysteria" mostly coming from westerners is the classic example of

Quote
And why do you look at the speck in your brother's eye, but do not consider the plank in your own eye?
Enquote

I guess for me the bottom line question is this...

If I travel to China [which is a possibility] is the Chinese government going to be able to spy on my communications using Skype? Skype is my preferred communication [outside of email] avenue when I travel, especially overseas.

Thanks.

Malcolm
www.completinggodsmission.com

"They refer only to instant messaging communication in which one or more parties are using the co-branded TOM-Skype client software, distributed by TOM only in China."

So, if one participant in a group chat is using the TOM version then the entire conversation is compromised?

Can I just ask why skype.com access in China will be redirected to tom.com site all the time? Even there are 1/6 user-base there(including not only Chinese, but also travelers and expats), isn't it too naive to protect basic dignity of skype?

The key issue in my opinion is now that we've seen that Skype fully cooperate in some case with government on such issue, how can we ever be certain that our skype-skype communication doesn't have an hidden backdoor too ? Skype-Tom had to be ousted publicaly to make them admit that yes they were listening on their own citizen. With that in mind what stop skype from going further, a backdoor or master key could have been implemented in Skype-Tom for the skype to skype communication so that according to local regulation the Chinese government can also listen in Human rights activists, which would mean that skype action lured those activist in a false sense of security and may have sent them to jail.

But why would it be any different with other governments ? The US courts push skype to make their encryption system "bypassable" when needed, what prove us that it's not already the case ? Would that bypassibility only endanger the "bad guys" ? Well maybe but the definition of bad guys include Human Rights Activists in China, but may include at the watcher discretion foreign firms like Airbus to advantage a national competitor (Boeing), or firms with too much technical knowledge like Mercedes so that the local firms may be able to copy their design. The breached in my trust in skype make me brand skype as "As secure as their competitor" (which use no security) when it comes to sensitive corporate information information.

before you start reading. note that some of my comments are taking offline after they are published. you can read them anyways on www.skype-watch.com

The President addresses the Skype Tom.com China Privacy Breach in 3 simple points. The power of the 3…. But what does it mean ?

This (Answers to some commonly asked questions about the Chinese privacy breach) is a good PR cover-up story / stunt if you ask me. It works like this. Something bad happens, a lot of stories are created. Major issues are raised. Global blogs and news catch up on it. No problem ! You sit back in your seat and simply ask yourself the questions you like most and that will solve the problem. These are the questions that Josh Silverman ask to himself :
1. What have you learned from TOM about the uploading and storing of certain chats, and what are you doing about it?

The answer :

“What we have discovered in our conversations with TOM is that they in fact were required to do this by the Chinese government. It is common knowledge that censorship does exist in China and that the Chinese government has been monitoring communications in and out of the country for many years. This, in fact, is true for the most common forms of communication such as emails, fixed and mobile phone calls, and instant messaging between people within China and between China and other countries. TOM, like every other communications service provider operating in China, has an obligation to be compliant with local laws if they are to be able to operate in China at all. What Skype can and will do is to ensure that it is clear and transparent to Skype users that their chat messages into and out of China may be monitored and stored. We are looking into a number of ways to make this more clear to our users.”

My interpretation : nothing much is said here but that “everything is okay” according to the requirement by the Chinese government on chatlogging. Nothing is said on what went wrong, who is responsible. This is clearly a legally and PR-wise very nicely edited piece of work. Nothing is mentioned also whether the chat-logging goes on in other countries. Somebody could make list of the countries where Skype is or is not compliant with the local laws. This would certainly be important for the resellers and partners of Skype since it is they who will be tapped on the fingers. I believe that Skype is to be held responsible for not having audited the internal procedures of Tom.com from the moment the knew (I guess that was about 4 years ago) that the logging is going on. The first question to ask is where and how the acquired data of users are stored. Also ask yourself who developed those skmsg.dll and sktransfer.dll (and the earlier content filter) and why Skype would allow that. All this is done in a very sloppy and uncoordinated way if you ask me.

Maybe Skype Security should start by clarifying how the logging is done and to what IP numbers the information is send. I wonder how much chat of the Skype staff themselves ended up in that chat-logging system.

2. Will you continue to operate in China?

The answer :

“Yes. Our mission is to enable the world's conversations. Nearly 1 in 6 people in the world live in China, and a great many of them rely on Skype to connect with families and friends, run businesses, and call people around the world. By and large, people in China are able to do this for free. We believe it would be unfair to deny users in China access to Skype.

My interpretation : Skype wants to have a share in the market in China. It will do anything to get that market-share. That is all. Is this the way tough that it will get the people in China on their side ? Looking at the current development, I think more Chinese people would be prefer to use the much more developed and present QQ / Tencent system… I wonder what the Chinese government has to say about the current breach of security. Do they really need and want Skype ? And what kind of Skype do they want ? And can or will Skype comply ? How many users does Skype have in China anyways.

Of course Skype / Tom.com will continue to operate in China. I can also imagine that the Hutchison Whampoa group would love to launch extensively their network in China…

3. Is Skype secure?

The answer :

“ Yes. Skype-to-Skype conversations are among the most secure and private forms of communication publicly available today. In other words, the issues highlighted in recent reports do not affect any communications where all parties are using standard Skype software. They refer only to instant messaging communication in which one or more parties are using the co-branded TOM-Skype client software, distributed by TOM only in China.”

My interpretation : why is the is the dual and triple login without notification left in place by Skype ? Is there any chat-logging done in other countries (the list please) and if so under what conditions will Skype cooperate with the forensics ? Is this clearly documented in the Skype End User Licence agreement ?

My conclusion is that these are very short answers and there are more fundamental questions to be asked. It all sound too much like “next question, no comment”. Is the public relations of Skype becoming as obfuscated as it’s source code and internal operations ? And if so, why would we worry about it ? It would be extremely interesting to have the whole monitoring and chat issue documented in detail after all to quote the Skype CEO “What Skype can and will do is to ensure that it is clear and transparent to Skype users that their chat messages into and out of China may be monitored and stored. We are looking into a number of ways to make this more clear to our users.” Maybe they should start by clarifying how the logging is done and to what IP numbers the information is send. I wonder how much chat of the Skype staff themselves ended up in that chatlogging system.
Skypejournal and It’s army of cheerleaders should organize a debate on the topic. I’ll be there.

source : http://www.skype-gadgets.com/webtown/2008/10/the-president-a.html

Admitting or suggesting something was not known (after it happened) will never go down well with the public and the shareholders… The logging has been going on many years already (even QQ/Tencent admitted, no secret about it, that they have a Chinese government logging box in their network), so obviously the first question that comes to mind should be to check whether the logged data are stored safely. Then all this bad PR would not have happened.

Did Skype never ask the question to Tom.com : "Where are you are you storing those data and is the data storage done according to the rules and regulations that are applicable in China ? (otherwise we could end up with a nasty problem)" source : http://www.skype-gadgets.com/webtown/2008/10/skype-china-pri.html

I'm really disappointed with China goverment policy on Skype. I know that Skype must follow because they just want to get money on their business. But, as a blogger said "Skype may contains backdoor or other viruses..." (not sure exactly but makes sense). I now don't believe in Skype and other chat tools any more. I think it is very difficult if I don't use skype or other tools for my business in some secret cases, but I'll try to find another way (headache!).
Now, the world is flat, so we're living in a RAT world, the world of rats that want to eat people information.

@raycrowley group chats in which one or more participants are running the TOM-Skype software may be stored, yes. As Josh says, we're working on ways to inform users whenever this is the case.

@malcolmlanham only the TOM-Skype software is affected. If you use standard versions of Skype, available from http://www.skype.com, your conversations will be completely secure and private.

@tropicaljantie - to confirm; only the TOM-Skype software is affected by the issues highlighted in recent reports. No logging or storing of chats takes place in the standard versions of Skype.

Does the Skype Tom.com monitoring affect also the Skype standalone systems ?

This is a kind of important issue to address. Can call traffic be monitored (I doubt if it can be realtime wiretapped) but it would be good to know something from Skype if there is a possibility to track traffic/ communications in between two Skype devices running the standalone embedded version of Skype.

Since Skype’s CEO has stated they wanted to make things clear for their users, well make it clear. Could you just answer the question…

I also wonder if you copy the skmsg.dll and sktransfer.dll in the folder of the normal skype.exe program if something happens ?

You also say Skype is secure and safe, but why have you left the dual login without notification in place then ? how safe and secure is that ? also skype still allows account to be activated immediately without any proper authentication mechanism... anybody can be anybody. how safe is that....

If you don't get it, well just make 20 account that look like your account and put your own skype ID data in their + your email-address. Skype is prone to identity theft.

This problem does not exist in yahoo, msn or aol... meaning their authentication of users is better organized. I also don't like it that the login to the skype.forum.com is the same as the login of the Skype client.

Can you answer my questions instead of just given the standard PR answer.

This post was also published to The Blog known as Skype-watch.com at 11:42:23 PM 10/6/2008

does tom.com china also monitor the sms that are being sent out via skype ? does tom.com also have a copy of my contact-list ?

@esurnir
'how can we ever be certain that our skype-skype communication doesn't have an hidden back-door too?'

You can be very sure that skype-skype communication has a back-door, Skype-Tom has confirmed this to be 100% the case. And if it isn't a standard feature, Skype has proved that they can sure shoe-horn it in, they only need to be asked

Skype being a proprietary system would be the first 'alarm' bell port of call when evaluating their claim of being 'totally secure'. There's no way you can openly test their claim of 100% security. There are however opensource cryptography systems such as OpenPGP and OTR which can be validated in such a manner (And no, I'm not affiliated with any of these organisations).

Secondly, and what baffles me is, why Skype would openly admit to developing a 'compromised' system at the behest of the Chinese government and then try and white wash you that their 'off the shelf' downloadable version is not also 'compromised' for use in other countries, that themselves are actively engaged in a 'War on Terror'.

The only difference between the Chinese and other western governments is that they openly admit to this behaviour, and if Skype themselves can openly admit to providing this service for a government that openly admits to 'to doing this' , what, they won't provide this service for a government that says nothing openly!?!

Peace

How does one from China download software that is not from Tom-Skype?

-aaron
I heard about this from Skype fan site on Facebook.
http://www.new.facebook.com/pages/Skype-USA/24806359874