Skype: Open sourcing it is no option!

While the Skype outage is ongoing and i’m in need to revitalize some older IM-Accounts at Jabber and MSN, it’s a good time to think about the whole Skype-thing.

Skype is not Open Source and according to Skype’s CEO Zennström, it will not be. He’s putting this decision on funny spurious grounds. So to his words, it needs to be closed to save it’s users from spammers and identity theft and of course it needs to be closed because they need to save their trade secrets.

A while ago (maybe a year) Andrew Fear of Nvidia was justifying the decision not to open the source of their graphics drivers with a similar funny reason: “It’s so hard to write a graphics driver that open-sourcing it would not help” and that people would not ask for it. People didn’t also ask for safety belts when they were introduced, but they were built into cars even though, cause they can save life. A while after Fear’s interview the driver was exploited through a two years old security hole.

And yesterday a similar thing happened to Skype. Not a security hole, but the complete breakdown of Service (at least for Windows users). It’s hardly understandable why it takes more then a day (the problem isn’t solved at this moment, 24 hours later) to solve the problem and make the service run again. If it’s a problem of Skype’s server software, diversity would have helped, two different server systems, independently developed, will hardly fail to the same bug. This is proven in daily business. You may find bugs in a http-daemon, maybe in Apache 2 or in lighty, but you will not see, that all httpd’s all over the world will be fucked up by the same bug. You may find a failure in Postgres, but this doesn’t mean that Oracles 10g is also affected. So an independently developed server for Skype would beware you from a breakdown of the complete network. On the other hand, if it’s a problem of the client software, diversity and the always needed open and documented protocol would have helped too. You will, equal to the server side, not see that two independently developed clients will fail by the same bug.

This brings us to the important point, lack of documentation, or even the will to open it. No-one, except people at Skype, knows really well how the Software works and whats behind those magic numbers forming the TCP and UDP traffic between nodes and supernodes. Because of the obfuscation Skype put into their code, you will never be sure if there isn’t a backdoor somewhere, or a keylogger or whatever people want to hide from the eyes of the users. One can say that Skype is only doing this to save their trade secrets and to be in control of the development and this may be legitimate, but if i want to use Skype for communication i need to trust Skype. I can’t control what the software is sending between the users, i can not even control what Skype’s doing on my PC. Are you really sure that Skype is not logging the password for your bank account? Some intelligent people have written a report(pdf) about Skypes behaviour on the PC, about the obfuscation in Code and the uncontrollable communication over IP. Now you may argue that i even can’t control what Live Messenger is doing and you may be right. But first of all i’m also not forced to use Live Messenger (or Yahoo or ICQ) and secondly, the protocol of MSN is re-engineered, so i can use the network with an open sourced client like Pidgin , a thing i can’t do with Skype, because the lack of documentation.

But, thank god, there are more alternatives. I can not only choose another client for IM or VoIP, i can choose completely different protocols. There’s Jabber, based on XMPP or OpenWengo, an open sourced system based on SIP, that can also connect to MSN, Yahoo, ICQ or Jabber. No, Skype isn’t possible, because of reasons i described earlier, you know, the documentation thing. There may be more alternatives and it’s up to you to find them. In the end there may be only two reasons to use Skype.

First: Your clients use it extensively. This means your only chance is to win them for an alternative, telling them of the insecurities of Skype. Ask them if they can sleep well, not knowing if Skype is stealing their trade secrets.

Second: You need to be hip. That’s your problem! It’s up to you to think about your security. Forget Spybot S&D, AdAware and Norton Antivirus. After securing every inch of your desktop, there’s still Skype, the uncontrollable monster, even Norton, McAfee and Kaspersky know nothing about.


1 comment so far

  1. auramclaughlin5826 on

    tt you are one stupid mutherfucker and babbacadush you are not to far from that stupid mutherfucker. dont like it dont buy it cunt!!!!!!!!!!! Click

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: