Russell McMahon wrote: >> I have to ask What Skype tendencies???? >> Hadn't heard anything bad, so never looked. > > Skype is an aggressive secret sharer of your resources. Maybe it may be (the jury on that is still out), but it is not. Since our last exchange here, I've been closely monitoring Skype (which I run pretty much all the time), and while it is true that it may be a sharer of resources (as stated in the terms of use -- so far for "secret"), it is not a secret one nor an aggressive one. The actual shared traffic not initiated by me (unless of course one considers running Skype as "initiated by me" :) averages in a range of hundred bit/s. That's the "sharer of your resources" part, but where's the "secret" and the "aggressive"? > As such it is also a major *potential* security risk although I'm not > aware of anyone yet having used it's abilities for even more nefarious > purposes. This goes just the same for pretty much any non-open-source software that you give the permission to initiate or receive connections from the outside. Do you /really/ know what your Windows networking implementation does when you put it online? If not, what's the difference? > It knows how to 'tunnel' many firewalls unannounced and undetected and as > new protections are put in place, some especially targeted to curb its > proclivities, it learns distressingly quickly (no doubt courtesy of its > dark masters) how to overcome the new obstacles. I don't think this is correct. It doesn't tunnel exactly firewalls, it tunnels routers and specifically NAT routers. I have a very simple firewall, and if I want to, I simply close out Skype from networking. No tunneling, not unannounced or undetected or otherwise. Skype is not a piece of magic. OTOH, this is not so different from any other closed-source software that may not have the capability to tunnel a NAT router, but gets your permission to do so. I'm sure you know exactly what every piece of software that you use online does. (This was an attempt at irony... :) > Once it finds its way to the world it can establish a supernode, using > your system as a P2P routing point for others' traffic. How much is does > this and how much say you have in the matter is hotly debated - This should be an indication that it is not as clear-cut a fact as you would like it to be and seem to portray it despite being familiar with the fact that this is a controversial issue. > but as it makes every effort to avoid or fool the normal monitoring > systems, any claims as to what it does or doesn't do should be judged > with care and after taking note of the tools and credentials of the > claimants. So far I've seen little factual evidence of this (actually none). I don't see my Skype installation making /any/ effort to avoid or fool monitoring. It simply runs, makes its connections (not initiated by me), exchanges some data over these (of which I don't know exactly what it is, but how much) -- and if I want to, I can observe this with normal tools (nothing hidden at all) or shut it down in the way I can shut down any other (tray-resident) application. It doesn't install itself as a service, so once the user shuts it down, it's down. And if I tell my firewall not to let Skype communicate, it doesn't. It's as simple as that. > [[In that context, I'm me and I've used no tools at all and have never > run Skype and will try very hard to never do so - so you have to take > the word of the people "out there" who have convinced me. I leave it as > an exercise to the student to find these people and to be similarly > convinced :-).]] This is a bail-out of the worst type, even with a smiley... Without facts this whole post is not worth much. Facts are very scarce in this post, and telling the reader to find the "facts" for herself is not a suitable substitute. I've tried to find them, and I didn't come up with much at all. At least not with material that would substantiate your claims. > You have the ability to make a supernode voluntarily and may or may not > have the ability and right to not do so. So far I've never heard of a supernode behind a NAT router. A NAT router should be a standard configuration for anyone who is not a seasoned sysadmin and has the capability and time to deal with a system directly connected to the internet. > If you don't want to use Skype on a given occasion you may elect not > to run it, but this is no guarantee that it will not want to use you > (or your system) and choose to run you (or your system). If it does do > so don't expect it to tell you and don't expect to be able to easily > determine that it is doing so. This is a load of FUD without any factual basis. Skype doesn't use me (or my system) anymore than OE (or Windows) is using you (or your system). Unless of course you mean that if you have an executable at your computer that you didn't write (or didn't scrutinize the sources written by others to a degree that gives you the same insight) and didn't compile yourself, you never know exactly what the software is doing. Which then, I'm sure, applies equally to probably at least 99% of the executable files on your computer. > Any of the above which sounds like advanced (or standard) paranoia may > be checked on using the don't-be-evil search engine. I did that, and didn't find much solid fact out there. You know just as well as I do that just because something is written on the internet somewhere doesn't make it a fact. (Tony Smith at least is with me on this :) I'd classify this post of yours as mostly religious (for being based mostly on belief). As such, we're of course all entitled to our own beliefs -- but I thought that this mailing list was targeted more towards "the knowable"? I've tried to get to the knowable on Skype use, and have made some advances -- have you? If not, what exactly is this post about? Gerhard -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist