Today, Mike Qaissaunee and I recorded a podcast on TOM-Skype. Last month I blogged about a report titled BREACHING TRUST: An analysis of surveillance and security practices on China’s TOM-Skype platform. The report was published on Oct 1, 2008 Nart Villeneuve and the Information Warfare Monitor. Villeneuve is CTO of psiphon inc and the psiphon research fellow at the Citizen Lab, Munk Centre for International Studies, University of Toronto. In this 25 minute and 21 second podcast we discuss the report, confidentiality and security issues with TOM-Skype, the Chinese version of Skype.
Here's a list of questions asked during the podcast:
Can you tell us a little more about this report?
How about some background on Skype in China?
How about some details from the report?
You said these are publically accessible servers - can others besides the Chinese access these servers?
Can you review the major findings from the report?
What kinds of questions has the report raised?
How does the report say the sensorship actually works?
How about some detail on those servers?
The report claims it may be possbile to map users social networks using the logged information. Can you explain?
How has Skype responded?
Here's how you can get the answers:
To read show notes and listen to Mike Q and my 25 minute and 21 second podcast (Sept 2006) titled China and TOM-Skype, click here.
Listen to it directly in your web browser by clicking here.
If you have iTunes installed you can subscribe to our podcasts by clicking here.
Sunday, November 2, 2008
China and TOM-Skype Podcast Recorded Today
Posted by Gordon F Snyder Jr at 7:09 PM 0 comments
Labels: Censorship, China, Filtering, Human Rights, Internet, Internet Censorship, Internet filtering, Security, Skype, Technology, TOM-Skype
Wednesday, October 22, 2008
China’s TOM-Skype Platform Analysis
Earlier this month Nart Villeneuve and the Information Warfare Monitor released an interesting joint report titled BREACHING TRUST: An analysis of surveillance and security practices on China’s TOM-Skype platform. Villeneuve is CTO of psiphon inc and the psiphon research fellow at the Citizen Lab, Munk Centre for International Studies, University of Toronto. His research focuses on International Internet censorship and the evasion tactics used to bypass Internet filtering systems.
In the report Villeneuve takes a look at confidentiality and security issues with TOM-Skype, the Chinese version of Skype. If you are not familiar with Skype, it is a software application users download and install on their computers. Once installed it allows users to make free computer-to-computer voice calls over the Internet. In 2004, Skype connected with TOM Online, a large wireless provider in China. The two companies put together a Chinese version of Skype called TOM-Skype and released it to the Chinese public.
Shortly after TOM-Skype’s release in 2006, human rights groups started to question the applications security practices, and several accused the company of censoring chat. Here’s a piece from Villeneuve’s report:
Skype responded to those criticisms stating:
Full end-to-end security is preserved and there is no compromise of people’s privacy.
Calls, chats and all other forms of communication on Skype continue to be encrypted and secure.
There is absolutely no filtering on voice communications.
Skype also said that censored messages are simply discarded and not displayed or transmitted anywhere. Villeneuve’s current report challenges these statements, documenting and questioning the security practices of TOM-Skype. Major findings from his report include:
These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.
The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.
Analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.
The report is both upsetting and fascinating. It includes a technical section describing how Villeneuve believes the content is being censored and logged and how security and privacy are being breached. In the report forward Villeneuve says:
This is a wake up call to everyone who has ever put their (blind) faith in the assurances offered up by network intermediaries like Skype. Declarations and privacy policies are no substitute for the type of due diligence that the research put forth here represents.
This is an excellent case study that could be used (for example) in a networking, Internet security or policy course. The entire 16 page report can be downloaded in PDF format here.
Posted by Gordon F Snyder Jr at 6:54 PM 2 comments
Labels: Censorship, China, Filtering, Human Rights, Internet, Internet Censorship, Internet filtering, Security, Skype, Technology, TOM-Skype