Still we have to wonder about the original claims that the use of the new Microsoft owned supernodes will enable Microsoft to spy on conversations and also make the previously secure P2P messaging and VoIP network vulnerable to attack. Questions sent to Microsoft about this change are getting responses like; “Skype cooperates with law enforcement agencies as much as is legally and technically possible”. This does not answer the question at all and has left many worried about the security of the service.  Do your calls and messages now go through the Microsoft run supernodes? According to a response sent to CNN they do not.

Skype claims that the supernodes are only used to allow users to find one another. However some feel this is not completely true and that all routes lead to Microsoft in the new infrastructure. This would seem to reference the issue that popped up and was fixed by Skype a couple of weeks ago.  If the claims are right then communication between users has reached a completely new level of insecurity when it comes to privacy. Microsoft will have turned Skype into an open door for law enforcement. They will now have access to central routing servers and the encryption keys that guard the conversations.

This would be in stark contrast to the traditional Skype infrastructure where your conversations were point to point through the encrypted Skype network. It was considered the most secure messaging and VoIP network by many and has over 254 Million users at last count. It seems that in some cases it would not take much to push a Skype call through a supernode. All you have to do is block UDP packets and the system will default to a TCP connection might requires transmission through a supernode. It would be very simple to force this on Skype’s end or at a point in the middle.

Right now many are stating that Skype is simply no longer secure. The Electronic Frontier Foundation says that Skype is no longer to be used as a secure means of communication. It is likely that governments now have the means to tap conversations and messaging sessions. We have to agree with them and will add that this extends to Microsoft’s own Live Messenger application that Microsoft has been admitted is monitored for offending content and links. We are guessing that Skype will be the next phase in this and the move to bring the supernodes in-house is only the first steps. Once they have control of the directories and user routing they can do quite a bit to piggy back on conversations and also to identify who is connected to who.

The move also opens up the service to attack as now the servers are located in one spot. The claim that the Supernodes are in “secure” data centers is something of a joke as hackers have shown more than once this year. So now your calls, messages contact lists and more might be accessible to law enforcement agencies and to hackers. Skype needs to come clean and let their users know exactly what is going on here before they start leaving and move to another service. Well considering Microsoft killed off the second best online ad company, we guess they are now working hard to kill off Skype…

Discuss this in our Forum