One Step Closer To Tapping PC-To-PC VoIP? Or To Better Anonymous Systems?

from the or,-maybe-not dept

One of the concerns about the FCC's plans to force VoIP providers to allow wiretapping from law enforcement was the question of whether or not providers like Skype would be included. While the FCC's plan is focused on systems that terminate on traditional phones (which Skype can do), it's been assumed that it would be much more difficult to tap a PC-to-PC call on a system like Skype's main offering. However, the government has just dumped some money into research that has shown it is possible to track a Skype call, even if both parties are using an anonymizing proxy. Still, the details suggest this isn't as revolutionary as it sounds at first. In order for it to work, law enforcement would have to be eavesdropping on the traffic on both sides -- and then all they could do was figure out that the two sides engaged in a call to each other, but would still not be able to figure out what was being said. As someone in the article notes, if anything, it seems likely that finding out this information is more likely to drive new anonymizing techniques than real tapping techniques for PC-to-PC VoIP.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Jim McCoy, 9 Aug 2005 @ 6:50pm

    Anonymity within Skype will never happen.

    It has been well-known in the crypto community that it is not too difficult to trace protocols that need a real-time channel through any amount of anonymity channels. The easy way to think of the simple solution available to the attacker in this case is to imagine the entire anonymous network as one big black box. It does not matter what you do inside the box, in the end the bits have to go into one pipe and come out another. By watching the flows of bits in and out of the system you can apply statistical techniques from a variety of other fields to match one input to another output.

    The only practical solution is to use a constant bandwidth channel in and out of the network (c.f. Wei Dai's "pipenet" proposal and the freedom architecture from zero knowledge systems.) Even when you were not running Skype you would need to dedicate some portion of your bandwidth to the network or else an attacker would be able to watch connections get opened to the black box and come out the other end. This constant bandiwdth pipe would need to be equal to the maximum amount of bandwidth you would want to use during your skype call, so that an attacker can't match up bandwidth spikes.

    So, how many people are going to be signing up for "anonymous Skype" accounts when the basic requirement is that you need to be running an agent that is _always_ sucking away at your bandwidth? Until the group of people who wants to join this system is large enough that you can hide within the noise of this paranoid group the whole system offers almost no protection. [We won't even go into the additional problems that can develop if the attacker can look inside the "black box" and pick specific nodes to take out to see if additiional information is leaked from the system about the internal connections.]

    The anonymity problem in this case is well-known and well-explored. So is the solution. The problem is that it is very costly and a lot of people smarter than anyone over at Skype have been thinking about the problem for more than a decade and have not come up with better solutions.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.