Skype



Skype is a peer-to-peer Internet telephony network founded by the entrepreneurs Niklas Zennström and Janus Friis, also founders of the file sharing application Kazaa and the peer-to-peer television application Joost. It competes against existing open VoIP protocols such as SIP, IAX, and H.323. The Skype Group, acquired by eBay in September 2005, has headquarters in Luxembourg, with offices in London, Tallinn, Prague and San Jose, California.

Skype has experienced rapid growth in both popular usage and software development since launch, both of its free and its paid services. The Skype communications system is notable for its broad range of features, including instant messaging, file transfer, voice and video conferencing, its ability to use peer to peer (decentralized) technology to overcome common firewall and NAT (Network address translation) problems, its use of transparent, strong encryption and its extreme countermeasures against reverse engineering of the software or protocol.

The main difference between Skype and VoIP clients is that Skype operates on a peer-to-peer model, rather than the more traditional server-client model. The Skype user directory is entirely decentralized and distributed among the nodes in the network, which means the network can scale very easily to large sizes (currently over 171 million users) without a complex and costly centralized infrastructure.

Skype also routes calls through other Skype peers on the network to ease the traversal of Symmetric NATs and firewalls. This, however, puts an extra burden on those who connect to the Internet without NAT, as their computers and network bandwidth may be used to route the calls of other users.

The Skype client's application programming interface (API) opens the network to software developers. The Skype API allows other programs to use the Skype network to get "white pages" information and manage calls.

The Skype code is closed source, and the protocol is not standardized. The Windows user interface was developed in Pascal using Delphi, the Linux version is written in C++ with Qt, and the Mac OS X version is written in Objective-C with Cocoa. Parts of the client use Internet Direct (Indy), an open source socket communication library.

Secure communication is a feature of Skype. The encryption cannot be turned on or off. The user is not involved in the encryption process and therefore does not have to deal with the issues of public key infrastructure. Skype reportedly uses openly available, strong encryption algorithms.

The Skype code is proprietary and closed source, and it is not planned to become open-source software, according to a quotation:

"We could do it but only if we re-engineered the way it works and we don't have the time right now."

– Niklas Zennstrom, co-founder of Skype, responding to the Skype security model

The book from Que Publishing, Skype: The Definitive Guide[7] points out partly:

* Skype can utilise other users' bandwidth. (Although this is allowed for in the EULA, there is no way to tell how much bandwidth is being used in this manner). There are some 20,000 supernodes out of many millions of users logged on. Skype Guide for network administrators[1] claims that supernodes carry only control traffic up to 5 kbytes/s and relays may carry other user data traffic up to 10 kbytes/s (for one video call). A relay should not normally handle more than one "relayed connection".
* Skype's file-transfer function does not contain any programmatic interfaces to antivirus products, although Skype claims to have tested its product against antivirus "Shield" products.
* The lack of clarity as to content means that firewalls and systems administrators cannot be sure what Skype is doing. (The combination of an invited and a reverse-engineered study taken together suggest Skype is not doing anything hostile.) Firewall rules for iptables were given to block Skype for corporates.
* The actual communication of any given Skype conversation is reported to appear relatively secure; both cryptographic analysis concluded that Skype had made good use of modern encryption techniques and had coded the actual encryption algorithms correctly within the software.

Skype accesses the hard disk several times each minute. This can be verified by observing the HDD's activity LED, or by using a file access monitor such as FileMon. With regard to internet bandwidth, certain users are selected by software to act as "supernodes". Under certain conditions, Skype is reportedly willing to accept thousands of connections, but is stated to limit itself to 40 kb/s upload and download.

Skype claims that the proprietary session establishment protocol is efficient and prevents both man-in-the-middle and replay attacks. The software is not self-certifying which means it needs to connect and login to a centralized Skype server to certify each user's public key.

Skype currently permits multiple concurrent logins: if an attacker is able to obtain a user's login password, the attacker could login as that user, and change their status to "Hidden". Thereafter, any chat sessions involving the real user are possibly copied to the hacker's "ghost" account. Provided a user keeps his/her password secure, this is not of concern.

Skype provides an uncontrolled registration system for users: registration requires no proof (by means of state-issued ID card) of the identity of the user. This works two ways: you can use the system safely without revealing your real-life identity to other users of the system, but on the other hand you have no guarantees that the person you communicate with is the one they say they are in real life. The downside of this is that it is easy to use the personal name (but not identity) of a trusted person as a Skype nickname and trick a naive user into revealing information or executing a program sent to them.

It should be noted that this behavior is common to all digitally provided services: the exceptions are certificates from trusted certificate authorities with all the known drawbacks.

2002-2005

* September 2002: investment from Draper Investment Company
* April 2003: Skype.com and Skype.net domain names registered
* August 2003: First public beta version released
* September 2005: SkypeOut banned in South China.
* October 2005: eBay purchased Skype (Oct 14).
* December 2005: videotelephony introduced.

2006-2007

* April 2006: 100 million registered users.
* October 2006 Skype 2.0 for Mac is released, the first full release of Skype with video for Macintosh.
* December 2006 Skype announces a new pricing structure as of January 18, 2007, with connection fees for all SkypeOut calls. Skype 3.0 for Windows is released.
* March 2007 Skype 3.1 is released, adding some new features, including Skype Find and Skype Prime. Skype also released a 3.2 beta with a new feature called Send Money which allows users to send money via PayPal from one Skype user to another.

Versions now exist for Microsoft Windows [2000, XP and CE (Pocket PC)], Mac OS X and GNU/Linux. The Linux version runs on FreeBSD through its Linux binary compatibility layer; the Fedora Core version works fine, provided the user switches on the microphone in the GNOME sound settings. The Symbian version is currently under development.

As of June 30, 2007, Skype had a cumulative number of unique user accounts of 220 million. Users may register more than once, and as a result, may have more than one account.

It was reported that nine million concurrent Skype users were online as of January 29, 2007.

Although the volume of international traffic routed via Skype is significant, the quantity is still small when compared to a global switched and VoIP traffic base of 264 billion minutes. Computer-to-computer traffic between Skype users in 2005 was equivalent to 2.9% of international carrier traffic in 2005 and approximately 4.4% of total international traffic in 2006.

Skype incorporates some features which obfuscate its traffic, but it is not specifically designed to thwart traffic analysis and therefore does not provide anonymous communication. Some researchers have also been able to watermark the traffic so that it is identifiable even after passing it through an anonymizing network.

SkypeOut allows Skype users to call traditional telephone numbers, including mobile telephones, for a fee. This fee is as low as USD$0.024 per minute for most developed countries, and as high as USD$2.142 per minute for calls to the dependency of Diego Garcia. Beginning January 2007, Skype also charges an equivalent of 0.039 Euro for each SkypeOut call, in addition to the ordinary rate. After 180 days of not making a SkypeOut call the Skype balance expires. As of January, 30th 2007, SkypeOut calls to Canada and the United States are no longer free.

SkypeOut calls to most toll free numbers in France (+33 800, +33 805, +33 809) , Poland: (+48 800) , UK: (+44 500, +44 800, +44 808) and the United States and Canada: (+1 800, +1 866, +1 877, +1 888 ) are free for all Skype users, even if they do not have the SkypeOut service. However, for many other countries SkypeOut doesn't support calling toll-free and premium rate numbers, and SkypeOut doesn't support calling emergency numbers (such as 112 in Europe or 911 in the U.S.A.).

Quality of service is not guaranteed. Dropouts, broken connections and compression distortion are frequently observed by users.

SkypeIn allows Skype users to receive calls on their computers dialed by regular phone subscribers to a local Skype phone number. Permits users to subscribe to numbers in Australia, Brazil, Denmark, The Dominican Republic, Estonia, Finland, France, Germany, Hong Kong, Japan, Poland, Sweden, Switzerland, UK, Romania and the United States.

For example, a user in San Francisco could create a local telephone number in Helsinki. Callers from Helsinki would pay only local rates to call that number.

Skype has been criticized over its use of a proprietary protocol, instead of an open standard like H.323, Inter-Asterisk eXchange, or SIP, since this makes it much more difficult, if not impossible, for other developers to interact with Skype. Some have theorized that the decision was made to prevent competition over business with SkypeOut.

Due to the design of the protocol, if given access to an unrestricted network connection, Skype clients can become supernodes. These supernodes hold together the peer-to-peer network and provide data routing for other clients behind more restrictive firewalls, which can generate a significant amount of bandwidth usage. For this reason, some network providers, such as universities, have banned the use of Skype.

A third party paper analyzing the security and methodology of Skype was presented at Black Hat Europe 2006. It analyzed Skype and made these observations:

* Heavy use of anti debugging techniques (used to deter development of alternative clients, hacking tools)
* Significant use of obfuscated code (slows reverse engineering, less description of what program code does internal to the executable file)
* Keeps chatting on the network, even when idle (even for non-supernodes. May be used for NAT traversal)
* Blind trust in anything else speaking Skype
* Ability to build a parallel Skype network
* Lack of privacy (Skype has the keys to decrypt sessions)
* Heap overflow in Skype
* Skype makes it hard to enforce a (corporate) security policy
* "No way to know if there is/will be a backdoor"

SkypeOut rates are "per minute" based, contrary to the trend in charges for calls from conventional telephones. In some countries, many calls are charged at a specified fixed amount per call. In this method, SkypeOut is more expensive for longer calls, whereas it is cheaper for relatively short calls.

Futhermore, there has been a surge of complaints about Skype's poor customer support. As of June 2007, Skype still does not provide a direct way of contacting its customer support, relying solely on its web portal for all related issues. In particular, customers who paid for services such as SkypeOut, have repeatedly expressed their frustration with Skype's lack of response, claiming that it had been disregarding or not providing an adequate response to their complaints about significant issues, such as incorrect billing. For instance, customers have complained about Skype's unclear charges to their account. In some cases, when those charges were eventually explained to them, they could be categorized as hidden fees.

When Skype 2.0 was released, AMD filed a lawsuit claiming the software only offers 10-way conference calls on dual core Intel processors, while other chips, including all AMD chips, will only offer 5-way conference calls.

Another criticism of Skype has been content filtering.

While available for Windows, Mac OS X and Linux (i386 platform) operating systems, there is no Skype version for the Palm OS, used in mobile devices like the Treo 700p smartphone nor for the Powerpc version of Linux.

Furthermore, Skype does not support Windows Vista (at least not fully.). This problem is further compounded by the fact that Skype has not announced any kind of Vista-Compatible Skype release date (or version), even though Vista has been on the market since January 30, 2007. This may prevent customers that rely on Skype from switching to Vista completely.

Skype has been criticized in the Linux community for bugs and delays in the Linux version. The Mac OS X version also lacks some of the advanced features included in Skype for Windows.[citation needed]

There have also been criticisms of Skype blocking and disabling customer accounts from using the SkypeOut service.

Also, when using SkypeOut to call toll-free numbers, users may experience call degradation when using the keypad to enter numerals into automated systems.

Skype was also found to access BIOS data to identify individual computers and provide DRM protection for plug-ins.

Skype faces challenges from two main legal and political directions - challenges to its intellectual property, and political concerns by governments who wish to exert more formal control over aspects of their telecommunications systems.

Skype's technology is proprietary and closed to outside review. It is unknown to what extent it can potentially intrude upon other parties' patents and copyrights. It is not unreasonable, therefore, to expect legal challenges from third parties concerning Intellectual Property issues.

Skype also supply Skype-in phonelines without requiring proof of address, which is illegal in some countries.

In January, 2006, StreamCast Networks filed a complaint in U.S. District Court in Los Angeles, accusing Skype of stealing its peer-to-peer technology. The $4.1 billion lawsuit did not initially name eBay, Skype's parent company; however, the lawsuit was amended in a filing with Federal Court in the Central District of California on May 22, 2006, to include eBay and 21 other parties as defendants.

Streamcast seeks a worldwide injunction on the sale and marketing of eBay's Skype Internet voice communication products, as well as billions of dollars in unspecified damages.

On June 1, 2006, Net2Phone (the Internet telephone unit of IDT Corp.) filed a lawsuit against eBay and Skype accusing the unit of infringing U.S. Patent 6,108,704 , which was granted in 2000.

For a brief period, SkypeOut was blocked in some regions of mainland China (notably Shenzhen) by the operator China Telecom for undisclosed reasons; it has been speculated that this may relate to SkypeOut's ability to take lucrative international and long-distance business away from the People's Republic of China's state-controlled telecommunications companies.

Skype is one of many companies (others include AOL, Google, Microsoft, Yahoo, Cisco) which have cooperated with the Chinese government in implementing a system of Internet censorship in mainland China. Critics of such policies argue that it is wrong for companies to assist in such policies, which might allow them to profit from censorship and restrictions on freedom of the press and freedom of speech. Human rights advocates such as Human Rights Watch and media groups such as Reporters Without Borders state that in their view, if companies stopped contributing to the authorities' censorship efforts the government could be forced to change.

Niklas Zennström, chief executive to Skype, told reporters that its joint venture partner in China is operating in compliance with domestic law. "Tom Online had implemented a text filter, which is what everyone else in that market is doing," said Mr Zennström. "Those are the regulations," he said. "I may like or not like the laws and regulations to operate businesses in the UK or Germany or the US, but if I do business there I choose to comply with those laws and regulations. I can try to lobby to change them, but I need to comply with them. China in that way is not different."

In September 2005, the French Ministry of Research, acting on advice from the general secretariat of national defence, issued an official disapproval of the use of Skype in public research and higher education; some services are interpreting this decision as an outright ban. The exact reasons for the decision were not given, but speculatively may relate to issues noted earlier, relating to inability to monitor the nature of information being communicated, possible extreme resource usage, or unknown potential actions of the software.

In May 2006, the FCC successfully applied the Communications Assistance for Law Enforcement Act to allow wiretapping on digital phone networks. Skype is not yet compliant to the Act, and has so far stated that they do not plan to become compliant.

In December 2006, the Government of India announced they are preparing a crackdown on Internet telephony services, citing security risks and loss of revenue. The clampdown is targeted at outsourcers and other Indian IT businesses that use foreign owned Internet telephony services, such as Skype and Yahoo!, to cut their phone bills and evade the six percent revenue share and 12 percent tax imposed on local services by the government. According to The Times of India, companies must reveal the names of licensed service providers they purchase bandwidth and internet telephony minutes from. Companies will also have to undertake that they will not use the services of unlicensed internet service providers.

Skype was abruptly blocked in the UAE for undisclosed reasons—Skype users in the United Arab Emirates are being blocked from the Skype.com site, which prevents them from buying minutes for use with SkypeOut and taking advantage of deeply discounted international calling rates. The blockage has been speculated to originate within Etisalat, the only ISP in the UAE. Since Etisalat has a monopoly on telephony there, the motive could be economic, or it could be one of political control due to Skype's encryption of conversations.

The Sultanate of Oman has also blocked access to the Skype.com website preventing users from accessing skypeout in order to maintain Omantel's monopoly on the telecommunications market in the country. This has also to do with security issues as well as economic ones as it is difficult to monitor the calls made with skype. If one is to attempt to reach the Skype webpage, the monitor says: "Access Denied (policy_denied) Your system policy has denied access to the requested URL. For assistance, contact your network support team." Many other Persian Gulf countries pursue similar policies regarding Skype for largely the same reasons.

On October 14, 2005, eBay acquired the company for €1.9 billion in cash and stock, plus an additional €1.5 billion in rewards (earn out) if goals are met by 2008.Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts.
Virtual Magic is a human knowledge database blog. Text Based On Information From Wikipedia, Under The GNU Free Documentation License. Copyright (c) 2007 Virtual Magic. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".

Links to this post:

Create a Link

<< Home