Microsoft files EU Android complaint

D. Hugh Redelmeier hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Fri Apr 12 19:53:52 UTC 2013 

| From: D. Hugh Redelmeier <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org>

| Not that BlackBerry is open.  I actually think that the spyware
| dimension is more important than the open dimension (but ultimately,
| open may be required for trust -- think how much we trust Skype).

| From: Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org>

| On Fri, Apr 12, 2013 at 01:00:53PM -0400, D. Hugh Redelmeier wrote:
| > Google Talk certainly isn't a route to more security.  What were you
| > thinking?
| 
| And you think skype is?

No, I certainly don't.  That was my original point.  Thanks for
pointing out that I wasn't clear.

Skype was understood to have end-to-end encryption at one point,
exactly what one should want.  Nobody actually knew because the
protocol was undisclosed.  I now believe that it does NOT have
end-to-end encryption but is open to (at least) "Lawful Access" by
governments.

In any case, because it was closed and undisclosed, nobody could be
sure of anything good.  Which means one should assume the worst.

(Encryption is technically easy but authentication is where all the
challenges are.  Authentication is the weakest link.  Without
authentication, encryption is useless against man-in-the-middle
attacks.  I don't know a darned thing about Skype authentication.)

We (most TLUGgers?) give the benefit of the doubt to small players
(the original Skype) but distrust bigger players (Ebay).  But we
reserve our greatest distrust for the Great Satan, Microsoft.  These
blind us to the fact that any player can do bad or good, often for
reasons unrelated to whether they are bad or good.

| From: Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org>

| If anyone susggest using skype, I tell them exactly what is wrong
| with skype.  I don't indulge people who have made bad choices.

We agree that Skype has bad aspects.  Do we agree on what those are?
I've outlined mine above.  You object to the distributed nature:
leaching resources from the users, I think.

I'm not sure of the current Skype architecture.  I have the impression
that Microsoft has moved a lot of stuff from leached user machines to
their own servers.

Skype is something that one gets dragged into.  If you need to talk to
someone who only has Skype, for example.  It is reputed to be really
good at getting through NAT and firewalls without the requirement for
a skilled operator.  And it is kind of free as in beer.

| I have no problem with SIP,

The SIP infrastructure is a bit weak.  It isn't conventional to have
end-to-end encryption and I don't know of universally accepted
protocols for negotiating encrypted links.  Furthermore, dealing with
NAT has gotten middlemen involved in each call.

Quality of Service with SIP hasn't been that great in my experience.
Skype is reputed to be better.

Finally, one strength of SIP has been that ITSPs can offer you "DID"s
(plain old phone numbers).  But that forces middlemen on you for
those calls.

| and I have no problem with google's video
| chat and use both.

I don't want my communications to be "owned" by a company, especially
one that is a sole provider.  Especially one that makes its living
selling user profiles to advertisers.

Even if all your "content" is end-to-end encrypted, traffic analysis
is a powerful surveillance tool.  This is the equivalent to "pen
register" for phone surveillance
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list