In terms of security, privacy and trust, it looks like 2013 is shaping up to be a tough year for Skype. The latest ding against the Microsoft-owned company comes from Reporters Without Borders' online censorship project leader Grégoire Pouget, who told The Verge, "Many journalists or activists have reported to us that their Skype communications have been intercepted." Similar claims and other questions have also prompted this open letter to Skype, backed by numerous organizations like the EFF and RWB.
Since Microsoft acquired Skype in 2011, some have questioned the company's privacy practices. The open lettered issued to Skype is requesting that the IP-based communications company re-affirm and better explain its commitment to privacy, particularly when it comes to chat logs, eavesdropping and local data retention.
Once an Estonian-based company before it was courted by eBay and changed hands to Microsoft, Skype is now thought to be subject to U.S-based telecommunications laws. Regulations like the Communications Assistance for Law Enforcement Act (CALEA) impose certain requirements which essentially guarantee that Skype is capable of eavesdropping – something the company explicitly denied was possible before its Microsoft acquisition in 2008.
The letter also asks that Skype periodically publish a "transparency report" – a common way of sharing who's requesting what data and how often a company complies, along with other usage details and statistics. It points to the fact that Google, Twitter and others regularly release transparency reports for its users.
Just a week ago, it was discovered that a trojan-banker malware named "Shylock" has been updated to infect users through Skype by exploiting a security flaw in the software. This is not the first malware to propagate itself through the popular Vo-IP platform nor is this Skype's first security snafu.
"Shylock is one of the most advanced Trojan-banker currently being used in attacks against home banking systems. The code is constantly being updated and new features are added regularly." one researcher said.
The malware essentially gives attackers full access to a PC, allowing them to upload and execute files, set up remote viewing programs like VNC and inject custom HTML into websites.