THE LIBERTARIAN ENTERPRISE
Number 622, June 5, 2011
"The cops have gone crazy.
There's lots of this going around, these days."
Special to The Libertarian Enterprise
You have been thinking that Skype's proprietary encryption was keeping your conversations private.
It turns out that phonotactic penetration of Skype has been demonstrated. Andrew Frey of the north-central Kansas campus of Individual Sovereign University showed me a text news site with an article on this very issue. That links to this site.
(It turns out that the morons at Facebook managed to lose my first version of this note. Fuckers.)
The way Voice Over IP seems to work involves breaking the voice stream into data blocks. Unfortunately, these blocks are of lengths that are consistent with the phonemes being encoded. After encryption, this informationthe size of each data block remains. So if you know how to analyse the data, you can use the size of each block to tell what phoneme was encrypted. Apparently, a full transcript of a Skype conversation without using decryption was recently performed.
This appears to be a general limitation of VOIP and not only Skype. An obvious work-around or solution would be to break the data stream into packets of equal length before encrypting, or after encrypting but before transmitting. Some genius is going to address this problem, soon.
It just goes to show how data communication geniuses aren't always sufficiently knowledgeable about specialities like voice communications. Who ever heard of phonotactic analysis?
People help each other on the path to agorism.
Okay, this story has been all over the discussion lists today. It turns out that Twinkle has settings to remove the pre-processing that would otherwise leave it vulnerable to the same penetration.
If you use Twinkle (a voice over IP for Ubuntu and other Linux, which has built-in encryption) in the edit menu seek: Edit -> User Profile -> RTP Audio -> Speex uncheck all
Then in the preprocessing tab, uncheck all.
This removes the vulnerability. As well, with a virtual privacy network running, you get an additional layer of encryption on everything you send and receive. You can also add some ping activity to add chaff.
Is there a solution for Skype? I don't know. I don't Skype. Proprietary encryption is not something I'm interested in. Open source crypto for the win.