Skype flaw reveals users' location, file-downloading habits

Monty Solomon monty at
Fri Dec 2 07:30:30 PST 2011

Joan Goodchild, CSO Online, 1 Dec 2011
A team of researchers has uncovered an issue that imperils Skype
users' privacy by putting their location and identity up for grabs

Researchers have found a flaw in Skype that can expose your location,
identity and the content you're downloading. Microsoft, which owns Skype,
says they are working on the problem.

The issue was uncovered earlier this year by a team of researchers from
Polytechnic Institute of New York University (NYU-Poly), MPI-SWS in Germany
and INRIA in France and included Keith Ross, Stevens Le Blond, Chao Zhang,
Arnaud Legout, and Walid Dabbous. The team presented the research in Berlin
recently at the Internet Measurement Conference 2011 in a paper titled "I
know where you are and what you are sharing."

The researchers found several properties of Skype that can track not only
users' locations over time, but also their peer-to-peer (P2P) file-sharing
activity, according to a summary of the findings on the NYU-Poly web
site. Earlier this year, a German researcher found a cross-site scripting
flaw in Skype that could allow someone to change an account password without
the user's consent. ...

 - - - -

Somini Sengupta, Skype Can Expose Your Location, Researchers Say,
*The New York Times* blogs, 29 Nov 2011

Remember when a prankster could make himself a general nuisance by calling
your home phone and quickly hanging up?

The equivalent of a prank call on Skype, the popular
voice-over-Internet-Protocol service, can be much more than a nuisance. If
you are logged in to Skype, a prankster - or thief or spy - can effectively
track where you are and in some circumstances, what you do and even what you
download, according to an experiment led by Keith Ross, a computer science
professor at the Polytechnic Institute of New York University in Brooklyn.
Mr. Ross, along with his collaborators at the French computer research
institute, Inria, followed 10,000 randomly selected Skype users over 16
days. ...


More information about the cypherpunks-legacy mailing list