Recently, a privacy flaw has been discovered in Skype, as well as other P2P applications. Please see this link for more details.
What the privacy flaw does is allow another person to make a Skype call to you and before you answer, or even if you don't, the caller can acquire your public IP address. With the public IP address, it is possible through IP location technology to determine where you are--sometimes even down to the street level. By calling throughout the day, it is possible to trace your movements and this information is useful in a variety of ways.
The article mentions that a firewall will not protect you, and this is not surprising because on the Internet you communicate with your public IP address and not the one behind the firewall.
Now, while I believe this is a privacy issue, I think it is a bit overblown. For one thing, every time we visit a website our public IP address is logged somewhere. Indeed, any time we connect to another public IP address for any reason we should assume it is logged somewhere. What makes this Skype issue problematic is that people may assume that because they are not calling anyone, their Skype VOIP is "hung up", so they are pretty safe and unreachable unless they answer the call. Unfortunately, Skype, and other P2P protocols do not work that way. When you log on to Skype, you connect to an outside server to advertise that you are on line, so just like a any other connection your public IP is now "known" on the Internet. Now, it is not known by everyone, but it is known by any system with which you are communicating. Skype and other P2P protocols by definition implicitly or explicitly share this information--if they did not, it would be difficult to establish the P2P connections necessary to make these protocols useful.
To find the other guy's IP address, it is only necessary to capture the packets as the call is trying to go through. This is something which is not too technically difficult to perform. And unfortunately, there is no way to hide your IP address given the way Skype and other P2P networks work.
So, what should we do?
First, we need to be aware, because awareness is power. If I know my IP address is knowable by others, I can take necessary action and change my behavior--for one, I can behave "as if" my location is known. How would that change my behavior if I was posting a venomous "anonymous" post somewhere? I would be more careful about what I say and do, just as I would do in any public place with people around.
Second, I could only bring up P2P applications when I need to use them. Unfortunately, if this practice becomes widespread it will lessen the utility of P2P applications. But if my location is so important, this may be the only option if I want to use P2P at all.
What we are seeing is the erosion of the assumption of anonymity, which is one reason the Internet has flourished. The day may soon arrive, and it may already be here, when we are no more anonymous on the Internet than we are in real life.
No comments:
Post a Comment
Comments are moderated. It may take some time for your comment to appear should it be approved. Comments which we judge to be inflammatory or purely rhetorical without advancing the discussion may be rejected. Stay on topic and address the information presented, not the person who wrote the post or the comment.