Skype Spying on you? [Scandalous discovery]

[ubuntu27]

GNU/Linux Users of the P2P telephonic service Skype discovered that that software reads surreptitiously files contained in /etc/passwd and the profiles and configuration of the plugins installed for Firefox.

This was revealed by using AppArmor and confirmed by users of Skype version 1.4.0.94 and 1.4.0.99.
Surely this event shows the how valuable AppArmor is fir revealing the behaviour of any source closed application.

The first discovery was originally made with Skype 1.4.0.99 in Ubuntu Gutsy Gibbon Tribe-4.

* Complete Article in Slashdot

I found it originally at VivaLinux (SPANISH SITE)

It has a link on Skype on Linux (ENGLISH)

[DownTown22]

I'm gonna say.....no.

[Andrewie]

this was on slashdot awhile ago. There are a lot of reasons to read etc/passwd. And it checked the firefox folder to see if you have the plugin installed.

[nonewmsgs]

i read all 5 pages (even included the developers to talk) and it seems like it's not that big of a deal. i was rather impressed by the devs about they really did seem to try to explain it despite some rather flaming trolls.

[mikewhatever]

GNU/Linux Users of the P2P telephonic service Skype discovered that that software reads surreptitiously files contained in /etc/passwd and the profiles and configuration of the plugins installed for Firefox.

As the discussion at http://forum.skype.com/index.php?showtopic=95261 reveals, a lot of other programs read /etc/passwd. Don't blow it out of proportions.
As a side note, hope skype 1.4 will get out of beta by the end of the year, or next year, more likely.

[ubuntu27]

this was on slashdot awhile ago.

Uh! I just saw that this slashdot article is ONE (August) month old! How did I miss that?

[jsbach]

I'd be interested to hear people's opinions on Skype for Linux accessing people's private firefox directories. strace -e open -f skype 2> SKYPE, for me shows 179 references to my private mozilla files being read, including passwords, usernames, bank acount details etc.

The point is surely that skype shouldn't be accessing that data at all. in fact, in my country, it is illegal under sections 1 & 2 of Computer Misuse Act 1990 -

http://www.opsi.gov.uk/acts/acts1990...00018_en_1.htm

Skype's stated policy :

http://www.skype.com/download/adwarefree/

The people here who have stated that this is a non-issue are either misinformed or misinformers or both.

[ubuntu27]

From what I been reading, in "modern" GNU/Linux the directory /etc/passwd doesn't contain password at all. Can someone confirm this?

I just opened in my comp, and it contains usernames (user accounts), some random numbers, and a path or directory to something.

[jsbach]

True ubuntu27, but I don't care about /etc/passwd.

I care about my *private* firefox files, including all extensions, plugins etc. These files contain private and sensitive personal data, which I most certainly have NOT given Skype permission to access.

That is the real scandal. And it is an issue that will land them in court facing criminal charges.

The whole issue has been side-tracked with spurious /etc/passwd verbiage, in my view at least.

[Nekiruhs]

I'd be interested to hear people's opinions on Skype for Linux accessing people's private firefox directories. strace -e open -f skype 2> SKYPE, for me shows 179 references to my private mozilla files being read, including passwords, usernames, bank acount details etc.

The point is surely that skype shouldn't be accessing that data at all. in fact, in my country, it is illegal under sections 1 & 2 of Computer Misuse Act 1990 -

http://www.opsi.gov.uk/acts/acts1990...00018_en_1.htm

Skype's stated policy :

http://www.skype.com/download/adwarefree/

The people here who have stated that this is a non-issue are either misinformed or misinformers or both.

I saw your post in the thread. The devs have told you what its for. The burden of proof here is on you.