Forgot your password?
typodupeerror
Microsoft Communications Open Source Software

Skype Goes After Reverse-Engineering 207

Posted by Soulskill
from the trade-secret-my-son dept.
An anonymous reader writes "It appears Microsoft's Skype Division is cracking down on reverse-engineering of the Skype client. Skype recently rolled out a new set of APIs for integration into other desktop applications, but they have issued multiple DMCA takedown notices to a researcher publishing open-source code to send Skype messages."
This discussion has been archived. No new comments can be posted.

Skype Goes After Reverse-Engineering

Comments Filter:
  • Interoperability (Score:5, Interesting)

    by Bert64 (520050) <bert@sl[ ]dot.fi ... m ['ash' in gap]> on Friday October 28, 2011 @01:57PM (#37871348) Homepage

    Doesn't the DMCA have exceptions for interoperability purposes? Surely these would come into play for a communications tool...

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      as long as the DMCA does not fund the litigation required to actually be able to use this exception. it is a pretty useless exception.

    • I don't know what's going in Europe but in the US this should be a non-story. US courts have routinely struck down reverse engineering suits. Its completely legal to do.
      • by erroneus (253617)

        Except that the DMCA enables the circumvention of due process. Due process used to protect defendants against abusive legal action and in cases where injuctive relief is needed, a judge could hear the plea and give preliminary injunctions in those special cases where expeditious relief was needed.

        Now it's not like that with the DMCA. The courts will still strike down reverse engineering and will strike down under the DMCA's interoperability provisions. But it has to get before a judge first. The DMCA pr

        • So why don't more companies who are interested in suppressing RE in their products using the DMCA? Surely Microsoft isn't the only company willing to use the DMCA to step on a competitor?
          • It's because it doesn't actually work that way. DMCA doesn't violate due process as described because the person receiving the notice has the right to respond and then the case has to go to court and the interoperability/reverse engineering case will be made.

            There is the risk of expensive litigation stopping small players from fighting the case, but even without the DMCA, the big company still has that ability to try and outspend the small chap.

        • Erroneus is in error. DMCA takedown notice gets issued by Skype, developer issue counter-notice as allowed in the DMCA and then it has to go to court or be dropped. If the hosting provider doesn't restore after the counter-notice or Skype keeps issuing takedowns and not react to counter-notices by either taking to court or dropping the claim, they are in violation of the DMCA.

    • No, the DMCA notice procedure says nothing about interoperability exemptions. And if you (and the people who modded up your question) had RTFAed you would see that is what the reference to DCMA was all about. This has nothing to do with anticircumvention prohibitions.

      If somebody has a web page that you don't like (for any reason, it could be copyright infringement, it could be voicing a negative opinion, or it could be about a product that is compatible with yours), check to see who is hosting them. If i

    • I thought that reverse-engineering has repeatedly upheld by the courts to be completely legal.
  • Is this new? (Score:4, Interesting)

    by magsol (1406749) on Friday October 28, 2011 @01:58PM (#37871362) Homepage Journal
    Has this kind of crackdown on those who would reverse-engineer Skype's protocols always been around? Or has it only been elevated to prominence with the acquisition of Skype by Microsoft?

    tl;dr can we hate on Microsoft?
    • Listening to some FOSS SIP developers I've been under the impression that Skype has always been difficult to deal with but you do it because everyone want to talk to someone on Skype..

      If I were in tinfoil hat mode, I say Skype is just tired of spending cash on the continual arms race of changing thing just enough to keep their competitors from playing anywhere near their turf and are going to take the nuke for orbit approach.

    • You can always hate on Microsoft. It's a Slashdot right, don't you know?

  • Come to think of it, seeing as the EU required microsoft to publish protocol specs a few years back, would they now extend this requirement to cover skype?

    I certainly think they should, proprietary unpublished protocols are extremely harmful to everyone else.

    • Are they still under those requirements in the EU? I know their US requirements have gone away.
      • by dkleinsc (563838)

        Have they gone away, or have they simply gone unenforced?

        • by tepples (727027)
          The ten years of court-mandated oversight of Microsoft's U.S. operations have elapsed.
          • by PPH (736903)

            The oversight went away. Did the requirement to publish specs go as well?

            Just because an ex-con has completed his term of probation doesn't mean he can just go back to dealing meth.

      • My understanding is the publishing protocols thing is with the EU so the U.S. oversight has nothing to do with it.

    • by ackthpt (218170)

      Come to think of it, seeing as the EU required microsoft to publish protocol specs a few years back, would they now extend this requirement to cover skype?

      I certainly think they should, proprietary unpublished protocols are extremely harmful to everyone else.

      Not certain, but that would mean you could go right ahead in Europe - actually, you probably could anyway as the DMCA only applies to peasant^H^H^H^H^Hople in the United States.

    • The law forced Microsoft to provide them with the Windows Networking documentation: http://www.samba.org/samba/PFIF/ [samba.org]

      How this could or would apply to Skype . . . ?

  • Oh Microsoft, it's just like you have never left.
  • by GameboyRMH (1153867) <gameboyrmh@[ ]il.com ['gma' in gap]> on Friday October 28, 2011 @02:05PM (#37871482) Journal

    If you're working on any kind of software that could piss off large corporations - console hacking, proprietary protocol reverse-engineering, DRM-breaking, etc - host the project on a darknet site anonymously so they can't send you takedown notices or sue you. This should be common sense by now.

    • On AT&T's (or anybody else's) wire, there is no such thing as "darknet". The host will be found and taken down. The only alternative is a true P2P chat than can connect you direct to the person you wish to talk to after exchanging IP addresses.

      • There is Freenet, but a project on Freenet will be inaccessible to anyone but other Freenet users. It's the hangout of the extreme paranoids. A few 'Government is coming to silence me' conspiracy theorists, quite a lot of pirates, some religious people worried the Antichrist will come after them when he takes power, some crypto-anarchists who just want to support the network (It's far less risky than running a TOR exit node) and probably a few pedophiles lurking in the shadows. It is just about untraceable
      • Please tell me how ISPs could identify the host of an .onion or .i2p site.

  • RIP Skype (Score:5, Insightful)

    by denis-The-menace (471988) on Friday October 28, 2011 @02:10PM (#37871602)

    To all those people asking "Why do you hate MS so much?"
    This is why.

    When MS bought Skype I told people that Skype would die soon *because* MS bought it. Didn't know how or when but soon.
    Now, MS will kill all the various clients that made Skype ubiquitous and useful. The new Skype will not run on as many platforms and (in true MS EEE fashion) will not work with previous versions either

    Like Metalica, and Hurt Locker, Skype will now be shunned.
    A new *open* protocol will take over.

    • I've seen some people speculate that MS doesn't actually want the Skype service at all, but wants it's technology and patents to improve their XBox voice chat and to design new features for future Windows Phone versions.
    • by Haedrian (1676506)

      I just hope it doesn't feature-bloat like Microsoft's other IM.

      Before it used to be light and you could use it to chat. Now it takes 20-40 seconds to load, and tries to do everything and fails horribly.

      With skype integrating FB already... I think we can see what direction its heading into.

      • The Windows version was getting feature-bloated even before MS bought Skype.

      • I just hope it doesn't feature-bloat like Microsoft's other IM.

        And I want to win the lottery. I think mine is more likely than yours... Feature bloat is the middle age of software.

    • What's Skype? Isn't that kind of like Google Voice?

      I was just getting to look into Skype before M$ bought them, then I quickly thought twice once I heard of the deal. I knew that M$ would change the API to "improve" the product, and then do whatever they could to kick out other OS's from the list of supported hosts. Each, one by one, has come to pass. No surprises there, business as usual in Redmond.

      • by Rich0 (548339)

        Skype and Google Voice have very little in common. Google Voice is married to the phone system for the most part - it doesn't support SIP/etc, although there are some ways to get into it via Gmail or Google Talk. I don't think it really is a direct Skype compeitor per se.

        Now, if Google Voice added SIP support it would be the perfect Skype replacement. Well, I guess some people use the video features, and for that you'd need to use a different protocol but there are plenty of open ones to choose from.

        That

    • A new *open* protocol will take over.

      So, moving on, are there any promising candidates in this area?

      And what of the infrastructure required? Is there any, such that there has to be some business running servers for VOIP clients to work well? I'm just not that familiar with it. I know you can do client-to-client connections, but what about directory services?

      • by amorsen (7485)

        So, moving on, are there any promising candidates in this area?

        SIP with ICE is certainly promising. The main remaining challenge is imitating the way Skype uses random well-connected users as proxies for those less fortunate.

    • by timothyf (615594)

      All the various clients? Uh... what clients were there besides the official Skype client? I don't remember seeing any, and believe me, I looked.

      • by sremick (91371)

        All the various clients? Uh... what clients were there besides the official Skype client? I don't remember seeing any, and believe me, I looked.

        Pidgin, Trillian, imo... you didn't look very hard.

        • by Ksevio (865461)
          Pidgin and Trillian (until very recently) both require the official Skype client to also be running. GP is correct is saying there aren't other clients available.
          • by sremick (91371)

            Well I have had imo and Trillian on my phone for ages and never needed the official Skype there. I was using imo well before Trillian. So there have indeed been other clients for a while.

    • Re:RIP Skype (Score:5, Informative)

      by ca111a (1078961) on Friday October 28, 2011 @02:47PM (#37872072)
      Skype was like this long before Microsoft. Fring supported video calls to Skype clients for several months, then Skype blocked it: http://blog.fring.com/en/?p=2322 [fring.com]
    • ...has a typo. It should be "since '95" instead of "since 95'". Since it talks about product quality, I figured it was worth pointing out.
  • I don't get it... (Score:4, Interesting)

    by RobinEggs (1453925) on Friday October 28, 2011 @02:12PM (#37871634)
    Skype and their PR people are calling the project "malicious" and "nefarious", but it sounds like all it does is emulate Skype, so that you can send messages to Skype users while not having a proper account

    They mention the possibility that it could be used for spam, but that sounds like blaming the tool. Is there some other way that this thing could be inherently "nefarious" that I'm not understanding? Because it doesn't look dangerous to me.

    Unless you count the risks of an independent developer making something interoperable with, and potentially better than, the original product. We all know that's a grave and terrible danger to the safety of the free world.
    • Re:I don't get it... (Score:4, Interesting)

      by GameboyRMH (1153867) <gameboyrmh@[ ]il.com ['gma' in gap]> on Friday October 28, 2011 @02:27PM (#37871830) Journal

      Could be useful for prank calls, harassment, death threats etc if it allows a user to make calls without having a Skype account at all (sounds like a serious security problem with Skype's design).

      If it's just an alternative Skype client that still requires an account, then it just prevents Skype from having absolute control over which platforms can access their network, in which case, fuck them.

      • sounds like a serious security problem with Skype's design

        ^this. Microsoft threatening when they should be coding? Never.

        • by Talderas (1212466)

          Damn. Microsoft programmers also double as their legal staff? Here I thought they would have a staff lawyers hired specifically to handle their legal needs, such as issuing DMCA notices and suing other companies. The fact that their programmers are doing this is troubling.

    • Skype and their PR people are calling the project "malicious" and "nefarious", but it sounds like all it does is emulate Skype

      Prosecution rests...

  • TinyChat Launches Dead-Simple Video Chat [mashable.com]. But I can't tell if you need to connect through their site, and they already geo-located me, so maybe you should forget them, also. I'm looking for something with a direct connection between clients

  • Hiding Something (Score:5, Interesting)

    by Zaphod The 42nd (1205578) on Friday October 28, 2011 @02:17PM (#37871712)
    An engineer buddy of mine was doing reverse-engineering work on the Skype protocol for a job he had a few years back, he would come to me with shock and tell me about how dumb and insecure the Skype clients are and how trivially easy it is to get any Skype client to work as an invisible proxy for you without that person's knowledge by just using the skype protocol.

    If they're making such a huge deal about it, you have to wonder why. They've got some problems and they'd rather have security through obscurity. *sigh*

    Does the DMCA really prevent cleanroom / chinese wall reverse-engineering? Damnit politicians just have no clue...
    • by _0xd0ad (1974778)

      He wasn't doing "clean-room" reverse engineering, though; TFA mentions that he de-obfuscated a few different versions of the Skype binary.

      • You can make "clean-room" reverse engineering while (somebody is) looking at the code. The only requirement is that the person writting your software dosen't touch the foreign code.

        You are probably confusing it with "black box" reverse engenireeng.

        • by _0xd0ad (1974778)

          You can make "clean-room" reverse engineering while (somebody is) looking at the code. The only requirement is that the person writting your software dosen't touch the foreign code.

          AFAIK he was doing it all himself.

          You are probably confusing it with "black box" reverse engenireeng.

          Actually, I was repeating what TFA said:

          For reference, it does appear that this researcher is not doing "clean-room" reverse engineering. One of the comments he writes on his blog reads, "It is because I have only de-obfuscted 3.8 and 4.1(BETA) versions of skype binary." (In response to why he isn't targeting Skype 5 support at this time.)

          Moot point, because if he's one person looking at Skype's code and then writing code to interface with it using its protocols, that's not

          • by Rich0 (548339)

            Note that you'll not see the words "clean room" anywhere in the Copyright Law. It is a fairly bulletproof way to get around any accusation that you're outright copying code and that any duplication is purely coincidental or non-creative in nature. However, it is not the only way to proceed.

            Generally copying code strictly required for interoperability is an accepted exception to copyright law, so you don't have to jump through hoops when you do it.

            Plus, the meaning of derived work is a bit murky in any cas

  • And I'm going to force all my friends who use skype to come with me.
    Ever since Skype started emulating Facebook, I've just hated it.
  • Come on Apple (Score:2, Insightful)

    by Anonymous Coward

    Publish the FaceTime specifications and protocols already, as Steve said you would.

  • Commits to open source, then commits to extinguishing it.
    http://www.tuxmachines.org/node/45131 [tuxmachines.org]

    • by Zebedeu (739988)

      Not to mention Skype:
      Commits to keeping the Linux client up-to-date but never does.
      Then commits to making a connector library available so others can implement a decent client UI (or integrate it into Pidgin/Empathy/etc.) but never does.

      Now that MS bought Skype, it's essentially dead on Linux. Oh well, at least it'll force me to do what I've been wanting to do for a while: migrate to another platform.

  • and start pointing non-technical people to it. The sooner Skype dies, the better.

  • by Jerry (6400) on Friday October 28, 2011 @09:14PM (#37875960)

    rendered on this Skype nonsense a waste of time. Talk to ten at a time, with video, using Hangout on your FireFox or Chrome browser. Kiss proprietary binaries good bye.

What this country needs is a dime that will buy a good five-cent bagel.

Working...