Privacy group raises concerns over Skype

Privacy International, a nonprofit privacy watchdog, this week pressured voice over internet protocol (VoIP) provider Skype to address concerns over the security of its services.

In a statement, Privacy International said it has reviewed Skype's technology and identified a number of security deficiencies that place users at risk. Specifically, Skype's interface uses full names on its contact list instead of usernames, making it easy to impersonate others, the group said.

Also, Skype does not protect downloads from its website with HTTPS, an encryption protocol that prevents the unauthorized hijacking of private sessions, according to Privacy International. Skype's failure to provide HTTPS for downloads from skype.com could allow an attacker to trick users into downloading trojan-infected versions of Skype.

“If the company cannot address and resolve these issues for those who are seeking secure communications, then vulnerable users will continue to be exposed to avoidable risks,” Privacy International said. “Currently, adversaries can find ways to defeat Skype's security.”

A spokesman for Skype told SCMagazineUS.com on Thursday that the company will examine the issues Privacy International has raised and contact the group.

"Privacy International has not been in touch with us so it will take us some time to read and digest the report before we are in a position to respond,” according to a statement. “Skype takes these issues seriously and aims to provide users with the best possible levels of privacy and security."

Skype, founded in 2003, is used by 23 million individuals worldwide during peak times, according to the company's website. During the first half of 2010, Skype users made 95 billion minutes of voice and video calls.