Is that supposed to make us feel better? There was a time when Skype actually was secure, before they changed it to allow "legal intercept", but even after they did that they still refused to admit that they allow governments to have access to people's conversations.
I'll never forget reading in the damn New York Times a week before Snowden leaks came out about how secure Skype was for dissidents and journalists, and I only remember that because it pissed me off to much that mainstream media was so clueless about its security. They still thought Skype was P2P even then. But part of that blame goes to Microsoft for continuing the illusion that they have that kind of security, when they didn't. Even Vice was recommending the use of Skype for secure conversations against governments when the whole McAfee thing happened.
At the very least, I hope people know better now. Also, maybe it is just a little different with Skype. I don't know if anyone else considers allowing the interception of their users' private conversations as a "team sport" [1]. The fact that NSA was willing to pay billions [2] for a Skype eavesdrop solution may or may not have something to do with the fact that Microsoft threw $8.5 billion on the table for Skype, even though the second largest bid from Google only went up to $4 billion (remember when everyone was so confused over why Microsoft would pay that much for Skype?). Also very interesting that Microsoft had a "legal intercept" patent for Skype, before even bidding for it [3]. Who does that?
If we look at when Microsoft added Skype to PRISM we also see it happened just a month after they said they would acquire them (announced in May 2011, ready for PRISM in June 2011), but before the transaction was even official [4]. It's all a very "interesting" series of events, to say the least.
Of course it wasn't absolutely secure, but it was designed against large scale interception and against the insider threat of lawful-interception orders.
Supernodes could not always listen. The actual traffic was always direct P2P unless a direct connection could not be established due to e.g. NATs or firewalls, in which case supernodes would be used as relays. Research into NAT traversal and P2P connectivity a few years ago indicated that about 85% of peers could be connected to directly, so most traffic was not via supernodes.
Even now the majority of non-mobile traffic seems to be direct P2P. I know because I checked using packet sniffers. In fact, even supernode traffic is P2P. Checking my router logs, I can see a number of connections made to Skype even when I'm not using it, which I presume is my machine being used as a supernode.
Since there is no key exchange and end-to-end encryption, anyone can always listen, if on a network through which a Skype stream passes. There's merely a higher opportunity to do so when running a supernode.
If a government does intercept all ISP traffic, they can listen in anyway.
I'm not sure there is no key exchange... Last I looked into Skype's security, not only was the traffic encrypted, the binary itself was also heavily obfuscated, so nobody knew what was going on. This was half a decade ago, though, and lots of things have changed since then.
That still doesn't change anything. There is (and never was) secure key exchange between contacts: if there was, it would be have to be explicit and you would've noticed.
The traffic might be encrypted, but the receiving party isn't the only one with the key. At the very least, the Skype service intermediated the key exchange.
There was NEVER a time Skype was secure for people going against law of any kind. Unless you were clueless, you could ALWAYS expect your data to be handed to the authorities in case an investigation was ongoing. This is how things work in the real world of companies, government and law.
I think we are confusing "mass surveillance" and "bulk access" (all without probable cause in NSA's case) with lawful information sharing in criminal cases. I don't support the former the least but the later is a requirement. Please try to imagine a world where law enforcement could work efficiently if companies could simply tell a judge to f* off and withhold data that would help in an investigation (a lawful, very specific case... not the ghost hunts that the US/NSA/CIA does).
People have lost perspective with the NSA scandals and want to throw the baby with the bathwater. This is short sighted.
I'll never forget reading in the damn New York Times a week before Snowden leaks came out about how secure Skype was for dissidents and journalists, and I only remember that because it pissed me off to much that mainstream media was so clueless about its security. They still thought Skype was P2P even then. But part of that blame goes to Microsoft for continuing the illusion that they have that kind of security, when they didn't. Even Vice was recommending the use of Skype for secure conversations against governments when the whole McAfee thing happened.
At the very least, I hope people know better now. Also, maybe it is just a little different with Skype. I don't know if anyone else considers allowing the interception of their users' private conversations as a "team sport" [1]. The fact that NSA was willing to pay billions [2] for a Skype eavesdrop solution may or may not have something to do with the fact that Microsoft threw $8.5 billion on the table for Skype, even though the second largest bid from Google only went up to $4 billion (remember when everyone was so confused over why Microsoft would pay that much for Skype?). Also very interesting that Microsoft had a "legal intercept" patent for Skype, before even bidding for it [3]. Who does that?
If we look at when Microsoft added Skype to PRISM we also see it happened just a month after they said they would acquire them (announced in May 2011, ready for PRISM in June 2011), but before the transaction was even official [4]. It's all a very "interesting" series of events, to say the least.
[1] - http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-c...
[2] - http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_...
[3] - http://www.networkworld.com/community/blog/microsoft-patent-...
[4] - http://upload.wikimedia.org/wikipedia/commons/c/c7/Prism_sli...