Andrew Ford Lyons · @drew3ooo
23rd Oct 2013 from TwitLonger
Good to see #skype debate on #safetystream with @BaghdadBrian @pressfreedom and others. Got to tweet longer here. At the @rorypecktrust site we've put the following:
"Instant messaging, file sharing and VOIP services such as Skype are increasingly popular amongst freelancers as a safe and (usually) free way of communicating online. However, in the past year doubts (http://bit.ly/162mczl) have been made about the security of Skype (http://bit.ly/V5xeYO) and so you may want to consider a safer alternative VOIP programme."
Some alternatives (for mobile) that we added are:
OSTel
CSipSimple
Redphone
(https://rorypecktrust.org/Resources/digital-security/avoid-being-monitored-online)
Having used Redphone, I find it really easy, but even in a well networked city, it's got some latency issues, and you still need to educate the other party, because it's end-to-end, and we're talking about journalists working with sources, not net tech geeks talking to one another.
If you want to have a live electronic conversation that's more secure, I still think text-based chat may be the more efficient way to go.
With regards to Doug's Frontline post (http://www.frontlineclub.com/top-14-tips-for-secure-mobile-communications/), it's important to note that it's written from a mobile network perspective (02, Orange, Vodafone, T-Mobile, etc.). From a purely mobile network view, Skype data may not be decipherable. From the view of a moneyed intelligence agency with back-end access to Skype, that's not the case.
Personally, I believe in need-based, conditional privacy practices which encourage the user to consider what they're doing and what they're got available to do it.
Putting faith in technology simply because it ticks boxes (open source, OTR, what have you) can come back to haunt you. A burner Skype account using a profile that's not connected to you may get the job done depending on what that job is.
Using something else, such as Red Phone, can encrypt conversation but what you may need to do is hide the fact that a device is sending encrypted data, or that the device is owned by you.
On a long enough timeline, a person starts building up a trail on the internet no matter the device or software they're using. It's important to be able to dip into a privacy mode and then get back out of it again, and realize that while we'd all prefer to have a right to privacy 24/7, that's not the current reality of the world in which we're all doing things.