18 June 2006

[Mac+Linux] Skype privacy bug

If you are a Yahoo! Messenger or MSN Messenger user (no I don't use their respective clients), what do you expect happens when you do not log-off from one machine and log-on with same username from another machine? The usual case is that the first session is broken and a new session is created with the second machine. Pretty normal behaviour as you might not want another person to read what you are talking about with your contacts and moreover you are not on that machine anymore. Guess what, it doesn't happen with Skype. Atleast not when you are behind a router and on the same network.

I noticed today that the session on my desktop (PC1->linux) did not log-off when I logged-in to Skype from another machine(PC2->mac) using the same user name. I was expecting it(PC1) to say that my session has been closed as I had logged on from another machine (PC2). Anyway, as I was just chatting with my contact sitting in the other room under the same network, I didn't pay attention. But it was when I went to PC1 to find a file that I noticed that the whole chat session was being copied on the screen of PC1 too! Imagine this if you are at a public place like a common computer lab in school. What happens if somone somehow guesses/hacks/steals your password. The person can happily logon using your username and password and sit back and see what you are typing and receiving!!

This behaviour of Skype (haven't tested on Windoze!) is critical privacy and security bug. This is a basic feature which almost all messaging clients have by default. Why can't Skype just kick off the user's first session and authenticate him again to start a new one? I don't know if Skype's Windoze version behaves like this. I hope they read this and get the so called "team" of Skype-Mac and Skype-Linux to atleast fix this bug even if they aren't coming out with new releases for Mac & Linux. With the slow development of Skype on Mac and Linux, this stupid bug and the emergence of "free" and open source Wengo(go check out their cute intro), I think I might not be using Skype for long.

No comments: