what's the big deal?
What's the big deal if someone else can find your ip? I find it very humorous that people go out of their way to obscure things like mac addresses, host names, and even IPs (especially internal IPs). Sad too.
Code posted online that can skim the last known IP address of users is being checked out by Skype as a possible security flaw. The software, posted on Pastebin, works on a patched version of Skype 5.5 and involves adding a few registry keys that allow the attacker to check the IP address of users currently online without …
Tracked?
I cycle the power of my fiber box very, very often (as in, power it off when I'm not using the internet). My ISP also provides me a dynamic IP address with every power cycle, since they're greedy and you need to buy a business package for four times the price to get a static IP.
I do feel sorry for the guy who gets my IP address after my modem is turned off tho. Know how that felt- one time I was banned from IRC because one of the previous users of the ISP who got the IP went into the server and acted like a d**k.
"....you won't mind if I take your home address...." There's a bit of a difference between having someone's IP address and their actual home address. At best, if they're on a fixed IP address, you still have to find a means to relate that into a physical home address. If you're worried you can always ask your ISP to change your IP address, and if you're on a DHCP service you can simple release/renew to get a new IP address anyway. If you're really worried, disconnect and make yourself a bigger tinfoil hat.
Having said that, you're probably of very littel interest to anyone other than Google, and they've probably already slurped your WiFi and left an hundred-and-one cookies in your browser, all telling Sergey all he wants to know about your online habits.
Why do I have to keep repeating? It's not the cookies in your browser, it's the data they get about you from the stat utilities they run from the websites that's the problem. Which is why you don't have to be using a Google account for them to get data about you?
"Real address can be resolved with complete accuracy via a dynamic IP - by direct request to the ISP...." Yeah, you just go try that then, see if you get an address out of them. A law-enforcement agency might, working within the legal guidelines of the country involved. So not a problem in the UK or US or most of the Western World where there are strict legal guidelines for such activity, and if you're likely to be of interest to the law anywhere else then they've probably already got all kinds of filters and tracking on your local Internet anyway (think China, Iran, etc). Western police can get a warrant to tap your Skype any time they have a legal argument to do so, along with all your other electronic communications, no need for Skype hacks.
"....Chanting "tinfoil hat" like an infantile "abracadabra" will not make reality go away...." Living outside reality because someone told you it's cool to "fear the Man" is beyond infantile. I can just about guarantee that no matter how big a rebel you think you are, you're probably of zero interest to anyone of authority. They have finite budgets and resources and a lot bigger fish to fry.
Being a P2P system skype needs the other person IP to communicate directly. There will always be a way of extracting the destination IP with Skype. If Skype fixes the bug which allows extracting it from Skype itself you can still sniff network traffic and see where it goes.
True, you can't stop someone finding the IP address of a person they are talking to, but this goes beyond that and effectively provides a handy surveillance tool. With this anyone can find out what IP address (and port number, going by the blog) a person is currently operating from, without alerting that person of the sniffing.
Definitely a security flaw.
However, Skype could block the exchange of IP addresses until both parties agree to accept the call
Something like this
1) The caller contacts Skype's servers, and asks to connect to the receiver,
2) Skype contacts the receiver and asks if the the receiver is willing to take the call
3) If yes, then, and only then does Skype inform the caller and receiver of each other's public IP addresses.
It does add more work to Skype's servers (rather than being listing service), and is slightly less resilient if the servers go down (as a listing service the caller could try asking at the receiver's last known IP address).
If you have the application on your disposal the algorithm is there to be crack open. Long are days gone when I used to disassemble programs but there is nothing so hard developed since then. Even games running game-guard, etc get their protocols cracked
If there is any real and profitable opportunity I bet skype will be just exposed.
I had a hilarious moment in 2010, I wanted to phone ComReg in RoI before I crossed the border to check something.
I was told that to direct dial from the hotel (in NI) would cost a fortune, and that my mobile would cost a fair bit, too.
I decided to call my Brighton SkypeOut number to call the RoI and take it from my Skype credit at something like 1.1p a minute.
Calling RoI from NI via England. Woohoo.
(Of course, ComReg didn't have anyone in the department I needed, so I ended up trying a backup plan and seeing if Ofcom could advise me, which they grudgingly did)
I'm moved to the US, and found Skype2Go/Skype out to be one of the least expensive options for calling from my US mobile to a UK mobile, yes, you can get deals on international calling from US mobile to UK landline, but interantional mobile to mobile, well I couldn't find many lower cost options, and I refuse to give AT&T any more many than I need.
I used Tango now as well, if I'm on WiFi, and the other person I'm calling is on WiFi, it is in esssence free, and has few neat tools, I also found the audio better than Skype.
I've been using voipstunt for the better part of 10 years now. Rates to mobiles in the UK are only marginally cheaper than Skype, but calls to landlines are free*, and so are calls from the UK to my VoipIn number, which automatically redirects to my US cell phone. I don't even use the Voipstunt client - I call a US number which forwards the call (no shortage of free minutes on my calling plan).
(*It costs about $16 to get a topup that give you 120 days of free calls to landlines. If you make an hours worth of calls to mobiles in any 4 month period, you basically get free landline calls, and free inbound calls).