Skype flaw exposes users’ location, identity

Flaws in Skype and similar Internet phone systems could potentially disclose the identities, locations, and even digital files of hundreds of millions of users, a new study finds.

Researchers at Polytechnic Institute of New York University (NYU-Poly) and colleagues in France and Germany will present the findings at the Internet Measurement Conference 2011 in Berlin on November 2, 2011.

Keith Ross, a professor of computer science at NYU-Poly, explains that the team uncovered several properties of Skype that can track not only users’ locations over time but also their peer-to-peer (P2P) file-sharing activity. Even when a user blocks callers or connects from behind a Network Address Translation (NAT)—a common type of firewall—it does not prevent the privacy risk, he says.

The research also revealed that marketers can easily link to information such as name, age, address, profession, and employer from social media sites such as Facebook and LinkedIn in order to inexpensively build profiles on a single tracked target or a database of hundreds of thousands.