Quote from: tree on April 26, 2013, 10:13 pmQuote from: pine on April 24, 2013, 04:32 amPine believes something slightly different, which is the above (Legal Intercept) is used for regular policing (Skype's main source of LE income), but that the FBI and DEA have *realtime access* (used for terrorism, drug smuggling) to a different system which involves a program called a RAT or Remote Access Tool that when deployed to your Skype's backdoor allows all manner of extra goodies to be had, including your keystrokes. It is unnecessary to involve a supernode because they have your plaintext (which is why "logging" is the right word vs "intercept"), although they have access to your session keys too if need be, and basically all manner of data is vacuumed out of your machine and into theirs.Like I have already said, I cannot know whether they are using Skype for mass surveillance, although this is to me a far from unlikely possibility. I do know they are using Skype as a resource to gather information on individuals. Given everything I have posted, I believe it would be a good move for SR users not to be using Skype to talk about the Silk Road, nor to have the program running in the background.Why would Skype be monitoring all your activity? Wouldn't it be easier if it was simply windows that did all the job? And I agree talking about SR on Skype or MSN or any conventional real-time chat client isn't a wise move, but if Skype went as far as keylogging, would it really stop doing so if you didn't let it run in the background? It's still interesting to know that Skype is monitoring your conversations, but I think they were basically telling you they were in their privacy policy, or they didn't tell you they didn't at least. Nobody should talk about about illegal stuff or the SR on conventional chat clients anyway, PGP or OTR should be used for that.Quote from: pine on April 24, 2013, 04:32 amQuote from: tree on April 20, 2013, 10:15 pmYour articles don't say anything about Skype being able to record your every keystroke when not using Skype.Just to let you know, I found a link which explains some of what I was getting at, in that there is no magic isolation between GUI programs on your desktop, most people, including computer people appear to assume there is, but there is not.QuoteThere certainly is one thing that most Linux users don't realize about their Linux systems... this is the lack of GUI-level isolation, and how it essentially nullifies all the desktop security. I wrote about it a few times, I spoke about it a few times, yet I still come across people who don't realize it all the time.So, let me stress this one more time: if you have two GUI applications, e.g. an OpenOffice Word Processor, and a stupid Tetris game, both of which granted access to your screen (your X server), then there is no isolation between those two apps. Even if they run as different user accounts! Even if they are somehow sandboxed by SELinux or whatever! None, zero, null, nil!The X server architecture, designed long time ago by some happy hippies who just thought all the people apps are good and non-malicious, simply allows any GUI application to control any other one. No bugs, no exploits, no tricks, are required. This is all by design. One application can sniff or inject keystrokes to another one, can take snapshots of the screen occupied by windows belonging to another one, etc.If you don't believe me, I suggest you do a simple experiment. Open a terminal window, as normal user, and run xinput list, which is a standard diagnostic program for Xorg (on Fedora you will likely need to install it first: yum install xorg-x11-apps):$ xinput listIt will show you all the pointer and keyboard devices that your Xorg knows about. Note the ID of the device listed as AT keyboard and then run (as normal user!):$ xinput test idIt should now start displaying the scancodes for all the keys you press on the keyboard. If it doesn't, it means you used a wrong device ID.Now, for the best, start another terminal window, and switch to root (e.g. using su, or sudo). Notice how the xinput running as user is able to sniff all your keystrokes, including root password (for su), and then all the keystrokes you enter in your root session. Start some GUI app as root, or as different user, again notice how your xinput can sniff all the keystrokes you enter to this other app!http://theinvisiblethings.blogspot.se/2011/04/linux-security-circus-on-gui-isolation.htmlInteresting article pine, it could explain this whole Skype keylogging thing but as I said before, if it were doing it, it would also be doing it while you're not running it. And your article is only about Linux, does the same work on other OS's as well?