Can my employer "hear" my SKYPE phone calls

Discussion in 'Spyware' started by Susan, Jul 20, 2006.

  1. Susan

    Susan Guest

    Can my employer "hear" my SKYPE phone calls?
    Can SKYPE be my answer to the privacy I desperately need?

    I have a, shall we just say, long-distance relationship, with a certain
    someone in the company who is far away. Due to time-zone and family
    matters, I can ONLY call this certain someone during the day. My phone
    bills are monitored by a certain domestic someone at home. And, of course,
    at work, I couldn't use the telephone as it's not business related.

    What about SKYPE?
    Can SKYPE be my answer to privacy?

    I already plugged in a microphone and headphone and I noticed SKYPE calls
    to my friend show up as a phone number of 000012345 so I can converse with
    my friend.

    But my question is what can my employer "tell" about that connection?
    Can they "hear" my SKYPE phone calls if they wanted to?
    Do employers typically "listen" to this type of activity?

    Please advise me as this is a personal matter all mixed up with work and
    the need to remain private.

    Thank you very much for your advice
    Susan
     
    Susan, Jul 20, 2006
    #1
    1. Advertisements

  2. Susan

    Herne Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Maybe, it depends. As far as your employer being able to 'hear' the
    call-contents, the answer in short is "No." Skype calls are end-to-end
    encrypted.

    However, this does NOT mean that the calls are undetectable. Skype network
    packets can be distinguished from other network traffic if you know what
    to look for; they can also be blocked at the company firewall.
    Only incompetent and/or lazy sysadmins aren't aware of what happens on their
    networks; Skype has been getting a lot of press, and sysadmins are beginning
    to take notice. Don't count on your activity going undetected. While they
    can't hear the voice content of your calls, they will be able to tell that
    you're making some, if your network administrator is at all on the ball.

    Are you willing to put your job at risk? Remember--the employer owns the
    hardware, the software and pays for the bandwidth. Unauthorized use of
    company equipment can be grounds for termination. Even installing
    unauthorized software--i.e. Skype--can be grounds enough to get you
    turfed out, depending on how anal your employer wishes to be. (In most
    places I've worked, you'd be fired on the spot for installing something
    on their computers without authorization.)
    If you're worried about the phone bills, then go down to the 7/11 and get
    yourself a pay-as-you-go cellphone. The newer ones are small and easy-to-hide,
    and because they're pay as you go, you don't have any bills to worry about.

    Lock the phone in your office drawer if you don't want to risk bringing
    it home. Skype right now is free in North America, but only until the end
    of this year. If you get a cellphone, you can use it and no one can accuse
    you of mis-appropriating your employer's property. The worst they can do
    is give you a hard time if you're calling your friend on company time--so
    do it on your breaks, lunch hour, and after work. Is saving a few bucks
    on phone calls worth risking your employment?
    Herne <-rhei.eu.org>

    -----BEGIN PGP SIGNATURE-----
    Version: N/A

    iD8DBQFEv0Ikh0fX3LEFYPsRAh4oAKDixHkSsIb8EDsIcHNpZuLjWz3IvwCeIF+B
    nP2G+gZsos1hbz5UbIoAI08=
    =CJI9
    -----END PGP SIGNATURE-----
     
    Herne, Jul 20, 2006
    #2
    1. Advertisements

  3. (snipped the rest)

    You seem to have a problem with ethics.
    You cheat your employer and your partner.
     
    Colin Oscopy @ invalid.com, Jul 20, 2006
    #3
  4. Susan

    Quilljar Guest

    Obviously not an 'Ethics' girl :)

    Cheers Quilly

    For four good books to read look at...
    http://www.quilljar.btinternet.co.uk/covers.htm
    Buy three or four altogether and get economy postage.
     
    Quilljar, Jul 20, 2006
    #4
  5. Susan

    Lee Babcock Guest

    She posted this on the freeware NG as well. My gut reaction was like
    Quilly's, but I didn't follow through.

    Amen, Quilly!
    Regards
    Lee in Toronto
     
    Lee Babcock, Jul 20, 2006
    #5
  6. Susan

    jeremy Guest


    It is doubtful that your employer can monitor skype, but there are other
    applications that are fully encrypted and are less well-known, making them
    less likely to be monitored or cracked by employers.

    First, if you can call your friend from computer-to-computer (as opposed
    from your computer to his phone) you will have more choices. I have a
    specific application in mind that is advertising free, encrypted and does
    not leave a record of your calls and Instant Messages, because your
    communications do not pass through the Instant Messenger's server--you
    connect directly to your friends' computer over the internet. They are not
    considered "phone calls," so there is no record of when you "called," and
    how long you "talked."

    That application is BitWise IM.

    It is not well known, and I doubt that your employer could hack it. All of
    your voice and text communications are encrypted using the 128-bit Blowfish
    encryption for the free version. You can get paid versions that give you
    256-bit and 448-bit encryption, but unless you are dodging the CIA, you
    won't need them. It would take your employer centuries to hack into your
    contacts, assuming that he could even find a way to save them onto his hard
    drive.

    Your voice calls are routed through any other user's computer or through
    BitWise's server. That reduces lag time and increases security. It also
    uses a very efficient auto standard, and it works on dial-up Internet
    connections as well as broadband. But it DOES require that you both connect
    via your computers--you can't just dial his phone number and talk. You both
    will require headset/microphone combinations, but they are available
    practically anywhere.

    Again, the major advantage is that, if any record exists at your employer's
    system at all, it is that your computer connected with your friend's IP
    address. What transpired during that connection is anybody's guess. For
    all anyone knows, you were just browsing an Internet web site.

    There will be a little bit of setup required--you will both have to adjust a
    couple of sliders to optimize the sound. Once you get it the way you want
    it, you're all set permanently. You can connect for voice, text messaging,
    conferencing (doubtful you'll want to add additional people to your
    connections, but one never can tell . . .), offline Instant Messaging (you
    can leave the equivalent of emails for each other, that appear when the
    other party signs on. There will be no record in your personal email box at
    home or at work!)

    In summation, if you want maximum security, you should go with a system that
    leaves no audit trail. Unlike Skype, there is no "phone bill" or list of
    calls that might embarrass you months or years into the future, if someone
    were to subpoena them. And you want encryption, to ensure that what passes
    between you and your friend remains encased in a bullet-proof "envelope."
    That way, it cannot be intercepted and used. Anyone else that were to
    intercept it would have only gobbledygook. Remember that the Internet is
    not like a phone connection, where you have a private circuit. On the
    Internet, your information passes over numerous networks and may be
    intercepted at multiple points. Encryption neutralizes this risk.

    The application is free. Here is the link:

    http://www.bitwiseim.com/features.php

    Best of luck, and I hope you find this information is what you are looking
    for.
     
    jeremy, Jul 20, 2006
    #6
  7. Susan

    jeremy Guest

    I neglected to mention one very important feature of BitWise:

    You can run BitWise from a CD or DVD. You do not have to install it on your
    office computer. If your boss audits the applications you have on your hard
    drive, there will be no trace of this one. When you leave work, you can
    either lock up the disk or take it home with you.

    You can also use it on multiple computers when run from your disk.

    Imagine a telephone that kept no record of the calls made, and one where the
    "telephone" could be made to disappear, and reappear on demand . . . They
    can't find anything on you when nothing is there.
     
    jeremy, Jul 20, 2006
    #7
  8. Susan

    Herne Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - From their webpage:

    BitWise Plus additional capabilities

    * Blowfish encryption raised to 256-bit from 128-bit.
    * RSA encryption raised to 1024-bit from 512-bit.

    I'd hardly call 512-bit RSA secure... the RSA-155 (512-bit) factoring
    challenge was cracked in 1999. 512-bit keys are little better than 'toy'
    category now. The workfactor for these is now well-known--well within
    the capabilities of any major coporation using spare workstation time.

    Personally, I'd consider that 1024 RSA public keys are on the shaky side
    now... 2048 or 4096 RSA keys would be much better. CPU cycles are
    cheaper than ever these days, so a few extra minutes generating them isn't
    going to cause anyone any grief.

    Herne <-rhei.eu.org>

    -----BEGIN PGP SIGNATURE-----
    Version: N/A

    iD8DBQFEv9Cdh0fX3LEFYPsRAp2pAJ9r6lH3Zs/A5nwEtnSAe3lepOXmaQCePrRd
    +/Kg5rZEV/NigYq82/V/dqg=
    =7G3A
    -----END PGP SIGNATURE-----
     
    Herne, Jul 20, 2006
    #8
  9. Susan

    Susan Guest

    Oh good. I think you are saying my SKYPE calls are protected because they
    use some kind of security between the two SKYPE programs.

    Does that mean that even if my employer saved all the VOIP communication
    between the two of us, that they would not have the "security key" to
    actually listen to the words we spoke?

    Is that what you are saying?
    Susan
     
    Susan, Jul 20, 2006
    #9
  10. Susan

    Guest

    Susan wrote:
    If you're going to talk about hiding an affair while at work don't use
    the same email address you use to post a job bulletin with.

    Two click in Google Groups yields a lot of information and someone
    could decide to impose their moral code on you and give Livingston
    Enterprises a call.

    Years ago I had two co-workers caught doing something just like this.
    The IT people said it was "nothing big" to monitor their machines once
    they noticed a lot of traffic.

    Do what the terrorists do. Go to Target and buy a prepaid cell phone
    with cash.
     
    , Jul 21, 2006
    #10
  11. He may well be saying that, but a mob in China, IIRC, recently broke the
    Skype encryption, so it's not secure anymore.

    Also, as a BOFH and PABX tech, I have been required to track usage of
    both the 'net and the 'phone. The 'net is just like the 'phone, at
    work, you often get to use it for a limited amount of personal stuff,
    but not freely. If a user starts chewing up "too much" bandwidth/making
    "too many" or "too long" calls, I would know about it, and so would that
    staffers manager.

    You'd be better off paying cash (untraceable) for a pre-paid mobile SIM
    card (untraceable), and stashing that in your desk, changing it over in
    your mobile when you wanted a chat.

    Cheers,
    Gary B-)
     
    Gary R. Schmidt, Jul 21, 2006
    #11
  12. Susan

    TwistyCreek Guest

    If your employer is the nsa, yes, they can hear everything.

    If your " long distance friend " is hezbollah, yes, the nsa can hear
    everything.

    If you have any association whatever with radical liberal groups, yes,
    the nsa, homeland, interpol, cia, everybody can hear everything.

    Any questions?

    Kenny G.
     
    TwistyCreek, Jul 21, 2006
    #12
  13. LOL, this could be the funniest thing I have seen in a while. Sad but
    true...
     
    Jonathan Roberts, Jul 21, 2006
    #13
  14. Susan

    Susan Guest

    Oh my. Is this the summary.

    1. The employer can "see" SKYPE calls but not "hear" them.
    2. Unless they "tap" your sound card (is that hard or easy on a network?).
    3. The SKYPE encryption has been broken.
    4. It's safer to buy a cell phone and sim card.

    I didn't think about the cell phone idea.
    Are you saying I can get a phone with TWO sim cards. One for my normal use
    and one for my, shall we say, personal issues?

    If I switch from one sim card to the next, does that guarrantee me being
    anonymous? That is, if a certain someone at home were to flip through the
    cell phone with the "home" sim card in, would he be able to see the calls
    made from the "personal" sim card?

    I'm so confused but I do revere your advice,
    Susan
     
    Susan, Jul 21, 2006
    #14
  15. Susan

    TwistyCreek Guest

    Yes you are.

    Kenny G.
     
    TwistyCreek, Jul 21, 2006
    #15
  16. Susan

    Tim Smith Guest

    Get a prepaid cell phone and use that.
     
    Tim Smith, Jul 21, 2006
    #16
  17. Susan

    Tim Smith Guest

    They don't need the key. They have this:

    "Tell us who these calls were to, and what they were about, or you
    are fired"

    That works as good as having the key.
     
    Tim Smith, Jul 21, 2006
    #17
  18. Susan

    Charani Guest

    My thoughts as well. It would appear that her partner's already got
    her number if he's already monitoring her. A divorce lawyer and a new
    job nearer her virtual lover would be better advice than how to
    further her betrayal.
     
    Charani, Jul 21, 2006
    #18
  19. The employer can easily "see" them, and with some effort "hear" them.
    Unless you set the 'phone to do things. everything is stored _only_ on
    the SIM card. Of course, if you leave the 'phone laying around and
    someone is suspicious it is possible that they might change the settings
    on the 'phone, so it's probably better to do as one of the other posters
    suggested, buy a 'phone just for this and stash it at work, or somewhere
    else that is "secure".

    Cheers,
    Gary B-)
     
    Gary R. Schmidt, Jul 21, 2006
    #19
  20. Susan

    Susan Guest

    Thanks everyone.
    I have one more question.

    If I use a cell phone with a pre-paid sim card that keeps the records in
    the sim card, then I would guess that the permanent records at the phone
    company would indicate exactly which phone used that card (probably by the
    serial number of the phone?).

    Assuming the permanent records tie the sim card to the telephone by
    telephone serial number, if we remove the first sim card and put a second
    sim card into that same telephone, wouldn't that second sim card also be
    recorded as having been used by that telephone serial number?

    My point is, wouldn't someone knowing the first telephone number from the
    first sim card then allow them to find the records of ALL phone calls made
    from all sim cards ever put in that phone since the phone has only one
    serial number?

    Isn't the telephone serial number a weak (identifiable) link that negates
    the "privacy" afforded by the second pre-paid sim card?

    Does this question make sense?
    Susan
     
    Susan, Jul 21, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.