Arnt Gulbrandsen
About meAbout this blog

Skype

I like Skype. It has a user interface that lets people do what they want with a minimum of fuss. Very good. And it uses Qt, which always gives me a warm fuzzy feeling. But I won't use Skype.

One problem is that Skype doesn't give me a phone number to accept incoming calls. I could call normal phone numbers using the skypeout service, but there is no corresponding "skypein".

Much worse is that Skype may choose to use lots of my bandwidth to benefit other Skype users. Skype's privacy agreement mentions it: From time-to-time your computer may become a Supernode. [...] Supernodes may assist in helping other users to communicate or use the Skype Software efficiently. [Your computer may help] facilitate communications between other users [...] who, due to network and firewall constraints, cannot establish direct connections.

My office has a 100Mbps connection and is just two hops from a default-free router. Obviously a supernode. But Skype doesn't know that the connection is metered, so every byte Skype sends or receives appears on next month's bill.

Supernodes are directory servers. If there are 13 million Skype users and each directory server has a full map, that'll be a lot of bytes.

When two firewalled Skype users want to talk to each other, Skype sometimes relays the entire call via a supernode. In Niklas Zennström's words: Dependent on the firewall status of the client the data stream is set up either as UDP (if firewall allows) or in worse case as outgoing TCP which is almost always allowed. If both clients are only allowed to do outgoing TCP calls are routed through another peer. How common is that last case, and how often is that other peer me? I'd hate to find out the hard way.

Skype has some good features, but its bandwidth usage is based on other people's desires, not on my own. That's O(wrong) and scares me.

Since I'm writing, I thought I'd also mention that Skype's encryption seems to be mere obfuscation. According to Zennström, showing anyone the source code would make its strong 1024 bit encryption and security vulnerable. Right.