4

I configure my OS so that it sends all traffic over the Tor (assume that, I configure Tor like proxy).

I use Tor (which does not support UDP) and Skype (which uses UDP).

My questions are:

  1. Does that mean my IP can leak to the skype.com?

    Can skype.com or other Skype users see my IP?

  2. Are there any other leaks?

    For example, whether in this case the IP leakage DNS? Because DNS requests often go to bypass.

If yes/not - why? And if answer is yes - how can I solve these problems?

Community
  • 1
ideloxew
  • 497
  • 1
  • 5
  • 16
  • Skype *will* leak the IP to your friends/contacts when they try to call you. Skype *may* leak your IP, if you allow direct connections from everyone else who is not in your contacts. Skype traffic is not going to go through TOR so it's bypassing it. Skype recently made it harder for people to get your IP address, when they are not in your contacts. – GiantTree Jun 03 '16 at 13:36
  • 1
    As a side-note, wouldn't this question be better suited for the Tor SE? – WorseDoughnut Jun 03 '16 at 13:53
  • @WorseDoughnut yes, maybe it's be better suited for the Tor SE. Is there any ways to change root directory of question for Tor SE? – ideloxew Jun 03 '16 at 14:35

2 Answers2

4

I'm not sure it's documented anywhere exactly what info is collected and sent back to MS via Skype, but to quote Tor's wiki page on IM software:

Skype usage is highly discouraged. It can be used for leak testing purposes as it's very good with firewall tunneling. Skype is closed source and users have no control over the encryption keys used. Skype can therefore decrypt and monitor communications arbitrarily. It is unwise to communicate in an unsafe manner over Tor. Skype also collects a large amount of personal data and reports back to a central server.

I've also seen posts that Skype blocks Tor exit relays. But i have no links to an official Skype / MS response to that allegation (big surprise there).

WorseDoughnut
  • 761
  • 5
  • 18
  • 3
    The main concern is Skype's "holepunching" trick, which involves sending spoofed packets in different directions to/from a broker service in order to trick NAT routing tables into allowing direct communications between two users' clients. At best, this will stop Skype from working. At worst, it'll leak your real IP and call data outside Tor. – Polynomial Jun 03 '16 at 13:57
  • @Polynomial is any ways to solve this problem? Should I use firewall, for example and restrict all connections exclude over Tor? If yes, how to do this? – ideloxew Jun 03 '16 at 14:39
  • 1
    @ideloxew Nope. Consider an alternative communications system like Redphone. – Polynomial Jun 03 '16 at 14:45
  • @Polynomial Can you explain your answer, please? Why it's not possible restrict all connections exclude Tor connections by firewall? I need use Skype for some reasons (my partners use only Skype) – ideloxew Jun 03 '16 at 14:50
  • 1
    @ideloxew Because Skype's NAT holepunching tricks explicitly try to force a direct connection between two endpoints, which is directly incompatible with how Tor works. On top of that you've got the problem that Skype will store historical call logs on their servers, which isn't much use if you're aiming for anonymity and privacy, especially if you've ever been logged into your Skype account on any machine that wasn't 100% locked down to only communicate through Tor. It's not a system designed for privacy or anonymity at all, and tacking Tor on top won't help you much. – Polynomial Jun 03 '16 at 14:59
  • 1
    @ideloxew Not to mention the fact that if you somehow did force Skype to tunnel through Tor (e.g. put the Skype box behind a Tor router appliance) I'm not sure Skype would even let you make a call to someone else who did the same, because you can't get direct communications between the two. – Polynomial Jun 03 '16 at 15:00
  • @Polynomial Thanks for the answer! I have a few clarifications: 1. You said: «Skype's NAT holepunching tricks explicitly try to force a direct connection between two endpoints, which is directly incompatible with how Tor works». This problem only Skype or such leakages possible in any software? If so, does this mean that Tor is insecure by design? = continued in next comment = – ideloxew Jun 03 '16 at 15:47
  • @Polynomial 2. You said: «if you somehow did force Skype to tunnel through Tor (e.g. put the Skype box behind a Tor router appliance) I'm not sure Skype would even let you make a call to someone else who did the same, because you can't get direct communications between the two» If I use chain MyPC -> VPN(MyOwnVPS) -> Tor -> Proxy -> Skype can it solve this problem? Because we have 2 «normal» endpoints and Skype even doesn’t ot know that I use Tor. = continued in next comment = – ideloxew Jun 03 '16 at 15:48
  • @Polynomial 3. Still have this question: it is possible to use native firewall (for example, Windows firewall) and block all connections exclude Tor? I understand that maybe this will stop Skype from working. But it’s not priority point. I afraid only leakages that can be done by Skype. – ideloxew Jun 03 '16 at 15:49
  • 1
    This is a entirely additional question which isn't really a security question; it's a Skype configuration / computer setup question. Somewhat off topic here, and far too much to cover in the comments section. – Polynomial Jun 03 '16 at 15:50
  • 1
    @ideloxew if you have more Tor specific questions, try asking them in the Tor.SE site instead. – WorseDoughnut Jun 03 '16 at 15:51
  • @Polynomial my question number 3 (in comments) security related. Because it's about firewall, not about only Tor. Concerning other questions, I think yes, it will be better to post in Tor directory. Thanks. – ideloxew Jun 03 '16 at 15:57
0

Skype itself must be installed in a dedicated VM with nothing else on it to prevent attacks and data leakage. Tor router must drop all the UDP packets, so Skype will fall back to TCP. And in this case the only problem is that Skype calls can be wiretapped by Skype itself. No other data leaks will be possible

Alexey Vesnin
  • 1,565
  • 1
  • 8
  • 11