Mageia forum

I just had a very strange and troubling experience with Skype.

I finished a cam to cam voice conversation with a friend, and we disconnected. She then texted me that she could see my computer desktop and could see what I was doing on the computer. She even told me what it was I was doing.

Does anyone have any knowledge of this? I did not know I could even set skype to show my desktop, and the idea that what is on my desktop is leaking onto the internet is absolutely unacceptable.

As I explore this a bit, I find that in skype options/public api, there are settings for "enabled transports", and both X11 and dbus are selected...and I am unable to de-select them; they don't respond.

Having X11 available as a "transport" makes me think of X forwarding, and what happened here had to have been an example of X forwarding in action.

Well, as the sayying goes: Don't use proprietary stuff as you'll never know what it really does ...

I'd also worry about dbus transport being available, you can do all sorts of nasty stuff it it exposes your user dbus session, or even worse, the system dbus session ...

For the screen sharing, could be a bug related to compiz. Actually screen sharing is a premium feature nowadays from what I read.
Also there are all sorts of bugs and glitches related to screen sharing, even on windows. Just google for it.
You may want to look at https://wiki.archlinux.org/index.php/sk ... ring_Skype
Or don't use skype directly, but use any of the alternatives if you don't require skype audio/video chats.
E.g. the pidgin plugin for skype or https://imo.im

Totally apart from that, you didn't mention what version of skype you're using.

Everyone is now using skype 4.3.

And I would love to stop using skype. But too many people that I communicate with use it.

But leaking the desktop onto the net??? OMG!!!

This needs to be published everywhere.

Wow. Just wow.

Thanks for that link dok. Very interesting read, skype sending encrypted info even when not in use? As a MS company, I would like to think that it would never do anything of concern...but......How can you be sure? Rhetorical

The older I get, the more I appreciate open software.

jiml8 wrote:But leaking the desktop onto the net??? OMG!!!

This needs to be published everywhere.

Feel free to post a link here afterwards. Microsoft won't care, since they closed the public Jira instance where you could report bugs, and when they even don't give a damn about potential paying windows customers, good luck convincing them to care about some niche market that they don't really support at all.
But maybe some shitstorm is what they need ...

But to be honest, if they transfer your desktop contents and you cannot see it, how do you want to tackle that?
It's pretty simple - if you don't trust it to care about the informations it could see, don't use it. Pretty easy rule of thumb.

Yes, that is a very useful link, Dok.

For the time being, I am taking the path of least resistance, which is to deploy a virtual machine specifically for skype. Thus, it can live in its own little world and not be able to see my real system.

I will investigate less resource-intensive (but more time intensive to set up) solutions at a later point.

I am also emailing computer journalists all over the place; maybe someone will be interested.

Ive also removed it from my computers,
had been looking around for an alternative for a while.

had started using jitsi, and although it does not have the skype protocol,
it does integrate with msn, FB, accounts etc like pidgen does.

regards peter

I just had another conversation with my friend, in which I asked her exactly what it was she saw.

I was mistaken; I thought she was seeing my desktop when what she was seeing was a conversation I was having with another person on another technology. She was seeing BOTH sides of that conversation, and this went on for about a minute.

This would indicate that dbus information was being sent out.

Hmmm, but dbus is basically only a message bus for IPC - what transported the video signal?

I do not normally use video calls with skype (more on audio calls only) but my question(s) are:

1. I do not believe that this may occur out of the box but if I or the other end initiated a voice only call, is there an exploit malicious users can use to expose the same behavior exhibited on a video call?
2. If I did a video call, ended a call and quit (right click on skype icon and select "quit", would it still transmit video signals over the internet? Restarting could be the easiest solution but of course not everyone can restart in the middle of their work day.

Seems I've found one usage of Skype using dbus. When watching a movie with vlc, Skype notifications will pause the playback.
Although probably useful feature when using skype, that's a bit too much for me.

Seems one can disable at least dbus according to https://help.ubuntu.com/community/Skype#External_Links

Code: Select all

skype --disable-dbus

Although this seems not possible anymore with current Skype:

Code: Select all

[doktor5000@Mageia4 ~]$ /usr/share/skype/skype --help | head -1
Skype 4.3.0.37
[doktor5000@Mageia4 ~]$ /usr/share/skype/skype --disable-dbus
/usr/share/skype/skype: unrecognized option '--disable-dbus'