There’s a security flaw in Skype that can expose users’ location. That’s not the news, though: that flaw was discovered in 2010, and published in 2011. No, the news is this: after more than five long years and one big acquisition by Microsoft, that problem is finally fixed.
Skype announced this week that starting with the program’s next update, a user’s IP address will now be hidden by default, instead of visible to other users.
So why is that a big deal, and who’s affected?
The researchers who identified the flaw years ago said that the issue left users exposed in a few different ways. For one thing, checking the IP addresses of, say, every one of the 10,000 Skype-using employees in your business — or someone else’s — could paint a remarkable strong picture of their exact locations and movements over time. It also could open the door to make hacking an executive for a business easier, they said.
But the primary concern these days isn’t corporations; it’s gamers. As The Verge explains, folks who play online or who stream their own gaming experiences often have a target on their own backs. Having someone’s IP address, made easily visible thanks to knowing their Skype ID, makes it super easy to overwhelm them with traffic and knock them offline with a DDoS attack.
The least Skype could do to mitigate that problem, then, would be to not make every user’s IP address visible to anyone and everyone else. And lo: a recent update finally contained the ability to hide your own IP address, and the next update will make that enabled by default.