Security Concerns about Skype
Back in October, Dr. Arthur S. Trotzky, a member of the Georgia Therapists Network, brought up on the online discussion list his concerns about the security of using Skype for online counseling. He specifically cited Fast Company’s post, Skype’s Huge, New Security Headaches.
Frank Pratt, III, LCSW responded on the GTN list by offering the following explanation. While I do not use Skype or provide online counseling at this time, I thought that many of you would, like me, find his explanation useful in understanding how and what potential risks might be. I contacted Frank and he graciously agreed to allow me to print his email below.
How the Internet Works
I have a good working knowledge of this kind of thing, so I’ll take a stab at it.
The point of this [Fast Company]
article is that hackers have been able to determine IP addresses of Skype users. Without going into too many details, you could easily determine the general location of an IP address, though in most cases, it would be far more difficult to pinpoint the exact location of the computer.
It is usually very easy to get an IP address, because this address is always sent when you send data to another computer on the internet. This email [from Frank to the GTN discussion list] is being sent from the following address: 68.213.17.7. We have a DSL line and BellSouth assigns this IP address to our [unique] modem, which is connected to the BellSouth system. All the computers on our network use this IP address.
Every time you send an email address or send data to a remote server (e.g. you post a message on an online forum,) there is a good chance that the remote server keeps a log of your IP address. I looked up this address on several search engines. My research indicates I am in Atlanta. Georgia. Look at my e-mail signature below, and you will see that the search engines are off by 50-60 miles.
Note that this quick and dirty search did not reveal the name on the DSL account. Just a rather inaccurate geographical location.The search engines show me to be in Atlanta, because our modem connects to a server in Atlanta, via. a phone line (much the same way as my fax machine would be connected to a fax machine in Atlanta if I sent a fax to a business in Atlanta). I would guess that hundreds, if not thousands, of a DSL modem in Atlanta and the surrounding area connect this very same computer in Atlanta. So, I am connecting to the internet from Rome? Lawrenceville? Atlanta? Athens? Snellville? Conyers? one of the Suburbs? Good question!
If a skilled hacker were so inclined, he/she could possibly hack into BellSouth’s servers to get the name on the account, which is the name of our company. This would require extensive expertise, and a possible risk of felony prosecution for the hacker. Even if a hacker decided to do it anyway, they would only get the name of our company, since that is the name on the account.
That narrows it down to 6 computers and just as many staff members. If you get the IP address for a computer at an academic institution, or a large company, you might be able to easily determine which school or company the message was sent from, or perhaps even which campus building the message originated from. However, this might only narrow it down to hundreds or thousands of individual users. Again, the servers at that institution might have logs that could tell you which user was assigned a given IP address at a given time, but a hacker would need to hack into a server to get this data. Bypassing security measures, and possible civil/criminal prosecution continue to be problems.
So, can you get the name of the person who is using an IP address for a Skype call? The practical answer is probably “no”, in most cases. The far more important question is whether or not the actual content of the conversation can be intercepted. Could a hacker listen in on a session that was conducted via Skype?
When it comes to hacking, anything is theoretically possible. However, given the encryption that Skype uses (see “Does Skype Use Encryption?”), it would be extremely difficult to do so. Breaking a 256 bit AES encryption key would probably require a considerable expertise from a hacker, and a very powerful computer (or computers).
It would probably be far easier to tap a normal phone line. Keep in mind that we all use phone lines to convey privileged information on a daily basis (along with every hospital, physician’s office, etc.) Also keep in mind that caller ID and “reverse lookup” search engines make it quite possible to pinpoint the street address of a caller, perhaps far more accurately that an IP address. After spending 30 seconds on a site such as WhitePages.com, you could very easily (and legally) use my phone number to figure out the street address of my office. I am not an attorney, but I would argue that if a phone line is secure enough to convey protected health information under HIPPA guidelines, then Skype is as well.”
Thanks, Frank! I so appreciate your explanation of how / where mental health professionals might be vulnerable online.
Other Skype-Related Resources
One of my primary resources for online / distance therapy is the Online Therapy Institute. As you are making your own decisions about if and how to conduct online therapy, you may also want to check out OTI’s post, Videoconferencing – Secure, Encrypted, HIPAA-Compliant.
And, if you know of other resources related to conducting therapy online in real time, I hope you’ll share them with us below!
[Frank Pratt, III, LCSW notes that since I writing his response above, his office has switched from traditional phone service to using a Voice Over IP (“VOIP”) service for all of voice and fax lines.]
How a Tiny Picture of You Can Help Drive Traffic to Your Website or Blog
Dec13
2011
For those of you who have been with me a while, you already know about my web guru and friend, Beth Hayden of Blogging with Beth fame. I was trying to figure out how to add a tiny little picture of me (and you) to our comments so . . . of course, I called Beth. She made this so simple that I invited her to write a guest post to share with all of you and she graciously agreed to do so. Check this out!
(If you are interested in writing a guest post, check out the guidelines here.)
_______________
A Guest Post by Beth Hayden
Are you regularly commenting on other people’s blogs? You can use comments to encourage your favorite bloggers, to thank them, to show support, to give an example, or to contribute to the discussion in a myriad of ways.
If you’re commenting thoughtfully – and consistently adding your blog URL to the “Website” field in the comment form – you are hopefully seeing some traffic flowing back to your site as a result of your comments. It’s a great (and FREE) way of picking up some extra traffic.
But there’s a way to make your comments even MORE powerful and making it even MORE likely that people will click through to your blog and sign up for your mailing list or become regular readers.
Perhaps you’ve been noticing recently that when some people comment on a blog, a little picture of the person appears next to her name. Those little pictures look like this:
When you use that little image for your comments, it makes it more likely that people will click through to your blog from your remark. A picture makes you more recognizable, more authentic, and a thousand times more relate-able than your name alone.
And that small image also has another HUGE benefit – it helps the host blogger get to know you. I recently read an interview with Sonia Simone of Copyblogger in which she highly recommends using these little images. She said if she can put a name with a face when she sees your comment, it makes you much more memorable. And being more memorable makes it more likely that she’ll be willing to open your email when you write to her to submit a guest post for publication on Copyblogger.
If that’s true for Sonia, it’s true for tons of tons of other host bloggers, too. That little image – that teeny little you – can make the difference between your emails getting OPENED and your emails getting IGNORED.
That little image we’ve been talking about is called a Gravatar. And they’re really easy to set up and use.
Go to Gravatar.com to set up your account. It takes just a few minutes. Tips:
Once you create your Gravatar, every time you use your email address to comment on a site that uses Gravatars, you’ll see your photo automatically appear if that particular blog has Gravatars activated on their site. You don’t need to do anything special or upload that image again. Just enter your email address in the comment box field, and Gravatar.com will do the work for you.
Create your own “little teeny you” at Gravatar.com today. It takes five minutes and will start paying off as soon as you post your next comment!
About the Author: Beth Hayden helps business owners make more money
by helping them create fabulous websites, blogs, and social media campaigns. Get her best tips for improving your blog by downloading her free report, From Blah to Hurrah: 25 Ways to Make Your Blog Bigger, Better and More Profitable.
Filed under: Marketing, Technology, To-Do's Tagged with Avatar | Gravatar, Building Trust, Commenting, How To's, Image | Reputation
You'll love my updates! Sign up here to get updates delivered to your inbox.