But anyone who has used the popular internet telephony
   software Skype knows that it works as smoothly behind a
   NAT firewall as it does if the PC is connected directly
   to the internet.

Hmm. Someone who used skype a lot would know that its behaviour is not quite as robust as this article might suggest. You get 'ghost sessions' when people who are not online appear online, and sometimes the reverse - where people come online and you just can't see them. Although in truth I can't remember seeing any those or any other problems like that in six months now - maybe recent versions have conquered those problems.

But while I'm complaining, it's annoying that it opens up listeners on 8080 without asking. :)

I use iChat/AIM/Gtalk as my primary messenger and yet I almost always end up starting Skype when I want to send a file. Skype's amazing at hole punching.

I'm glad I don't have to deal with installable apps but if you're looking for a GREAT library that does everything Skype does, check out STUNT from Cornell:

http://nutss.gforge.cis.cornell.edu/stunt.php

It's a great piece of code and works really well.

Fog Creek's Copilot deals with this by having servers that act as a middleman for traffic -- your interaction goes from your machine, to their server, to the computer of the person you're connecting to. The app directly connects to the other machine if possible.

That seems like a pretty simple way to do things although I'm not sure how hard it would be to keep servers running for a substantial userbase.

That's just dumb proxying. Skype is saving millions of dollars by not doing that themselves.

Not just simple proxying, but also a bit of questionable privacy practice. Granted, most users don't care about their privacy, but might it have some sort of legal implications? Also, latency starts to suck if two people far away from the proxy are trying to use it.

Privacy is solved with end-to-end crypto and latency is somewhat solved by putting supernodes in every large university.

I've heard that skype uses more trickery than just busting through the firewall - Like routing multiple outbound connections through one computer to keep firewall holes to a minimum.

Yes - Skype does attempt to use the technique in the article, but it's far more sophisticated than that...

Skype was written by a bunch of the programmers from Kazaa, and the Skype network is essentially P2P; people who connect to the Skype network with especially good connections may become supernodes and will act as data relays for nodes having problems with other connection methods.

http://en.wikipedia.org/wiki/Skype_Protocol has a fairly detailed description, for those who might be interested.

Oh, wow. Now I see the Skype/Kazaa connection. Brilliant.

Brilliant on one hand, unethical on the other. By using their application, I consent they use my bandwidth to carry other people's phone calls?

Why not if it says so in the ToS? Or it doesn't?

I'm sure they've covered their bases. They're not negligent.

I think they only very recently added a checkbox to opt-out of being a supernode though, the lack of which I found rather annoying.

As an interesting aside, that's also why Skype claimed Windows Update caused their last major outage - they claim there was a bug that caused the P2P network self-healing code to work slowly, a larger-than-normal number of computers rebooted at the same time after patching and the P2P network took two days to recover from the "critical disruption".