Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday January 12 2018, @04:41PM   Printer-friendly
from the in-band-signaling dept.

Skype finally getting end-to-end encryption

Since its inception, Skype has been notable for its secretive, proprietary algorithm. It's also long had a complicated relationship with encryption: encryption is used by the Skype protocol, but the service has never been clear exactly how that encryption was implemented or exactly which privacy and security features it offers.

That changes today in a big way. The newest Skype preview now supports the Signal protocol: the end-to-end encrypted protocol already used by WhatsApp, Facebook Messenger, Google Allo, and, of course, Signal. Skype Private Conversations will support text, audio calls, and file transfers, with end-to-end encryption that Microsoft, Signal, and, it's believed, law enforcement agencies cannot eavesdrop on.

Presently, Private Conversations are only available in the Insider builds of Skype.

Also at The Register, The Verge, and Wired.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 4, Insightful) by Anonymous Coward on Friday January 12 2018, @04:44PM (6 children)

    by Anonymous Coward on Friday January 12 2018, @04:44PM (#621439)

    Now, if everyone would just move back to an open standard so there is no funny business going on, and then federate so you can use whatever client you want to get to anyone else you want.

    • (Score: 1, Informative) by Anonymous Coward on Friday January 12 2018, @04:50PM (2 children)

      by Anonymous Coward on Friday January 12 2018, @04:50PM (#621441)

      You mean like Matrix.org

      • (Score: 4, Informative) by Anonymous Coward on Friday January 12 2018, @05:17PM (1 child)

        by Anonymous Coward on Friday January 12 2018, @05:17PM (#621452)

        is a clusterfucked json implementation of the xml definition for jabber.

        And from everyone I've heard who has looked at the source code, they recommend something else.

        Also Matrix only has like 3-5 years of legitimacy while XMPP/Jabber has almost 20 now, despite being fucked over by every big company that has used it, and chose instead to roll it back to a walled garden.

        • (Score: 0) by Anonymous Coward on Friday January 12 2018, @05:53PM

          by Anonymous Coward on Friday January 12 2018, @05:53PM (#621463)

          and it's coincidentally not secure "yet"...

    • (Score: 0) by Anonymous Coward on Friday January 12 2018, @06:00PM

      by Anonymous Coward on Friday January 12 2018, @06:00PM (#621465)

      facebook used to federate, same with google
      then they realized that was like a big bunch of holes in their walled garden and shut that down
      also the signal website is pretty rad. they have a quote from snowden as their first promo and his picture makes him look like he's losing a pinchloaf struggle

    • (Score: 3, Interesting) by Grishnakh on Friday January 12 2018, @06:14PM (1 child)

      by Grishnakh (2831) on Friday January 12 2018, @06:14PM (#621471)

      Yeah, good luck with that pipe dream. That'll happen right before people stop giving Facebook all their personal info and trusting their privacy to Zuckerberg, and move to Diaspora where they can have total control over what they post and who sees it and who hosts it.

      The thing the dystopian sci-fi stories of the past always failed to predict and depict well was how people would happily *choose* to give up their freedom and privacy, even when viable alternatives were present, and had even been the norm previously.

      • (Score: 2) by legont on Friday January 12 2018, @07:23PM

        by legont (4179) on Friday January 12 2018, @07:23PM (#621500)

        I beg to differ - Karl Marx predicted it all.

        Even more... capitalists would give up all the money? Check; done by Nixon. Capitalists would give up all their factories? In progress - central banks are buying and everybody wants more of it. Workers own the factories? In progress as companie's managers will be the only workers and robots would do the rest.

        --
        "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
  • (Score: 2) by bob_super on Friday January 12 2018, @06:28PM (3 children)

    by bob_super (1357) on Friday January 12 2018, @06:28PM (#621476)

    You mean that Microsoft can actually add potentially useful features to skype, instead of just pushing go-ugly hide-functionality non-backwards-compatible updates every other week ?

    • (Score: 3, Informative) by frojack on Friday January 12 2018, @07:43PM (2 children)

      by frojack (1554) Subscriber Badge on Friday January 12 2018, @07:43PM (#621507) Journal

      No, I'm sure it doesn't mean that at all.

      • What is end-to-end encryption? (Really)
      • End to Microsoft Server, then server to other end?
      • Are end-user specified encryption keys used?
      • Is there more than one key involved in the encryption layer?
      • Is there forced encryption downgrade/compromise for CALEA [wikipedia.org] purposes?

      Microsoft has systematically added full-take capabilities for any account printed on a warrant. They have systematically built in compromise capabilities into skype the minute they bought it from Ebay (who were only too happy to get rid of it due to federal meddling and demands) .

      Contrary to the story, the encryption capabilities of the pre-ebay skype were fully known. (Reverse engineered). They were never perfect. But because session routing was never stable and predictable in advance, this didn't matter so much.

      Microsoft now forced all call setup through its own servers [cnn.com]. (The actual call session may be routed client to client unless some three letter agency has a warrant (or a wish) in which case its all routed via a Microsoft servers. Dozens of little changes [microsoft.com] creep in each year. As of 2015, and the arrival of Skype for Business, there is must about nothing left of the original skype except the ring-tones.

      Skype departed ALL my devices the day Microsoft bought them.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 0) by Anonymous Coward on Friday January 12 2018, @07:57PM (1 child)

        by Anonymous Coward on Friday January 12 2018, @07:57PM (#621521)

        maybe it means that it was the end of the encryption from point to point and the only thing left is that we still use it so they say marketing things?

        i agree with everything you said. my mom doesn't care though. and i am a bad kid for not talking to her with it because I have something wrong if I am afraid of that.

        i feel like will smith sometimes

        • (Score: 0) by Anonymous Coward on Friday January 12 2018, @09:36PM

          by Anonymous Coward on Friday January 12 2018, @09:36PM (#621572)

          i feel like will smith sometimes

          You made your son into a weirdo.

  • (Score: 5, Insightful) by mmh on Friday January 12 2018, @06:29PM (3 children)

    by mmh (721) on Friday January 12 2018, @06:29PM (#621479)

    Yes, lets all trust Microsoft to provide us with End-to-End encryption. The same Microsoft that is known to work closely with the NSA and participates in the PRISM program.

    https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29 [wikipedia.org]

    https://en.wikipedia.org/wiki/NSAKEY [wikipedia.org]

    • (Score: 0) by Anonymous Coward on Friday January 12 2018, @06:37PM

      by Anonymous Coward on Friday January 12 2018, @06:37PM (#621484)

      yeah i was going to say

      i wasnt sure if this post was a joke or serious or somewhere in between

      i think half the users here dont know why it'd be a joke so i am glad you posted the links.

      that day when skype went down with a major outage for the first time since MS took it over...anyone that was anyone knew what that meant

      this just means now you are to be prevented from seeing what your computer is sending and receving, and they're calling it privacy. yay freedom

    • (Score: 2) by Bot on Friday January 12 2018, @08:45PM

      by Bot (3902) Subscriber Badge on Friday January 12 2018, @08:45PM (#621552)

      > Yes, lets all trust Microsoft to provide us with End-to-End encryption.

      Well, considering that they are unable to do an

      if processor type = AMD
      then return
      else apply meltdown&spectre patches

      I am hopeful that their end to end encryption is safe. Because it has backdoors, but they probably do not work. Never attribute to malice what can be adequately explained by malice and incompetence.

    • (Score: 1) by bobthecimmerian on Saturday January 13 2018, @01:31AM

      by bobthecimmerian (6834) on Saturday January 13 2018, @01:31AM (#621635)

      Their headquarter are in the US, do you really think they could tell the NSA no?

      I'm not saying I like Microsoft. I don't. But this is something no company can escape. If you want reliably private communications, you need open source that's been audited by security researchers.

  • (Score: 2, Interesting) by Anonymous Coward on Friday January 12 2018, @07:17PM (1 child)

    by Anonymous Coward on Friday January 12 2018, @07:17PM (#621496)
    Took them so long time to figure out how to do end-to-end encryption with a backdoor? ;)

    My guess is the only time it was hard to spy on Skype conversations was before Microsoft bought it (for 8 billion IIRC).

    I remember the original Skype was reasonably P2P in most cases. When I sent a message and the person wasn't online, the message would actually be queued up on my computer and only sent when both of us were on line.

    But after Microsoft bought it, there was no such queuing - the messages went to Microsoft's servers... That was the end of harder to eavesdrop on P2P messaging on Skype.
    • (Score: 1, Informative) by Anonymous Coward on Friday January 12 2018, @07:54PM

      by Anonymous Coward on Friday January 12 2018, @07:54PM (#621518)

      yup. you probabyl remember the day it went down when that all happened

  • (Score: 2, Insightful) by Anonymous Coward on Friday January 12 2018, @08:12PM (4 children)

    by Anonymous Coward on Friday January 12 2018, @08:12PM (#621532)

    It is Microsoft, why go there?

    It is skype, why go there?

    Just walk away from the monster.

    • (Score: 2, Interesting) by Apparition on Friday January 12 2018, @09:17PM (3 children)

      by Apparition (6835) Subscriber Badge on Friday January 12 2018, @09:17PM (#621565) Journal

      Inertia, that's why.

      I've tried to convince family and friends to dump Skype and/or iMessage for a few years now, in favor of Telegram and/or Wire. Only one person has. The rest haven't. Some however have switched to Facebook Messenger, but that's even worse IMO. Why have they stuck with Skype/iMessage/Facebook Messenger? Because "everyone else uses it." If I start talking about the privacy implications and how Telegram and/or Wire has better privacy, they start looking at me like I'm a paranoid schmoe. "Who cares? I have nothing to hide."

      Privacy and encryption are great, but if no one else is there to use it...

      • (Score: 1, Insightful) by Anonymous Coward on Saturday January 13 2018, @01:20AM

        by Anonymous Coward on Saturday January 13 2018, @01:20AM (#621632)

        You need a front end that is more userfriendly than [Skype | iMessage], which tries to use [Signal | Telegram | Wire], but transparently drops back to [Skype | iMessage] when it has to.
        You will never get most people to switch based on what they see as tin-foil-hattery, especially if it makes things more difficult to use.
        You could get them to switch to an easier to use, more capable program, that just happens to have user-friendly encryption built in.

      • (Score: 1) by bobthecimmerian on Saturday January 13 2018, @01:35AM

        by bobthecimmerian (6834) on Saturday January 13 2018, @01:35AM (#621636)

        I had the same problem. But I hit on a partial solution. http://www.tristanharris.com/2016/05/how-technology-hijacks-peoples-minds%e2%80%8a-%e2%80%8afrom-a-magician-and-googles-design-ethicist/ [tristanharris.com] -- instead of convincing other people or even myself to get off hosted networks because of valid but nebulous and difficult to quantify and value concerns around privacy, consider the very real and blatantly obvious addictive designs of these tools. I got hooked on Facebook despite my ethical objections, and spent more and more time there even as I grew more lonely and miserable. I deleted all my content and left a link to that article as my only activity on the site.

      • (Score: 2) by MichaelDavidCrawford on Saturday January 13 2018, @04:22AM

        by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Saturday January 13 2018, @04:22AM (#621695) Homepage Journal

        He was the valedictorian of his high school, has a master's from Harvard, can code in fortran but cannot figure out how to use email

        So we use Facebook

  • (Score: 2, Interesting) by cwadge on Saturday January 13 2018, @03:05AM

    by cwadge (3324) on Saturday January 13 2018, @03:05AM (#621665) Homepage Journal
    Skype is a complex, probably intentionally obfuscated mess. It is a breeding ground for security vulnerabilities. Encryption, in this case, may just serve to add the impression of safety more than actually providing it. I personally know a lot of folks who've had their systems compromised via Skype, with their entire systems being compromised as a result. Nude pictures leaked, contents of rather personal conversations, the works. Thus humble my suggestion regarding Skype:
    1. Don't run Skype. Don't even install it.
    2. If you must run Skype for some reason, don't leave your account logged in, don't let it run in the background and, on systems with granular controls, don't give it any permissions it doesn't absolutely need to function. In fact, run it in a dedicated VM if you can.
    3. Presume all Skype interactions are compromised.
  • (Score: 0) by Anonymous Coward on Saturday January 13 2018, @03:23PM

    by Anonymous Coward on Saturday January 13 2018, @03:23PM (#621820)

    By whom?

    I call bullshit. I'd enumerate the reasons, but why help such an obvious con revise itself to look more legit?
     

(1)