back to article Microsoft finally injects end-to-end chat crypto into Skype – ish...

Microsoft has bunged end-to-end encrypted communications into beta versions of Skype using the open-source Signal protocol. Redmond has been a laggard in locking down Skype as a truly end-to-end encrypted comms system – end-to-end meaning only the people talking to each other can decrypt the chatter, leaving Microsoft and …

  1. Len Goddard

    So, who trusts them?

    Not me, for one.

    1. Steve Davies 3 Silver badge

      Re: So, who trusts them?

      For once, I give my support to MS. This is long overdue and very welcome. The sooner it is available to the rest of us and on all platforms the better.

      Also, it will give the FBI another Tech Company to complain to. Yesterday, it was Apple for their encryption and that iPhones are rather troublesome to hack into.

      The Feds need to realise that snooping on what we say and do is not just reserved for the TLA's.

      1. Dan 55 Silver badge

        Re: So, who trusts them?

        They must be haemorrhaging users to come up with a suggestion like this, but you'd have to be very credulous not to believe that MS wouldn't log the private key somewhere.

        1. Anonymous Coward
          Anonymous Coward

          not to believe that MS wouldn't log the private key somewhere.

          And do you trust Apple, Facebook and Google? They have to face the same government.

    2. Anonymous Coward
      Anonymous Coward

      Re: So, who trusts them?

      "To make matters worse there were also reports that Skype had been running an internal team, codenamed Project Chess, that was tasked with making it easier for the Feds to not only collect metadata, but also to listen in on calls and conversations."

      Which would be a legal requirement for a Telco provider in most countries.

  2. Anonymous Coward
    Anonymous Coward

    Alternatives?

    Still have many family and friends stuck on Skype. Most aren't that tech savvy. Is 'Telegram' a good alternative, that will work on older laptops (32-bit XP / Linux etc)... Anyone know? Microsoft have been shutting off Skype anyway to anyone using 32-bit XP / Linux etc. So time to change.

    1. Dan 55 Silver badge

      Re: Alternatives?

      Wire.com? Doesn't work on XP unless you use the browser version though.

    2. DuncanLarge Silver badge

      Re: Alternatives?

      Telegram should be avoided. Use signal if nothing else.

      Telegram were found to be using a custome made "roll your own" style of encryption riddled with flaws. Secure applications do not use roll your own encryption. Encryption is so well researched that the implementation is practicaly industry standard and applications like Signal and other that use known good encryption are much better off for it.

      Researchers testing encryption security, looking for flaws in AES etc will thus also be testing the same code implemented by apps like Signal that dont roll their own.

      Nobody is testing the Telegram encryption as it is entirely custom.

      Signal, GNUPG / PGP, SSH, SSL, Threema, Truecrypt, LUCKS, dmcrypt all are widely used and used proplerly accepted and researched methods for providing encryption. Why roll your own?

  3. tempemeaty
    Facepalm

    Microsoft might want to start over

    Before they forced the update to their all new one, everything was fine. Then they deactivated it, forcing us into using this new POS.

    The new POS (Skype) is such a resource hog it's mind blowing. It brings my 2.5 GHz Intel Core i5 & 16 GB 1600 MHz DDR3 RAM computer to it's knees. Text lag when typing is literally 2-3 seconds.

    1. joed

      Re: Microsoft might want to start over

      "Text lag when typing is literally 2-3 seconds." - so very similar to "improvements" MS introduced to Office since v2013. Literary everything rendered on screen seems like it passed a loop-back to/from their server. Likely because they like to listen/view what you're up to before you hit the send/save button.

  4. frank ly

    Why did I read the first sentence as, "Microsoft has bungled ..."?

    1. Pascal Monett Silver badge

      Question of habit. Microsoft is bungling everything since a while now.

  5. Anonymous Coward
    Big Brother

    Souce code

    So, does this mean that Microsoft will be making the source code to Skype freely downloadable so that their use of Signal can be independently verified to ensure that this isn't just a feeble attempt to be seen to be protecting users' privacy while handing the data over to the government as usual?

    No?

    Thought not.

    Also, if M$ are suddenly so keep on protecting users' privacy, how about a complete description of all data exfiltrated from systems under the guise of 'telemetry' and allow it to be turned off completely?

    1. Anonymous Coward
      Anonymous Coward

      Re: Souce code

      Exactly. Closed-source encryption is irrelevant.

    2. Harry Stottle

      Re: Souce code

      yes and

      what HAS prompted this response?

      In contrast to Dan55's assertion that they must be haemorrhaging users, I see no evidence of that. Indeed, I'm in a running battle with colleagues family and friends to get them to desert Skype BECAUSE it doesn't include E2EE and that I object even to the possibility that the NSA can eavesdrop on our calls at will. Most people don't give a damn.

      So - tinfoil hats on please - the only obvious reason I can think of for Microsoft's sudden apparent support for conversational privacy - is much the same as the reason we thought Microsoft had bought Skype in the first place - i.e. to provide access on demand to the TLAs. I suspect the intention is make it look like E2EE and market it as such and thus avoid a rush to true E2EE which is the TLAs worst nightmare.

      So your point is critical. Without trusted independent verification of the source code and a means of verifying that the version we're actually using conforms to that code, their claims will be meaningless.

      And I suggest that one way we can measure the authenticity of this project is to watch the reactions of the TLAs and authoritarian politicians. If they campaign against it - to the point that Microsoft are forced to defend the project in court - then it might just be real. If the response is muted, the conclusion will be obvious...

      In either case, the Code verification is mandatory for the purposes of Trust.

    3. Anonymous Coward
      Anonymous Coward

      Re: Souce code

      "So, does this mean that Microsoft will be making the source code to Skype freely downloadable "

      No but as per most Microsoft code it can be inspected on request by customers.

      1. DuncanLarge Silver badge

        Re: Souce code

        "No but as per most Microsoft code it can be inspected on request by customers."

        After paying a couple thousand dollars and signing an NDA. Wow. Such freedom.

  6. peterm3
    Meh

    Is Skype still the best way to call POTs overseas?

    Before the EU roaming initiative I used Skype to phone landlines in the UK. But now I can just use my UK SIM for about 3 pence a minute, which is fine as I rarely make those calls.

    The skype client on Android has become quite slow, and the Windows 10 (modern?) app has sound problems on my Lenovo Yoga. Strange when you think it is Microsoft software running on a factory-installed Microsoft OS. I think I just need a dual SIM smartphone and then no need for Skype. Most people are happy with whatsapp or Google Hangouts. Not sure what Google is trying to acieve with Duo or whatever its called. I'd be happy if Google introduced a POTs connection as they already have my credit card!

    1. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    Microsoft's acquisitions always turn out badly. Pre-acquisition Skype was sleek and efficient.

    There are other applications better than Skype for its features.

    A person still using Skype now is either ignorant of better alternatives, refuses to switch due to inertia, or has a misplaced faith in Microsoft. Let's be honest, if you're looking for a tech company which at the very least won't betray your privacy, SatNad's Microsoft isn't that company.

    The only time I used Skype was when Microsoft had killed off Messenger (a.k.a. MSN, Live Messenger) and merged it into the Skype client. When friends stopped using that and began using Whatsapp, I did the same.

    The kids these days do their thing with Snapchat, Twitch and Periscope; it's now pointless to do video calls with Skype. Video conferencing? There is software for that too. Skype is pointless.

    1. Anonymous Coward
      Anonymous Coward

      Re: Microsoft's acquisitions always turn out badly. Pre-acquisition Skype was sleek and efficient.

      You fail to understand that Skype *was* a nice messaging/voice/video application in one single package, also with the capability to reach plain telephone numbers, at good rates especially abroad. You could promote a chat to a call, or send text (and files) while in call - everything inside a single application.

      A very different product from WhatsApp, Snapchat, etc. etc.

      Sure, if you never needed anything more than a simple chat, WhatsApp would do. Video conferencing software needs a more complex setup than a simple Skype call (and could be more expensive), and, do you really trust, say Cisco WebEx more than Microsoft?

      Just, MS is trying to actively kill Skype as much as it can - Nadella is a kind of Midas, everything he touches is turned into a turd...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like