Slashdot Mirror
Skype Finalizes Its Move To the Cloud; To Kill Older Clients -- Remains Tight Lipped About Privacy (arstechnica.com)
When it was first created, Skype network was built as a decentralized peer-to-peer system. PCs that had enough processing muscle and bandwidth acted as "supernodes," and coordinated connections between other machines on the network. This p2p system was generally perceived as being relatively private, a belief that has since been debunked. There were several technical challenges, which led Microsoft to move most of Skype's operations to the cloud. Ars Technica is reporting that the company has finalized the switch. From the article: Microsoft has developed a more conventional client-server network, with clients that act as pure clients and dedicated cloud servers. The company is starting to transition to this network exclusively. This transition means that old peer-to-peer Skype clients will cease to work. Clients for the new network will be available for Windows XP and up, OS X Yosemite and up, iOS 8 and up, and Android 4.03 and up. However, certain embedded clients -- in particular, those integrated into smart TVs and available for the PlayStation 3 -- are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.The issue, as the report points out, is that Microsoft is strangely not talking about privacy and security concerns. The article adds: The Ed Snowden leaks raised substantial questions about the privacy of services such as Skype and have caused an increasing interest in platforms that offer end-to-end encryption. The ability to intercept or wiretap Skype came as a shock to many, especially given Skype's traditionally peer-to-peer infrastructure. Accordingly, we've seen similar services such as iMessage, WhatsApp, and even Facebook Messenger, start introducing end-to-end encryption. The abandonment of Skype's peer-to-peer system can only raise suspicions here.Matthew Green, who teaches cryptography at Johns Hopkins, said: "The surprising thing here is not that Microsoft can intercept Skype calls (duh) but that they won't just admit it."
What can you recommend in FOSS, and can such things work reliably without a heavy backend infrastructure?
Not only do they wiretap your Skype calls, they patented it: http://appft1.uspto.gov/netacg....
From the very beginning, Skype's protocol was undocumented. (That's one of the reasons there weren't competing compatible implementations.)
And since it was undocumented, everyone assumed it had to be fundamentally insecure.
And then there was the fact that it was banned in various countries on the explicit and publicly-known condition that the ban wouldn't be lifted until the governments in question were given access to the keys. This confirmed the insecurity, to openly known fact. That it's insecure isn't a nerdy or tinfoil hat things; it's mainstream knowledge that you can see by googling news stories where governments were granted decryption keys. This isn't shady or a secret or something that nobody likes to talk about. It's been common knowledge for several years. So..
..WTF? Why did you say that? It isn't merely wrong that it's insecure; it's a borderline lie when you suggest that people think it is secure. I bet you can't find a person who says "I thought it was secure" even for purposes of making fun of, or educating, that person.
(Again, we're talking about perception, not the insecurity itself. And I'm saying you're mis-representing the perception.)
> Am I the only one who considered the old Peer to Peer mode of Skype suspicious?
No. When the Skype client relies heavily on obfuscation it SHOULD be extremely suspicious!
* http://www.oklabs.net/skype-re...
If M$ kills off Skype 6.20 then it will be time to migrate to something else that is open source and doesn't have known backdoors.
* https://news.ycombinator.com/i...
...Clients for the new network will be available for Windows XP ...
But... but... but... Microsoft has stated that XP is dead and unsupported, haven't they?
The Skype protocol is proprietary. No one has any idea if it is secure or not. Therefore it isn't secure. Support open standards and protocols.
The interesting problem is that for POTS, they need warrants to wiretap. For new internet technologies the laws are not in place, so the NSA and FBI pretty much have said "It's available, it's not required to warrant by law, so let's Hoover up everything". And that's what they are doing. Microsoft already has an "NSAKEY" in its Windows encryption, and since taking over Skype they've "re-architected" everything. I'd be highly surprised if they DIDN'T have it all piped straight to the TLA government agencies.
They left out linux in the list... so that means they are beta testing a dead product?
What gives? Microsoft never does things like that.
Do not look at laser with remaining good eye.
However, certain embedded clients -- in particular, those integrated into smart TVs and available for the PlayStation 3 -- are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.
Another reason for segregating features from key components such as displays and vehicles. If Microsoft said those things it would be kind of a low blow considering developers would likely say the same about some of their past (Zune, WinRT) and current (Win Phone) devices.
That is all.
systemd is Roko's Basilisk.
Skype has recently been approved for US Gov employees to use at work. This happened almost as soon as MS bought the company; took a few years, but by now it is approved pretty much govt wide. Somehow that seems like relevant information here.
Other than Skype for Bidness (which I'm forced to use at work) I've moved to Discord with a whole slew of other people
BUH-BYE
What's so strange and surprising about this? They need to spy on people. Really all they did is remove what little value Skype had left. I already quit using it. Not that WhatsApp is any better...
“He’s not deformed, he’s just drunk!”
I have been noticing that the web client has a lot crappier quality for audio and video, closer to the google hangout quality. So those of you using it for podcasts to get better audio of guests..... expect to look for something else...
Sadly the free and easy solutions for high quality audio conferencing are going away.
Do not look at laser with remaining good eye.
It seems kind of strange nobody ever reverse engineered the protocol. Maybe it's too hard to do or too well encrypted, but it seems like a lot harder things have been reversed or cracked.
One of the traditional advantages of P2P is that it is possible to with no preset limit for the size of messages, including attachments. IIRC, Skype has had that ability in the past. The thing is that I don't know of any centralized client-server system, even cloud based, that has not implemented some limit on the size of messages you can send. In addition to being silent about privacy, this article (at least) does not say anything one way or the other about introducing size limits.
all successful, quality, conferencing apps use a client server approach with muxing of streams taking place on the server itself allowing you to reserve maximum bandwidth for voice quality
the architecture of the platform isnt the privacy concern, the tos are
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
Does "works well" include handling group calls (or whatever Skype calls them)?
Yes but not in the Web version - currently only the Linux desktop version (with caveats). See https://support.skype.com/en/f... (Calling and call troubleshooting):
Does this fix the incoming group call issue I have on Skype for Linux today?
Yes, the problem with receiving incoming group calls is fixed in Skype for Linux Alpha. Make sure the people you're calling or receiving calls from are using the latest version of Skype.
You've got to be kidding if you think switching on WhatsApp and Facebook Messenger give you more privacy. All it does is change who is doing the spying. Skype is Microsoft which seems to be cozy with the government. Facebook doesn't seem as cozy with the government in public, but I think that is probably all show anyways.
However, Facebook's apps are designed to be spyware, while Skype isn't last I checked. How is installing Spyware more private than non-spyware?
With Windows 10 and patches to earlier operating systems, Microsoft entered the spyware business big time. Maybe the Skype app is spyware now too, I haven't seen anything posted on that? Microsoft has always been cozy with the government like the daily scans for NSA provided keywords on all Microsoft OSes, but this move to being more like Facebook and Google has been more recent.
Skype's privacy policy:
https://privacy.microsoft.com/...
"However, we do not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you."
Facebook messenger policy:
https://www.facebook.com/polic...
"We collect the content and other information you provide when you use our Services, including when you sign up for an account, create or share, and message or communicate with others."
"We use the information we have to improve our advertising and measurement systems so we can show you relevant ads on and off our Services and measure the effectiveness and reach of ads and services."
So Skype = NSA spying.
WhatsApp/Facebook Messenger = Facebook spying and almost certainly the NSA even though Facebook tries to imply otherwise.
What we need are more options like Signal Private Messenger that actually seem to care about privacy.
iMessage probably is one of the more privacy oriented messengers (with the exception of Signal). Apple hasn't seemed to be big on spyware other than the stint in Yosemite.
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
But which Asterisk manager is the least PITA?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
WhatsApp supports Signal now.
So does Facebook Messenger.
End of Line.
In addition to the afore mentioned Pidgin, there is also Jitsi.
It, too, can connect to XMPP (e.g.: Google Mail. Or a private server) and SIP.
It, too, uses OTR to guarantee end-to-end encryption over the chat channel.
It is multi platform, available on Linux, Windows, Mac and Android (as far as I know, either pidgin itselfs, or other software using its libpurple library are also available on nearly any platform you would want).
Jitsi can in addition place encrypted call, using ZRTP (as far as I know, Pidgin currently only supports clear calls).
On the other hand Pidgin has many more plugins (e.g.: the JSON and XML interfaces used by Facebook messaging App, by web skype, by Steam Mobile, etc.)
And yup, that means that you can overlay end-to-end encryption over skype, as long as both end points support it (e.g.: Pidgin + OTR + WebSkype plugin)
(does anyone know if there are browser plugins a la Mailveloppe that work to add OTR to web chats ?)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
as another exemple:
Google Talk is available over XMPP.
And if both endpoints use OTR, you can get end-to-end encryption (e.g.: Jitsi on one side, and Adium - Mac OS X's Pidgin cousin - on the other)
Note that some of the more advanced feature that are only available in Google Hangout are not available on the Google Talk interface (offline message. and "who has read what" status).
---
Saddly Facebook's XMPP gateway has been shut down (you need to use a plugin compatible with FB Messenger, which is not available on all chat clients, only in Pidgin)
Saddly WhatsApp is in a holy crusade against 3rd party client so you're completely out of luck.
TFA's web skype has also a plugin for pidgin.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
If you read the fine print in the EULA, Microsoft is willing to help law enforcement wherever it is required by local laws.
And if you believe the log of the AppArmor jail you linux client is running in, it's a really badly designed, badly behaving application.
On the other hand, the mix of JSON and XML used by Web Skype has been reverse engineered, plug-ins are availabe for libpurple (thus for Pidgin, Adium, Telepathy, etc.) so you can set-up your own end-to-end encryption layer over skype (e.g.: OTR) if both end points support it.
And unlike the case with WhatsApp, Microsoft doesn't seem interested in fighting such 3rd party clients.
(Even their own latest linux beta client uses the web skype interface, apparently).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Having secure transport doesn't help if the client end is spyware.
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
Yes that will be the future. People, brands, groups, nations will just use couriers with a jet set network. Takes a few days but its one time pad secure.
Big US brands that help 5 nations mil/govs on all data flowing will be trusted with gamers chat and for making expected free international calls.
If US designed networking products are seen to be trusted in the open, it will be for pushing complex disinformation.
Encryption will be more diverse and creative.
Domestic spying is now "Benign Information Gathering"
http://ring.cx/ is looking good... Decentralized using DHT, and e2e encrypted. It doesn't live inside Chrome browser, either, which I think is a big handicap for Signal.