Skype Finalizes Its Move To the Cloud; To Kill Older Clients -- Remains Tight Lipped About Privacy

When it was first created, Skype network was built as a decentralized peer-to-peer system. PCs that had enough processing muscle and bandwidth acted as "supernodes," and coordinated connections between other machines on the network. This p2p system was generally perceived as being relatively private, a belief that has since been debunked. There were several technical challenges, which led Microsoft to move most of Skype's operations to the cloud. Ars Technica is reporting that the company has finalized the switch. From the article: Microsoft has developed a more conventional client-server network, with clients that act as pure clients and dedicated cloud servers. The company is starting to transition to this network exclusively. This transition means that old peer-to-peer Skype clients will cease to work. Clients for the new network will be available for Windows XP and up, OS X Yosemite and up, iOS 8 and up, and Android 4.03 and up. However, certain embedded clients -- in particular, those integrated into smart TVs and available for the PlayStation 3 -- are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.The issue, as the report points out, is that Microsoft is strangely not talking about privacy and security concerns. The article adds: The Ed Snowden leaks raised substantial questions about the privacy of services such as Skype and have caused an increasing interest in platforms that offer end-to-end encryption. The ability to intercept or wiretap Skype came as a shock to many, especially given Skype's traditionally peer-to-peer infrastructure. Accordingly, we've seen similar services such as iMessage, WhatsApp, and even Facebook Messenger, start introducing end-to-end encryption. The abandonment of Skype's peer-to-peer system can only raise suspicions here.Matthew Green, who teaches cryptography at Johns Hopkins, said: "The surprising thing here is not that Microsoft can intercept Skype calls (duh) but that they won't just admit it."

Is free software in this realm?

[Toe,+The]

What can you recommend in FOSS, and can such things work reliably without a heavy backend infrastructure?

Re:Is free software in this realm?

[LichtSpektren]

For desktop, use Pidgin with the Off-The-Record plugin: https://pidgin.im/

For mobile, use Signal by Open Whisper Systems.

Re:Is free software in this realm?

[greenfruitsalad]

slashdot should have a bot to do this: for the millionth time, there is NO free (as in beer) FOSS jabber server that supports all the necessary XEPs for reliable message delivery on mobile devices (devices with frequent network dropouts, IP changes, packet loss). PAID version of ejabberd is the closest you can get to reliable xmpp message delivery.

and 2nd of all, there are almost no xmpp clients that support the said XEPs. last time i checked, there were only 2 somewhat equipped for it. one is discontinued, the other one is Conversations. again, Conversations isn't free (as in beer). it used to be on fdroid too but i can't find it there anymore.

for those interested, to have reliable xmpp communication on a mobile device, you need at the very least - xep-198, xep-280, xep-313

xmpp is overly complicated, stupid (xml), doesn't reflect current user requirements (mobile devices) and speed of its evolution is hampered by the massive number of stakeholders.

Patent Admission

[3vi1]

Not only do they wiretap your Skype calls, they patented it: http://appft1.uspto.gov/netacg....

Re:Peer to Peer suspicous?

[UnknownSoldier]

> Am I the only one who considered the old Peer to Peer mode of Skype suspicious?

No. When the Skype client relies heavily on obfuscation it SHOULD be extremely suspicious!

* http://www.oklabs.net/skype-re...

Skype (almost like every P2P network) has its particular P2P architecture. It had to be adapted to the network uses. For example, unlike the P2P Kazaa network, designed for file sharing, the Skype network had to be optimized to transfer data in real time, where Kazaa network transfers data stored on nodes. In addition, Skype network still includes centralized networks entities, because unlike Kazaa network, Skype protocol had to implement user secured authentication, dynamic contacts lists management and ensure privacy.

The Skype user directory is entirely decentralized and distributed among the nodes in the network, which means the network can scale very easily to large sizes without a complex and costly centralized infrastructure.

If M$ kills off Skype 6.20 then it will be time to migrate to something else that is open source and doesn't have known backdoors.

* https://news.ycombinator.com/i...

Proprietary means no security

[110010001000]

The Skype protocol is proprietary. No one has any idea if it is secure or not. Therefore it isn't secure. Support open standards and protocols.

Re:Proprietary means no security

[bmk67]

Other than this quibble - yep:

No one has any idea whether it's secure, therefore it isn't trustworthy.

Re:Skype was never perceived as secure

[AmiMoJo]

This is just a PR move. Everyone interested knows that Skype is insecure and can be tapped on demand by Microsoft and certainly many other groups. It's just that if they admit it the mainstream media will run stories about it, and damage the Skype brand. As long as they refuse to confirm or deny there is no story.

Goodbike

Other than Skype for Bidness (which I'm forced to use at work) I've moved to Discord with a whole slew of other people

BUH-BYE

WhatsApp and Facebook Messenger for privacy, lol?

[dszd0g]

You've got to be kidding if you think switching on WhatsApp and Facebook Messenger give you more privacy. All it does is change who is doing the spying. Skype is Microsoft which seems to be cozy with the government. Facebook doesn't seem as cozy with the government in public, but I think that is probably all show anyways.

However, Facebook's apps are designed to be spyware, while Skype isn't last I checked. How is installing Spyware more private than non-spyware?

With Windows 10 and patches to earlier operating systems, Microsoft entered the spyware business big time. Maybe the Skype app is spyware now too, I haven't seen anything posted on that? Microsoft has always been cozy with the government like the daily scans for NSA provided keywords on all Microsoft OSes, but this move to being more like Facebook and Google has been more recent.

Skype's privacy policy:
https://privacy.microsoft.com/...
"However, we do not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you."
Facebook messenger policy:
https://www.facebook.com/polic...
"We collect the content and other information you provide when you use our Services, including when you sign up for an account, create or share, and message or communicate with others."
"We use the information we have to improve our advertising and measurement systems so we can show you relevant ads on and off our Services and measure the effectiveness and reach of ads and services."

So Skype = NSA spying.
WhatsApp/Facebook Messenger = Facebook spying and almost certainly the NSA even though Facebook tries to imply otherwise.

What we need are more options like Signal Private Messenger that actually seem to care about privacy.

iMessage probably is one of the more privacy oriented messengers (with the exception of Signal). Apple hasn't seemed to be big on spyware other than the stint in Yosemite.