Microsoft Partners with Signal to Bring End-To-End Encryption to Skype

Microsoft and Open Whisper Systems (makers of the Signal app) surprised many on Thursday when they said they are partnering to bring support for end-to-end (E2E) encrypted conversations to Skype. From a report: The new feature, called Skype Private Conversations has been rolled out for initial tests with Skype Insider builds. Private Conversations will encrypt Skype audio calls and text messages. Images, audio or video files sent via Skype's text messaging feature will also be encrypted. Microsoft will be using the Signal open-source protocol to encrypt these communications. This is the same end-to-end encryption protocol used by Facebook for WhatsApp and Facebook Messenger, and by Google for the Allo app.

Legal?

[bitchtits]

Is it surprising that this is still legal (at least in some countries)?

Re: Legal?

Sure it is legal to do the EEE thing.

Not End to End Encryption, but
Embrace, Extend, Extinguish.

WhisperSystems will die slowly.

Re: Legal?

Fuck Micro$oft. They will put in a back door.

Re: Legal?

I've never trusted Signal anyhow. Just look at how many permissions it wants (all of them, no shitting). Tox (and Antox) are much more trustworthy.

Re:Legal?

> Is it surprising that this is still legal (at least in some countries)?

Exactly my thoughts. Microsoft has been having ties with FSB in Russia to unencrypt messages for a long time. And now the new subset of laws make it mandatory (or will make soon).

The only question

is not if there's a backdoor, but rather, how many backdoors will be present and for whose purposes

Hard to believe

[jez9999]

At a time when so many governments on Earth are scrambling for a way to surveil all communications how likely is it really that Microsoft would being true end-to-end encryption to something like Skype? I bet there's a backdoor.

Re:Hard to believe

Maybe, on the other hand if this is a true partnership with OWS, OWS has shown themselves to be pretty trustworthy and they are the ones providing the end-to-end encryption for most of the popular messaging systems already.

Re:Hard to believe

MS products don't need the backdoors. Have you seen how often they have to "patch" security holes in even their most basic of products?

Re:Hard to believe

[Archangel+Michael]

When a government can give you anything you want, it can take everything you have.

The bigger the government, the more it assumes power unto itself. And the more power it assumes, the less power the governed actually have. And Obama was one of the worst in history, but since he was well loved by the world elites, and the politically correct crowd, they didn't care about surveiling his own citizens. (yes, GWB was bad, patriot act bad)

Re:Hard to believe

[sasparillascott]

Don't think so, their encryption has been checked and verified. To our surveillance corporations and the governments they work with, the critical thing is keeping a permanent record of who you talk to and when - and that is preserved here for Microsoft and any govt asking just fine. Microsoft might have been feeling some pressure with their lack of encryption at this point as well since Facebook had it. JMHO...

Re: Hard to believe

Are you fucking kidding me? still peddling this bullshit a year after the fact? You do realize that a republican majority just voted to keep internet spying? 63 dems voted yes, while damn near EVERY republican voted yes.

Re:Hard to believe

They don't need a backdoor. They own all the hops and all the certs. They own the pipes between ISP's and nations. "End to End" is still outside of user control.

Re: Hard to believe

Not true. Edlin is long overdue for a patch!

Re: Hard to believe

[nehumanuscrede]

My guess is the NSA has dirt on many of the lawmakers so they get pretty much everything they want.

If you have been in politics long enough, you most definitely have a closet full of skeletons you don't want to become public knowledge.

Red or Blue doesn't matter in a surveillance state, the eye watches everyone.

Re: Hard to believe

[Archangel+Michael]

I'm actually against the government having any kind of that kind of power. Period. Call it Libertarianism. 4th Amendment was shredded a long time ago, and now is just being shit and urinated upon by everyone. I'm probably more staunch against spying than most liberals are. After all they seem to be enjoying the spying we did on Trump.

Re:Hard to believe

The backdoor is the device you're using to type the message.

Re:Hard to believe

[AHuxley]

Re "I bet there's a backdoor."
Recall PRISM? https://en.wikipedia.org/wiki/...
https://www.theguardian.com/wo... (12 Jul ‘13)
"... bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism"
"'.. routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport"."
Enjoy that big brand junk encryption again and again.

Re:Hard to believe

Since the system is closed-source, we must assume there is a backdoor.

Only when every piece of software involved is open and available for public review can we be assured that there is not one.

Re: Hard to believe

[rtb61]

Technically, a government of the people by the people and of the people, should have all the power. So yes the government should be all powerful but the government should be of the people. What needs to happens is higher up the food chain you go, the less privacy you should be entitled to. At the top, zero privacy, if you want a private life, leave. What is happening is corruption, a government of the elite by the elite and for the elite and protecting their privacy, the evidence of their crimes, whilst invading our privacy to control us, not for the benefit of society, that is the lie but for their own benefit, to exploit us.

The government should have power but the people should control the government, so in reality the people have the power. I definitely approve the top down invasion of privacy model. Want privacy, do not take on any kind of public role.

Yeah, right

[dnaumov]

First they DELIBERATELY weaken the Skype architecture to make it easier for various 3-letter agencies to eavesdrop on Skype calls and now we are supposed to trust they have their users best interest on their mind? Yeah, right. Without access to the source code, why would anyone sane consider the implementation to NOT be broken-by-design?

Re:Yeah, right

[ckatko]

Because there's two types of use cases for encryption.

  - Protection from their own government.

  - Protection from everyone else.

Companies that want their teleconferences protected from everyone else, don't give a shit about the US government snooping on them. They just don't want their private information leaked to China, or other competitors, or prying journalists.

I mean, fucking duh people. If something "seems insane" maybe it's because you haven't bothered to understand it.

Re:Yeah, right

[mark-t]

Companies that want their teleconferences protected from everyone else, don't give a shit about the US government snooping on them.

Anyone with even just a vague understanding of how computers work will realize that these two concepts are inherently contradictory. If the US government can eavesdrop, then so can anyone else, with the right know how. Encryption techniques exist, however, where no amount of know-how will actually make it any easier to decrypt... and these are the so-called unbreakable encryptions that law enforcement bitches about every so often, suggesting that they are thwarting law enforcement, and painting companies that utilize such techniques as deliberately working against them.

The thing that these people fail to realize is that those unbreakable encryptions are also thwarting untold numbers of would-be criminals that would be all too happy to snoop on people's personal and private data if they could... and use it to their advantage, and probably cause measurable harm to innocent parties.

Even *IF* the government could supposedly be trusted to not actually abuse such backdoors, there's no possible way to keep the bad guys from getting their hands on them, and doing incalculable levels of harm.

Re:Yeah, right

the real issue is that "Government" isn't a clean institute but made up of same fallible humans uploading revenge porn.
you can't trust an institution unless you can trust every single low bid contractor/employee that it employs.

if the government already has a less than stellar history of abusing powers... then the discussion is done before it starts.

Re:Yeah, right

[mark-t]

I'm not disagreeing with you, but I'm noting that even if you *COULD* give the government the benefit of the doubt (which I'm not alleging you can in the first place), there's no possible way for them to keep the backdoor keys forever out of the hands of the bad guys that law enforcement is supposed to try and stop, and once they have them, law enforcement would have *MORE* work to do because of it, not less.

Re:Yeah, right

I certainly trust Signal a whole lot less now.

Re:Yeah, right

Companies that want their teleconferences protected from everyone else, don't give a shit about the US government snooping on them.

This applies pretty much only to Microsoft and companies with a similarly close working 'partnership' with the US government. Most surveillance the US government is involved in these days is corporate espionage. Most of that proprietary information ends up in the hands of Microsoft or similar quasi-State institutions one way or another. Most companies working in a technologically competitive environment would rather the Chinese Government was reading their emails rather than the US government.

Re:Yeah, right

[AmiMoJo]

It was for China. They wanted to operate in China, so weakened their encryption.

Now they have found a way to keep China happy. Maybe it only works outside China, maybe they send the keys to the Chinese government.

What?

[OpenSourced]

Still more difficulties for law enforcement agencies? There are evil geniuses at Microsoft, too!

Indeed that is a surprise

[Oswald+McWeany]

Microsoft and Open Whisper Systems (makers of the Signal app) surprised many on Thursday when they said they are partnering to bring support for end-to-end (E2E) encrypted conversations to Skype.

That is a surprise. I had no idea Skype still existed.

Re:Indeed that is a surprise

Oh yeah, it exists, but it isn'ta relevant. In typical Microsoft fashion, once they got their grubby hands on it, it got so bloated it constantly crashed. I uninstalled it on all my computers and smart-phones and switched to Telegram, which has had encryption the whole time.

captcha: vibrator

It's all about the key management

[bigtomrodney]

You can have the strongest end-to-end encryption you want...it doesn't mean much if you don't know how your private and session keys are handled. It's all down to trusting the vendor that you're supposedly hiding your messages from with "end-to-end" encryption.

Wait...what?

Wait, didn't M$ remove p2p-e from the original Skype when they acquired it?

Toy

They have made it impossible to use for any conference calls. You must have a subscription. Both people must be using the same software. This is a toy at best. And that is when it actually works right.

Re:Toy

[viperidaenz]

You should pay for Skype for Business then
Then everyone in your organisation can have a ~50% success rate joining an online skype meeting! and when they do manage it connect, screen sharing will randomly drop out for some people, requiring them to re-join for it to work for the next 30 seconds before failing again.

Re:Toy

[Major_Disorder]

Then everyone in your organisation can have a ~50% success rate joining an online skype meeting!

A 50% success rate is pretty good for some Microsoft products. :)

Actually the important info is who and when

[sasparillascott]

The important thing for the surveillers is keeping a running log of who you talk to and when you talk to them and that is still preserved and not encrypted. Having the actual messages is nice, but not nearly as important as knowing who you talk to and when. This is also why Facebook, of all people, allows it on their programs.

Kind of like it used to have?

Next they'll say they designed a new p2p model for Skype

Esspecially with Signal freely avilable.

Why exactly would I install Skype?
And on the PC I still use the original Jitsi, and it is still awesome. (Yes, all Java problems are patched.)

I have my own xmpp static IP home server with federation and omemo support anyway, so I donâ(TM)t even need Signal. I'm planning to lightweigt-fork it though. And I am offering $50 complete full-featured ARM home server solution for friends too, which are becoming increasingly popular. (Sorry, true trusted security requires me to actually meet in person and ideally get to know you, so no online sale.)

Original (Pre Microsft) Skype had this?

I seem to recall that the original Skype before MS bought it did this already ?

I don't think so

[HermMunster]

Microsoft has a history of cooperation with the feds. They implemented a centralized server away from p2p in order to at least give the feds access to monitor the Skype network. Signal is true end to end encryption. Efforts to merge the two will simply give the government access to the encrypted communication. Skype is a proprietary piece of software and thus cannot be audited. I've no idea whether Signal has been compromised but I'm leaning in that direction otherwise why else would they be working with a company known to violate their user's privacy and security.

Re:I don't think so

Might want to read the summary again. Hell, give reading the article a shot. It won't hurt and might actually inform your posts.

Re:I don't think so

They don't need to compromise Signal, just "lend" the keys to a "friend".

Is this stuff standardized yet?

Do these different implementations of Signal protocol interoperate? i.e. can someone with Signal talk to someone else who uses WhatsApp and then presumably someone else who has Skype?

Microsoft needs a third party to help?

[greenwow]

Just sad. Most of my friends work or have worked there, and it's sad how they've laid-off their most experienced people to save money. Currently setting up a new OpenVPN server, and it supports great encryption and has since I started using it 15+ years ago! Sad Microsoft can't beat that open source project from well over a decade ago.

So if it is based on Signal ..

[Alain+Williams]

which is an open source protocol will we be able to build 100% open source software that interoperates with other Skype users ? I somehow can't see that happening - I would like to be proven wrong.

Re:So if it is based on Signal ..

[JustNiz]

I doubt it. This is Microsoft we're talking about. Its inevitable that they will find some way to "embrace and extend" the protocol to keep it non-standard, or to at least keep open clients off their network. Especially Linux ones.

Re:So if it is based on Signal ..

The word 'interoperate' stopped with microsoft once msn messenger got dominant lead when it was bundled with the OS. Before that microsoft believed in interoperability. You can guess why. NEVER TRUST what microsoft says.

clickbait title

If I create a open source protocol and M$ "uses" it do I "partner" with them? The fuck no! Source seems to be some hipster who has "computer" in the URL and doesn't understand a shit about computers? It suggests M$ showed interest in the famous Signal app, which they didn't.

Laughable

Microsoft took over Skype just so they could put backdoors in it.

end to end.. microsoft style..

you-->encrypted-->microsoft

something.. something.. prism

microsoft->encrypted->yourfriend

there's no fucking way microsoft will be allowed by "secret letters" and other demands made by the feds to implement true end-to-end encryption.. the kind microsoft or the government do not possess the keys (or other ways around it) for.

They hope to fool people without tech know-how

who don't understand that end-to-end encryption means nothing for your private communication since Microsoft will also keep the keys, which they mention nothing of.

Microsoft i.t.M. again

... end-to-end (E2E) encrypted conversations ...

The feds will still know who you're talking to and when. It's not E2E if Microsoft chooses the key.

software recommendations?

[throwaway18]

Anyone got any recommendations for software for end to end encrypted VOIP using PC's?

You do not know what you are talking about

The permissions it asks for are actually functional. Camera for video chat, microphone for voice chat, contacts for easy verification. You do not HAVE to grant it any of those to use it via text. No app could do voice without microphone permissions.

Signal is good enough for Edward Snowden but not good enough for you, eh?

Re:You do not know what you are talking about

You list three permissions. Signals wants ALL permissions, which is absolutely ridiculous. I don't care if I don't have to grant them, the fact that it wants them at all is a red flag.

As much as I support Edward Snowden, he's not very knowledgeable when it comes to security.

Re:You do not know what you are talking about

Device & app history
read sensitive log data
Identity
find accounts on the device
read your own contact card
modify your own contact card
Calendar
read calendar events plus confidential information
add or modify calendar events and send email to guests without owners' knowledge
Contacts
find accounts on the device
read your contacts
modify your contacts
Location
approximate location (network-based)
precise location (GPS and network-based)
SMS
read your text messages (SMS or MMS)
receive text messages (MMS)
receive text messages (SMS)
send SMS messages
edit your text messages (SMS or MMS)
Phone
directly call phone numbers
directly call any phone numbers
modify phone state
reroute outgoing calls
read call log
read phone status and identity
write call log
Photos/Media/Files
read the contents of your USB storage
modify or delete the contents of your USB storage
Storage
read the contents of your USB storage
modify or delete the contents of your USB storage
Camera
take pictures and videos
Microphone
record audio
Wi-Fi connection information
view Wi-Fi connections
Device ID & call information
read phone status and identity
Other
send WAP-PUSH-received broadcast
receive data from Internet
view network connections
create accounts and set passwords
pair with Bluetooth devices
send sticky broadcast
change network connectivity
connect and disconnect from Wi-Fi
disable your screen lock
full network access
change your audio settings
read sync settings
run at startup
set wallpaper
use accounts on the device
control vibration
prevent device from sleeping
toggle sync on and off

There is no legit reason that it needs all of that. You are an idiot.

Amazed at all the whining here

And I hate Microsoft. Why are people unable to recognize and praise something good? If you need serious security, obviously do not use Skype. Use Signal itself or Wire or Telegram. But if Skype is getting better security, that is a positive step. It means the market is pushing in the right direction. Quit whining about it.

Next step for Skype

[TheDarkener]

is to open-source the entire app.

Re:Next step for Skype

[coofercat]

I doubt it'll happen, but at least then someone can have a go a making a decent version of it. I just tried to use it - man it's confusing.

I know it's 'the done thing' to complain about every app change and re-skin, but Skype is the most confusing communications app of them all. Maybe they make it this confusing so that the feds don't bother to try to use it to snoop on people's conversations...?

Embrace this...

Then something E.
Then something else E.

haha yeah no

using tox for the last 4 years, so microsoft can eat shit for waking up too late for this opportunity

Alternatives?

What are good, secure options suitable as replacements for Skype (mainly telephony and video aspects)?