Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Partners with Signal to Bring End-To-End Encryption to Skype (bleepingcomputer.com)

Posted by msmash on from the catching-up dept.

Microsoft and Open Whisper Systems (makers of the Signal app) surprised many on Thursday when they said they are partnering to bring support for end-to-end (E2E) encrypted conversations to Skype. From a report: The new feature, called Skype Private Conversations has been rolled out for initial tests with Skype Insider builds. Private Conversations will encrypt Skype audio calls and text messages. Images, audio or video files sent via Skype's text messaging feature will also be encrypted. Microsoft will be using the Signal open-source protocol to encrypt these communications. This is the same end-to-end encryption protocol used by Facebook for WhatsApp and Facebook Messenger, and by Google for the Allo app.

29 of 64 comments (clear)

  1. Legal? by bitchtits · · Score: 1

    Is it surprising that this is still legal (at least in some countries)?

  2. The only question by Anonymous Coward · · Score: 4, Insightful

    is not if there's a backdoor, but rather, how many backdoors will be present and for whose purposes

  3. Hard to believe by jez9999 · · Score: 4, Insightful

    At a time when so many governments on Earth are scrambling for a way to surveil all communications how likely is it really that Microsoft would being true end-to-end encryption to something like Skype? I bet there's a backdoor.

    --
    == Jez ==
    Do you miss Firefox? Try Pale Moon.
    1. Re:Hard to believe by sasparillascott · · Score: 1

      Don't think so, their encryption has been checked and verified. To our surveillance corporations and the governments they work with, the critical thing is keeping a permanent record of who you talk to and when - and that is preserved here for Microsoft and any govt asking just fine. Microsoft might have been feeling some pressure with their lack of encryption at this point as well since Facebook had it. JMHO...

    2. Re: Hard to believe by Anonymous Coward · · Score: 1

      Are you fucking kidding me? still peddling this bullshit a year after the fact? You do realize that a republican majority just voted to keep internet spying? 63 dems voted yes, while damn near EVERY republican voted yes.

    3. Re: Hard to believe by nehumanuscrede · · Score: 1

      My guess is the NSA has dirt on many of the lawmakers so they get pretty much everything they want.

      If you have been in politics long enough, you most definitely have a closet full of skeletons you don't want to become public knowledge.

      Red or Blue doesn't matter in a surveillance state, the eye watches everyone.

    4. Re: Hard to believe by Archangel+Michael · · Score: 1

      I'm actually against the government having any kind of that kind of power. Period. Call it Libertarianism. 4th Amendment was shredded a long time ago, and now is just being shit and urinated upon by everyone. I'm probably more staunch against spying than most liberals are. After all they seem to be enjoying the spying we did on Trump.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    5. Re:Hard to believe by AHuxley · · Score: 1

      Re "I bet there's a backdoor."
      Recall PRISM? https://en.wikipedia.org/wiki/...
      https://www.theguardian.com/wo... (12 Jul ‘13)
      "... bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism"
      "'.. routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport"."
      Enjoy that big brand junk encryption again and again.

      --
      Domestic spying is now "Benign Information Gathering"
    6. Re: Hard to believe by rtb61 · · Score: 2

      Technically, a government of the people by the people and of the people, should have all the power. So yes the government should be all powerful but the government should be of the people. What needs to happens is higher up the food chain you go, the less privacy you should be entitled to. At the top, zero privacy, if you want a private life, leave. What is happening is corruption, a government of the elite by the elite and for the elite and protecting their privacy, the evidence of their crimes, whilst invading our privacy to control us, not for the benefit of society, that is the lie but for their own benefit, to exploit us.

      The government should have power but the people should control the government, so in reality the people have the power. I definitely approve the top down invasion of privacy model. Want privacy, do not take on any kind of public role.

      --
      Chaos - everything, everywhere, everywhen
  4. Yeah, right by dnaumov · · Score: 5, Insightful

    First they DELIBERATELY weaken the Skype architecture to make it easier for various 3-letter agencies to eavesdrop on Skype calls and now we are supposed to trust they have their users best interest on their mind? Yeah, right. Without access to the source code, why would anyone sane consider the implementation to NOT be broken-by-design?

    1. Re:Yeah, right by ckatko · · Score: 1

      Because there's two types of use cases for encryption.

        - Protection from their own government.

        - Protection from everyone else.

      Companies that want their teleconferences protected from everyone else, don't give a shit about the US government snooping on them. They just don't want their private information leaked to China, or other competitors, or prying journalists.

      I mean, fucking duh people. If something "seems insane" maybe it's because you haven't bothered to understand it.

    2. Re:Yeah, right by mark-t · · Score: 4, Informative

      Companies that want their teleconferences protected from everyone else, don't give a shit about the US government snooping on them.

      Anyone with even just a vague understanding of how computers work will realize that these two concepts are inherently contradictory. If the US government can eavesdrop, then so can anyone else, with the right know how. Encryption techniques exist, however, where no amount of know-how will actually make it any easier to decrypt... and these are the so-called unbreakable encryptions that law enforcement bitches about every so often, suggesting that they are thwarting law enforcement, and painting companies that utilize such techniques as deliberately working against them.

      The thing that these people fail to realize is that those unbreakable encryptions are also thwarting untold numbers of would-be criminals that would be all too happy to snoop on people's personal and private data if they could... and use it to their advantage, and probably cause measurable harm to innocent parties.

      Even *IF* the government could supposedly be trusted to not actually abuse such backdoors, there's no possible way to keep the bad guys from getting their hands on them, and doing incalculable levels of harm.

      --
      File under 'M' for 'Manic ranting'
    3. Re:Yeah, right by mark-t · · Score: 1

      I'm not disagreeing with you, but I'm noting that even if you *COULD* give the government the benefit of the doubt (which I'm not alleging you can in the first place), there's no possible way for them to keep the backdoor keys forever out of the hands of the bad guys that law enforcement is supposed to try and stop, and once they have them, law enforcement would have *MORE* work to do because of it, not less.

      --
      File under 'M' for 'Manic ranting'
    4. Re:Yeah, right by AmiMoJo · · Score: 1

      It was for China. They wanted to operate in China, so weakened their encryption.

      Now they have found a way to keep China happy. Maybe it only works outside China, maybe they send the keys to the Chinese government.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  5. What? by OpenSourced · · Score: 1

    Still more difficulties for law enforcement agencies? There are evil geniuses at Microsoft, too!

    --
    Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
  6. Indeed that is a surprise by Oswald+McWeany · · Score: 4, Funny

    Microsoft and Open Whisper Systems (makers of the Signal app) surprised many on Thursday when they said they are partnering to bring support for end-to-end (E2E) encrypted conversations to Skype.

    That is a surprise. I had no idea Skype still existed.

    --
    "That's the way to do it" - Punch
    1. Re:Indeed that is a surprise by Anonymous Coward · · Score: 2, Informative

      Oh yeah, it exists, but it isn'ta relevant. In typical Microsoft fashion, once they got their grubby hands on it, it got so bloated it constantly crashed. I uninstalled it on all my computers and smart-phones and switched to Telegram, which has had encryption the whole time.

      captcha: vibrator

  7. It's all about the key management by bigtomrodney · · Score: 4, Interesting

    You can have the strongest end-to-end encryption you want...it doesn't mean much if you don't know how your private and session keys are handled. It's all down to trusting the vendor that you're supposedly hiding your messages from with "end-to-end" encryption.

    --
    I never get used to these constant resurrections
  8. Actually the important info is who and when by sasparillascott · · Score: 3, Insightful

    The important thing for the surveillers is keeping a running log of who you talk to and when you talk to them and that is still preserved and not encrypted. Having the actual messages is nice, but not nearly as important as knowing who you talk to and when. This is also why Facebook, of all people, allows it on their programs.

  9. Re:Toy by viperidaenz · · Score: 2

    You should pay for Skype for Business then
    Then everyone in your organisation can have a ~50% success rate joining an online skype meeting! and when they do manage it connect, screen sharing will randomly drop out for some people, requiring them to re-join for it to work for the next 30 seconds before failing again.

  10. I don't think so by HermMunster · · Score: 2

    Microsoft has a history of cooperation with the feds. They implemented a centralized server away from p2p in order to at least give the feds access to monitor the Skype network. Signal is true end to end encryption. Efforts to merge the two will simply give the government access to the encrypted communication. Skype is a proprietary piece of software and thus cannot be audited. I've no idea whether Signal has been compromised but I'm leaning in that direction otherwise why else would they be working with a company known to violate their user's privacy and security.

    --
    You can lead a man with reason but you can't make him think.
  11. Is this stuff standardized yet? by Anonymous Coward · · Score: 1

    Do these different implementations of Signal protocol interoperate? i.e. can someone with Signal talk to someone else who uses WhatsApp and then presumably someone else who has Skype?

  12. Microsoft needs a third party to help? by greenwow · · Score: 1

    Just sad. Most of my friends work or have worked there, and it's sad how they've laid-off their most experienced people to save money. Currently setting up a new OpenVPN server, and it supports great encryption and has since I started using it 15+ years ago! Sad Microsoft can't beat that open source project from well over a decade ago.

  13. Re:Toy by Major_Disorder · · Score: 1

    Then everyone in your organisation can have a ~50% success rate joining an online skype meeting!

    A 50% success rate is pretty good for some Microsoft products. :)

    --
    First law of people: People are generally stupid.
  14. So if it is based on Signal .. by Alain+Williams · · Score: 3, Interesting

    which is an open source protocol will we be able to build 100% open source software that interoperates with other Skype users ? I somehow can't see that happening - I would like to be proven wrong.

    1. Re:So if it is based on Signal .. by JustNiz · · Score: 2

      I doubt it. This is Microsoft we're talking about. Its inevitable that they will find some way to "embrace and extend" the protocol to keep it non-standard, or to at least keep open clients off their network. Especially Linux ones.

  15. software recommendations? by throwaway18 · · Score: 1

    Anyone got any recommendations for software for end to end encrypted VOIP using PC's?

  16. Next step for Skype by TheDarkener · · Score: 1

    is to open-source the entire app.

    --
    It is pitch black. You are likely to be eaten by a grue.
    1. Re:Next step for Skype by coofercat · · Score: 1

      I doubt it'll happen, but at least then someone can have a go a making a decent version of it. I just tried to use it - man it's confusing.

      I know it's 'the done thing' to complain about every app change and re-skin, but Skype is the most confusing communications app of them all. Maybe they make it this confusing so that the feds don't bother to try to use it to snoop on people's conversations...?