I thought this story had been cleared up awhile ago?
Skype used to use an ecrypted, peer-to-peer protocol that made it very difficult for Skype communications to be wiretapped, causing difficulties for the NSA etc.
As per http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_... and similar coverage years ago, Microsoft then bought out Skype even though it was clear it was non-profitable. The peer-to-peer Skype system was dropped shortly after, and all Skype communications were centralized through Microsoft servers.
Following releases by Snowden, it is now clear that Microsoft is wiretapping all Skype communications at the request of the NSA.
Alright, first of all let's remember that the NSA added Skype to the PRISM program before Microsoft even bought it.
Secondly, there were very real technical reasons why Microsoft rearchitected the Skype backend. They needed to do this in order to make Skype compatible with new generation of devices. This has been posted on HN before: https://news.ycombinator.com/item?id=5930600
I'm not disputing that the changes allow for easier eavesdropping (I honestly don't know enough technical details to have an opinion either way). However, I do think that it's rather meaningless since Skype was already in the PRISM program prior to the changes, and that the people behind the architectural changes probably had absolutely no idea about the PRISM program in the first place and were simply doing it in order to make Skype a better product on mobile devices.
That was a load of bullshit made-up excuses back then and it still is now. Call traffic does not need to go through Microsoft servers. Making it go P2P even in the presence of NAT/firewalls at both ends is a problem solved several years ago. You have to make a conscious decision not to support that and the reason will not be a technical one.
> You have to make a conscious decision not to support that
To emphasize - Skype had that solved years ago, to the point that e.g. back in the day in my university, they announced at some point that Skype is banned (because it was a bandwidth hog - the uni had a bad connection) but they were unable to enforce that at the firewall because their firewall couldn't tell if it was a skype connection or not.
Skype was built by the people who previously made Kazaa, the most efficient P2P app at the time. There was VOIP software before Skype, but non worked as well -- and it wasn't the Skype voice codec that made it work well (although SILK when introduced later did wonders for quality, and SVOPC was not bad) - it was the P2P architecture that provided excellent connectivity, that other VOIP apps at the time did not have.
Furthermore, Google did not purchase Skype BECAUSE it was P2P/distributed, which goes against the spirit of every Google service.
The peer-to-peer Skype system was dropped shortly after, and all Skype communications were centralized through Microsoft servers.
People keep repeating this, but I've seen no evidence that it means what people think it means. The location of supernodes has no bearing on encryption or whether call data goes through supernodes.
But it pretty much guarantees that all the data doesn't flow through one super-node. P2P design makes a lot of sense. Centralized didn't, until the recent events.
It actually didn't make sense (P2P) after a certain point. There was a huge Skype outages because of a SuperNode back in 2010 when it was P2P. The problem was a lot of super nodes ended up being desktop hardware that simply couldn't handle the increased load, likewise, since most desktops are behind some form of NAT or firewall, not many clients are eligible to be supernodes, meaning fewer and fewer reliable hosts to act as supernodes. Not to mention the additional load it creates for the user of the machine when it becomes a supernode.
The solution was simply for Skype to host its own super nodes. That was the original reason.
Of course, now there is also the wiretapping concern, but I think its high time something replaced Skype anyway, that either doesn't require the supernode weakness and possibly open source so the encryption can be ensured sending your private cert/key over to the centralized node/servers.
Complicating the "Microsoft corrupted the virtuous Skype" story is the fact that Skype appears in the PRISM slides dating to before Microsoft's purchase of it.
It's a flawed thought, since it's only the date they complete the acquisition on paper i.e. to signal to everyone that it's permanent. This does not forbid you from working with the company for integration purposes, or why would you have such a long time span between announcing you agreed to buy somebody and actually 'doing it'?
In reality you would do a lot of work with the company you're attempting to buy. If for example Skype promised they could change the network to enable wiretapping yet they are unable to, then MSFT could cancel the deal. Or indeed for any of the reasons outlined in the original press release about 'forward-looking statements'.
You should read the article first (hint: it's not about why Microsoft moved off P2P). You can do secure communications even without P2P, and the point of the article was that Microsoft may have very little reason not to do that, and that they should, because in terms of private/secure communications Skype went from one of the best to one of the worst right now.
First - go back to the ancient times when Skype was conceived. Then people used these weird wired devices to talk called telephones.
Skype was created to just piss off national telecoms and wired carriers - because sending the data for a minute of voice over the network was costing way less than what they were charging.
The brilliant architecture of skype for the times (and even now) was not created for the security of the users but for Skype to be impossible to be blocked and detected by telecoms with all kinds of possible DPI capabilities.
The fact that this gave the users somewhat secure way to communicate was just a nice side effect.
Nowadays the times have changed - the telecoms are overcharging on mobile data like mad and throwing voice minutes like they are going out of fashion, up to a point that actually having the telephone used as a modem over voice call could be profitable. So nobody is bothered to block voice apps. So there is less need for security.
Skype's security was more for self-interest in preventing third party clients to connect. It hasn't had any proper audits, except for a rather dubious review Skype published. The rest of interop is achieved through reverse engineering or other hacking up the Skype client. To think Skype had user's best interests in mind is ludicrous.
By not just encrypting, but deliberately obfuscating the protocol and client, they ensured no one could make a better client or hardware without paying them.
VoIP was around before Skype. Microsoft's NetMeeting (1996) included multiparty video and audio conversations. Skype wasn't inventive in that way. P2P was a cute way to bootstrap (less relay servers needed for NAT traversal).
Pissing off carriers is a funny line. All your SkypeOut calls go out to "carriers", so they get paid. Sure, AT&T would prefer to charge you 50 cents directly, instead of getting a few cents on wholesale, but Skype's got a huge amount of markup in their prices, too.
Because they don't need to. Millions of users will still use Skype anyway.
A better question is why is there no obvious open source Skype clone? NAT traversal via supernode (with or without traffic forwarding) is well understood, we have several decent free encryption options to choose from and Skype open sourced their excellent audio codecs.
The problem with Microsoft running Skype is they are making Skype users connect to Microsoft hosted supernodes instead of user hosted supernodes. In terms of strengthening the reliability of the service, this might make sense. But in terms of privacy it is troubling. Microsoft is a very poor steward of user privacy and has a terrible record of adequately securing their products.
Jitsi is the most obvious open source Skype clone, but it isn't very obvious: few know about it. I wish folks complaining about products and stating others are available (“tools that include privacy and security features”) would name and link to those.
I'd use it but I don't like working with Java nor projects that require compiling a large, complex GUI - that just makes portability even harder. My vision of a Skype clone is something more like pjsip, but much smaller and simpler.
It should be separable into parts (like UNIX userland tools), and each part should be reasonably small, self-contained and open source. Operable from a command line. Developers can put parts together to build featureful applications. They can add GUI's on top.
Under my vision, VOIP is a very basic functionality that should be part of every OS. Or at least every decent OS (UNIX-derived).
It makes portability different. Jitsi runs on Linux/OSX/Windows. To the end user, it's as "portable" as Skype (on the desktop), and I don't know of any alternative that comes anywhere close.
I'm curious, because you agree philosophically, what if I said my chosen VOIP solution didn't need any IETF-approved method to traverse NAT, didn't need DNSSEC (e.g. we could use NaCl to secure DNS packets, or run our own local DNS roots and caches), and didn't need to use third parties to centrally manage SIP addresses (i.e. we could avoid the centralization of VOIP through SIP or ENUM)?
I love the dialog box prompting the user to authenticate their "buddy" with the caption:
> Why is this security dialog (present in other encrypted messaging tools) missing from Skype?
Why? Because that dialog is horrifying.
First, because my parents (Skype users) don't want to have to understand public key cryptography just to talk to their kids and see a video conference of their grandkids. They want to make a phone call and video conference inexpensively. That the medium is encrypted is an implementation detail and one that they don't care about; certainly this impedes their barrier to entry.
But also because I read that dialog box twice and I still don't understand it. Am I expected to change the combo box to say that I have verified his fingerprint before clicking Authenticate? What happens if I don't change the combo box and click Authenticate anyway? Anything? That would be unexpected, so maybe it's nothing. But if that's true, why isn't Authenticate disabled?
i've got another question: why doesn't the EFF have a comments section on their articles? it's fucking irritating that i can't interact with the author of the article and have to do this on HN.
skype uses "supernodes", i.e. machines with fixed ip addresses, to effect its udp hole-punching to get p2p comms links working. iirc, the architecture of skype is such that supernodes also handle the key exchange (kex) between peers, which is more than a bit dodgy imo.
the kex should occur directly between the two hosts independent of the supernode, but i recall that this has been their architecture for many years, meaning skype can eavesdrop on any chat/call they choose by manipulating the supernodes. the main change that occurred when MS bought skype was that the supernodes were moved from being presumably-arbitrary hosts with fixed ips to hosts controlled directly by MS. since MS controls the nodes where both udp hole-punching _and_ kex occur, they can trivially MITM comms.
i wouldn't be one bit surprised if skype has been owned by intel services for many years. being literally owned by MS only makes this process easier and avoids involving foreign nationals.
I'm the author of the original article and I'm happy to receive e-mail at my EFF address (as another commenter pointed out, you can find my staff information page by clicking on my name there).
The focus of my post is the legal uncertainty about why Microsoft may not be able to improve the cryptographic privacy of Skype (even if they accepted our view that they ought to). Microsoft's recent statement seem to suggest Microsoft thinks there are now (or will soon be) legal considerations limiting its ability to protect users' privacy.
I'm aware of the key exchange problem and, in fact, the (lack of a) way for users to verify keys is the particular kind of anti-eavesdropping protection that my article calls out. I don't think that the supernode architecture or Microsoft's changes to it necessarily made a major qualitative change to Skype's privacy properties. Microsoft made a blog post at the time of the architectural change, and again recently, denying that wiretapping was the motivation for the changes. It's possible that the changes made wiretapping Skype calls easier even if that wasn't the motivation for making them.
According to the 2005 report, Skype effectively functions as a CA for its users, but there is no way for the users to check whether the CA's statements are accurate.
howdy seth. it's nice to see people calling out skype since i think it likely the service has been co-opted for many years, long before they are listed as having participated with PRISM. i stopped using it for anything but "casual" comms back in ~2005.
as you point out, your focus is on the legal nature of improving the encryption. you mention CALEA, which i'm quoting here for clarity
"A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication."
you are right to point out that skype, under the current laws, is not likely to be considered a "telecommunications carrier". however, they do provide a bridge to the PSTN and this may be part of the legal issue. i suspect they are referencing the yet-to-be-public CALEA II, which may very well require services like skype to be preemptively backdoored for the FBI, etc.
i see skype's current backdoor situation and their comments that you cite as more of a PR/damage control dance than anything. none of the companies that participated in PRISM did/can admit their participation. everyone who does cooperate with the intel services is going to concoct some reason they "had" to cooperate, whether it's true or not.
to me, all of this PRISM and CALEA II nonsense is a reminder that unless a software product is open source, you're unlikely to have any kind of guarantee or expectation of privacy.
Personally I'm relieved that the eff does not have public comments on articles, people find them from search engines, news site, and shouty blogs often - could you imagine the signal to noise?
Obviously you'd call them over Skype. If you called them, which you wouldn't because free consumer services don't provide support. They probably view the PSTN as a legacy system.
Skype used to use an ecrypted, peer-to-peer protocol that made it very difficult for Skype communications to be wiretapped, causing difficulties for the NSA etc.
As per http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_... and similar coverage years ago, Microsoft then bought out Skype even though it was clear it was non-profitable. The peer-to-peer Skype system was dropped shortly after, and all Skype communications were centralized through Microsoft servers.
Following releases by Snowden, it is now clear that Microsoft is wiretapping all Skype communications at the request of the NSA.