Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Microsoft Cloud Privacy

Skype Finalizes Its Move To the Cloud; To Kill Older Clients -- Remains Tight Lipped About Privacy (arstechnica.com) 74

When it was first created, Skype network was built as a decentralized peer-to-peer system. PCs that had enough processing muscle and bandwidth acted as "supernodes," and coordinated connections between other machines on the network. This p2p system was generally perceived as being relatively private, a belief that has since been debunked. There were several technical challenges, which led Microsoft to move most of Skype's operations to the cloud. Ars Technica is reporting that the company has finalized the switch. From the article: Microsoft has developed a more conventional client-server network, with clients that act as pure clients and dedicated cloud servers. The company is starting to transition to this network exclusively. This transition means that old peer-to-peer Skype clients will cease to work. Clients for the new network will be available for Windows XP and up, OS X Yosemite and up, iOS 8 and up, and Android 4.03 and up. However, certain embedded clients -- in particular, those integrated into smart TVs and available for the PlayStation 3 -- are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.The issue, as the report points out, is that Microsoft is strangely not talking about privacy and security concerns. The article adds: The Ed Snowden leaks raised substantial questions about the privacy of services such as Skype and have caused an increasing interest in platforms that offer end-to-end encryption. The ability to intercept or wiretap Skype came as a shock to many, especially given Skype's traditionally peer-to-peer infrastructure. Accordingly, we've seen similar services such as iMessage, WhatsApp, and even Facebook Messenger, start introducing end-to-end encryption. The abandonment of Skype's peer-to-peer system can only raise suspicions here.Matthew Green, who teaches cryptography at Johns Hopkins, said: "The surprising thing here is not that Microsoft can intercept Skype calls (duh) but that they won't just admit it."
This discussion has been archived. No new comments can be posted.

Skype Finalizes Its Move To the Cloud; To Kill Older Clients -- Remains Tight Lipped About Privacy

Comments Filter:
  • What can you recommend in FOSS, and can such things work reliably without a heavy backend infrastructure?

    • For desktop, use Pidgin with the Off-The-Record plugin: https://pidgin.im/ [pidgin.im]

      For mobile, use Signal by Open Whisper Systems.
      • by cb88 ( 1410145 )
        There is also Tox... there is one developer I talk to occasionally that uses it as his main means of communications. The chat works well... haven't tested the Voip but it's one of it's main features apparently.
    • In addition to the afore mentioned Pidgin, there is also Jitsi.

      It, too, can connect to XMPP (e.g.: Google Mail. Or a private server) and SIP.
      It, too, uses OTR to guarantee end-to-end encryption over the chat channel.

      It is multi platform, available on Linux, Windows, Mac and Android (as far as I know, either pidgin itselfs, or other software using its libpurple library are also available on nearly any platform you would want).

      Jitsi can in addition place encrypted call, using ZRTP (as far as I know, Pidgin cu

    • by Burz ( 138833 )

      https://ring.cx/ [ring.cx]

      Its decentralized and uses end-to-end encryption. It also isn't attached at the hip to a humungous browser (Chrome) the way Signal is.

  • Patent Admission (Score:5, Informative)

    by 3vi1 ( 544505 ) on Wednesday July 20, 2016 @10:01AM (#52547343) Homepage Journal

    Not only do they wiretap your Skype calls, they patented it: http://appft1.uspto.gov/netacg... [uspto.gov].

  • by Anonymous Coward

    From the very beginning, Skype's protocol was undocumented. (That's one of the reasons there weren't competing compatible implementations.)

    And since it was undocumented, everyone assumed it had to be fundamentally insecure.

    And then there was the fact that it was banned in various countries on the explicit and publicly-known condition that the ban wouldn't be lifted until the governments in question were given access to the keys. This confirmed the insecurity, to openly known fact. That it's insecure isn't a

  • ...Clients for the new network will be available for Windows XP ...

    But... but... but... Microsoft has stated that XP is dead and unsupported, haven't they?

    • XP support's only dead if you don't have an extended-life contract with Microsoft, like the U.S. Navy does. And I would not think it unlikely that they use Skype.
    • by TroII ( 4484479 )

      They never said they wouldn't introduce new surveillance capabilities to XP, though. There are plenty of XP holdouts, and it's still very widely used in "interesting" (to IC) nations because a) it runs well on any old hardware that's available, and b) it's been thoroughly and completely pirated. If your goal is to intercept as many conversations as possible, particularly in places like Iran, the Koreas, Syria, etc., you had better make your wiretapping client available for XP.

  • by 110010001000 ( 697113 ) on Wednesday July 20, 2016 @10:17AM (#52547461) Homepage Journal
    The Skype protocol is proprietary. No one has any idea if it is secure or not. Therefore it isn't secure. Support open standards and protocols.
    • by bmk67 ( 971394 )

      Other than this quibble - yep:

      No one has any idea whether it's secure, therefore it isn't trustworthy.

    • If you read the fine print in the EULA, Microsoft is willing to help law enforcement wherever it is required by local laws.
      And if you believe the log of the AppArmor jail you linux client is running in, it's a really badly designed, badly behaving application.

      On the other hand, the mix of JSON and XML used by Web Skype has been reverse engineered, plug-ins are availabe for libpurple (thus for Pidgin, Adium, Telepathy, etc.) so you can set-up your own end-to-end encryption layer over skype (e.g.: OTR) if bot

    • The Skype protocol is proprietary. No one has any idea if it is secure or not. Therefore it isn't secure. Support open standards and protocols.

      That's some thinly veiled nonsense you've got there. You're arguing that because we are unable to verify a claim, the claim is necessarily untrue, when in reality our ability to verify a claim has no bearing on whether or not the claim is true (much as we might prefer for that to not be the case).

      I'm all for open source when it comes to these matters because I firmly believe that public scrutiny is one of the best tools we have for improving the security of our software, and that it also comes with the nice

  • The interesting problem is that for POTS, they need warrants to wiretap. For new internet technologies the laws are not in place, so the NSA and FBI pretty much have said "It's available, it's not required to warrant by law, so let's Hoover up everything". And that's what they are doing. Microsoft already has an "NSAKEY" in its Windows encryption, and since taking over Skype they've "re-architected" everything. I'd be highly surprised if they DIDN'T have it all piped straight to the TLA government agencies.

  • They left out linux in the list... so that means they are beta testing a dead product?

    What gives? Microsoft never does things like that.

    • Comment removed based on user account deletion
      • by Anonymous Coward

        Possibly, but it doesn't matter much. As I understood it, the beta was just a wrapper around the web version. The web version works very well under GNU/Linux, it even works on ChromeOS.

        Does "works well" include handling group calls (or whatever Skype calls them)? Because last time I tried using it, back in March, answering a group call didn't work with the web client in Linux using Chrome.

        • Does "works well" include handling group calls (or whatever Skype calls them)?

          Yes but not in the Web version - currently only the Linux desktop version (with caveats). See https://support.skype.com/en/f... [skype.com] (Calling and call troubleshooting):

          Does this fix the incoming group call issue I have on Skype for Linux today?
          Yes, the problem with receiving incoming group calls is fixed in Skype for Linux Alpha. Make sure the people you're calling or receiving calls from are using the latest version of Skype.

  • Comment removed based on user account deletion
  • Skype has recently been approved for US Gov employees to use at work. This happened almost as soon as MS bought the company [windowsitpro.com]; took a few years, but by now it is approved pretty much govt wide. Somehow that seems like relevant information here.
  • by Anonymous Coward

    Other than Skype for Bidness (which I'm forced to use at work) I've moved to Discord with a whole slew of other people

    BUH-BYE

  • What's so strange and surprising about this? They need to spy on people. Really all they did is remove what little value Skype had left. I already quit using it. Not that WhatsApp is any better...

  • I have been noticing that the web client has a lot crappier quality for audio and video, closer to the google hangout quality. So those of you using it for podcasts to get better audio of guests..... expect to look for something else...

    Sadly the free and easy solutions for high quality audio conferencing are going away.

  • One of the traditional advantages of P2P is that it is possible to with no preset limit for the size of messages, including attachments. IIRC, Skype has had that ability in the past. The thing is that I don't know of any centralized client-server system, even cloud based, that has not implemented some limit on the size of messages you can send. In addition to being silent about privacy, this article (at least) does not say anything one way or the other about introducing size limits.
  • all successful, quality, conferencing apps use a client server approach with muxing of streams taking place on the server itself allowing you to reserve maximum bandwidth for voice quality

    the architecture of the platform isnt the privacy concern, the tos are

  • You've got to be kidding if you think switching on WhatsApp and Facebook Messenger give you more privacy. All it does is change who is doing the spying. Skype is Microsoft which seems to be cozy with the government. Facebook doesn't seem as cozy with the government in public, but I think that is probably all show anyways.

    However, Facebook's apps are designed to be spyware, while Skype isn't last I checked. How is installing Spyware more private than non-spyware?

    With Windows 10 and patches to earlier operating systems, Microsoft entered the spyware business big time. Maybe the Skype app is spyware now too, I haven't seen anything posted on that? Microsoft has always been cozy with the government like the daily scans for NSA provided keywords on all Microsoft OSes, but this move to being more like Facebook and Google has been more recent.

    Skype's privacy policy:
    https://privacy.microsoft.com/... [microsoft.com]
    "However, we do not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you."
    Facebook messenger policy:
    https://www.facebook.com/polic... [facebook.com]
    "We collect the content and other information you provide when you use our Services, including when you sign up for an account, create or share, and message or communicate with others."
    "We use the information we have to improve our advertising and measurement systems so we can show you relevant ads on and off our Services and measure the effectiveness and reach of ads and services."

    So Skype = NSA spying.
    WhatsApp/Facebook Messenger = Facebook spying and almost certainly the NSA even though Facebook tries to imply otherwise.

    What we need are more options like Signal Private Messenger that actually seem to care about privacy.

    iMessage probably is one of the more privacy oriented messengers (with the exception of Signal). Apple hasn't seemed to be big on spyware other than the stint in Yosemite.

  • But which Asterisk manager is the least PITA?

Ignorance is bliss. -- Thomas Gray Fortune updates the great quotes, #42: BLISS is ignorance.

Working...