Personal Tech

Microsoft finally injects end-to-end chat crypto into Skype – ish...

If you sign up to be a tester

By Iain Thomson in San Francisco

20 SHARE

Microsoft has bunged end-to-end encrypted communications into beta versions of Skype using the open-source Signal protocol.

Redmond has been a laggard in locking down Skype as a truly end-to-end encrypted comms system – end-to-end meaning only the people talking to each other can decrypt the chatter, leaving Microsoft and whoever may be eavesdropping on the connections in the dark.

To be clear, Skype uses standard encryption for audio and video calls, and texts and file transfers. However, it is possible for Microsoft to decrypt, or be forced to decrypt, this information. End-to-end crypto ensures only each end of the conversation – the people talking to each other – can decipher messages.

Skype's incoming end-to-end protection, dubbed Private Conversations, safeguards audio calls, text messages and shared files. Crucially, it is only, for now, going out in a limited release to Skype Insider testers. And it can only be used for one-on-one chats. The group conversations Redmond is touting as a key business tool won’t be covered by the Signal system.

"With Private Conversations, you can have end-to-end encrypted Skype audio calls and send text messages or files like images, audio, or videos, using the industry standard Signal Protocol by Open Whisper Systems," said Microsoft program manager Ellen Kilbourne on Thursday.

"The content of these conversations will be hidden in the chat list as well as in notifications to keep the information you share private. You can only participate in a private conversation from a single device at a time. You can switch the conversation to any of your devices, but the messages you send and receive will be tied to the device you’re using at the time."

Snowden

Signal is the gold standard of end-to-end encryption. Its development is headed by dreadlocked computer security guru Moxie Marlinspike at Whisper Systems, and the code is endorsed by the likes of Edward Snowden and Bruce Schneier. Google's Allo, Facebook's WhatsApp, and the social network's Messenger client have been using Signal since 2016. One has to wonder why it has taken so long for Microsoft to get onboard.

Once upon a time, Skype's distributed peer-to-peer communications was considered pretty good for privacy. However, in 2012, a year after Microsoft bought Skype, the service moved to using supernodes hosted inside Redmond's data centers for communication, a move that some said was to make it easier for the tech giant to work with law enforcement to intercept calls and other chatter.

Skype denied the claims in a carefully worded memo, saying the changes were all about improving the quality of service and making it easier to roll out new applications. Microsoft does hand over some people's details and chat logs where "legally required and technically feasible," Mark Gillett, the company's chief operating officer said at the time.

PRISM

But then came the Snowden disclosures, and it turned out that things at Skype were not as they seemed. The comms biz was part of the NSA's PRISM surveillance network, which punted emails, chat logs, VoIP traffic, files transfers, and other private stuff at the American intelligence agency – and Microsoft was a founding member of PRISM back in 2007.

To make matters worse there were also reports that Skype had been running an internal team, codenamed Project Chess, that was tasked with making it easier for the Feds to not only collect metadata, but also to listen in on calls and conversations.

Whether Microsoft's latest move to Signal will really help is in question, given the software goliath's past tactics ad cooperation with Uncle Sam. Those who really want secure communications should probably just cut out the middleman, and install Signal's app.

Separately, there was a flap earlier this week about hackers and spies being able to slip into Signal-protected WhatsApp group chats by compromising WhatsApp servers. However, Marlinspike explained that doing so would tip off everyone in a group that someone had been added, and that all end-to-end encrypted conversations up to that point in the group could not be read by the snoop anyway. ®

Sign up to our NewsletterGet IT in your inbox daily

20 Comments

More from The Register

Using Microsoft's Dynamics 365 Finance and Operations? Using Skype? Not for long!

Upcoming update could bork on-prem logins, warns Redmond

Microsoft takes a pruning axe to Skype's forest of features

Say farewell to Highlights ... if you even noticed it was there

Microsoft gets ready to kill Skype Classic once again: 'This time we mean it'

Remember remember the first of November

Microsoft dropkicks Cortana with Skype functionality on Alexa

Plus: Cloud file-sharing on desktop and mobile clients

Guys, you need to sit down and have a chat: Skype rolls out SMS a week after Microsoft

Updated Skype also does MMS. Your Phone also does photos. Neither talks to iOS

Still using Skype? Good news! After HOURS of meetings, Microsoft reckons it knows when you're Not Active

Plus: New passive aggressive 'Quiet Mode'

Skype for Biz users: Go watch nature vids. Microsoft wants you to get good at migration

New roadmap for Teams does everything but name Skype's death date

Whatchu got for us this week, Microsoft? Skype, Powerpoint tweaks and – oh – another foldable

Roundup Gaps continue to close in MS's messaging platform as fanbois dream of new devices

Ever wanted to strangle Microsoft? Now Outlook, Skype 'throttle' users amid storm cloud drama

Weird error message triggered by Azure update blunder

Even Microsoft's lost interest in Windows Phone: Skype and Yammer apps killed

Use iOS or Android, says Redmond, as telephony APIs sprout in Windows