So, who trusts them?
Not me, for one.
Microsoft has bunged end-to-end encrypted communications into beta versions of Skype using the open-source Signal protocol. Redmond has been a laggard in locking down Skype as a truly end-to-end encrypted comms system – end-to-end meaning only the people talking to each other can decrypt the chatter, leaving Microsoft and …
Not me, for one.
For once, I give my support to MS. This is long overdue and very welcome. The sooner it is available to the rest of us and on all platforms the better.
Also, it will give the FBI another Tech Company to complain to. Yesterday, it was Apple for their encryption and that iPhones are rather troublesome to hack into.
The Feds need to realise that snooping on what we say and do is not just reserved for the TLA's.
They must be haemorrhaging users to come up with a suggestion like this, but you'd have to be very credulous not to believe that MS wouldn't log the private key somewhere.
And do you trust Apple, Facebook and Google? They have to face the same government.
"To make matters worse there were also reports that Skype had been running an internal team, codenamed Project Chess, that was tasked with making it easier for the Feds to not only collect metadata, but also to listen in on calls and conversations."
Which would be a legal requirement for a Telco provider in most countries.
Still have many family and friends stuck on Skype. Most aren't that tech savvy. Is 'Telegram' a good alternative, that will work on older laptops (32-bit XP / Linux etc)... Anyone know? Microsoft have been shutting off Skype anyway to anyone using 32-bit XP / Linux etc. So time to change.
Wire.com? Doesn't work on XP unless you use the browser version though.
Telegram should be avoided. Use signal if nothing else.
Telegram were found to be using a custome made "roll your own" style of encryption riddled with flaws. Secure applications do not use roll your own encryption. Encryption is so well researched that the implementation is practicaly industry standard and applications like Signal and other that use known good encryption are much better off for it.
Researchers testing encryption security, looking for flaws in AES etc will thus also be testing the same code implemented by apps like Signal that dont roll their own.
Nobody is testing the Telegram encryption as it is entirely custom.
Signal, GNUPG / PGP, SSH, SSL, Threema, Truecrypt, LUCKS, dmcrypt all are widely used and used proplerly accepted and researched methods for providing encryption. Why roll your own?
Before they forced the update to their all new one, everything was fine. Then they deactivated it, forcing us into using this new POS.
The new POS (Skype) is such a resource hog it's mind blowing. It brings my 2.5 GHz Intel Core i5 & 16 GB 1600 MHz DDR3 RAM computer to it's knees. Text lag when typing is literally 2-3 seconds.
"Text lag when typing is literally 2-3 seconds." - so very similar to "improvements" MS introduced to Office since v2013. Literary everything rendered on screen seems like it passed a loop-back to/from their server. Likely because they like to listen/view what you're up to before you hit the send/save button.
Why did I read the first sentence as, "Microsoft has bungled ..."?
Question of habit. Microsoft is bungling everything since a while now.
So, does this mean that Microsoft will be making the source code to Skype freely downloadable so that their use of Signal can be independently verified to ensure that this isn't just a feeble attempt to be seen to be protecting users' privacy while handing the data over to the government as usual?
Also, if M$ are suddenly so keep on protecting users' privacy, how about a complete description of all data exfiltrated from systems under the guise of 'telemetry' and allow it to be turned off completely?
Exactly. Closed-source encryption is irrelevant.
what HAS prompted this response?
In contrast to Dan55's assertion that they must be haemorrhaging users, I see no evidence of that. Indeed, I'm in a running battle with colleagues family and friends to get them to desert Skype BECAUSE it doesn't include E2EE and that I object even to the possibility that the NSA can eavesdrop on our calls at will. Most people don't give a damn.
So - tinfoil hats on please - the only obvious reason I can think of for Microsoft's sudden apparent support for conversational privacy - is much the same as the reason we thought Microsoft had bought Skype in the first place - i.e. to provide access on demand to the TLAs. I suspect the intention is make it look like E2EE and market it as such and thus avoid a rush to true E2EE which is the TLAs worst nightmare.
So your point is critical. Without trusted independent verification of the source code and a means of verifying that the version we're actually using conforms to that code, their claims will be meaningless.
And I suggest that one way we can measure the authenticity of this project is to watch the reactions of the TLAs and authoritarian politicians. If they campaign against it - to the point that Microsoft are forced to defend the project in court - then it might just be real. If the response is muted, the conclusion will be obvious...
In either case, the Code verification is mandatory for the purposes of Trust.
"So, does this mean that Microsoft will be making the source code to Skype freely downloadable "
No but as per most Microsoft code it can be inspected on request by customers.
"No but as per most Microsoft code it can be inspected on request by customers."
After paying a couple thousand dollars and signing an NDA. Wow. Such freedom.
Before the EU roaming initiative I used Skype to phone landlines in the UK. But now I can just use my UK SIM for about 3 pence a minute, which is fine as I rarely make those calls.
The skype client on Android has become quite slow, and the Windows 10 (modern?) app has sound problems on my Lenovo Yoga. Strange when you think it is Microsoft software running on a factory-installed Microsoft OS. I think I just need a dual SIM smartphone and then no need for Skype. Most people are happy with whatsapp or Google Hangouts. Not sure what Google is trying to acieve with Duo or whatever its called. I'd be happy if Google introduced a POTs connection as they already have my credit card!
There are other applications better than Skype for its features.
A person still using Skype now is either ignorant of better alternatives, refuses to switch due to inertia, or has a misplaced faith in Microsoft. Let's be honest, if you're looking for a tech company which at the very least won't betray your privacy, SatNad's Microsoft isn't that company.
The only time I used Skype was when Microsoft had killed off Messenger (a.k.a. MSN, Live Messenger) and merged it into the Skype client. When friends stopped using that and began using Whatsapp, I did the same.
The kids these days do their thing with Snapchat, Twitch and Periscope; it's now pointless to do video calls with Skype. Video conferencing? There is software for that too. Skype is pointless.
You fail to understand that Skype *was* a nice messaging/voice/video application in one single package, also with the capability to reach plain telephone numbers, at good rates especially abroad. You could promote a chat to a call, or send text (and files) while in call - everything inside a single application.
A very different product from WhatsApp, Snapchat, etc. etc.
Sure, if you never needed anything more than a simple chat, WhatsApp would do. Video conferencing software needs a more complex setup than a simple Skype call (and could be more expensive), and, do you really trust, say Cisco WebEx more than Microsoft?
Just, MS is trying to actively kill Skype as much as it can - Nadella is a kind of Midas, everything he touches is turned into a turd...
Biting the hand that feeds IT © 1998–2018