
Skype Switched to the MSN Messenger Protocol (2014) - userbinator
https://www.kirsle.net/blog/entry/skype-switched-to-the-msn-messenger-protocol
======
slapresta
The whole part about being "hacked" is hilarious. It seems way more plausible
that Skype internally uses fonts with special glyphs for its icons, and that
when it couldn't find them for whatever reason, it defaulted to the next font
on the font stack, which had Chinese characters on the codepoints where those
glyphs were expected to be.

~~~
larrik
I've had it happen to me, except I see some random wingdings instead of
Chinese characters. Being "hacked" never crossed my mind.

------
jdavid
[http://www.cnet.com/news/nsa-docs-boast-now-we-can-
wiretap-s...](http://www.cnet.com/news/nsa-docs-boast-now-we-can-wiretap-
skype-video-calls/)

\-- "In 2008, when the company was owned by eBay instead of Microsoft , a
Skype spokeswoman told CNET : "We have not received any subpoenas or court
orders asking us to perform a live interception or wiretap of Skype-to-Skype
communications. In any event, because of Skype's peer-to-peer architecture and
encryption techniques, Skype would not be able to comply with such a request."

\-- "After buying Skype, Microsoft dramatically overhauled its architecture,
replacing peer-to-peer "super nodes" with thousands of servers run by
Microsoft -- a more centralized approach that may have made it easier for
government eavesdroppers. Around the same time, Microsoft would no longer
stand by Skype's earlier claim to be wiretap-unfriendly."

~~~
drzaiusapelord
and now skype video calls actually work instead of playing "super node
roulette" with quality and connectivity. Not to mention, being deemed a super
node randomly at work and watching all your upload bandwidth being eaten by
idle skype clients.

I have no idea if the new server-based system is wiretap friendly, but the old
system was definitely 100% business unfriendly. Companies pay for GotoMeeting,
Webex, Lync, voip video calls, etc for a reason. Skype had to be modernized to
compete with other services. I don't see some grand conspiracy here. Why would
MS spend all this money to just help the government? Its just asinine.

Those who need encrypted and secure communications were foolish to trust Skype
in the first place. If you aren't rolling your own FOSS-based applications on
your own hardware, you can expect zero privacy here. I imagine the "old" Skype
was just as easily gamed. Sorry if I don't think some spokesperson's PR
statement is proof that it was truly secure. Especially considering Skype was
originally a Russian company. There's precedence for this, for example
Blackberry's "unbreakable" peer-to-peer encryption scheme is regularly
downgraded, invisible to the end user, to more breakable bitrates per national
law. I believe India and Saudi Arabia do this.

~~~
explicitadel
> Why would MS spend all this money to just help the government? Its just
> asinine.

I was reminded of an old 2009 article [0] that speculated that the NSA was
willing to pay big bucks to any company that could make Skype easier for them
to intercept.

Maybe Microsoft took them up on that offer, and made a profit with their
restructuring of Skype's architecture.

[0]:
[http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_...](http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/)

~~~
jszymborski
While that's not unfathomable, it's very much Microsoft's modus operandi to
centralise their services... it's a very corporate thing to do.

~~~
JupiterMoon
What is quite amusing is that they've basically taken Skype and gutted it down
to something that is similar to the old MSN messenger.

------
Xylemon
"third-party Skype client (e.g. to have support in Pidgin)" Funny because
recently the old Skype plugin for Pidgin was re-written to utilize the new
HTTP Skype. So now you have a nice client-less Skype chat in Pidgin. I'm
certain someone could study it to write their own client.

~~~
zipperhead
I've been using the HTTP-based skype pidgin client. It seems to mostly work -
the only show stopper is that file transfer requests fail silently. I had
someone trying to send me a file. I had no idea. It was a little awkward.

~~~
allan_s
do you mind sharing the link to this plugin ?

~~~
zipperhead
Certainly:

[https://github.com/EionRobb/skype4pidgin/tree/master/skypewe...](https://github.com/EionRobb/skype4pidgin/tree/master/skypeweb)

I'm using it from arch, via the AUR package purple-skypeweb-git

------
dsl
The author cites Wikipedia. In the comments a poster claims to have added that
bit to Wikipedia but was unable to cite any sources for it.

"Since i could not find any reference for it, I added it to the wikipedia page
but was not fully certain i was right and that someone would remove it if i
were wrong since i know really very little about how it works on the inside."

------
revelation
Really? They are sending messages as plain-text over the wire?

Now I was going to say encryption is pointless anyway as Microsoft (as did
Skype previously) happily log everything and give it to more and less
democratic governments all over the world. But at least use some encryption to
keep the middle man out.

~~~
userbinator
The _very_ earliest versions used plaintext, but they started tunneling it
over HTTPS a long time ago more due to firewalls than out of privacy reasons.
I don't think people ever thought MSNP was end-to-end secured, and treated it
more or less like an instant form of email.

On the other hand, authentication was always secured via HTTPS, so passwords
were never sent in plaintext.

------
dimino
Adium for OS X hasn't caught up to this fact yet, and still requires a 3rd
party plugin[0] that requires Skype to run for it to work.

I wonder if anyone's trying to advance this at all -- the 3rd party plugin
doesn't seem to receive updates anymore.

[0] -
[http://xtras.adium.im/index.php?a=xtras&xtra_id=5011](http://xtras.adium.im/index.php?a=xtras&xtra_id=5011)

~~~
Xylemon
You could ask Eion about making his SkypeWeb Pidgin plugin for Adium, or look
into it yourself. Here's the plugin I'm talking about by the way:
[https://github.com/EionRobb/skype4pidgin/tree/master/skypewe...](https://github.com/EionRobb/skype4pidgin/tree/master/skypeweb)

~~~
joshstrange
> Q: Does this plugin require Skype to be running? A: Yes.

From the FAQ:
[https://github.com/EionRobb/skype4pidgin#faq](https://github.com/EionRobb/skype4pidgin#faq)

~~~
Xylemon
The way the GitHub page is set up is weird. Basically two different plugins
are hosted on one repo. The root tree you linked to has the original client
required plugin. Go under "Skypeweb" folder and you'll see it's an entirely
different plugin that you can compile and don't need a client (also has its
own README).

------
acqq
Wait, it's not encrypted anymore? Anybody can confirm?

------
kpil
IF I remember correctly, the P2P patents and technology where not included in
the deals, only a licence. My guess is that Microsoft sees that as reason to
"align" their technology stacks.

Zennström really made a number of good deals, selling the same thing several
times.

------
higherpurpose
That's because the MSN Messenger was much more "lawful intercept"-friendly.

~~~
jdavid
[http://www.theguardian.com/world/2013/jul/11/microsoft-
nsa-c...](http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-
collaboration-user-data)

Quote:

• Microsoft helped the NSA to circumvent its encryption to address concerns
that the agency would be unable to intercept web chats on the new Outlook.com
portal;

• The agency already had pre-encryption stage access to email on Outlook.com,
including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via
Prism to its cloud storage service SkyDrive, which now has more than 250
million users worldwide;

• Microsoft also worked with the FBI's Data Intercept Unit to "understand"
potential issues with a feature in Outlook.com that allows users to create
email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSA boasted
that a new capability had tripled the amount of Skype video calls being
collected through Prism;

• Material collected through Prism is routinely shared with the FBI and CIA,
with one NSA document describing the program as a "team sport".

------
dimino
Should probably have (2014) in title, this is 7 months old.

~~~
McGlockenshire
Not just that, but there are still very few third party clients that speak
version 24, which makes interop kind of difficult. See
[http://ismsndeadyet.com/](http://ismsndeadyet.com/)

