
Why Doesn't Skype Include Stronger Protections Against Eavesdropping? - sinak
https://www.eff.org/deeplinks/2013/07/why-doesnt-skype-include-stronger-protections-against-eavesdropping
======
RyanZAG
I thought this story had been cleared up awhile ago?

Skype used to use an ecrypted, peer-to-peer protocol that made it very
difficult for Skype communications to be wiretapped, causing difficulties for
the NSA etc.

As per
[http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_...](http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/)
and similar coverage years ago, Microsoft then bought out Skype even though it
was clear it was non-profitable. The peer-to-peer Skype system was dropped
shortly after, and all Skype communications were centralized through Microsoft
servers.

Following releases by Snowden, it is now clear that Microsoft is wiretapping
all Skype communications at the request of the NSA.

~~~
wmf
_The peer-to-peer Skype system was dropped shortly after, and all Skype
communications were centralized through Microsoft servers._

People keep repeating this, but I've seen no evidence that it means what
people think it means. The location of supernodes has no bearing on encryption
or whether call data goes through supernodes.

~~~
rorrr2
But it pretty much guarantees that all the data doesn't flow through one
super-node. P2P design makes a lot of sense. Centralized didn't, until the
recent events.

~~~
surge
It actually didn't make sense (P2P) after a certain point. There was a huge
Skype outages because of a SuperNode back in 2010 when it was P2P. The problem
was a lot of super nodes ended up being desktop hardware that simply couldn't
handle the increased load, likewise, since most desktops are behind some form
of NAT or firewall, not many clients are eligible to be supernodes, meaning
fewer and fewer reliable hosts to act as supernodes. Not to mention the
additional load it creates for the user of the machine when it becomes a
supernode.

The solution was simply for Skype to host its own super nodes. That was the
original reason.

Of course, now there is also the wiretapping concern, but I think its high
time something replaced Skype anyway, that either doesn't require the
supernode weakness and possibly open source so the encryption can be ensured
sending your private cert/key over to the centralized node/servers.

------
venomsnake
First - go back to the ancient times when Skype was conceived. Then people
used these weird wired devices to talk called telephones.

Skype was created to just piss off national telecoms and wired carriers -
because sending the data for a minute of voice over the network was costing
way less than what they were charging.

The brilliant architecture of skype for the times (and even now) was not
created for the security of the users but for Skype to be impossible to be
blocked and detected by telecoms with all kinds of possible DPI capabilities.

The fact that this gave the users somewhat secure way to communicate was just
a nice side effect.

Nowadays the times have changed - the telecoms are overcharging on mobile data
like mad and throwing voice minutes like they are going out of fashion, up to
a point that actually having the telephone used as a modem over voice call
could be profitable. So nobody is bothered to block voice apps. So there is
less need for security.

~~~
MichaelGG
Skype's security was more for self-interest in preventing third party clients
to connect. It hasn't had any proper audits, except for a rather dubious
review Skype published. The rest of interop is achieved through reverse
engineering or other hacking up the Skype client. To think Skype had user's
best interests in mind is ludicrous.

By not just encrypting, but deliberately obfuscating the protocol and client,
they ensured no one could make a better client or hardware without paying
them.

VoIP was around before Skype. Microsoft's NetMeeting (1996) included
multiparty video and audio conversations. Skype wasn't inventive in that way.
P2P was a cute way to bootstrap (less relay servers needed for NAT traversal).

Pissing off carriers is a funny line. All your SkypeOut calls go out to
"carriers", so they get paid. Sure, AT&T would prefer to charge you 50 cents
directly, instead of getting a few cents on wholesale, but Skype's got a huge
amount of markup in their prices, too.

------
jingo
Because they don't need to. Millions of users will still use Skype anyway.

A better question is why is there no obvious open source Skype clone? NAT
traversal via supernode (with or without traffic forwarding) is well
understood, we have several decent free encryption options to choose from and
Skype open sourced their excellent audio codecs.

The problem with Microsoft running Skype is they are making Skype users
connect to Microsoft hosted supernodes instead of user hosted supernodes. In
terms of strengthening the reliability of the service, this might make sense.
But in terms of privacy it is troubling. Microsoft is a very poor steward of
user privacy and has a terrible record of adequately securing their products.

~~~
mlinksva
Jitsi is the most obvious open source Skype clone, but it isn't very obvious:
few know about it. I wish folks complaining about products and stating others
are available (“tools that include privacy and security features”) would name
and link to those.

More mumbling about this [http://gondwanaland.com/mlog/2013/07/18/exit-skype-
loyalty/](http://gondwanaland.com/mlog/2013/07/18/exit-skype-loyalty/)

~~~
jingo
I'd use it but I don't like working with Java nor projects that require
compiling a large, complex GUI - that just makes portability even harder. My
vision of a Skype clone is something more like pjsip, but much smaller and
simpler.

It should be separable into parts (like UNIX userland tools), and each part
should be reasonably small, self-contained and open source. Operable from a
command line. Developers can put parts together to build featureful
applications. They can add GUI's on top.

Under my vision, VOIP is a very basic functionality that should be part of
every OS. Or at least every decent OS (UNIX-derived).

~~~
mlinksva
It makes portability different. Jitsi runs on Linux/OSX/Windows. To the end
user, it's as "portable" as Skype (on the desktop), and I don't know of any
alternative that comes anywhere close.

Thanks for the link to pjsip. I agree philosophically. What do you think of
[https://en.wikipedia.org/wiki/Telepathy_%28software%29](https://en.wikipedia.org/wiki/Telepathy_%28software%29)
?

~~~
jingo
Not a fan of D-bus. Too brittle for my tastes.

I'm curious, because you agree philosophically, what if I said my chosen VOIP
solution didn't need any IETF-approved method to traverse NAT, didn't need
DNSSEC (e.g. we could use NaCl to secure DNS packets, or run our own local DNS
roots and caches), and didn't need to use third parties to centrally manage
SIP addresses (i.e. we could avoid the centralization of VOIP through SIP or
ENUM)?

Are you still in agreement, philosophically?

------
ethomson
I love the dialog box prompting the user to authenticate their "buddy" with
the caption:

> Why is this security dialog (present in other encrypted messaging tools)
> missing from Skype?

Why? Because that dialog is horrifying.

First, because my parents (Skype users) don't want to have to understand
public key cryptography just to talk to their kids and see a video conference
of their grandkids. They want to make a phone call and video conference
inexpensively. That the medium is encrypted is an implementation detail and
one that they don't care about; certainly this impedes their barrier to entry.

But also because I read that dialog box twice and I still don't understand it.
Am I expected to change the combo box to say that I have verified his
fingerprint before clicking Authenticate? What happens if I don't change the
combo box and click Authenticate anyway? Anything? That would be unexpected,
so maybe it's nothing. But if that's true, why isn't Authenticate disabled?

 _That 's_ why.

------
conformal
i've got another question: why doesn't the EFF have a comments section on
their articles? it's fucking irritating that i can't interact with the author
of the article and have to do this on HN.

skype uses "supernodes", i.e. machines with fixed ip addresses, to effect its
udp hole-punching to get p2p comms links working. iirc, the architecture of
skype is such that supernodes also handle the key exchange (kex) between
peers, which is more than a bit dodgy imo.

the kex should occur directly between the two hosts independent of the
supernode, but i recall that this has been their architecture for many years,
meaning skype can eavesdrop on any chat/call they choose by manipulating the
supernodes. the main change that occurred when MS bought skype was that the
supernodes were moved from being presumably-arbitrary hosts with fixed ips to
hosts controlled directly by MS. since MS controls the nodes where both udp
hole-punching _and_ kex occur, they can trivially MITM comms.

i wouldn't be one bit surprised if skype has been owned by intel services for
many years. being literally owned by MS only makes this process easier and
avoids involving foreign nationals.

~~~
schoen
Hi,

I'm the author of the original article and I'm happy to receive e-mail at my
EFF address (as another commenter pointed out, you can find my staff
information page by clicking on my name there).

The focus of my post is the legal uncertainty about why Microsoft may not be
able to improve the cryptographic privacy of Skype (even if they accepted our
view that they ought to). Microsoft's recent statement seem to suggest
Microsoft thinks there are now (or will soon be) legal considerations limiting
its ability to protect users' privacy.

I'm aware of the key exchange problem and, in fact, the (lack of a) way for
users to verify keys is the particular kind of anti-eavesdropping protection
that my article calls out. I don't think that the supernode architecture or
Microsoft's changes to it necessarily made a major qualitative change to
Skype's privacy properties. Microsoft made a blog post at the time of the
architectural change, and again recently, denying that wiretapping was the
motivation for the changes. It's possible that the changes made wiretapping
Skype calls easier even if that wasn't the motivation for making them.

According to the 2005 report, Skype effectively functions as a CA for its
users, but there is no way for the users to check whether the CA's statements
are accurate.

~~~
conformal
howdy seth. it's nice to see people calling out skype since i think it likely
the service has been co-opted for many years, long before they are listed as
having participated with PRISM. i stopped using it for anything but "casual"
comms back in ~2005.

as you point out, your focus is on the legal nature of improving the
encryption. you mention CALEA, which i'm quoting here for clarity

"A telecommunications carrier shall not be responsible for decrypting, or
ensuring the government’s ability to decrypt, any communication encrypted by a
subscriber or customer, unless the encryption was provided by the carrier and
the carrier possesses the information necessary to decrypt the communication."

you are right to point out that skype, under the current laws, is not likely
to be considered a "telecommunications carrier". however, they do provide a
bridge to the PSTN and this may be part of the legal issue. i suspect they are
referencing the yet-to-be-public CALEA II, which may very well require
services like skype to be preemptively backdoored for the FBI, etc.

i see skype's current backdoor situation and their comments that you cite as
more of a PR/damage control dance than anything. none of the companies that
participated in PRISM did/can admit their participation. everyone who does
cooperate with the intel services is going to concoct some reason they "had"
to cooperate, whether it's true or not.

to me, all of this PRISM and CALEA II nonsense is a reminder that unless a
software product is open source, you're unlikely to have any kind of guarantee
or expectation of privacy.

------
FellowTraveler
The whole purpose of Skype is eavesdropping.

~~~
conformal
you must have binged it :)

------
twentyfourseven
Why doesn't Skype have a phone number? They don't, and they're in the business
of phone calling.

~~~
wmf
Obviously you'd call them over Skype. If you called them, which you wouldn't
because free consumer services don't provide support. They probably view the
PSTN as a legacy system.

