Microsoft has given Skype a major security upgrade.
It’s not that the online calling and chatting service Skype lacked protection before. It’s always had encryption that prevented snoopers from intercepting and decrypting its users’ private communications.
Rather the new method its owner, Microsoft, has rolled out as an option is a more secure alternative called “Private Conversation” that removes central control of encryption, putting it effectively into each device running a copy of Skype.
This decentralized end-to-end encryption can resist government, criminal, and other attempts to tamper with messages, recover old conversations, or intercept ongoing communications.
Private Conversation relies on an open, free method developed by Open Whisper Systems, called Signal Protocol, that is used in Facebook’s WhatsApp and Open Whisper’s own Signal app. It relies on each side of a conversation exchanging enough information to prevent a third party, including Microsoft in this case, from reading messages or listening to conversations.
Microsoft began testing the new Signal-based method in publicly available versions of Skype in January, and it’s available now for one-on-one text messaging, file transfer, and audio calls. Video isn’t yet supported. Messages and files aren’t synced across different copies of Skype on different devices, either, and only one private conversation can take place in Skype at a time.
Since Skype’s development, security experts have complained and warned about the lack of disclosure of the underlying security technology at what was once a standalone company, then owned by eBay, and finally by Microsoft. (Apple similarly reveals very little about the inner workings of its iMessage, which suffers from the same central control of encryption.)
In 2014, the digital-rights group, the Electronic Frontier Foundation, dinged Skype in a scorecard partly for its lack of transparency, that would allow independent verification and testing of its security claims. It received 1 out of 7 points, partly because EFF couldn’t determine enough about how Skype’s security worked, while Apple received 5 out of 7 (The scorecard is now out of date.)
