Microsoft, Signal add end-to-end encryption to Skype

AppleInsiderAppleInsider
Posted:
in General Discussion
Skype users will soon be able to message without fear of prying eyes as secure communications firm Signal has partnered with Microsoft to add new encryption capabilities to the service.




The new feature, dubbed Private Conversations, has some key differences from typical Skype chats. Users must specifically accept invitations to private conversations, and for now those conversations must be one-to-one.

Additionally, private conversations can only take place on the devices they're initiated from. That means that a conversation started on a phone can't be continued from a laptop, for instance, due to the nature of Signal's encryption protocol.

Users also won't be able to edit messages or forward files in private conversations, or see message previews in the main chat window.

Skype marks the third major messaging service to adopt Signal's protocol for secure end-to-end encryption. WhatsApp, Facebook Messenger, and Google's Allo added the feature in 2016,

Private conversations are available now in Skype Insider builds for Windows, Mac, Linux, and Android. There's no word yet on when the feature will roll out to a wider audience.

Comments

  • Reply 1 of 14
    racerhomie3racerhomie3 Posts: 1,264member
    Wow .
    They did not have this before!
  • Reply 2 of 14
    indieshackindieshack Posts: 328member
    Um - what? Signal will have been (or will be in the future) the recipient of a midnight knock at the door by someone holding a court order to provide them access to the encryption. Personally I couldn’t care less since I don’t do anything interesting (or dodgy) in my spare time, but no one should be under the illusion that this is completely impenetrable.
  • Reply 3 of 14
    bobjohnsonbobjohnson Posts: 154member
    Um - what? Signal will have been (or will be in the future) the recipient of a midnight knock at the door by someone holding a court order to provide them access to the encryption. Personally I couldn’t care less since I don’t do anything interesting (or dodgy) in my spare time, but no one should be under the illusion that this is completely impenetrable.
    Barring a flaw in the protocol itself, this isn't really possible. The core concept of end-to-end encryption is that the only parties capable of reading messages are the parties sending the messages, because they generate the keypairs directly. You can't have a "master key."
    edited January 2018 Rayz2016lostkiwisandorgatorguydjames4242watto_cobra
  • Reply 4 of 14
    indieshackindieshack Posts: 328member
    bobjohnson said:
    Um - what? Signal will have been (or will be in the future) the recipient of a midnight knock at the door by someone holding a court order to provide them access to the encryption. Personally I couldn’t care less since I don’t do anything interesting (or dodgy) in my spare time, but no one should be under the illusion that this is completely impenetrable.
    Barring a flaw in the protocol itself, this isn't really possible. The core concept of end-to-end encryption is that the only parties capable of reading messages are the parties sending the messages, because they generate the keypairs directly. You can't have a "master key."
    I stand corrected - I read up some more after your comment 
    Rayz2016lostkiwi
  • Reply 5 of 14
    roakeroake Posts: 811member
    indieshack said:
    Um - what? Signal will have been (or will be in the future) the recipient of a midnight knock at the door by someone holding a court order to provide them access to the encryption. Personally I couldn’t care less since I don’t do anything interesting (or dodgy) in my spare time, but no one should be under the illusion that this is completely impenetrable.
    None of us do anything interesting (or dodgy), or maybe we do.  In any case, it’s ours to do, and not the business of the government.  And if they think it is, they can damned well investigate based on my merits or actions, and not by slithering around through everything attributed to me on the internet.
    williamlondonwatto_cobra
  • Reply 6 of 14
    lkrupplkrupp Posts: 10,557member
    So does Microsoft now join the ranks of “Jerks” and “Evil Geniuses” with Apple?
    williamlondondjames4242watto_cobra
  • Reply 7 of 14
    darren mccoydarren mccoy Posts: 86member
    Oh yeah... Skype.
  • Reply 8 of 14
    sandorsandor Posts: 658member
    If WhatsApp, FaceBook & Google have it, then Skype is the 4th, right?
    And Signal already has it in their messaging app, so Skype would be the 5th.
    watto_cobra
  • Reply 9 of 14
    linkmanlinkman Posts: 1,035member
    bobjohnson said:
    Um - what? Signal will have been (or will be in the future) the recipient of a midnight knock at the door by someone holding a court order to provide them access to the encryption. Personally I couldn’t care less since I don’t do anything interesting (or dodgy) in my spare time, but no one should be under the illusion that this is completely impenetrable.
    Barring a flaw in the protocol itself, this isn't really possible. The core concept of end-to-end encryption is that the only parties capable of reading messages are the parties sending the messages, because they generate the keypairs directly. You can't have a "master key."
    The flaw is that we can't be certain that Microsoft/Skype/Signal hasn't placed a backdoor in the app where the keys for every conversation get sent to a third party because of some secret law/order.
    watto_cobra
  • Reply 10 of 14
    indieshackindieshack Posts: 328member
    linkman said:
    bobjohnson said:
    Um - what? Signal will have been (or will be in the future) the recipient of a midnight knock at the door by someone holding a court order to provide them access to the encryption. Personally I couldn’t care less since I don’t do anything interesting (or dodgy) in my spare time, but no one should be under the illusion that this is completely impenetrable.
    Barring a flaw in the protocol itself, this isn't really possible. The core concept of end-to-end encryption is that the only parties capable of reading messages are the parties sending the messages, because they generate the keypairs directly. You can't have a "master key."
    The flaw is that we can't be certain that Microsoft/Skype/Signal hasn't placed a backdoor in the app where the keys for every conversation get sent to a third party because of some secret law/order.
    You are saying pretty much what I also commented, but end-to-end encryption is meant to be less susceptible to back door capability, at least based on what I read
  • Reply 11 of 14
    gatorguygatorguy Posts: 24,212member
    linkman said:
    Um - what? Signal will have been (or will be in the future) the recipient of a midnight knock at the door by someone holding a court order to provide them access to the encryption. Personally I couldn’t care less since I don’t do anything interesting (or dodgy) in my spare time, but no one should be under the illusion that this is completely impenetrable.
    Barring a flaw in the protocol itself, this isn't really possible. The core concept of end-to-end encryption is that the only parties capable of reading messages are the parties sending the messages, because they generate the keypairs directly. You can't have a "master key."
    The flaw is that we can't be certain that Microsoft/Skype/Signal hasn't placed a backdoor in the app where the keys for every conversation get sent to a third party because of some secret law/order.
    China immediately comes to mind which perhaps is the reason both Signal and Skype are now barred from there, a relatively recent event. Under new(ish) Chinese mandates all encrypting software services operating there must pass inspection and approval by authorities in order to be legally used. As part of the approval process a method for China to decrypt must also be provided. 
    edited January 2018
  • Reply 12 of 14
    bobjohnsonbobjohnson Posts: 154member
    linkman said:
    The flaw is that we can't be certain that Microsoft/Skype/Signal hasn't placed a backdoor in the app where the keys for every conversation get sent to a third party because of some secret law/order.
    The signal protocol is designed to mitigate this with renewable session keys: https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm

    You'd have to intercept literally everything - after obtaining the keys - to access the contents of one message. We're talking targeted NSA-level surveillance here, and for people considering that a component of their threat model I don't think Skype is on the table anyway.
  • Reply 13 of 14
    linkmanlinkman Posts: 1,035member
    bobjohnson said:
    linkman said:
    The flaw is that we can't be certain that Microsoft/Skype/Signal hasn't placed a backdoor in the app where the keys for every conversation get sent to a third party because of some secret law/order.
    The signal protocol is designed to mitigate this with renewable session keys: https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm

    You'd have to intercept literally everything - after obtaining the keys - to access the contents of one message. We're talking targeted NSA-level surveillance here, and for people considering that a component of their threat model I don't think Skype is on the table anyway.
    A feature built into the app to send keys and the messages to the surveillance group would have them monitoring the communications with no problem. It would be no different than each end of the pair receiving the messages.
    cgWerks
  • Reply 14 of 14
    cgWerkscgWerks Posts: 2,952member
    racerhomie3 said:
    Wow .
    They did not have this before!
    No kidding, I was under the impression Skype chats were already encrypted and 'end-to-end'. Hmm...

    But, this ultimately comes down to trust. Comey (back during the encrypted phone brouhaha) was asking for so-called "end-to-end" encryption where 3-letter agencies got to be 'man in the middle' elements. So, effectively 'end-to-end' with a tap in the middle. You know, like 'end-to-end encrypted' for practical purposes, just not really end-to-end when it comes to our trusted government entities.

    So, do we trust Signal? Apple? etc.
Sign In or Register to comment.