Friday, March 30, 2018

Skype Now Has End-to-End Encrypted "Private Conversations"


In January 2018, Microsoft announced that Skype will offer end-to-end encryption for audio calls, text, and multimedia messages through a feature called Private Conversations. Skype will use the robust, open-source Signal Protocol to implement the encryption, which is set up so that only the devices sending and receiving communications in a conversation can hear or view them.

After Microsoft purchased Skype in 2010, observers noticed changes in its architecture, and people began to move away from Skype over concerns that it may allow third-party and government wiretap surveillance.

Private Conversations makes that sort of snooping impossible. Currently only Skype Insiders can use the service as part of a beta test before it rolls out more broadly. If you want to participate in the beta test and start using Skype with end-to-end encryption now, download "Skye Preview"  This works the same as the standard version of Skype, but includes the encryption beta test.

Skype end-to-end encryption isn't on by default; you initiate it by selecting "New Private Conversation" from Skype's "Compose" menu, or from another user's profile. This sends a Private Conversation invitation to the user you selected. If the user accepts the invitation Skype creates an end-to-end encrypted connection between the two devices.


Invitations to chat only last for seven days, after that they expire and need to be re-sent. Each Private Conversation is also limited to the device it started on, so if you want to chat privately on your computer and phone you’ll have to send two separate invitations to the same person. Skype blocks the text of these encrypted conversations from showing up in your notifications as well, for an extra layer of protection.

When you’re ready to end your conversation you have two options. You can delete the chat by right-clicking your mouse (or holding down, if you’re using a smartphone) and then selecting "Delete chat." This won’t delete the encrypted connection, so you can pick up the encrypted conversation again later.

If you really want to end your discussion and delete the encrypted connection, you need to go to the chat header and then scroll down to "End Private Conversation." Once you do that, you’ll need to send a new invitation to start things up again.

Even with Private Conversations turned on, Skype will still be able to access some information about your communications, like when they occur, and how long they last. You will have to decide if you trust Microsoft with your metadata, but that’s a decision you have to make with every encrypted communications service.

I also note that with Microsoft's undated Terms of Service (TOS), effective May 1, 2018, they have stated that they may examine private files and conversations that potentially breach the TOS if they receive a complaint from someone, be those private conversations a Skype chat or an email, etc. The fact that Microsoft can review your private conversations means that the standard encryption (non end-to-end encryption) used in Skype is not secure. Microsoft holds the encryption keys and can thus decrypt and read your private conversations - and presumably turn those conversations over to other agencies.

I have been using Skype end-to-end encryption and like it when it works, but find that it can still be a little bit buggy when generating the Private Conversation invitation. You may have to try a few times to get the invitation to go through, but once the end-to-end encryption channel is established, it works without any problem.

So, do I recommend switching to Skye Private Conversations as your primary means of on-line communication? No, absolutely not, this is still a beta test and requires more review, but if you are currently using Skype anyway, take advantage of the end-to-end encrypted Private Conversations to enhance the security of your communication and help bring this into Skype as a standard feature.


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.