Skype is a popular messaging service that is used worldwide. Despite its widespread use, until now Skype has often been criticized for not providing transparent secure messaging capabilities. Now, that is about to change, because Skype has announced that it is going to begin implementing Signal’s secure messaging protocol.
Skype will implement the Signal protocol to safely encrypt messages for its users. Secure messaging will be known as “Private Conversations” on the Skype platform. Signal developers have commented:
"Our goal is to make private communication simple and ubiquitous. With hundreds of millions of active users, Skype is one of the most popular applications in the world, and we’re excited that Private Conversations in Skype will allow more users to take advantage of Signal Protocol’s strong encryption properties for secure communication.”
Criticized in the Past
Since Skype was first launched critics have often complained about the secrecy surrounding its proprietary algorithm. The closed source nature of Skype’s peer to peer architecture and encryption technology mean that it has never been scrutinized by a third party. This means that it has never been proven to not have backdoors that could be used to access correspondences.
A lack of information about how encryption is implemented on the Skype platform - as well as a lack of details about what security features and implementations are provided - leave most security experts feeling cold. Thankfully, those days are now over. The latest Skype preview supports the Signal protocol designed by Moxie Marlinspike’s Open Whisper Systems.
The Signal protocol is endorsed by Edward Snowden who has previously been quoted as saying “use anything by Open Whisper Systems”. It is also endorsed by Laura Poitras, the Oscar Winning journalist who produce the award-winning film Citizenfour:
“Signal is the most scalable encryption tool we have. It is free and peer-reviewed. I encourage people to use it every day.”
Most Popular Protocol
As you can see, Signal is trusted - which is the reason for its high uptake rates in messenger services. It is currently the protocol used by encrypted messaging in Whatsapp, Facebook Messenger, Google Allo, and Open Whisper’s own messenger Signal. This is what Microsoft has to say about its decision to implement the Signal protocol:
“We know extra protection is important as you share sensitive information over Skype so we’re excited to announce the preview of end-to-end encrypted Private Conversations, available now for Skype Insiders.
“With Private Conversations, you can have end-to-end encrypted Skype audio calls and send text messages or files like images, audio, or videos, using the industry standard Signal Protocol by Open Whisper Systems. The content of these conversations will be hidden in the chat list as well as in notifications to keep the information you share private.”
Private and Secure?
The Private Conversation feature will allow Skype users to make private text messages, audio calls, and file transfers, using end-to-end encryption that it is believed third parties are unable to access. This includes no access from Microsoft, Signal/Open Whisper, and also government agencies.
Although we have no definitive proof that government intelligence agencies have not been able to penetrate the Signal protocol, we do have a lot of overwhelming circumstantial evidence. In March of last year, the British government called for backdoors to be placed in Whatsapp following a terror attack in London. In September of 2017, it was reported that Whatsapp had refused to cooperate with the British government.
This implies that GCHQ - the UK’s version of the NSA - is unable to penetrate the Signal protocol. Due to the close working relationship between GCHQ and its US counterparts the CIA and NSA, it is generally thought that Signal is impenetrable by those security forces also. In theory, at least, this makes Signal the most secure messaging protocol available.
Of course, it is possible that intelligence agencies have been breaking the Signal protocol using the newly discovered CPU flaws Meltdown and Spectre. In fact, it has previously been revealed that Intel may have provided US intelligence agencies with a backdoor into its CPU firmware. If Meltdown and Spectre are evidence of this, then it is possible that encryption keys stored temporarily in memory could have been hacked by intelligence agencies (and perhaps even cybercriminals). However, for the time being, this is purely speculation and there is no specific evidence of Meltdown and Spectre having been exploited in the wild.
Despite this possible vulnerability (which applies to all encryption keys that get temporarily stored in memory kernels previously believed to be secure), Signal remains the industry-leading private messenger encryption protocol. It is also worth noting that the CPU flaws mentioned are only exploitable using malware that has been successfully deployed onto a victims machine.
When is Signal Available on Skype?
For now, Private Conversations will only be available on insider builds of Skype. The Universal Windows Platform version of Skype (the preferred version for Windows 10) does not currently support the Signal protocol. However, the desktop insider builds for all platforms (Windows, Android, iOS, OS X, and Linux) now implement the new feature.
Unfortunately, the Signal protocol is not yet implemented for video calls. However, the good news is that this may change at some point in the future. Open Whisper Systems successfully implements the protocol for video messaging in its proprietary messenger. For this reason, it is hoped that once this latest round of updates has been tested and is stable within the Skype client - video messaging may also receive an upgrade. We will have to wait and see.
How to overcome Skype blocks
Interestingly, the timing of this upgrade to Skype has come at the same time as a clampdown on Skype use in the United Arab Emirates. The UAE is just the latest in a long list of countries that block Skype. The platform is also currently banned in China, Oman, Syria, Turkey, Malaysia, Kuwait, Qatar, Paraguay, Guyana with limited blocks in around 30 countries in total. It is claimed that the ban is to stop people bypassing regular telecoms to make free calls.
For anybody wanting to unblock Skype securely and privately: a VPN is the best option. A Virtual Private Network allows anybody to pretend to be in a different country. This allows them to both access and download the Skype software and use the VoIP service privately. The best VPNs for Skype also provide VPN obfuscation for getting around ISP firewalls.
Opinions are the writer's own.
Title image credit: Castleski/Shutterstock.com
Image credits: Ink Drop/Shutterstock.com, Gil C/Shutterstock.com, I AM NIKOM/Shutterstock.com, Alexander Yakimov/Shutterstock.com