Microsoft Tests End-to-End Encryption in Skype Conversations
In a short blog post, Microsoft announced that Private Conversations are now in preview for Skype Insiders. Skype users will be able to have end-to-end encrypted Skype audio calls and text conversations, including the ability to upload multimedia files, using the Signal Protocol developed by Open Whisper Systems.
To start a Private Conversation, Skype users simply tap the + icon, select New Private Conversation, and choose a contact. Skype sends the user an invite that's valid for seven days, and once accepted the Private Conversation starts like any other Skype call or message.
Once you end or delete a Private Conversation, you need to send a fresh invite to start another and recover the chat history. Private Conversations are also specific to a device (the feature is supported on iOS, Android, Linux, Mac, and Windows Desktop), so if you switch to another device you'll need to re-send the invite.
Microsoft also clarified that you can't edit a message or forward files within a Private Conversation. Only emoticons, files, and audio messages are available to send. You can tell the Skype chat is private by a lock icon next to the contact's name (shown on the right).
The Encrypted Messaging Wars Rage On
Open Whisper Systems confirmed the partnership, which adds Skype to several other popular messaging apps that already leverage the encrypted messaging protocol. Signal Protocol powers end-to-end encryption in Facebook-owned WhatsApp and Messenger, as well as Google Allo. Apple iMessages are also end-to-end encrypted.
There are of course also several purpose-built messaging apps with end-to-end encryption on the market already including Signal, Telegram, and Wickr. Skype has long had AES 256-bit encryption by default, but that's not the same thing. End-to-end encryption means encrypting the entire communications channel, including encrypting data at-rest when stored on servers. 0 added end-to-end encryption to Messenger and WhatsApp back in 2016, so Skype is playing catch-up here.
However, it's worth noting that even end-to-end encryption is not immune to bugs and human error. WhatsApp was one of the first major messaging apps to enable it two years ago, but a group of German researchers recently uncovered several potentially serious flaws in WhatsApp group messaging that could be exploited to add new members to the encrypted chat without authentication.
The researchers also found other minor flaws in both Signal and encrypted messaging app Threema that could potentially let uninvited eavesdroppers join group chats. A WhatsApp spokesperson confirmed the researchers' findings to Wired, and clarified that the exploit would break WhatsApp's group invite link feature. The researchers recommend that WhatsApp add an additional authentication mechanism for group chats, but in the meantime users may want to stick to one-on-one conversations when discussing sensitive information.
All of this should serve as a lesson for Skype as it rolls out end-to-end encryption: nothing is ever truly impenetrable.
Please Give your feedback in comment below😊
No comments