![]() In the Scorecard, we try to capture these two questions in different columns: systems which are end-to-end encrypted get a check mark for "encrypted so the provider can't read it" systems which offer some method of protection against false keys and man-in-the-middle attacks get a check mark for "can you verify your contacts' identities." We know from the leaked Snowden documents that the limitations in the protocol or implementation were such that by 2013, Microsoft was capable of accessing the content of Skype text, video, and voice communications, at least in some circumstances for some users. 1 As we discussed in an analysis last year, this protection was limited by the fact that Skype itself told each client the public key to use for each other user if Skype collaborated with an eavesdropper by providing a false key to the participants in a call, it would in principle be possible to launch a successful man-in-the-middle or impersonation attack. Not only was the encryption present by default, but it operated end-to-end so that under normal circumstances, Skype would lack the keys to decrypt calls between its users. It was launched in 2003, based on the same P2P codebase that had powered the Kazaa filesharing network, and unlike almost any other communications software of its day, it encrypted users' communications (at least their VOIP communications) by default. In its early days, Skype was a product with a significant cypherpunk dimension to its design. ![]() ![]() In preparing the scorecard, Skype was a hard case for us. ![]() One of the most debated items in the launch version of our Secure Messaging Scorecard is whether communications via Skype are end-to-end encrypted, so that the provider (which is currently Microsoft) can't access them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |