No end to end encryption for Skype…now what??

Some big news that came out this past week was the fact that Microsoft is monitoring Skype conversations to some extent.  This was verified by Jurgen Schmidt in a recent article from “The H Security.”

I’m assuming this may have been done by Microsoft to better position themselves in case of any government requests for data.  I understand the reasoning, but was disappointed to hear about it nonetheless.

Well, the good news is that we do not have to use Skype.  I feel this was a good wake up call to be more aware of encrypted communications.  We didn’t think too much of this before the recent Skype news, but rather trusted that the encryption was still in place.

A fellow WNC InfoSec member recently brought to my attention ‘Off The Record’ (OTR) and it’s available use with Pidgin and Google Talk.  OTR allows for encryption, authentication, deniability and perfect forward secrecy in case your key is compromised.  This all seemed great and I thought I had found a viable alternative to Skype.

Unfortunately, Google recently  announced they will be moving away from XMPP and transitioning to their Google Hangouts platform for instant messaging.  This will undoubtedly break the OTR capabilities in Pidgin/Adium, in my opinion.

Now what??

Well, the same WNC InfoSec member who educated me on OTR also passed along some info on Jitsi.  Utilizing the ZRTP encryption protocol, Jitsi offers an open source solution to VOIP communication.  You can check out more features here.

Looking forward to testing out Jitsi further and seeing if it can be a reliable/secure form of communication.  I am also very interested in hearing your experiences with secure alternatives to Skype, so please leave a comment below!


4 responses on “No end to end encryption for Skype…now what??

  1. boris

    In my experience jitsi is a memory hog and doesn’t support xep-0280 (carbon messages). Without this xep, if you have multiple computers connected to the same account, you can’t be sure to receive all messages. Of course, you need xep support on server side as well.

    For me, xmpp is mostly unusable, because of very rare implementation of xep-0280.

  2. jon

    if you can get jitsi up and running God bless you. I talk myself 3 programming languages and switched to UNi
    IX in my 30’s and i can not get an alternative to skype, including jitsi up for me or my windoz using wife in dozens of hours. out of desperation and lonliness i installed skype again this week. my govt destroyed not just the internet but trust as well ps this is acrtixle #25 in a week on same topic. thin as the rest

  3. Frank

    I tried out Jitsi and apart from a couple small buglets regarding screen sharing (e.g. you have to maximize your screen sharing window BEFORE starting it or the quality of the transferred image will be horrible), it works perfectly. What’s more, setting up an XMPP server is done in a matter of five minutes (google for Prosody), and you can create your own IM network (which can interface with other networks, but doesn’t have to).
    I’m happy.

  4. 16aR

    For information, the google talk OTR isn’t the real encrypted OTR from cypherpunks. It was just to avoid saving the current conversation in the “Chat archives”. So not at all the reach of the real OTR protocol.

    I installed jitsi on all the computers and phones of my family. Migrated them all on my xmpp server, and now we can chat and visioconference without problem. (the android client is just for chat though, it doesn’t work well (rather, at all) with video/audio right now. But it is flagged as alpha)

Leave a Reply to 16aR Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>