Having last week announced that they were testing out a new feature with end-to-end encryption, Skype’s parent company Microsoft announced this week that they will begin rolling out calls, texts and multimedia messages with end-to-end encryption to its 300 million monthly users.
This means that only the sending and receiving devices can hear or view any content of a conversation. Skype will be using the widely-trusted, open-source Signal Protocol by Open Whisper Systems to achieve this, in a feature they they’re called Private Conversations. Some of us might have hoped that our Skype conversations were private before, but that’s just us.
Of the company’s adoption of the Signal Protocol, Signal developer Joshua Lund wrote:
At Signal, our goal is to make private communication simple and ubiquitous. With hundreds of millions of active users, Skype is one of the most popular applications in the world, and we’re excited that Private Conversations in Skype will allow more users to take advantage of Signal Protocol’s strong encryption properties for secure communication.
From a privacy angle, this is a fantastic move, and one that will be very welcomed by privacy advocates, though Skype is lagging a little behind; WhatsApp, Google and Facebook have already adopted the protocol and offer end-to-end encryption on their messaging platforms.
And, of course, Skype’s reputation is still reeling from the 2013 revelations that Microsoft gave US intelligence agencies complete access to Skype communication content, including helping the NSA to circumnavigate their Skype’s own encryption. This new feature will do a lot to bring people’s confidence back while they’re using Skype, as the content of protected conversations aren’t even seen by the servers they pass though—as long as both devices are using the same service.
It’s important to note, however, that end-to-end encryption isn’t infallable. While its one of the most secure methods out there, it doesn’t mean that communications content can’t be accessed in other ways. And, of couse, you still have to trust Mirosoft to do what they say they’re doing.
As Eva Galperin, the director of cybersecurity at the digital rights group the Electronic Frontier Foundation, puts it:
You still have to decide if you trust Microsoft with your metadata, but that’s a decision you have to make with every encrypted communications service. When companies like Skype make these kinds of changes, I think it’s important to applaud them for going in the right direction, while still reminding them that there is more that needs to be done.
Currently, only those on the Skype Insiders program can access Private Conversations in the beta testing phase. It also seems that the feature is currently running as opt-in rather than opt-out, though there is time for Microsoft to change this—which they should.
Nevertheless, for privacy advocates, this is a positive move. More of this, please, Microsoft.