Now that the backdoor in Skype has become official, what are the alternatives?

Has anyone heard of Cryptocat? (I hear they are working on implementing encrypted file-transfer and VOIP)

Skype is offically dead? What's the source? :confused:

Skype is offically dead? What's the source? :confused:


It's not dead but 'dead' for the OP as he will no longer use it due to back doors & security flaws.

http://memeburn.com/2011/07/microsoft-and-skype-set-to-allow-backdoor-eavesdropping/
http://en.wikipedia.org/wiki/Skype_security#Eavesdropping_by_design

For VoIP, there is SIP. All you need is an account and a client. There are many places that offer SIP accounts for free. The clients you can download from the repository or elsewhere. Probably the best one is Jitsi (https://jitsi.org/), which happens not to be in the repositories at this time, but there are also Ekiga, Linphone, and Qutecom. If you've been using Skype lately, you'll be pleasantly surprised by the better sound quality in the SIP clients.

WebRTC will take over and start making Skype moot.

Can't wait until it starts materializing. It will be soon.

So you say it is better to remove Skype ?

WebRTC will take over and start making Skype moot.

Can't wait until it starts materializing. It will be soon.

Same here...It's just a matter of time.

Same here...It's just a matter of time.

And it can't come quickly enough.

So you say it is better to remove Skype ?

Not necessarily, it's just not to be considered as being secure. Use it with caution, just like all tools and services.

I have been looking into Cryptocat - at the moment it just supports text based chat, the developers are about to release file-transfer functionality and they are also working on audio/video through WebRTC I think.

Apparently you can set up your own Cryptocat server, it's based on ejabberd and nginx: https://github.com/cryptocat/cryptocat/wiki/Server-Deployment-Instructions

But I have no idea what to do with this files or how to set them, if anyone knows, let me us know, would love to try it out.

WebRTC will take over and start making Skype moot.

Can't wait until it starts materializing. It will be soon.

Think a beta will be in Firefox 22. :)

alternatives are already out and look promising.

here is one. vline (https://vline.com/)

Since I'm not paranoid, I'm not that fussed if there are backdoors in Skype. I'm happy to keep using it and have nothing to hide. A bit of accountability is sometimes a good thing.

Since I'm not paranoid, I'm not that fussed if there are backdoors in Skype. I'm happy to keep using it and have nothing to hide. A bit of accountability is sometimes a good thing.

...

That is not the problem.

Uninstall Linux, use Windows, and turn off your firewall, get rid of any antivirus.

Accountable enough for you?

Basically, installing a backdoor in a program violates every principle of security in existence. You may as well not have any.

Anyone can hack the program, anyone can subvert your whole system, and anyone can now destroy all your precious files, steal them. Watch as nearly every company in the US gets hacked because some Chinese hacker figured out the key to every computer that runs Skype. Yeah. You <snip>, don't use programs with backdoors in them.

If you want to be accountable, why don't you just e-mail regular screenshots of your screen to the local government office, if that really makes you feel better and more "secure".

This not even to mention the violation of human rights.

Why don't I come over and violate some more of your rights, since you seem so keen on giving them up entirely? I don't know, maybe steal all of your furniture, defame you all over the internet, take your words out of context and commit libel. Because, you know, you have 'nothing to hide', because you don't have a right to privacy.

Why don't we just make child pornography legal again? 'Cause I bet you anything people WILL use this to grab compromising shots of minors. And post them all over the Internet.

I could go on, but that whole stance on the matter could hardly get more offensive or thoughtless. Or, just frankly, stupid, and straight out of a 1984 novel.

Please keep personal attacks out of the thread, our it will be closed.

Please keep personal attacks out of the thread, our it will be closed.

Right, can we mute them at least?

There is no personal attack.

What I say I hold is entirely true. The venom in the post (which I admit is there) is not attacking any one individual. I will not remand my statement to be "nice". I am perfectly happy to remove any personal attack I may have accidentally implied.

I hold that it is not even discrimintating against any particular group of people. It is attacking a mindset, not an individual or whatever their opinion might be.

Individuals and groups are of course entitled to their opinions, no matter how stupid or smart they might be, something I firmly believe in, in opposition to any aforementioned mindset.

Right, can we mute them at least?

If you mean censor when you say mute, no. As long as responses are respectful to others, this thread will remain open.

If you mean censor when you say mute, no. As long as responses are respectful to others, this thread will remain open.

Please see my update.

Since I'm not paranoid, I'm not that fussed if there are backdoors in Skype. I'm happy to keep using it and have nothing to hide. A bit of accountability is sometimes a good thing.

I suppose everyone has something to hide, otherwise why not go naked and live in a fish bowl? But seriously, whether I have something to hide is not the issue here, the issue is why is it your business to know in the first place.

It has nothing to do with having anything to hide or not. In the case of Skype, one of their main selling points was that it was secure and encrypted.

The backdoor renders the whole point of Skype useless.

Plus, you and I have a right to privacy. In this modern age of social media, we are giving up this right far too easily. We are publishing all our private details online for anyone to see (social media for example), and for companies to mine and store.

Rights cease to exist if they are not made use of. If no one cares about their privacy online, then eventually there will be no privacy online.

I like to be able to have a conversation with B when the information I share is only intend for B. But in this case you have X listening in secret. That's fine if I am made aware of it and choose to ignore it. It's not fine if I am mislead.

It all boils down to values and principles.

Every time we have this discussion, someone comes along and says "What's the fuss about, I have nothing to hide?". It's not about that.

So where are all the proprietary and closed source advocates? Why so silent all of a sudden? Why is nobody telling us here how nice, effective and customer-oriented the closed source model is?

Skype is proprietary and closed source and that's the only reason why adding backdoors is even possible. A FOSS app of comparable popularity would be simply forked in less than a day.

@prodigy_

That's a good point, the transparency of open source is one of the biggest advantages. But I fear that when someone has a really innovative idea they are probably not going to want to open source it and will prefer making it proprietary.

Skype wasn't innovative because SIP predated it by 7 years.

You must realize that proprietary software is almost never innovative. Innovations imply risk and proprietary software is designed, developed and packaged with only one goal in mind - to extract money from end users. You don't need to have any new ideas to sell crap - only flashy wrapping and good marketing.

As for alternatives, there are many of them (http://en.wikipedia.org/wiki/Comparison_of_VoIP_software).

Technologically, Skype is rather inferior, but where it excelled is in marketing. It presented a unified face to VoIP that just happened to lock users into proprietary VoIP. There was a bit of a network effect for a while, but now the stigma of being attached to MS is beginning to kick in. People are realizing the need to look elsewhere. Jitsi and the others are ahead of Skype technically, what is missing is a unified lookup database of users and their SIP addresses. As it stands now, you have to exchange addresses manually like with e-mail instead of looking them up in a central database.

Chances are if you use something online someone is listening. The real question is what are they listening for and why... I haven't read all the articles about what Skype is up to but I wonder if any of it is against the EULA that every user of the software accepts...


404

Skype wasn't innovative because SIP predated it by 7 years.

You must realize that proprietary software is almost never innovative. Innovations imply risk and proprietary software is designed, developed and packaged with only one goal in mind - to extract money from end users. You don't need to have any new ideas to sell crap - only flashy wrapping and good marketing.

As for alternatives, there are many of them (http://en.wikipedia.org/wiki/Comparison_of_VoIP_software).

Truer words were never spoken. Especially when it comes to things about which most of the population has only the dimmest of understanding.

It's not dead but 'dead' for the OP as he will no longer use it due to back doors & security flaws.

http://memeburn.com/2011/07/microsoft-and-skype-set-to-allow-backdoor-eavesdropping/
http://en.wikipedia.org/wiki/Skype_security#Eavesdropping_by_design

As a Skype user this is interesting to me, but I'm not sure I can really believe either of those sources. The Wikipedia article cites a Russian site called vedomosti.ru, does anybody know if this is a reliable source? The memeburn.com article alleges a lot of stuff, but doesn't seem to back any of it up. Could just be mudslinging as far as I can see.

What there does seem to be is a proposal for an amendment passing through the American legislature that could require backdoors into things like Skype and BBM. This has created a bit of anguish and column inches, which could be where people are getting the idea from.

It's covered in several sources, but here is one from H-Online:

http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html

The H-Online article goes into a little detail in how it was demonstrated and why the excuses from MS don't hold up.

But to be sure that the recent question is not related to earlier similar questions:

http://www.guardian.co.uk/commentisfree/2012/jul/27/skype-encyption-methods-police-access

Upgrade to Jitsi when you can. It can run along side Skype during any transition period you might wish to take.

As a Skype user this is interesting to me, but I'm not sure I can really believe either of those sources. The Wikipedia article cites a Russian site called vedomosti.ru, does anybody know if this is a reliable source? The memeburn.com article alleges a lot of stuff, but doesn't seem to back any of it up. Could just be mudslinging as far as I can see.

Well, as far as I know they haven't publicly confirmed that they give law enforcement access to audio calls, but it is likely that they do:
http://mashable.com/2013/01/25/skype-wiretrap-calls/

However, we know that the IM'ing is scanned and that the logs are stored:
http://arstechnica.com/security/2013/05/think-your-skype-messages-get-end-to-end-encryption-think-again/

And given what we know about the Chinese version of Skype, there certainly aren't any moral principles keeping Skype from giving authorities access to the information they want:
https://www.networkworld.com/news/2013/031813-skype-censored-267834.html

Upgrade to Jitsi when you can. It can run along side Skype during any transition period you might wish to take.

+1 for Jitsi.

Jitsi is cross platform, and it offers strong encryption, all you need is a XMPP account.

Jitsi ftw!
https://jitsi.org/

Directory over free XMPP services:
http://xmpp.net/

The Wikipedia article cites a Russian site called vedomosti.ru, does anybody know if this is a reliable source?
That article was mostly concerned with the situation with Skype in Russia. See, in Russia if your company is registered as a communication service provider you're legally bound to provide FSB access to all traffic coming through your network (http://en.wikipedia.org/wiki/SORM). But Skype is not registered as a provider here. And MS claims they only provide the source code but no way to access unencrypted data.

The point is, there can be no certainty unless you know that you're using strong end-to-end encryption. And with Skype there's no way to know for sure. So it's up to you whether you believe MS or not.

Upgrade to Jitsi when you can. It can run along side Skype during any transition period you might wish to take.

I use Skype only for making cheap phone calls to regular phones. Can Jitsi do that?

This whole backdoor thing really has me confused. Does this mean that newer versions of Skype support snooping, making older stable releases safe from this nonsense, or is this all server side and won't matter what version of the client you're using?

Also, giving Jitsi a try now, I'd like more options than just Pidgin.

I use Skype only for making cheap phone calls to regular phones. Can Jitsi do that?

Jitsi and Ekiga can do that but it depends on your SIP provider. The providers and prices vary. Much of it depends on which country you're calling to and making the payments in. It's not something I do, but I checked that it can be done.

Since I'm not paranoid, I'm not that fussed if there are backdoors in Skype. I'm happy to keep using it and have nothing to hide. A bit of accountability is sometimes a good thing.

On the contrary, I have everything to hide. My conversations are my business and nobody else's. This book explains the argument in more depth, Nothing to Hide (http://docs.law.gwu.edu/facweb/dsolove/Nothing-to-Hide/).

alternatives are already out and look promising.

here is one. vline (https://vline.com/)

Quoting myself, but here is another promising WebRTC startup.

Bistri (https://bistri.com/)

On the contrary, I have everything to hide. My conversations are my business and nobody else's. This book explains the argument in more depth, Nothing to Hide (http://docs.law.gwu.edu/facweb/dsolove/Nothing-to-Hide/).

Thanks for the tip! I'm definitively going to read this book!

Anyone know how to answer a call that is using google voice with jitsi, i can get as far as i can with pidgen
i was able to make a call using my google account to call my self but i have a loop back thing happen with my landline phone

well in case of extreme requirement, I guess we can also use Google-Hangout as skype alternative.

I decided to try a fun project and setup a jabber/xmpp server on my spare Ubuntu laptop at home for my friends i.e. our own personal IM network. I went with openfire - just install, configure through the web admin panel and off you go.

I tried Jitsi as the client, it worked but its a little rough around the edges and buggy, sometimes buttons and UI elements fail to load, other times when testing video calls I could not see the person I was talking to.

I also had a look at spark, IM'ing is fine, but havent gotten voice/video calls to work yet.

I really don't want to loose my Skype though ... does this mean that my conversations and calls ( voice and video ) can be monitored?

So, in a nut shell, what does all this mean for someone wanting to use Skype to talk to family and friends across the Country? I don't like the government spying on me anymore then anyone else does and it's not like I have anything to hide, I just feel my 4th Amend. Right to Privicy is suppose to be protected, that's all. So, what's the implication of having a Backdoor in Skype and who's going to be using it and for what purpose?

I really don't want to loose my Skype though ... does this mean that my conversations and calls ( voice and video ) can be monitored?

Yes, the evidence proves that Microsoft is snooping and monitoring chats and following links that are being posted. It also shows that MS is even calling up assets that were behind secure connections when the urls where embedded with login data.

You can continue to use Skype, no one denies that as a service it's good and works well. However, it cannot be assumed any more that Skype is a secure form of communication, if security and encryption are required.

So, in a nut shell, what does all this mean for someone wanting to use Skype to talk to family and friends across the Country? I don't like the government spying on me anymore then anyone else does and it's not like I have anything to hide, I just feel my 4th Amend. Right to Privicy is suppose to be protected, that's all. So, what's the implication of having a Backdoor in Skype and who's going to be using it and for what purpose?

MS claims it does this in order to fight spam. The security community is not convinced with this answer due to the evidence.

If privacy, security and encryption are important to you, I would recommend using a different method of communication. I am trying to convince my best friends to use the private xmpp server that I set up, using Jitsi, we can make encrypted voice and video calls. Using most other clients, we can make encrypted chats, as well as OTR when needed.

If you're going to talk about the new tricks your puppy learned, Skype is fine :-)

Edit: but if you value your privacy even when talking about the new puppy tricks, then Skype is not fine, nor is any other service where you have no idea what the service provider is doing on their servers.

Breaking news:

According to Washington Post, Skype is among the services that are being monitored, and yes, that apparently includes audio calls:

Read more:
http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html


Other US services being monitored includes: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, YouTube, Apple...

Skype is 'dead' to me now that Microsoft own it. I used it regularly to stay in contact with family, who live in various states of the country (Australia).

Now, I use ooVoo on my android tablet to do the same task.

Skype is 'dead' to me now that Microsoft own it. I used it regularly to stay in contact with family, who live in various states of the country (Australia).

Now, I use ooVoo on my android tablet to do the same task.

Oovoo is also proprietary. Instead you could look to moving to an SIP/XMPP client. In such case you might also try Linphone or Jitsi, your family can install it along side of (or instead of) anything else.

Oovoo is also proprietary. Instead you could look to moving to an SIP/XMPP client. In such case you might also try Linphone or Jitsi, your family can install it along side of (or instead of) anything else.

When I am responsible for installing programs on family members computers, I have to do so whenever I have the access. My 80+ yo mother has NFI how to install anything on her laptop, my brother rarely, if ever, uses his laptop (has NFI why he even got one!), and my sister and her family are now all tablet equipped, and as ooVoo is the easiest to install, and easiest to use, that is MY preferred option for them.

BTW, my parents live some 1800 kms away, my brother lives 3700+ kms away, and my sister lives 'only' 750 kms away.

The OP says skype is dead because its back door is "official". But what about all the programs with "unofficial" back doors. Bruce Schneier has written about it rather well in his article for The Atlantic, "What We Don't Know About Spying on Citizens: Scarier Than What We Know" (http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/). And it's not just "internet telephony" - sms, instant messaging, irc, email, web chat - whether encrypted or not - all of these could have back doors installed by our friends in the "No Such Agency". Most of you will say "But open source stuff is okay, we can see the code!" But that can depend on who looks at the code, how carefully they do so, and how trustworthy this code reading person is.

I'm not trying to scare anyone into paranoia. But we do need to be realistic.

I'm not trying to scare anyone into paranoia. But we do need to be realistic.

It's not paranoia any more. It's pretty much all confirmed publicly at this point. Using open source and open standards can reduce the risk profile somewhat.

Backdoor in Skype.. Hope they dont jack my iPod.. :-/

[deleted - network problem]

Just my two cents.

If you are really concerned about security and privacy, setup a private proxy with encryption that you can both connect to directly, or you have a static IP address simply connect directly and encrypt the datastream. Use a generic VOIP client. Anytime you trust a third party in the middle - such as Microsoft, Facebook, whoever - there is always the chance that they can piggyback that data to someone else - knowingly or not.

Me, I'd jiust pay the extra money to get a static IP from my ISP and setup a proxy service on my end. Have your friends/family connect to you directly, with encrption on both ends.

how about using someone elses wireless connection on a live USB OS laptop with no hard drive & a spoofed MAC address & using TOR while hiding in a bush at night wearing a burqa with a hammer to smash up your RAM in case the fuzz catch you?
Try to see what lolcats I've been looking at then suckers!

Edit: I forgot the disposable external wireless network card *slaps forehead*

while hiding in a bush at night :D LOL

SIP is more complicated to use than Skype.

Only, i repeat only way to defeat Skype is make chat client with these features:

1: DHT based network
2: Easy to use like skype UI
3: written in C or C++ with QT GUI
4: Full encryption
5: Almost impossible to block by firewalls
6: Cross platform
7: Opus for audio and VP9 for video calls
8: No other bloat included like Facebook, maybe extendable by plugins who needs extra.

Think this as a Skype clone but much better and open source and this is only way Skype is not dominating any more.

I don't think skype is dead just untrusted. Security concious people are unlikely to persuade all familly friends and business clients to use something else so will have to choose between abandoning voip contact with them or using skype. Unless there is an alternative which can communicate with skype, the conversation would of course be monitored, but all the other risks of a backdoor in the system would be avoided. Is there something like that?

It's not dead but 'dead' for the OP as he will no longer use it due to back doors & security flaws.

http://memeburn.com/2011/07/microsoft-and-skype-set-to-allow-backdoor-eavesdropping/
http://en.wikipedia.org/wiki/Skype_security#Eavesdropping_by_design

Thanks for sharing the links... found them really intereting read...

It's not dead but 'dead' for the OP as he will no longer use it due to back doors & security flaws.

http://memeburn.com/2011/07/microsoft-and-skype-set-to-allow-backdoor-eavesdropping/
http://en.wikipedia.org/wiki/Skype_security#Eavesdropping_by_design

Thanks for sharing the links... found them really interesting read...

Technologically, Skype is rather inferior, but where it excelled is in marketing. It presented a unified face to VoIP that just happened to lock users into proprietary VoIP. There was a bit of a network effect for a while, but now the stigma of being attached to MS is beginning to kick in. People are realizing the need to look elsewhere. Jitsi and the others are ahead of Skype technically, what is missing is a unified lookup database of users and their SIP addresses. As it stands now, you have to exchange addresses manually like with e-mail instead of looking them up in a central database.

True
I use Linphone that way, but it's really not too complicated.
Linphone works really well BTW

And it can't come quickly enough.
I agree. What I want is for it to have multiple users so we can see each other when we play PokerTH...Right now,it only does 2 people and we have to use Google's Hangout for poker and other stuff.

Skype works just fine for me, so I don't have any worries. But then again, I'm not a paedophile or a terrorist.

But then again, I'm not a paedophile or a terrorist.

Has nothing to do with people's rights to privacy.

Has nothing to do with people's rights to privacy.

I agree. Most people aren't..But what i say among my friends, mundane as it is, is between me and my friends alone,not some government or amoral corporation.

http://ubuntuforums.org/images/ubuntu-VB4/misc/quote_icon.png Originally Posted by mr john http://ubuntuforums.org/images/ubuntu-VB4/buttons/viewpost-right.png (http://ubuntuforums.org/showthread.php?p=12722981#post12722981)
But then again, I'm not a paedophile or a terrorist.




I don't think you understand the problem ...

Just wanted to link to this article that was published a couple of days ago. It has been proved without a shadow of doubt that chats over Skype are monitored and that calls can be wiretapped:


NSA taps Skype chats, newly published Snowden leaks confirm

Skype audio and video chats, widely regarded as resistant to interception thanks to encryption, can be wiretapped by American intelligence agencies, according to a new report in The Guardian. The report appears to contradict claims by Microsoft that it has not provided the contents of Skype communications to the government.

more: http://arstechnica.com/tech-policy/2013/07/nsa-taps-skype-chats-newly-published-snowden-leaks-confirm/

and: http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data/print


In light of this, the challenge for those of us concerned with privacy is to help friends and collegues set up and install programs such as Jitsi.
https://jitsi.org/