Skype users are finally getting end-to-end encryption
The move was announced on Thursday by Open Whisper Systems, the software organization behind the open source Signal Protocol, which has been implemented by Microsoft to offer the feature.
The option, named Private Conversations, is currently being tested by Skype Insiders and has some temporary limitations.
Firstly, it can be used to protect audio calls, text messages, and files (images, audio, videos), but not video calls.
Secondly, Private Conversations are limited to one-on-one conversations (no group chats for the moment), and users can only participate in a Private Conversation from a single device at a time.
“You can switch the conversation to any of your devices, but the messages you send and receive will be tied to the device you’re using at the time,” Support Engineer Ellen Kilbourne explained.
The feature will not be on by default, but it’s going to be easy to use and works the same as a regular chat: a Private Conversation can be ended, deleted, started anew.
A Private Conversation is initiated after one user sends an invite, and the other one accepts it. It’s marked by a lock icon next to the contact’s name, but preview messages from Private Conversations will not show in Chats or notifications.
Better late than never
Skype is one of the early players in the online calls and messaging arena but has been surpassed in popularity by the likes of WhatsApp and Facebook Messenger (both of which use the Signal Protocol for end-to-end encryption).
Nevertheless, Skype is still one of the most popular communications applications in the world and is actively being used by some 300 million users.
The fact that Microsoft has chosen the Signal Protocol to offer end-to-end encryption to users is unexpected, but welcome: the protocol is open source and can be audited for security flaw by anyone.
One recent security audit effort by a group of computer science and cryptography professors and doctoral students found its crypto core devoid of major flaws. But, they noted that “popular applications using Signal tend to change important details as they implement or integrate the protocol, and thus merit security analyses in their own right.”