Skype Alternatives, Part 2: Edward Snowden’s Recommendations
Skype, Microsoft's voice over IP software, has been shown to be insecure on various levels over the years. The Snowden leaks have revealed it to be more of a mass surveillance malware than a secure communications platform.
Continuing the search for secure, cross-platform, end-to-end encrypted chat and VoIP communication software, this article is part 2 of a series on encrypted Skype alternatives.
Skype, Microsoft's voice over IP (VoIP) software, has been shown to be insecure on various levels over the years. The Snowden leaks have revealed it to be more of a mass surveillance malware than a secure communications platform.
Secure communications like those between you and a friend as you sip coffee in your backyard are the ideal of end-to-end (E2E) encrypted online communications.
We want the same security, if not more, while talking to coworkers, friends or even strangers, from anywhere around the world. This is without a doubt a big challenge, especially when governments around the world are actively snooping and subtly trying to break into the mass communications of the general public.
If anyone ever needed to be certain that their communications were completely secure, it was Edward Snowden. He successfully retrieved a massive amount of top secret information from the the NSA, the publicly funded and supposedly accountable government agency. He then proceeded to blow the whistle by handing the information over to professional journalists. To do this, he had to use the best and most secure communications technology available, some of which he has since shared with the public.
The first, is PGP. It stands for Pretty Good Privacy and it uses a public and private key architecture that is intended to prove that whoever you are talking to is actually who they claim to be. It can also encrypt information in such a way that only those with whom you choose to share information can read it. PGP has been the gold standard of online, secure communications for over 20 years, but it has some weaknesses. Most notably, if your private keys are compromised, all your previous communications could be decrypted. It also has a significant learning curve.
Next up is OTR, which stands for Off-the-Record encryption. This technology continues the work of PGP developers by providing end-to-end encryption for text communications, but delivering where PGP is left wanting. “Perfect forward secrecy” is one of OTR's essential assets, and as the name suggests, it encrypts every communication with a different key, so if one of your keys is compromised, not all of your communications can be decrypted. OTR is the protocol Glenn Greenwald used to communicate with Snowden and coordinate the leak.
OTR stands out as one of the pieces of software that, as far as the Snowden documents go, super power government agencies can't decrypt or bypass, at least sometimes.
Spiegel International, the German newspaper, has gone into detail about the known capabilities of the Five Eyes spying coalition, as well as the limits of their prying power.
The Intercept reported on how Snowden and Greenwald smuggled the top secret documents past the most sophisticated digital surveillance system ever imagined.
Jitsi and Pidgin, the 'Browsers' of Secure Chat
PGP and OTR cannot be used on their own, as they are only authentication and encryption protocols. To use them, you need some kind of communication client. Jitsi is often considered one of the best clients around. Think of Jitsi as a Bitcoin wallet and OTR. The of PGP as Bitcoin or Litecoin.
Jitsi can be thought of a browser for chat, VoIP and video calls. It is fairly feature rich and can be connected to send and receive communications simultaneously from a wide variety of platforms such as Facebook, Google Chat, Slack, IRC, Jabber, XMPP and many more. Most importantly, it comes with OTR and ZRTP (real-time transport protocol) built in. ZRTP enables secure, real-time VoIP encryption and was created by Phil Zimmerman (hence the Z in ZRTP).
While the Jitsi client no doubt presents a great effort towards making secure communications easy to use, it still requires a significant amount of tech savvy to set up VoIP and end-to-end encryption on it. If you want to use it for E2E encrypted communications, therefore, I would categorize it as advanced in difficulty. It can also be unstable at times.
Once you figure out how to establish secure end-to-end encrypted communications with another party, then you can actually send messages through Facebook or even Google Chat, and they will appear as encrypted communications to anyone but you and the receiver.
Why not connect Jitsi to Skype? Well, because Skype is closed-source and will actively close or block any attempts to interact with its protocol. You can thank Microsoft and the NSA for that.
I could also find no way to integrate Tox.im, a favorite among Skype alternatives, with Jitsi. However, there is a plugin under pre-alpha development that will allow the use of Tox with Pidgin.
Pidgin is a chat client very similar to Jitsi, the difference being that it does not come with OTR or ZRTP installed natively and they must be added as a plugins.
Pidgin and Jitsi are available on Windows, Linux and Mac OS X. Jitsi has an Android version under development.
In the land of mobile E2E VoIP apps, RedPhone is easily one of the most popular, with over 7,000 downloads. Designed by Open Whisper Systems, the app features end-to-end encryption using ZRTP and SRTP (secure real-time transfer protocol) for-real time encryption. It is all open source, though unfortunately, it is not compatible with other implementations of ZRTP.
Their website proudly boasts recommendations from Snowden and Matt Green, legendary Cryptographer at John Hopkins University.
Other projects worth mentioning are MegaChat, by prominent activist and entrepreneur Kim Dotcom. The platform boasts end-to-end encryption, leveraging a similar technology as their cloud service. They have been actively engaging the security community's criticisms and feedback since launch.
MegaChat only supports one-to-one video and audio calls on fully featured browsers as of this time. However, the team said they are working on secure group calls, as well as chat. We may even see mobile support at some point to accompany their cloud storage mobile app.
Another option is the Guardian Project, an organization putting out massive amounts of open-source privacy software with a strong focus on mobile. Their apps include mobile access to Tor, ChatSecure, a chat app that also implements OTR and many more.
Last but not least, there's RaKeTu, which claims to offer encrypted VoIP and chat on all major platforms except Linux (which they say is coming soon). The company is not specific about what types of encryption they use, however, and do not mention any of the recognized standards of encryption mentioned above. They are also, for the time being, closed source. They do, however, have a hilarious intro video.
One of the unconquered frontiers of E2E secure communications is group chat and calls. It is also one of Skype's most predominant technologies. Developers will have to climb this hill and set their flag in order to attract a larger audience or whole communities to their products. Let’s hope they replace Facebook Groups while they are at it.
Given how many startups and companies are trying to fill the void of truly secure online communications, it will also be hard to find an app that a majority of people use. Unfortunately, interoperability among many of these apps is as a general rule lacking. This is similar to the altcoin space today, and means one dominant player may have to rise to the top, creating a massive encrypted city, rather than small villages with encrypted tunnels between them.