Some big news that came out this past week was the fact that Microsoft is monitoring Skype conversations to some extent. This was verified by Jurgen Schmidt in a recent article from “The H Security.”
I’m assuming this may have been done by Microsoft to better position themselves in case of any government requests for data. I understand the reasoning, but was disappointed to hear about it nonetheless.
Well, the good news is that we do not have to use Skype. I feel this was a good wake up call to be more aware of encrypted communications. We didn’t think too much of this before the recent Skype news, but rather trusted that the encryption was still in place.
A fellow WNC InfoSec member recently brought to my attention ‘Off The Record’ (OTR) and it’s available use with Pidgin and Google Talk. OTR allows for encryption, authentication, deniability and perfect forward secrecy in case your key is compromised. This all seemed great and I thought I had found a viable alternative to Skype.
Unfortunately, Google recently announced they will be moving away from XMPP and transitioning to their Google Hangouts platform for instant messaging. This will undoubtedly break the OTR capabilities in Pidgin/Adium, in my opinion.
Now what??
Well, the same WNC InfoSec member who educated me on OTR also passed along some info on Jitsi. Utilizing the ZRTP encryption protocol, Jitsi offers an open source solution to VOIP communication. You can check out more features here.
Looking forward to testing out Jitsi further and seeing if it can be a reliable/secure form of communication. I am also very interested in hearing your experiences with secure alternatives to Skype, so please leave a comment below!