Hacker News new | past | comments | ask | show | jobs | submit login

Let me just make this very clear: you don't go from zero operating cost to multiple millions of hardware and colo space to do the very same thing, in a move so transparent that it needs security researchers to dig into your program to find out it has happened at all.

I guess Skype (by extension, Microsoft) is growing interested in what people are speaking about. To get hold of that data you need to route it through your own network, at significant processing and bandwidth cost.




Or instead of engaging in conspiracy theores with zero proof we should look at whats going on here rationally. Skype is really unacceptable in any corporate environment. I don't want a random PC on my network to be a superpeer and suddenly use my 50mbps connection routing calls to the world. Run skype for a couple of mins, fire up tcpview, and watch calls come in and out. Not only is this a waste of my resources it also provides a shit experience of dropped calls, sudden drops in quality, and connection issues. The P2P model for video and talk is suboptimal and MS knows their real customers (IT managers and IT buyers) aren't going to go for this.

I have yet to get high quality video to work on skype, even between two clients each with 10+ mbps lines. MS knows this is a problem.

More than likely Skype will be for SMB and residential use and high end enterprise will continue to use Lync or alternatives. This is a welcome move as it legitimizes Skype for many.


He phrased it like a conspiracy theorist, but it's a little naive to think that intercept capability wasn't a factor in this decision. As far as I know skype was the biggest player in communications that wasn't being completely monitored.


My first thought as well, this is simply a quiet decision to make it easier to comply with sealed warrants.


Ideally companies would be making it harder or impossible to comply with sealed warrants.


Skype went down for a couple days about a year or two ago, as did a few other voip services at around the same time. I suspect this is more than just a single company that is behind it, rather the US government.


Sure, it's not a secret that the NSA is the one pulling in all of the data they can get their hands on right now. And they absolutely want all skype traffic, since they already have all internet and phone traffic.


What day was this?


The bandwidth the whole Skype swarm can scale to in a matter of minutes will most certainly exceed what would be possible if you're running everything from a datacenter. Sure, have a few backup machines ready to takeover roles if super peers drop or something else is impacting the network.

IT managers and IT buyers are obviously not the target market for Skype. They just buy that stuff from CISCO.

Skype has invested considerable development resources into making P2P work over NAT, circumventing firewalls, cloaking and encrypting their traffic to evade packet inspection. Even the client itself is heavily obfuscated. The point of this all is of course to not threaten the P2P model that has allowed them to essentially scale unlimited.

Now, you have Microsoft replacing that with the standard centralized infrastructure that scales terribly. Huh.


The point with Skype isn't that its doing something a Cisco device won't do, but the fact that its highly ubiquitous. Maybe IT managers aren't the target for Skype, but when a customer or someone else wants to do a Skype VoIP call... you need to use Skype.


      Not only is this a waste of my resources it also 
      provides a shit experience of dropped calls, sudden 
      drops in quality, and connection issues.
My experience with Skype, by using it everyday, is not at all similar.

Skype for me is the best VoIP system I've ever used. Voice calls work fine even over my phone's 3G connection, which compared to a broadband line is piss poor. Video calls sometime have hiccups, but it worked for me in situations where more traditional client-server solutions were unusable.


I think the problem is that if you have a very fast connection ("10+ mbps lines") then Skype upgrades you to a super-peer and sacrifices your experience in order to route the calls of other Skype users.


> even between two clients each with 10+ mbps lines

Do those clients accept incoming connections? The only reason as far as I know for the supernodes is to break through firewalls.

If there is no firewall the skype connections are direct from client to client and they don't go through any other peer, microsoft or not.


That's one option. Other options:

a) datacenter bandwidth is now much cheaper than it was 10 years ago, to the point that the cost saving from using p2p is not that significant anymore. (Skype did not have zero operating cost, and contrary to the article, they did operate their own supernodes - few tens to a few hundreds at least).

b) Microsoft is going to change the business model, e.g. no more free calls (or, no more free conference calls, or something like that), and if they are going to charge money, they need to guarantee a level of service - which they cannot with a P2P infrastructure.

c) The marginal cost for Microsoft (who already have data centers etc) is actually LOWER than running a p2p, with everything (including end user liability) is taken into account. Running 10,000 servers in existing data servers would cost ~$1M/month. May seem a lot to you, but it's a rounding error for microsoft (and certainly, at a $8.5B total cost, 4 years would make this ~$8.55B from Microsoft's side. Rounding error)

d) Microsoft is planning some kind of integration with their other properties (hotmail? live? office live?) for which hosting everything is essential.

I would guess (c) or (d), although the parent's guess is not without merit.


Unless a significant number of paying users decide that they don't want their calls going through a US company with a history of security and monopoly issues.

So you should now assume that ALL your skype calls are being recorded and monitored and anything of interest to the US authorities is now available to them ?

Are you doing anything in the US that might be considered naughty - like online gambling, tax 'optimization', overly-fair use of some recorded entertainment?

Do you work in a foreign company that competes with a major US oil/aerospace/defense/financial concern?

Do you supply to any of the above?

If you wouldn't forward an email about it to the DHS should you now still talk about it on Skype?


The biggest change occurred when Skype sold to a US corporation. That ship has sailed. P2P or not, Skype became a US company when it sold to MS. Even before that, you never had any guarantees about where/who your calls were routed to/through.

"So you should now assume that ALL your skype calls are being recorded and monitored and anything of interest to the US authorities is now available to them ?"

Unless the network is secured by you end-to-end (e.g., encrypted tunnel and you're the private key holder), you should assume that your call can be intercepted and recorded. In the context of Skype, that was never true, so nothing has changed.

So yes, there have been significant changes, but all the concerns you outlines are fringe issues at best. Skype was never any kind of secure communications system where you were safe from persecution by overreaching governments.


Yes Skype was never exactly mil-spec but was generally regarded as safer than email or regular phones as far as routine interception was concerned.

IIRC with the original design the supernodes were only used to discover where users were and so tunnel through firewalls . Once the end points of a call had been discovered the voice traffic was direct caller-caller.

Assuming that Skype hasn't been a front for the illuminati all along, then the big change of having all the supernodes under one roof is that all the call endpoints can be routinely monitored and so if there was a future requirement to tap all the voice data it would be easier to pick which links to monitor.


> Yes Skype was never exactly mil-spec but was generally regarded as safer than email or regular phones as far as routine interception was concerned.

And wrongly so. You still logged in through Skype servers (username/password is centrally managed) who would direct you to a supernode near you, and could equally direct you to an intercepting supernode.

You have just made the fallacious argument of security through obscurity.

> Once the end points of a call had been discovered the voice traffic was direct caller-caller.

Do you know that, or just assume that? Do you know that this hasn't changed with different versions?

> Assuming that Skype hasn't been a front for the illuminati all along,

Blackberry insisted that they can't decrypt end-user communication ... right until the Indian government threatened to make it illegal to use Blackberry in India, and magically it became possible to eavesdrop on BB comm.

Corrupt governments are enough, don't need to invoke the illuminati.

> then the big change of having all the supernodes under one roof is that all the call endpoints can be routinely monitored and so if there was a future requirement to tap all the voice data it would be easier to pick which links to monitor.

It's not any different. The voice links were (mostly) P2P, and I guess they still are. The supernodes (discovery/comm links) were centrally managed, and still are. The only difference is now they are both centrally managed and centrally owned - that's a very little difference.


That's one possible explanation, and I think there's a healthy amount of skepticism required when analyzing moves like this, but it's not the only explanation.

Keep in mind that a large part of Microsoft's business is in the enterprise, and voice is a huge application product for enterprise customers. Exchange has always had some form of voice integration. I haven't used it in years (since back when H.323 was big), so I don't know the current state of affairs, but it is just as plausible that Microsoft is moving to a more traditional client-server structure in a bid to win the mindshare of enerprise purchasers. I'm particularly attached to this explanation because of my insight in to the telecom industry.

Telcos don't want to sell dumb pipes to customers, because dumb pipes are a commodity. Selling a TDM PRI with 23 voice channels is something anyone can do. Carriers are pushing customers away from these products in to SIP offerings that can integrate with customer applications because these products have high exit costs. I can swap out PRIs three times a year without much trouble. Changing application integration is far more expensive. This creates room for higher margins.

Here's the thing: with Skype, Microsoft can enter this space. I don't know exactly how Skype does it, but they manage to deliver a great VoIP product without any infrastructure considerations (network design, QoS, backhaul constraints). I've used SIP carriers who deliver a router with preconfigured QoS that can't call quality as good as Skype.

I'm not suggesting there's magic here or anything, but Skype's product is damned good. If Microsoft were to integrate Skype in to Exchange, that would give them a customer endpoint that could take advantage of a network designed for voice. Exchange could keep intra-office calls local (like a PBX) and segregated on their on VLAN, while aggregating outside voice traffic on separate network interfaces, much like traditional TDM and SIP based PBX systems. This would check all the right boxes for enterprise voice managers. I'm also willing to bet this would push Skype voice quality over the threshold from end-user novelty to enterprise infrastructure.

There are far too many positive business reasons from a straight forward product standpoint to jump straight to the "this lets them mine customer data" viewpoint.


Setting up the connections is not the "magic". That is not a hard problem. It's been solved years ago.

First, P2P networks to not have to be enormous. Drop your assumptions.

They can be small, and separated. (Think VLAN.) A P2P network can be set up so that any peer can volunteer to be a supernode. (Skype doesn't let you choose.) There must be at least one supernode to get a connection started but it does not have to be a company. It can be you, so long as you have a reachable IP.

And the supernode does not have to forward traffic. She can just function to set up the connections. And she can do so agnostic to the traffic. She only keeps a table mapping MAC's and private, arbitrary IP's. The supernode can disappear after the connection established; it won't break established connections. If two nodes are behind the sane NAT, then the supernode can forward to traffic to get around this impediment. Setting up connections is not the "magic". There's no need for MS to be a (or should we say, "the") supernode.

The "magic" in Skype is the way they handle the compression, encoding and decoding.

That is where one needs to focus.

Setting up P2P connections (for small, segregated P2P networks), reliably, and without snooping, is relatively easy. You or someone else in your contacts needs pulicly reachable IP. All the code you need to connect, which is not much- quite boring for the complexity lovers, has already been written.


I think you might have missed my point. The P2P portion isn't the amazing part for me, it's that Skype call quality is so good without any of the traditional network engineering requirements I'm used to.

I work out of Florida, but most of my partners are in Ohio. Our phones in the Ohio office are delivered by a SIP carrier. The SIP carrier provides a router that establishes separate VLANs (on the local network) for the phones and computers. The phone traffic is prioritized so it goes out over the WAN link first. Granted, once it hits the internet all bets are off, but at least the voice packets are hitting the wire first. That should make our telephones the best performing VoIP option in the Ohio office.

That's not reality though. Everyone in the Ohio office prefers Skype because the call quality is better and the connection is more consistent/resilient.

I can read a SIP trace, and I understand a little bit about CODEC design. I can somewhat reliably identify the difference between a G.711 call and a G.729 call just by listening. In other words, I'm not a complete layman, but I'm not a voice engineer. What amazes me about Skype is that their voice stack performs so well without any special considerations at the network layer.

In an ideal world, a voice engineer wants not only a separate VLAN for voice traffic on the LAN, but prioritization all the way to the PSTN termination point. This usually means you need to get your transport link from the same carrier who provides your voice service. For example, if you buy SIP service from Level 3, Level 3 can also sell you a transport link, on which they can prioritize your voice traffic all the way back to the place where they connect to the PSTN. This assures the best possible transport quality.

Skype has none of this, but still manages to deliver great call quality. That is amazing to me, and it's a game changer. It decouples your voice and data provider.

The key reason to move away from P2P isn't technical, but business related. Enterprise decision makers demand more control over their network. By controlling the super-nodes, Microsoft opens the door for a whole different kind of customer:

Integrate Skype in to Exchange

With Skype integrated in to Exchange, desktop devices (Skype phones) could be segregated on to their own VLAN. The Exchange/Skype service (running on a server) can be bound to a network interface on this separate VLAN. This satisfies common enterprise network design requirements where voice is prioritized on the LAN. This would also provide an internal endpoint for Skype clients to connect to and pass through a set of business rules and/or integrate with internal applications. This is a typical use case for Exchange. Exchange would also handle call routing. Think of Exchange as the PBX, keeping intra-office calls on the LAN, and routing outside calls over a configured link.

Moving Skype Super-Nodes to Dedicated Infrastructure

The best reason to integrate Skype with Exchange is to replace the traditional SIP carrier. When a user picks up a Skype phone on their desk and dials by directory, the call hits Exchange. Exchange can examine the call and make some interesting decisions:

Directory lookup matches a local Skype username: call is routed entirely over the LAN.

Directory lookup matches a Skype user, but user is not local: call is routed over the outbound interface and through the traditional Skype infrastructure (now run by MS instead of P2P).

Directory lookup only contains a traditional telephone number: call is routed over the outbound interface and through the traditional Skype infrastructure (now run by MS instead of P2P), which terminates to the PSTN.

With Microsoft running the super-node, they have better control over the performance of the Skype back end.

The benefit of the ability to bypass the PSTN can't be understated. Many carriers offer what is called "free on-net calling". If your call is placed to another user on the same carrier, it is free, regardless of their geographical location. Skype could do the same. If you're calling another Skype user, the call is free. If you need to punch out to the PSTN, you get normal Skype rates.

The chances of an enterprise buyer considering this type of service over P2P is remote at best. There might not be any technical reason P2P couldn't satisfy the requirement, but it's bad joo-joo from a purchaser's perspective. They want assurances, and MS owned/run super-nodes make a lot of sense.


I think wiretapping is one of the big reasons for the rearchitecture. Skype officially claimed they could not comply with wiretapping requests because of the P2P network as late as 2008 (http://news.cnet.com/8301-13578_3-9963028-38.html), and Microsoft was already working on wiretapping VoIP in 2009 (http://blog.tmcnet.com/blog/tom-keating/microsoft-patents-vo...).


I would assume being able to guarantee a certain level or "service quality" played a bigger role than finding out what people are talking about. They're probably going to integrate Skype at a much deeper level into WP8 and they need to make sure there are fewer breaking points, both technical and legal.


Others have argued that the real value of this is the improved user experience (and control over the user experience). That's almost certainly true. But more importantly, mining data from Skype would be of negative value to MS.

Trying to gather any information that's utterly generic and innocuous would cause a massive PR scandal that would probably destroy Skype's credibility for ever, and possibly taint many other of Microsoft's online services as well. What data worth from wiretapping could possibly be worth $8+ billion?

The only way it could possibly make sense is if they were certain of never getting caught. And that's a tall order in these days. All it takes is one lawsuit against MS where the legal discovery process can touch documents and communications pertaining to Skype.


Would this fall under wiretapping? Other IM services have blanket statements on monitoring all and any communication in their TOS, this just takes it to voice and video.

I guess what I was thinking of was something akin to Google AdWords, not the "they want to control the world" conspiracy theory edge.


Sorry, "wiretapping" was probably not a well chosen word.

Serving ads to unpaid users is a good example of something that people probably wouldn't find too creepy (not too different from seeing ads on gmail). The problem is that since MS controls the client software, it's not something that they would need to do at the supernode level. They could just run the voice recognition / keyword selection on the client and then request the appropriate ads.

Even if they were planning on some more wide-ranging thing with adverts than that, it's unclear why they'd need intercept the conversations at the supernode rather than at the client. They'd also have the problems that they don't have a credible display ad service to use this data for, and that they can't correlate the data from a logged in Skype user to some random web user who isn't logged in.

If we assume MS is taking control of the supernodes for some observation purpose, the observation needs to be something that can't be done on the client, or that would look suspicious when done by the client. E.g. storing all the voice streams for later analysis, or transmitting summaries of conversations between paid Skype users to some MS address.


Skype already shows ads to users of the iOS client.


Aren't Skype supernodes more like DNS? Just telling the two parties how to connect with each other and then getting out of the middle?


Supernodes also have the ability to relay the VoIP traffic if the callers cannot form a P2p connection. More info here http://saikat.guha.cc/pub/iptps06-skype/

It would be a small change to the supernode logic to enable relaying of calls for wiretap requests.


Isn't there some encryption involved?


Yes but: 1, the encryption algorithms are secret, so we don't know how good they are and 2, Skype have the keys




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: