Skype

Skype

Skype logo
File:Skype windows.png Skype on Windows XP
Developer(s)	Skype Technologies S.A.
Stable release	Windows, UWP 15.134.3202.0 / 16 December 2024; 21 days ago (2024-12-16)[1][2][3] Windows, desktop 8.134.0.202 / 16 December 2024; 21 days ago (2024-12-16)[1][2] macOS 8.134.0.202 / 16 December 2024; 21 days ago (2024-12-16)[1][2] Linux 8.134.0.202 / 16 December 2024; 21 days ago (2024-12-16)[1][4] Android 8.134.0.202 / 11 December 2024; 26 days ago (2024-12-11)[5][6][7] iOS 8.134.0.202 / 16 December 2024; 21 days ago (2024-12-16)[5][8]
Operating system	Cross-platform
Type	P2P/VoIP/Instant messenger/ Video call/Videophone
License	Freeware
Website	www.skype.com

Skype icon

Skype (IPA pronunciation: /skajp/ (rhymes with "type" and "pipe")) is a proprietary peer-to-peer Internet telephony (VoIP) network, founded by Niklas Zennström and Janus Friis, the creators of KaZaA, and competing against established open VoIP protocols like SIP, IAX, or H.323. The Skype Group is headquartered in Luxembourg with offices also in London and Tallinn. The system has a reputation for working across different types of network connections (including firewalls and NAT) because voice packets are routed by the combined users of the free desktop software application. Skype users can speak to other Skype users for free. Skype also has paid services allowing users to call traditional telephone numbers (SkypeOut), receive calls from traditional phones (SkypeIn), and receive voicemail messages.

On October 14 2005, eBay completed its acquisition of the company for EUR€1.9 billion (about USD$2.4 billion) in cash and stock, plus an additional EUR€1.5 billion (approx. USD$1.8 billion) in rewards (earn out) if goals are met by 2008.^[9][10]

Skype version 1.2 for Windows was released on March 23, 2005. Its most significant new feature is the provision of centrally-stored contact lists so that a user's contact information is available from any computer that is connected to Skype (in other previous versions, contact information was stored on the local computer).

Skype version 2.0.0.97 for Windows was released on March 16, 2006. Most notably, this release featured video conferencing.

Versions now exist for Microsoft Windows ( 2000, XP and CE (Pocket PC)), Mac OS X and GNU/Linux. The Linux version runs on FreeBSD through its Linux binary compatibility.

Each Skype user must have the Skype software running on his/her computer. This software is currently available free of charge and can be downloaded from the company website, but the software is proprietary.

The main difference between Skype and other VoIP clients is that it operates on a peer-to-peer model rather than the more traditional server-client model. The Skype user directory is entirely decentralised and distributed among the nodes in the network, which means the network can scale very easily to large sizes (currently just over 100 million users) without a complex and costly centralised infrastructure.

Skype also routes calls through other Skype peers on the network, which allows it to traverse Symmetric NATs and firewalls, unlike most other VoIP programs (The two most common VoIP protocols, SIP and H323 are usually UDP and point-to-point, making NAT traversal problematic.)^[11] This, however, puts an extra burden on those who connect to the Internet without NAT, as their computers and network bandwidth may be used to route the calls of other users. The selection of intermediary computers is fully automatic, with individual users having no option to disable such use of their resources. This fact is not clearly communicated, however, and seems to contradict the license agreement which would limit Skype's utilisation of the user's "processor and bandwidth [to the] purpose of facilitating the communication between [the user] and other Skype Software users" (section 4.1).

The Skype code is closed source and the protocol is proprietary which has raised suspicion and drawn broad criticism from software developers and the VoIP user communities.^{[citation needed]}

The Skype client's application programming interface (API) exposes the network to software developers. The Skype API allows other programs to use the Skype network to get "white pages" information and manage calls.

The Windows user interface was developed in Pascal using Delphi, while the Linux version is written in C++ with Qt and the Mac OS X version is written in Objective-C with Cocoa.^[12]

BlackHat 2006 analysis^[13] describes how to break into the Skype client remotely through heap overflow by sending a malicious UDP packet.

Since the Skype code is proprietary and closed source the security of the software cannot be firmly established by independent experts; thus, its users - experts and non-experts alike - may base their usage of the product on merely trusting the manufacturer and behaviour of the software downloaded from sources authorised by the manufacturer. In 2004, Niklas Zennstrom, co-founder of Skype, appeared to admit in an article on The Register that the current security model used a relatively short key size, relied upon security through obscurity, and would not withstand open-source scrutiny:

Would he make Skype open-source?
No, that would make its strong 1024 bit encryption and security vulnerable: "We could do it but only if we re-engineered the way it works and we don't have the time right now."

— Niklas Zennstrom, co-founder of Skype, on the Skype security model^[14]

Since that time, at least two analyses of the Skype code have been published. Tom Berson of Anagram Laboratories, an encryption and security specialist of 30+ years standing, was invited by Skype to analyse their source code in October 2005. Separately, a reverse engineered study of the actual Skype release package in action by Philippe Biondi and Fabrice Desclaux was presented at BlackHat Europe in March 2006.^[15][16]

The conclusions were broadly as follows:

• There are two sets of issues - discussion of the Skype system in general, and review of the security within its various parts and communications.
• Skype is a "complete black box" -- that is, it is extremely hard for the lay user to identify what it is doing, or what it might be doing, or how appropriately it is doing it. It uses security through obscurity to make itself troublesome to analyse or reverse engineer without a significant amount of work, or use of emulation.
• Every package virtually, including the actual software itself, is encrypted, often by means of public/private key signing methods or AES.
• The Skype software itself uses a great deal of code obfuscation and decryption in memory, including hundreds of checksummers and other anti-reverse-engineering devices.
• The protocol includes 1536 and 2048 bit public/private key pairs. These are not considered excessively long by modern standards, but are a strong barrier to decryption. Apparently using paid services obtains a replacement 2048 bit key (the 1536 bit key being standard). It also uses 256 bit AES over 128 bit blocks, which is considered strong.
• The Skype system automatically selects certain users with fast CPUs, good broadband connections and no firewall issues to be "supernodes", through which other users may connect. Skype can therefore utilise other users' bandwidth. (Although this is allowed for in the licence agreement there is no way to tell how much bandwidth is being used in this manner). There are some 20,000 supernodes out of many millions of users logged on.
• There are notable "holes" in security in the area of the global Skype network -- that is, searches for contacts, and connection via supernodes, are trusted rather than authenticated. In some areas, "Skype trusts any computer that speaks Skype".
• Skype's file transfer function does not contain any programmatic interfaces to antivirus products, but Skype claims to have tested its product against antivirus "Shield" products. If the EICAR test file is sent over Skype's file transfer service, every major antivirus product appears to catch the virus and halt its transmission or reception via Skype.
• In addition, the lack of clarity as to content means that firewalls and systems administrators cannot be sure what Skype is doing. (The combination of an invited and a reverse engineered study taken together suggest Skype is not doing anything hostile, although that does not mean it could not.) Firewall rules for Ip tables were given to block skype for corporates.
• The full functionality of Skype was not reviewed, both studies appear to have focused upon its security. So it cannot be said what else may or may not be present.
• However the actual communication of any given Skype conversation is reported to appears relatively secured; both cryptographic analyses concluded that Skype had made good use of modern encryption techniques and had coded the actual encryption algorithms correctly within the software.

Skype accesses the hard disk several times per minute. This can be verified either by observing the HDD's activity LED or by using a file access monitor such as FileMon^[17]. Although those accesses are small, extremely fast and safe in the short term, they can be harmful in the long term. In particular the continuous access pattern does not allow the disk to enter sleep or idle modes while Skype is active, even when offline. This will cause the computer to consume more energy than otherwise, even when idle, but will not affect the lifespan of the HD (a hard disk will actually last longer if left spun up compared to being constantly spun up and down. Spinning down a hard disk is strictly a power-saving feature). Stronger HDD caching does not seem to improve this behavior.

Also, as mentioned above, certain users are selected by software to act as "supernodes". Under certain conditions, Skype is reportedly willing to accept thousands of connections, and sufficient traffic to saturate a 100 mbit bandwidth on such nodes.^[18][19][20]

Since a Skype connection may be routed through an intermediate peer, 256-bit AES encryption actively encodes the data stream of each call, or file transfer. Skype uses 1536-bit RSA (2048-bit RSA for customers who have purchased any "paid services" such as voicemail) to secure the pairwise negotiation of an AES symmetric session key over an untrusted channel. Skype claims that the proprietary session establishment protocol is efficient and prevents both man-in-the-middle and replay attacks. The Skype server certifies each user's public key at log in.

That said, Skype currently permits multiple concurrent logins: if a hacker is able to obtain a user's login password, the hacker could login as that user, and change their status to "Hidden". Thereafter, any chat sessions involving the real user are copied to the hacker's "ghost" account. If a user keeps their password secure, this is not of concern.

The integrity of the data, i.e. data modified while traveling though peers, even if encrypted, is unknown and undocumented. The mechanism and implementation has been examined in Berson's report - referenced below.

Skype provides an uncontrolled registration system for users: registration requires no proof (in means of state-issued ID card) of the identity of the user. This works two ways: you can use the system without revealing your real-life identity to other users of the system, but on the other hand you have no guarantees that the person you communicate with is the one they say they are in real-life. The down side of this is that it is easy to use the personal name (but not identity) of a trusted person as a Skype nickname and trick a naive user to reveal information or execute a program sent to them.

However this behaviour is common to all digitally provided services. (The exception are certificates from certificate authority you trust.)

Still, it seems that Skype password-based authentication system does ensure that for example "Martian Girl" is really the "Martian Girl" one recently spoke with. One just can't be sure it is her (or his) civil name.

In September 2005 a prank program was launched online. This unauthorised patch allowed a Skype user to masquerade as another user. The technique was for the joker to put up an attractive profile with a girl’s name and picture, and put that profile into "Skype me" mode. Within minutes generally another user would invariably try calling/chatting. The patch running the whole time would then partner up another call to the first caller, and send messages from the first person to the second, and vice versa. This way both people thought they were talking to a middle user whose profile of course was entirely fake. The patch only supported text messaging.

September 30, 2002: Skyper Limited received its founding investment from Draper Investment Company (www.draperco.com) April 23 2003: Skype.com and Skype.net domain names registered August 29 2003: First public beta version released June 15 2004: Beta release of version 0.98.0.28 with first support for SkypeOut. Credits by voucher only. June 27 2004: SkypeOut credits first available for purchase on Skype website. July 27 2004: Release of Version 1.0 for Windows. October 20 2004: First time 1 million Skype users are online at once. February 14 2005: First reached 2 million online. March 10 2005: SkypeIn Public Beta starts. March 11 2005: Skype reports 1 million Skype-out users and 29 million registered users. March 11 2005: 84 million software downloads and 5.98 billion talk minutes served. April 15 2005: Downloaded more than 100 million times. May 18 2005: 3 million online at once. June 19 2005: Ten billion minutes of voice conversation served. August 31 2005: Launch of "1.4 beta" containing improved sound and call forwarding. September 9 2005: SkypeOut Banned in South China.[21] September 12 2005: eBay announces purchase of Skype October 14 2005: eBay completes purchase of Skype.[22]

December 1 2005: Skype launches Skype 2.0 in beta for Windows, a major new feature is videotelephony to other Skype users.[23] January 6 2006: Skype 2.0 general release is announced. January 19 2006: Skype 2.0 official release. January 20 2006: Five million concurrent Skype users on line. February 3 2006: Skype becomes fully integrated with popular online message board Bebo allowing registered users to call and IM each other directly from their profiles. March 27 2006: Six million concurrent Skype users on line. April 27 2006: 100 million registered users. May 2 2006: Tele 2 challenges Skype with the open protocol based Parlino-service. May 3 2006: Skype 2.5 beta is introduced, as well as an early preview of Skypecasts. May 4 2006: Skype users spoke for 6.9 billion minutes during the first quarter 2006. Skype now handles 7% of the world's long-distance minutes.[24] May 11 2006: Skype for Mac 1.4.0.49 is released, the first Universal build of Skype. May 15 2006: SkypeOut to US and Canadian landlines becomes free until the end of 2006.[25]

File:Total-users-skype.JPG

It was reported that six million concurrent Skype users were on line as of March 27 2006.^{[citation needed]} Skype Journal reported five million concurrent Skype users on line January 20 2006 and expects, during the summer of 2006, 7 million users on line, and by March 2007, 10 million concurrent Skype users on line. The highest concentration of users online occurs between 9AM and 10AM EST. On April 27, 2006 Skype reported it had more than 100 million registered users.

SR Consulting reviewed 4 million Skype user profiles in October 2005 and produced some demographic information reported by Skype News^[26] and Skype Journal.^[27]

• Average age: 29.7 years old.
• About 46% of Skypers are in Europe, but Brazil and China have the most Skype users of any country, with China coming in at 13% of the Skype population.^[28]
• Gender information is inconclusive so far. More than half of all users declined to state their sex.

A criticism leveled at Skype is over its use of a proprietary protocol, instead of an open standard like H.323, IAX, or SIP, making it impossible for other providers to interact with the Skype network. There are of course clear business reasons for this, since it helps protect the SkypeOut revenue stream from competition.

A design limitation of Skype is, if given access to an unrestricted network connection, Skype clients can become supernodes. These supernodes hold together the peer-peer network and provide data routing for those behind restrictive firewalls. Unfortunately, these supernodes can generate a significant amount of bandwidth—saturating a high speed, 100 Mbit/s connection is not unheard of. For this reason some network providers, such as universities, have banned Skype.

User count and acceptance is often no indicator as to the quality of a service. There may be superior services available whose number of users look poor in comparison with Skype as Skype has been more successful in marketing its service than other pre-existing VoIP telephony services such as VocalTec (established in 1995). The number of users quoted as Skype users are taken from the number of people that have downloaded the software and not necessarily used the service to make voice calls. However, others argue that the market penetration of a product such as Skype is a good indication that it is the best product available. Marketing programs help in the short term, but long term success of a company relies on quality of service and superior user experience.

SkypeOut rates do not always keep up with the general downward trend in rates charged by conventional telephone companies. For example, in the United Kingdom, the trend is for companies to charge a fixed price per call, for example 3p to 6p for an inland call of unlimited or long duration. With SkypeOut, calls are still charged at a per-minute rate as opposed to a per-call rate, meaning that SkypeOut can be comparatively expensive for inland calls This remains relatively expensive despite Skype lowering SkypeOut charges during 2006.

While the Skype support seems thrive in the Windows platform, its popularity suffers from its lack of interoperability with other platforms. Especially the company's inability to handle even the most critical bugs has cost it much goodwill.^{[citation needed]}

While Skype has fixed some minor bugs, the latest major revision for Linux is still 1.2 (compare version 1.4 for OS X and 2.5 for Windows). Moreover, the main complaint of the community remains unaddressed. Bugs they so far have addressed have dealt with merely the installation issues and not the functionality of the program: January 6, 2006 Skype made a bugfix release (1.2.21) to fix the broken Mandriva installation and issued official package to fix some broken deb dependencies in late March 2006. Meantime unofficial packages fixing the latter bug had been in circulation at least since November 2005. (It took some 5 minutes to repackage the program starting from the material in their official site.)

As welcome as late, these fixes have nothing to do with the main issue, rendering Skype virtually unusable on the present day Linux desktop: Even the most recent versions of Skype support only the old and obsolete Open Sound System (OSS) and not its successor, Advanced Linux Sound Architecture (ALSA). The ALSA system has deprecated the OSS system since Linux kernel version 2.6, which was first released in December 2003.

As a result, the Skype version currently in distribution needs extensive system configuration, and does not work well with other audio programs. A related issue that seems to be a bug in Skype's implementation (and not fixed by and including the version 1.2.21) makes Skype unusable after the first call, forcing the user to restart Skype.

There are some workarounds to these problems, like the skype_dsp_hijacker -wrapper, but they are tedious and often require extensive system administration.

In addition, Skype is not open-source, so it cannot be included in the main repositories of distributions like Debian. This also prevents it from being re-compiled for other hardware architectures than the only one proposed, limiting its usage to Linux on x86.

Legal and other barriers have been erected by companies, government regulators, and school systems. Reasons given include perceived threats to an economic interest, to national or enterprise security, to system reliability.

For a brief period, SkypeOut was blocked in some regions of mainland China (notably Shenzhen) by the operator China Telecom for undisclosed reasons, believed to relate to SkypeOut's ability to take lucrative international and long distance business away from the People's Republic of China's state controlled telecommunications companies.

Skype has been involved in the censoring of politically sensitive messages for the regime of the People's Republic of China.^[29]

In September 2005, the French Ministry of Research, acting on advice from the general secretariat of national defence, disapproved the use of Skype in public research and higher education; some services are interpreting this decision as an outright ban. The exact reasons for the decision were not given, but computer security professionals point out that:

• Skype is a proprietary software program using undocumented protocols, and laws prohibit reverse-engineering it;
• Skype implements some kind of "peer-to-peer" network over client machines, with clients on fast connections becoming major exchange points; since research centers typically have very high speed connections, machines running Skype in those centers may generate very high traffic; some networks were reportedly nearly saturated by Skype traffic;
• the information flow implemented by Skype is unknown; though encryption is used, it is unknown where traffic goes.

As such, Skype is considered a security hazard for research networks, in which there may be significant intellectual property.

In January, 2006, StreamCast Networks filed a complaint in U.S. District Court in Los Angeles, accusing Skype of stealing its peer-to-peer technology. The $4.1 billion lawsuit does not name eBay, Skype's parent company. The lawsuit was amended in a filing with Federal Court in the Central District of California on May 22, 2006, to include eBay and 21 other parties as defendants. Streamcast seeks a worldwide injunction on the sale and marketing of eBay’s Skype Internet voice communication products as well as billions of dollars in unspecified damages.

Skype's technology is proprietary and completely closed for outside review. It is unknown to what extent it can potentially interfere with other parties' patents and copyrights. It is not unreasonable therefore to expect some future legal challenges from third parties concerning Intellectual Property issues.

On June 1, 2006, Net2Phone (the Internet telephone unit of IDT Corp.) has filed a lawsuit against eBay and Skype accusing the unit of infringing US Patent 6,108,704^[30] which was granted in 2000.^[31]

Phone companies have traditionally charged users a large amount, often proportional to the distance, for long distance calls. Skype, arguably the first major VoIP software, allowed people to talk over the Internet for free. This led to many home users with broadband capability to switch to Skype for placing their calls over the Internet. Skype, encrypted end-to-end and claiming to be secure, has also attracted large corporations who are beginning to switch from their traditional phone companies for their internal calls.^{[citation needed]} Phone companies were suddenly out of favor in the markets which patronized Skype.^[32]

Skype has partnered with online web properties including Tom.com, PcHomeOnline, Daum, Livedoor, Bebo and Onet and hardware manufacturers including Plantronics, Logitech, Motorola, VTech, RTX, Siemens and Linksys.

Skype has partnered with Tellme Networks, Voxpilot and Voxeo to enable content providers to create new voice services. These platform partners enable the voice services, provide development resources and manage the submission process for new services.

Netgear newly announced a Skype preloaded phone which does not have to be connected to a computer to use Skype; it uses a WiFi wireless router connection instead.^[33]

It has been announced that Motorola will release a similar product (CN620 WiFi cell phone). The Accton Skyfone WM1185-T cell phone is also preinstalled with Skype. The i-mate PDA2 also comes with a preinstalled Skype.

Intel and Skype have entered into a partnership resulting in Skype providing advanced conference-calling features exclusively on PCs that run Intel chips. With this deal, customers who want to take advantage of multiperson conference calls cannot do so on AMD-based machines.^[34] AMD has questioned the legality of this agreement as part of its anti-trust lawsuit against Intel.^[35]

IPEVO is a Skype hardware partner. Its first product, Free-1, is the first Skype-certified product supporting both Windows and Mac OS.^[36]

IPdrum provides the IPdrum Mobile Skype Solution, providing users with the possibility to use the mobile phone as a Skype device. Provided that the user has a calling plan that allows free calls between specific numbers, this solution enables virtually free mobile Skype telephony.^[37]

Vitaero is a Skype-certified software plugin that enables Bluetooth headsets to be used with Skype.^[38]

There are many third party products that work with Skype or build upon the Skype API to provide additional features such as voicemail and call recording.

• amiciPhone: A free peer-to-peer VoIP application
• Ekiga: A free application that supports both H.323, SIP, audio and video. Ekiga was formerly known as GnomeMeeting.
• Kiax: VoIP application based on IAX
• PSI: The current Beta version has protocol support for Google Talk
• Switchboard: Free VoIP applet which works from within a web browser. Works on Windows, Mac, Linux, and any other Java enabled platform. No installation necessary
• Tapioca: Includes support for Google Talk
• WengoPhone: A free VoIP application based on SIP open standard
• TipicIM: A free VoIP application, Videocalling based on XMPP/Jabber and Speex audio codec support

• Google Talk: popular service provided by Google
• Gizmo Project: A closed source VoIP application based on SIP open standard
• iCall: A closed source free VoIP application based on SIP open standard and providing free PC to Phone calling in the US and Canada.
• Secure Shuttle Transport (SST): Free encryption and secure messaging software including VoIP and video. Works on PCs running Windows 98 or higher.
• SightSpeed: Free video and voice calling service supporting Mac & Windows. Also allows phone out dialing.
• Vbuzzer: A VoIP softphone and service as well as an active advocator of SIP open standard
• VoIP Stunt: A VoIP application offering 300 minutes per week of free calls to landlines in many countries, including the EU, USA, Australia, etc.
• Zfone is a solution of Phil Zimmermann (inventor of PGP) to encrypt VoIP sessions, protocol published as IETF draft. [1]

Skype 2.5 BETA

• In a call
  In a call
• Activity History
  Activity History
• Editing Profile
  Editing Profile

• Voice over IP
• Skype Journal: An independent online magazine about Skype
• Skype Directory: An independent open source web searchable Skype Directory built by users.
• Comparison of instant messengers
• Comparison of VoIP software
• Nuvvo eLearning Service: an on-demand service with SkypeWeb Presence integration
• Horizon Global
• Jajah: Alternative where no headset, no download, no installation and no broadband connection is necessary. A VoIP call gets activated between two normal phones.

• Official Skype website
• Paper on the Skype protocol
• White paper on Skype, focus on supernodes
• Skype Security Evaluation by Tom Berson (Anagram Laboratories)
• Comparison of landline and mobile rates of Jajah, Skype, Gizmo, Voipbuster
• Skype, Zennstrom, Friis Et Al Sued for RICO Violations