Skype ditched peer-to-peer supernodes for scalability, not surveillance

Skype ditched peer-to-peer supernodes for scalability, not surveillance

Summary: Before Microsoft acquired Skype in 2011, the voice calling service was already ditching its "near impossible to wiretap" peer-to-peer model in favor of the cloud.

TOPICS: Privacy, Cloud
Skype_WP8_IncomingCall 2
(Image: James Martin/CNET)

Skype's principal architect explained in an email on Sunday why the company redesigned its backend infrastructure, which many have claimed made it easier for governments to wiretap calls. 

Skype principal architect Matthew Kaufman took to an email list to refute some of the claims made by one commentator, who claimed that Microsoft's "really dumb" move to run Skype through Microsoft-owned servers once it was acquired in 2011, made him "suspicious," especially in light of recent news of massive U.S. government surveillance.

Kaufman, now a Microsoft employee following the acquisition, did not directly discuss surveillance and the ability to wiretap, but he did "take issue" with the decision to switch to a datacenter model as being described as "really dumb."

...the Skype peer-to-peer network architecture elected certain nodes to be "supernodes", to help maintain the index of peers as well as handle parts of the NAT [network address translation]/firewall traversal for other peers. This election algorithm chose only machines with open Internet connectivity, substantial uptime, and which were running the latest version of our peer-to-peer code.

He also explained that "twice a global Skype network outage was caused by a crashing bug in that client," with one of those instances being in 2010.

[T]hat is in part why Skype has switched to server-based "dedicated supernodes"... nodes that we control, can handle orders of magnitudes more clients per host, are in protected data centers and up all the time, and running code that is less complex that the entire client code base. 

He also confirmed that, "this conversion [away from peer-to-peer] started well before the Microsoft acquisition was even announced, during the Silver Lake era," in 2009.

The exchange began after an article by The New York Times last week claimed that a small handful of Skype employees established Project Chess, a system designed to explore the legal and technical issues behind handing over Skype user data to law enforcement agencies.

Only a few executives at the company were made aware of the project, which was reportedly set up in 2008. Project Chess is also said to have continued when eBay sold Skype to Silver Lake Partners for $2.75 billion in 2009

But an interesting tidbit from the email came from professor emeritus Dave Farber, who claimed in the thread, "...the fact is that the management of Skype — even when they were owned by eBay — told the U.S. government to stick it, and got away with it."

Kaufman said he was "not in a position to comment on what Skype can and cannot log or intercept."

Read this

PRISM: Here's how the NSA wiretapped the Internet

PRISM: Here's how the NSA wiretapped the Internet

The National Security Agency's "PRISM" program is able to collect, in realtime, intelligence not limited to social networks and email accounts. But the seven tech companies accused of opening 'back doors' to the spy agency could well be proven innocent.

Security expert Bruce Schneier confirmed in 2006 that National Security Agency (NSA) could not intercept Skype calls because of its then-infrastructure setup. According to CNET in 2009, Skype confirmed it was unable to fulfil any government request to wiretap calls, "because of Skype's peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request."

Skype has in recent weeks and months denied that Microsoft's acquisition made it easier for police and intelligence agencies to access user data, despite a leaked NSA slide claiming that its PRISM program allowed the agency "direct access" to its servers

If the Times' article is to believed, Skype's statement regarding law enforcement requests following acquisition would be true. 

The revelations of the NSA's widespread spying programs come only months after Skype denied that it was "playing Big Brother," according to ZDNet's Ed Bott, by listening in on your voice conversations. Earlier statements by Skype in mid-2012 state that, "Skype to Skype calls do not flow through our data centres," adding: "These calls continue to be established directly between participating Skype nodes (clients)."

It remains unclear whether or not the NSA can wiretap Skype calls or access them after the fact with a valid warrant. However, metadata relating to Skype calls can be collected under a broad warrant issued by the Foreign Intelligence Surveillance Court (FISC), a secret court governed under its namesake statute, the Foreign Intelligence Surveillance Act (FISA).

Kaufman continued his technical reasons as to why Skype converted to a cloud-based datacenter model for its ever-growing user base, away from its peer-to-peer infrastructure.

He explained that with a rise in mobile and tablet users, these devices rapidly became "a battery-powered hand warmer," because it was participating as a full node on its peer-to-peer network. This would drain the battery faster than "any other well-known application out there," he said.

He also championed feature changes as a result of the cloud-based model, such as missed instant message delivery. "Servers. Lots of them," he said, "and more and more often in the Windows Azure cloud infrastructure."

In the case of instant messaging, we have merged the Skype and Windows Messenger message delivery backend services, and this now gets you delivery of messages even when the recipient is offline, and other nice features like spam filtering and malicious URL removal. [...] And over time you will see more and more services move to the Skype cloud, offloading memory and [processor] requirements from the mobile devices everyone wants to enjoy to their fullest and with maximum battery life.

While Kaufman he did not directly address the issue of wiretapping — he referred back to Microsoft's statements — or even acknowledge the existence (or non-existence) of Project Chess, there were technical reasons behind the move to the cloud-based datacenter model, not limited to growth and scalability.

He said the transition had been "difficult" and took the hard work of "hundreds of developers." 

Whether or not it made wiretapping easier for the NSA and its domestic law enforcement and global intelligence agency counterparts, so be it. But in Kaufman's words, at the time the move made "strategic and business sense."

Topics: Privacy, Cloud

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • ok

    If we are told to believe, we will make sure we pretend we do believe.

    However, once upon a time, Skype was the tool used by various "security conscious" people.. and suddenly, those people stopped using Skype. That says enough.
    • Well

      Calls are still direct from skype to skype... Its IP to IP aswell as chats...And it is encrypted... So they would have to somehow intercept that datastream and decyrpt it..
  • Sometime a cigar is just a cigar

    and not everything is the conspiracy you want it to be.

    There is an undeniable truth with many things that no matter how great it may be, it won’t work too well scaled up.
    William Farrel
    • I agree... Server Architecture Makes Logical Sense for Skype

      While P2P may have advantages for making it more difficult to monitor communications, it has a lot of disadvantages for the end user experience. We expect services to be reliable and they would have very limited control if they don't own the hardware that is keeping the service up.
    • The cigar

      An p2p network is definitely more scalable than an centralized server network, anyone who does "Internet" knows this too well. Nothing to do with conspiracy.

      On the other hand, an centralized network is way easier to monitor, control and regulate. But one needs to note that the Internet itself was designed to be as decentralized as possible. This is why it still does exist.
  • Skype going downhill fast...

    Skype has been hosed ever since it was acquired by Microsoft. Now we know why.
  • Offline messaging

    Huh. He sure sounds like he should know if Skype has offline messaging. I don't think it does for very many people though.
  • MS goes 1984 anyway although Steve Jobs probabky took the lead

    Open source servers and voip are the only way to make sure some amount of security is present other then Government oversight. Actually a great work "Oversight", they miss all the minutia in favor of a grand approach. We live in a Corpocracy and until people wake up that's the way it shall stay. Why doesn't anon take a real cause??? There probably to busy patting each others backs for the last minor infiltration. I'm old so this is a battle for younger techs and geeks to fix. I wish you gods speed.
    PS: RIP, Guy who invented the Mouse Douglas Engelbart died.
  • Yeah Right ZacK

    How many fingers am I holding up, Winston?
    Alan Smithie