Can engineers understand what you say in an encrypted Skype call? Four researchers from University of North Carolina at Chapel Hill think so. Andrew White, Austin Matthews, Kevin Snow, and Fabian Monrose presented their paper, Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks (PDF), yesterday to the IEEE Symposium on Security and Privacy here in Oakland, California. They show you can find patterns in your encrypted VoIP traffic, match those patterns to sounds of speech, and produce a text transcript of your call. Their “VoIP Conversation Reconstruction Process” looks like this:
Here’s the abstract:
In this work, we unveil new privacy threats against Voice-over-IP (VoIP) communications. Although prior work has shown that the interaction of variable bit-rate codecs and length-preserving stream ciphers leaks information, we show that the threat is more serious than previously thought. In particular, we derive approximate transcripts of encrypted VoIP conversations by segmenting an observed packet stream into subsequences representing individual phonemes and classifying those subsequences by the phonemes they encode. Drawing on insights from the computational linguistics and speech recognition communities, we apply novel techniques for unmasking parts of the conversation. We believe our ability to do so underscores the importance of designing secure (yet efficient) ways to protect the confidentiality of VoIP conversations.
“when the audio is encoded using variable bit rate codecs, the lengths of encrypted VoIP packets can be used to identify the phrases spoken within a call. Our results indicate that a passive observer can identify phrases from a standard speech corpus within encrypted calls with an average accuracy of 50%, and with accuracy greater than 90% for some phrases.”
They suggest preventing this kind of analysis will cut audio fidelity and use more bits.
Don’t panic. Yet. Their work proves the point but the four haven’t created a technology ready for the marketplace. Their research tools only support a few American English dialects, assume favorable conditions for collecting VoIP streams (like finding all your packets on your local area network), and assume the stream uses variable speed encoding. These, along with design for large scale text extraction, are just engineering barriers for the willing, to be overcome with money and talent.
They’ve proven it can be done. So I expect two things to happen. Money and talent will apply this work to private and public sector surveillance. Meanwhile, VoIP services will start making text extraction more difficult.
Flash Player 10.3 enables developers to create real-time online collaboration experiences with high-quality audio, telephony, in-game voice chat, and group conferencing applications for desktop PCs. Developers can take advantage of acoustic echo cancellation, noise suppression, voice activity detection, and automatic compensation for various microphone input levels. This feature is only be available for desktop OSes. End users will be able to experience higher quality audio facilitating smoother conversation flow, without using a headset.
Only a fraction of Telefónica O2’s customers use a mobile version of Skype, especially compared to Hutch’s Three customers, a Skype partner. Those who do use Skype can set up Skype To Go so calling a local phone number rings a speed dial phone number of your choice, especially an otherwise costly international number. You can call your Skype To Go number from any phone and it just works. And it’s cheap; covered by your Skype plan or billed at the usual low Skype rates.
For O2’s non-Skype customers, Voxbone and Jajah now power O2’s International Favorites service. It does the same thing. Call a local number, the foreign number rings. Voxbone provides the numbers, Jajah pipes the call, and O2 manages the customer relationship.
Voxbone provides phone numbers to Skype too. Small world.
SJ. MagicJack operates a phone company to back their VoIP operations. Does netTALK?
Yes, our Network Operations center (datacenter) is located in Miami, Florida, with several POP locations in several states for redundancy and to guarantee uptime. We are interconnected with most major carriers and emergency services.
SJ. Skype tried a retail strategy a few years ago, with adapters, PC-free Skype desk phones, and Skype credit gift cards. Why do you think netTALK and MagicJack have had success in retail?
Skype users were early adopters of VOIP technology, when Skype introduced retail products consumers were in a transition of mobile communications, the economy was more stable and consumers were less concerned about the cost savings associated with Skype technology.
Toktumi founder Peter Sisson talks right into the camera and says Line2 is better than Skype on iOS or Android.
He’s pitching Line2 as a phone service, positioning Skype as weaker in at least three features.
Where Skype works where you have data service, Line2 also works where you only have cellular, so you always get through.
Line2 offers call waiting and conference calling. Businesslike compared to Skype’s approach.
Line2’s SMS texting capabilities work in both directions, and come with your phone number as caller ID. iSkype’s don’t (without extra payment and an online number).
“Never miss an incoming call. Skype does this through call forwarding when no data connection is available. Although Google Voice supports simulring, to receive calls you must have cell reception or access to a landline.”
“Look more important and professional. Line2 includes business calling features like call waiting, transfer and conference, an optional auto-attendant (Toktumi Unlimited), and no branding, advertising, or other announcements.”
“Free number porting – move your existing number.”
Yet when you talk to Skype’s leadership, they are all about the video. These types of apps are not especially interesting when a new frontier of video calling, messaging, conferencing and collaboration lies ahead.
Valve’s Steam MMO RPG game delivery system (rent, don’t buy; play without downloads; one identity across games; common APIs) will use the free SILKcodec. This will build SILK’s wideband audio quality into the Steam player, although games may exploit it. Correction: You do in fact buy games; but the games have the option of storing and using social elements from the Steam cloud: PTT, saving games, or achievements. Steam is one of the largest game sales systems on earth, “a license to print money” one customer told me. They moved from the Speex codec to SILK but the driving forces are customer engagement. The higher the voice chat fidelity, the better you communicate, the more you enjoy the team aspects of gameplay, and the longer you play. Good for all.
Steam’s voice chat system now leverages the SILK audio codec, developed and used by Skype, makers of the world’s most popular voice communication service. The SILK codec provides a significant quality improvement over Steam’s previous voice technology, at the cost of some increase in bandwidth usage. Steam Voice used to require 15 kbps of bandwidth, whereas SILK is a dynamic bit rate protocol which varies in its use of bandwidth between 8 and 30 kbps, depending on the range of data in the voice signal and current network conditions.
As of today’s Steam client update, voice chat using SILK is available to all users of Steam. To start using Steam chat with SILK, simply click the ‘Start Voice Chat’ button within a friend or group chat on Steam. You can access chat from both the friends list at the desktop, or while in game using Steam’s in-game overlay. You’ll find voice chat connectivity and reliability have also been improved with this release.
Steam chat with SILK is now also automatically available for all games that take advantage of the Steamworks Voice API. Valve’s own Portal 2, set to release in mid-April, uses this newly updated system to enable voice chat in its cooperative gameplay mode.
Click. Ring. Talk. That’s the usual way phone calls work. Skype’s call set-up time (Click. Wait. Ring. Talk.) seems to be slowing that down, running 30 seconds to a minute in some cases. I don’t have hard numbers but that’s a common perception among the VoIP geeks and long time Skype users I know. Google Talk calls, by contrast, seem to connect almost instantly. We don’t know why. Are we noticing something that was always there? Are we an edge case and Skype connects most people quickly? Is this a side effect of Skype’s directory becoming humongous? Of p2p topology? Of negotiation between the clients taking too long? I’ve not a clue. What’s your experience?
Phono is a simple JQuery plugin and JavaScript SDK that turns any web browser into a multi-channel communications platform capable of making phone calls and sending IM messages. You can even connect to SIP clients; all with a simple unified API.
You have to be a VoIP programmer to use one of the SIP services. A new generation of middleware makes coding for communications easier and accessible to the millions of programmers who write web and mobile applications. Voxeo, Twilio, BT/Ribbit, Telefonica/Jajah, and others offer calling as a cloud service. Phono extends this access to JavaScript, one of the easiest and most widely used browser programming languages. Combined with Tropo, Voxeo’s application platform, write your hosted app once with Phono and it runs on multiple UIs and channels: browser, telephone, instant messaging, and others.
Bonus: The Phono SDK is open source so you can point your $.phono() jQuery calls to your choice of communication platforms.
Phone booths in the elevator lobby of The Standard Hotel in Downtown Los Angeles around 4:30am. Glass, metal, stone aren’t the warmest of places to call. Phone booths are changing from payphone anachronisms into mobile phone privacy chambers.
I startled awake at four this morning in the minimalist aesthetic of The Standard in Downtown Los Angeles, brain dissonant from the ITExpo West 2010Avaya event last night. And a caffeine OD from the reception.
Thrown to recruit software developers, the event didn’t showcase any third-party software or show how you might build on Avaya‘s and Nortel‘s platforms.
Paul Pugh of frog sprinkled the otherworldly mind candies of modern design, cultural anthropology, industrial organization, and pretty slideware. It was like having a prestigious sculptor talk to a plumbing convention, supporting his patron and trolling for new ones.
The Flare Experience team sought input from a wide range of Avaya stakeholders. Not non-Avaya stakeholders, mind you, but this is an improvement from feature bloat and blind alleys led by the biggest customers. The research led them to choose a direct-manipulation interface (touch and drag, vs. click and drag) on a proprietary tablet. Touch may give a wow! factor but simplifying and speeding up common tasks may trigger ongoing use. I hope to try it later today. The Flare software is a front end control (a service avatar) for a deeply complex and mostly closed server suite, so they are headed in the right direction. I’ll be surprised if Avaype’s (SkypAya?) promised back end integration doesn’t show up in the Flare’s Android app a year from now.
The Flare app hides complexity, and that’s great. It’s also a closed, locked-down service delivery system at a time when everyone and their brother wants to extend user experiences by writing their own components. Why not let someone mashup Google Maps with Avaya presence for new Flare wallpaper? Or add new classes of presence to the rolodex? Enrich caller ID with call center data? Enhance social peripheral vision by updating profiles with news from outside the firewall. Or add games or whatever the heck else developers want to add. So users have the choice. Hubris is the first lesson of design; the world knows more than you, so you should observe and take it in. Our software universe is an efficient marketplace of ideas and Flare launches as a closed mind.
The ITEXPO developer track (#itexpoDevCon) starts Tuesday morning in the LA Convention Center. I’m hosting three 45-minute developer panels in room 306A.
I’m looking for an audience who is more informed, vocal and opinionated on these subjects than I am. The topics can be changed and I’m up for suggestions. Care to join us? Questions you want to make sure we address? I’m at @evanwolf on twitter, evanwolf on Skype, +1-510-316-9773 on mobile or editor@skypejournal.com.
CORRECTION (25 Sept 2010): "we (Twilio) aren’t putting in any money… all the investment is coming from Dave McClure’s fund 500Startups." – Danielle Morrill, Twilio
Nobody in the Over The Top Calling Platform market has pursued the startup community with Twilio‘s fervor and effect. I’ve seen them sponsor telephony meetups, the SuperHappyDevHouse hackathon, Hacker Dojo, and are national sponsors of Startup Weekend. It’s funny for me to run into Silicon Valley acquaintances that introduce me to this cool thing called Twilio that lets you whip out phone features in record time. This leaves Voxeo, Jaduka, Skype, and Jajah struggling for mindshare among early stage IT entrepreneurs.
I’d love to see a Skype fund for startups when the Skype network API comes out. Skype could partner with angel networks and microfunds to source the talent. Skype could also be more global in its outreach than Twilio can.
Update: Don Kennedy asked me about the ROI for Twilio. Here’s how this project pays off…
Developers see economic value associated with the 500startups co-brand of Twilio. You may not know this but 500startups is a rock star in the NYC/SF/Silicon Valley seed/angel community. See also: Dave McClure, master of 500 hats.
Social proof is the way developers choose their tools. This program not only builds informal social proof through personal word of mouth, it also builds public proof points.
The fund will seed 20 startups. These are investments, not gifts or loans. 500Startups Twilio has a fair chance that at least one or two will have liquidity events that more than pay for the whole program. Most portfolios like this pay for themselves.
Twilio builds investment banker cred for when they eventually IPO or merge.
Twilio has a chance to learn more about startups (their customers) through their close working relationship with the 500startups incubator/fund.
For each of the 20 startups funded, 200 will apply and 2000 will think seriously about it. That’s a lot of mental rehearsal for pitching the use of the platform.
With any luck, Twilio will discover new talent that might join the company, contribute to the platform, and nurture its ecosystem.
With any luck, Twilio will discover new ways to use its platform that will become amazingly popular among web developers and entrepreneurs.
As a marketing project, this has the advantage of being crisp (defined spend, defined audience, defined message, defined brand value, defined publicity moments), proven (a long history of corporate and government venture and adventure funds), and respected in Silicon Valley.
Skype designed software for Windows, Mac, and Linux desktops, iPhone, Blackberry, and Android smartphones, Nokia tablets and Symbian phones. With the launch of SkypeKit, Skype is encouraging others to design their own versions of Skype, either as a full Skype client or as Skype features in another app.
Grandstream built their own Skype client for the GXV3140 IP multimedia desk phone. If you have a GXV3140, you can point your phone’s browser to the firmware page (Beta Test page) and download the latest version. Skype provided Grandstream with broad design guidelines, which remain a proprietary secret. The team could pick any combination of SkypeKit features. The Grandstream team took six weeks to learn the SkypeKit SDK and build a working prototype, fast as these things go. Let’s walk through the 31 screenshots below and see what they chose to include or leave out, what to emphasize and and what they chose for defaults that change user behavior.
This is what the phone looks like (below). The GXV3140 supports video calling with sister phones, without Skype. The screen is 4.3”@ 480x272px. The video camera is 1.3M pixel, supporting up to 30fps. The screen is not a touch screen, so typing and navigation are through the keys on the the front of the phone or through a full USB keyboard.
You get to Skype from the main menu. Skype is one of the "Social Networks". Skype could have been in "Applications" or, with integration, you might have been able to launch a conversation from the "Phone Book" or "Call History" apps. Choices.
Skype’s logo is prominent when you highlight it. "Select" Skype using the function key corresponding to the command on the bottom command bar.
If you’re new to Skype you’ll be offered the standard disclaimer. Not enough room to read the whole thing so it gives the Skype web pages for the Skype End User License Agreement, Skype Terms of Service and Skype Privacy Policy. And disclaims Skype’s "No Emergency Calls" policy: "Skype is not a replacement for your ordinary telephone and can not be used for emergency calling."
Create your Skype name, password and tie it to your email address. Save Password isn’t checked by default, possibly a good thing in a busy office. Neither is "send me Skype news and special offers."
I don’t have screenshots that show if the app tests the password for minimum security strength. Skype requires that new passwords have at least one digit, for example.
Sign In with your username/password. You can get a Skype name if you don’t have one (see the screens above), recover a password (no screenshots). Two preferences: "Sign in automatically next time" and "Start Skype when I start the phone."
The Skype home screen starts with five tabs across the top: Contacts, History (now called Conversations in Skype for Windows 5), Chat (text IM), Call, and Profile. Your Skypename and status are shown top right.
These docs walk you through adding Skype to your SIP office phone system. Skype Connectwent out of closed beta last month. Download these Acrobat PDF files for your deployment enjoyment.
The first VoIP wave (1990s-2003) was mired in POTS emulation, right down to digital versions of handsets, dialing with phone numbers, and switching modeled on telephone switchboard operators. The only thing abandoned was the rotary dial.
The second wave started with Skype in 2003. Skype showed everyone you could wrap telephony in Instant Messaging clothes. Yet rivals followed Skype’s path without innovating the user experience. Google, Yahoo!, Microsoft, Facebook, and MySpace have all built voice into their IM. Skype still tweaks their UI, but IM remains Skype’s go to model.
VoIP’s second wave is as stuck in an old world view as the first.
••
So here’s our thought experiment.
How would you design live streaming conversation for the first time, starting now, from scratch?
Imagine we didn’t have landlines or mobiles or video conferencing or anything. Just a world of text (blogs, texts, emails, tweets, etc.) and asynchronous rich media (YouTube, Hulu, TV, radio, podcasts, vlogs).
Talking live to another person will be a radical reform. But you’d invent all the elements of live talk within the prevailing frames of reference, using familiar designs.
Join the Skype 6.X Text Chat Room