Author: InvisibleUser Team
Categories: Communication Privacy
In this article, we will introduce the best private video call programs and Skype alternatives, as well as present our final verdict on Skype, where we explain why we rate it as malicious spyware.
In our last article “Microsoft help Police wire-tap Skype”, we have outlined in detail why you should stay miles away from Skype. We will now give you our final verdict on Spycrosoft’s scandalous surveillance tool.
It is a pity, how things went down for Skype. In the beginning (2003), it was the first usable video call software and they had fast servers. Since Microsoft has taken over this project, it is one of the most disgusting data collection tools out there and its only objective is invading your private space.
Skype is far worse than any malware you could accidentally get from an infected website. We cannot stress enough how dangerous using Skype is. The software takes advantage of our basic human need to socialise and abuses it for surveillance of our intimate communication. This makes us absolutely sick and countries that allow such practices should better not have the impudence to call themselves democracies!
We might have phrased that sentence incorrectly: Countries do not only allow it, they endorse the wire-tapping practices! It were government officials that threatened Microsoft with fees and court orders if they do not compromise their own program!
You might think that is only typical of dictatorships, but the Western nations we live in are even more invested in limiting our privacy. Sometimes, we think that they are worse than the authoritarian state China. China at least admits openly that they spy on their people!
“It is probably safer to drink a glass of mercury than it is to use this sinister surveillance tool. Goodbye Spype, farewell!” – InvisibleUser
We believe to have explained sufficiently why using Skype is not an option. Luckily, you can easily replace the spyware with open-source software. You will have the same user-friendly experience you are used to, but you will improve your privacy protection.
There are many viable video call applications available at the moment. With viable we mean that they are both easy-to-use, as well as secure and open-source. The nature of the big data video calls create keeps these programs mostly in the hands of large, intransparent companies, but we have found four independent open-source projects.
The first program worth mentioning is called Jitsi. Jitsi is a multi-platform video call and instant messaging software. It is available for Windows, Mac, Linux, iOS, Android and as a web client. It is quite good for privacy. The company does not keep logs of your activity and does not track you. The client and server-side applications are open-source and you can view them on the project’s GitHub repository. Therefore, we know that we can trust the app more than the proprietary software mentioned above.
The mobile app of Signal Messenger does also allow you to make video calls, but not on all devices. Video calls are not available on the iPad, because Signal does not run natively on tablets, but as an emulated smartphone app. That said, it is a very secure video call program and if you like secure chat, you probably already have it installed. Signal’s protocol is state-of-the-art and we strongly recommend this desktop and mobile app. To learn more, please visit our articles on Signal, “Chat securely with Signal Messenger” and “Signal Messenger Guide on Mobile and Desktop“.
Signal is very secure and its very own Signal Protocol is the industry standard for secure instant messaging. Out of all the clients, this is definitely our favourite program for text, as well as video calls. It is simply one of the best Skype alternatives for privacy you could think of. The developers made it a very transparent project. All source code for both server and client software is available open-source.
Using the Tox protocol is another option. It started as a small project from the GitHub user “irungentoo”, but has grow since then and is available for all major desktop and mobile OSs. It is still relatively new and the first alpha version appeared in 2014, but the TOX protocol sounds promising. There are many TOX clients, but the most used and functional ones are µTox on desktop and Android, gTox on desktop, Antox on Android and Antidote on iOS. You can also use Tox in Pidgin with the Tox plug-in, but Pidgin does not support video calls.
Tox supports instant messaging, group chat, VoIP, file sharing, video calls and much more. The clients are all compatible, since they use the Tox Client Standard. The Tox Client Standard can be found here. The Tox project is currently here on GitHub.
Tox is different from most other chat protocols, since it is decentralised and a peer-to-peer (P2P) protocol. You can establish a connection either directly to your contact or over the fully distributed, peer-to-peer network. It is primarily designed for instant messaging and group chats, but there are also large chat rooms. A minor disadvantage is that both participants in a chat have to be online, otherwise the messages do not get delivered. Tox is decentralised, so there are no servers that store the message. The popular Tox clients will notify you if your contact is offline.
Tox communication is private, but not anonnymous. That is not the goal: Knowing your friend’s IP address is needed for the P2P connection. After establishing the connection, it is end-to-end encrypted and private.
A good thing about the system is that your IP address is hidden behind your Tox ID. People only get your IP address if you add them to your contacts list.
The software Wire is another alternative and its client and server software are open-source. It had severe security issues and was vulnerable to man-in-the-middle attacks, as reported by security researchers from the University of Waterloo.
User passwords were even uploaded to the server, eavesdropping and audio/video leakage were possible. At the time those issues occurred, the server software was not release open-source, yet. After the report, the developers started publishing the server code on GitHub.
Its protection was described as very weak compared to Singal. We ask ourselves why the developers released Wire so early, since it is not a bad program at all, it just needs more development time. Many issues improved and the University of Waterloo updated their report. They now state that “the remaining issues with Wire are relatively minor and also affect many of its competitors.” (source)
Other teams that found issues in Wire’s messaging protocol were Kudelski Security and X41 D-Sec, who discovered that “invalid public keys could be transmitted and processed without raising an error.” (source) This was also fixed in time.
Despite its controversial past, Wire is a viable option today and its security on par with its competitors. What remains is a user-friendly app from the Swiss developer, which offers many features. We think that they released their software in an unfinished state, but it is fine now. The mobile apps, as well as the desktop and web app are very intuitive and incredibly well designed.
Wire uses a custom open-source protocol called Proteus. It is based on the Signal protocol, which makes it very secure. The Wire developers made minor changes to make it run in a web browser. VoIP calls are secured with the Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP) protocols. DTLS and SRTP are protocols specifically designed for privacy and encryption, so we are convinced that our VoIP chat is protected. Client-server communication is protected by Transport Layer Security (TLS). The Wire developers publish more details in their security whitepaper.
Learn all about their privacy and security on their info page.
Threema is another option you have. It is closed-source software, which is why we will only mention it briefly. Threema comes from a Swiss developer and is as good as it gets for closed-source software. The company is very transparent and gives the public insight into the technologies they use. They publish a cryptography whitepaper and a transparency report, where they list all inquiries from authorities. When it comes to inquiries, they are luckily not very cooperative:
“We operate under Swiss law and are neither allowed nor willing to provide any information about our users to foreign authorities.” – Threema spokesperson
Threema is not free, but offfers very useful privacy features: The registration does not require you to type in any personally identifiable information, so you do not need a phone number or email address.
According to the developers, other confidential information, like your address book, is only stored in** volatile server memory** and is deleted immediately after synchronising contacts. Group chats are managed locally and not registered on the server. Data on you device, e.g. messages, as well as data transfer is encrypted.