Declan talks to Zennstrom about Skype

[Eugen Leitl]

http://gizmodo-cnet.com.com/2008-7352_3-5112783.html

Skype's VoIP ambitions

By Declan McCullagh
Staff Writer, CNET News.com
http://news.com.com/2008-7352-5112783.html

Story last modified December 2, 2003, 1:30 PM PST

Niklas Zennstrom may be Sweden's most famous serial entrepreneur.

The 37-year-old Stockholm resident co-authored the legendary software used in
the Kazaa file-sharing network. After he and his partners sold the rights to
Kazaa last year, Zennstrom turned his attention to Joltid, which sells a
caching technology to help network providers deal with the growing amount of
peer-to-peer traffic.

Now Zennstrom and Kazaa co-creator Janus Friis have launched their most
ambitious effort so far: Skype, a start-up that hopes to convince people to
use voice over Internet Protocol (VoIP) technology instead of the traditional
phone system.

CNET News.com recently spoke to Zennstrom, Skype's chief executive, in
Stockholm about VoIP, privacy, security, and the lessons he's learned from
his other start-ups.

Q: What's different about Skype? Lots of instant-messaging clients already
offer voice communications.
A: We don't see them as competitors. We see our competitors as being Deutsche
Telecom, British Telecom, AT&T and Verizon. We think
there's going to be a migration from circuit-switched telephony services to
Internet telephony.

This is a second kind of driver for broadband. P2P file sharing has been
driving broadband adoption. I've been meeting a lot of Internet operators in
Europe and they say users aren't getting broadband to check their e-mail.
Broadband penetration in Europe is around 10 percent to 12 percent. The U.K.
is only around 4 percent. It has a long way to go to reach dial-up. One way
to do that is to make it more useful.

Are you hoping to sign distribution deals with Internet providers?
Absolutely. We're speaking to a few broadband operators right now. They're
quite interested in offering Skype to their users.

Will Skype continue to be free?
Now it's free--it's free in the beta phase. When we launch it'll continue to
be free. We think it's very, very important that people can use it for free
and for the momentum to grow. We want people to spread it around. We have to
be very good in up-selling users to premium services like voice mail and
conference calling. That's what people are asking for.

One of the great things about P2P for this product is that we don't have any
incremental cost for a new user. There's no marketing because we don't run
marketing campaigns. It's being spread virally by users. We don't have any
operational costs because they make calls peer-to-peer. It doesn't cost us
any more.

You permit mirror sites?
Yes. We're encouraging people to spread this to each other. Then we have an
established base of users. If we can encourage a few percent of people to get
premium services, that's an advantage to us.

What we're saying is that telephony is just an application. You can use this
software application that does all the call setup and routing, which
traditionally has been done by big company switches. Telephony is software.
It's not big software in a centralized system. It's software that people run
on their laptops at home.

What we're saying is that telephony is just an application.
How do you keep track of who's logged in and able to receive voice calls?
We have a distributed database on the P2P network that keeps track of your IP
address, firewall condition, and so on. We've taken (Kazaa's) FastTrack
concept of supernodes and taken it one step further.

Are there any privacy implications to this public database approach?
There would be a privacy consideration if you and I are talking to each other
and it's being proxied through John. That's why calls are being end-to-end
encrypted.

I can check my e-mail from anywhere in the world and senders don't know where
I am. I can answer my cell phone from any GSM country and callers don't know
where I am. But when I connect to Skype to receive phone calls, my IP address
becomes public, which tends to reveal details about my physical location.
The way for me to find your IP address would be when I set up a phone call to
you, I see your IP address if it's a direct connection. If you're using a
proxy server, I won't.

Let's say I'm trying to track someone--in a divorce case, I want to prove
that a spouse is in Stockholm when he or she is supposed to be in New York
City. If I monitor the public Skype database over time, I can roughly follow
their movements secretly.
It's not an "anonymized" system. For some people it could be labeled as a
privacy issue. That has never been any design goal.

Your advice for divorcees?
I would recommend that you set up all your Internet connections through a
proxy server.

How many downloads have you had?
We've had 1.6 million downloads. That's not 1.6 million people. I think there
are around 900,000 registered users.

People are downloading multiple versions?
This is the same ratio that you see at Download.com (Download.com is owned by
CNET Networks, publisher of News.com). There are usually about twice as many
downloads as users. People are either downloading multiple versions or
initiating the download again. Compare that to Free World Dialup. It's
growing considerably faster than that.

When will you have a gateway to the telephone network?
We're working on it...It's something that's going to be much later on.

When?
The interesting thing is that in the feedback we get from users this is not
the highest priority. They're more interested in conference calling and voice
mail. People are much more comfortable with using the Internet for
communications. People are being much more mature with the Internet. They
say, "This is my primary way to communicate. The people that I'm calling I'm
encouraging them to get on Skype." People are quite happy with that.

If you had to set a date?
Next year.

How much have you received in seed funding?
We haven't disclosed how much we raised. But it's the normal seed funding. We
haven't raised tens of millions.

Are you funding any of this yourself?
No. Just hard labor and things like that. We had the Draper family--Bill
Draper--as investors from the beginning.

You said Skype is different from IM voice clients. How about P2P voice
clients, such as PGPfone, which is encrypted, free, open source, and has been
available for years?
When we're talking about peer to peer it's much more today. It's a
self-organizing network that can adapt itself to different firewall
configurations and network address translation boxes. You cannot set up a
direct connection in most cases.

The problem is that there are a lot of different configurations. Some routers
allow outgoing connections but not incoming. Some others allow UDP (User
Datagram Protocol) connections. Others allow TCP (Transmission Control
Protocol). Most existing Internet telephony applications don't work that well
in consumer environments.

How does Skype get around that?
We're setting up hot standby connections. We set up four, maybe five standby
paths. When both parties are behind NATs (Network Address Translation), they
can't actually set up a connection between each other. It's being
synchronized. It works sometimes.

Sometimes?
It only works sometimes. It depends on the routers.

What lessons have you learned from your experience with Kazaa and FastTrack?
It's quite amazing that when you do something that catches on over the
Internet you get people all over the world to use it.
Several lessons. One thing is that the whole viral effect--when you do
something that works virally you can get a lot of people using it. It's quite
amazing that when you do something that catches on over the Internet you get
people all over the world to use it.

You should not try to do things that are artificially viral like an "Invite a
friend to use this service" feature. Those don't really work. We've had that
feature on Skype but it doesn't really bring in the users. The product has to
be fundamentally viral in itself.

How many supernodes share the Skype database?
It grows. There are a few hundred clients per supernode.

How do you become one?
You have to qualify to be a supernode. You have to have enough memory,
bandwidth, and a good uptime. Then you're connected to supernodes. If they
feel that they're getting too much load they tell the other clients around
them, "Can you help me out?" It's a distributed process which is not
centrally run.

What happens if someone sets up a malicious supernode with false "phone
number" data?
First of all, the data is populated by the users themselves. What we do in
Skype is have all users' identities protected in a public key infrastructure.
In order to avoid malicious supernodes or people saying, "I am Nicholas,"
they have to do a challenge response saying that the keys are correct. What
you want to avoid is identity theft.

What happens if someone creates and distributes, say, Skype Lite, which
recognizes user IDs "minted" by someone else?
That's so much fun. On Slashdot, people are saying, "I'm not going to touch
this," saying they don't want the advertisements (on Skype) and will wait for
Skype Lite. But there are no advertisements. OK, say someone makes a hacked
version. You and I wouldn't be able to set up calls with each other. We'd
both need the hacked version.

Are you afraid of intruders targeting your server that signs user ID keys?
The signing server is like Fort Knox.

Where's it located?
I won't tell you. That's kind of a sensitive part of (the company). It's
very, very secure.

Will we ever see a Skype telephone?
We have a phone that plugs into the USB port that's working now.

How about an 802.11 Wi-Fi phone running Skype?
That's a natural step to take later on.

On cell phones too?
The cellular phone is a relatively closed platform. I have a Nokia phone with
Java but it doesn't give you access to the IP stack. (For competitive
reasons) they're going to make sure that the telephone is very, very
closed--though 802.11 phones are eventually going to be affordable in the
next year or so.

Where do you hope to make money from Skype users?
This is software. Our business model is to sell value-added services. It
doesn't matter what client you're going to use--whether it's a Windows client
or a PDA client or an embedded client.

Any plans for Macintosh or 'nix versions?
That's one of the things we have on our wish list. We don't have any release
date planned.

Are you targeting business users as well as individuals?
We're starting with individuals. We're doing this bottom up. It's grassroots
for businesses too. It's being used by business clients already but not
through the IT departments.

News.com ran an article a few months ago talking about how the FBI wants to
force VoIP providers to make their networks subject to wiretaps. If it gets
adopted, what would this proposal mean for you?
The landscape is changing. In the old world you had issues like lawful
interception of telephone calls. In Sweden the police can get a court order
and wiretap a telephone call if the crime would lead to six years in jail or
something like that.

And if the Swedish police came to you?
We cannot do anything because we don't have access to the data stream. The
old way of thinking was easy. You'd go to the local telephone company and
they'd get a wiretap. That's not a problem because the telephone service owns
the infrastructure, provides the service, and operates in one country. The
Internet is a bit different. What you would have to do is to go to the
Internet service provider.

Assume the police can get a court order and conduct the tap. But the Skype
conversation is encrypted and they only can hear gibberish.
I'm just trying to say in general what the issues are. I don't have a
solution. In general it's not as clear cut as it was in old POTS (plain old
telephone service) days. My point is that it's not as easy as it was before.

Have you been contacted by any law enforcement or national security agency?
No. What if we got contacted by the Chinese government, or the U.S.
government, or North Korea, or the Swedish? If you're operating something
that's only available in one country it's an easy clear-cut case. But if it's
available worldwide, that's different.

Even Phil Zimmermann, inventor of PGP (Pretty Good Privacy), has said he's
concerned about terrorists using his software to plot crimes. He concluded,
though, that the benefits outweigh the negatives. How about you?
The Internet is great. There's a lot of bad things happening on it but it's
still great. If you were a sophisticated criminal and you really wanted to
hide away, then you should probably not use something that is a commercially
closed source system such as Skype. I don't think this is an issue.

If the FBI or Europol came to you and said, "We order you to include a secret
backdoor for unencrypted wiretapping in the next version of Skype," what
would you do?
I don't have the answer to that. Obviously we would work with authorities in
whatever jurisdiction we would be subject to. Sure, we would sit down and
talk to them. But we would not just say here's the backdoor and just bluntly
do it.

Currently Skype is not subject to telecommunications regulation, therefore we
do not have any legal obligation to provide any means for interception. This
is software that's not any different from e-mail or chat.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]