Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Reads Your Skype Chat Messages

Posted by timothy on from the but-they-don't-enjoy-them dept.

An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

13 of 275 comments (clear)

  1. Damned if they do... by mystikkman · · Score: 4, Informative

    "New Skype malware spreading at 2,000 clicks per hour to mine Bitcoins"

    http://thenextweb.com/insider/2013/04/05/new-skype-malware-spreading-at-2000-clicks-per-hour-makes-money-by-using-victims-machines-to-mine-bitcoins/

    And they try to prevent it by detecting malware and we get headlines like this. Looks like people are on a witch hunt here.

    1. Re:Damned if they do... by Sqr(twg) · · Score: 5, Informative

      Those who care about keeping the contents of their IM conversations secret should not use Skype. As stated in their privacy policy "Skype may gather and use information about you, including (but not limited to) information in the following categories: ... (n) Content of instant messaging communications, voicemails, and video messages"

      The EFF recommends using Pidgin or Audium with OTR encryption enabled, for reasonably secure instant messaging.

      I'm glad the non-tech-savvy folks use Skype, though. If Microsoft weren't able to intercept these things, I'd have to clean out viruses from my in-laws' computers more often.

    2. Re:Damned if they do... by interval1066 · · Score: 4, Informative

      (In the US) private entities don't need warrants. Warrants are a control on government. Microsoft can do whatever they want on communication channels they own. You don't have to use those channels of course.

      --
      Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
    3. Re:Damned if they do... by Richard_at_work · · Score: 3, Informative

      Google must be fucked then, as they provide antispam and antimalware functionality in Gmail, and have done for almost a decade.

    4. Re:Damned if they do... by Anonymous Coward · · Score: 2, Informative

      They intercept it if they use it for anything else other than passing it to the receiver. It's not the skype client going to those URLs. It's microsofts system going to those URLs.

    5. Re:Damned if they do... by TheRaven64 · · Score: 3, Informative

      It's a distinction between a federated and a proprietary network. When you make a telephone call, your mobile operator may or may not be the responsible for the far end. They are selling you access to a world wide telephone network, parts of which are operated by many companies even within a single country. The rules for this network are defined in part by the ITU and in part by the national laws of the various participating countries. In most of the western world, these place limits on who is allowed to listen in to messages. In contrast, Microsoft is selling you access to a private network that is owned and operated entirely by them.

      The laws apply to federated networks because you may not have a direct business relationship with the carriers for a potentially large part. They do not need to apply for non-federated private services, because you have a direct business relationship with the supplier, in this case Microsoft.

      --
      I am TheRaven on Soylent News
  2. Re:Alternate headline by Anonymous Coward · · Score: 5, Informative

    The problem with that, according to TFA, is that they only check https but not http. The latter being what malware sites use.
    Also, they are sending HEAD requests, not GET. They are only getting the headers, not the content, so have no way of knowing if there is malware at the URL.

  3. Re:This is news? by Anonymous Coward · · Score: 3, Informative

    Except not. As far as Microsoft has announced, they don't mine your messages for advertising's sake (if they did, their entire "Scroogled" campaign would be hugely hypocritical and I'm sure someone would have called them on it). This is exclusively scanning for a URL and matching against a database - they're not saving any information about your messages, especially if they don't contain a link.

    I'd say "take your FUD elsewhere", but this is Slashdot and a post about Microsoft...

  4. Re:So much for the "MS cares for your privacy". by Enderandrew · · Score: 4, Informative

    https://www.eff.org/who-has-your-back-2013

    Microsoft is extremely hypocritical in their claims of privacy protection, and their attacks on Google.

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
  5. Re:This is news? by Enderandrew · · Score: 4, Informative

    Except Microsoft does mine your email context to serve up contextual ads.

    http://www.nbcnews.com/technology/microsofts-new-outlook-mail-welcome-hotmail-replacement-917473

    They says theirs isn't as deep, so it respects your privacy more, but what it really means is that they're not as good at serving up contextual ads, but they're still scanning your email.

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
  6. Re:This is news? by Enderandrew · · Score: 4, Informative

    http://rt.com/usa/yahoo-microsoft-campaign-political-862/

    Microsoft has been caught selling DATA to advertisers.

    And they have a patent specifically covering selling your personal private data to advertisers, allowing advertisers to bid on that data.

    http://www.bizjournals.com/seattle/blog/techflash/2010/02/gates_ozzie_other_microsoft_execs_patent_personal_data_mining.html

    It is only bad business if the media calls them out on it, which hasn't really happened. That is why Microsoft spends a small fortune on astroturfing, shifting the focus on Google for privacy concerns.

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
  7. Re:...Not that unexpected, and not that big a deal by xeio87 · · Score: 3, Informative

    How would you even propose they filter spam links without a basic request? Do they blacklist all URL shorteners, or do you just let all spam that uses URL shorteners to go through?

  8. Re:Problems with closed sorce by MiG82au · · Score: 3, Informative

    Not if both sides use the OTR plugin that comes with Pidgin.