Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Reads Your Skype Chat Messages

Posted by timothy on from the but-they-don't-enjoy-them dept.

An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

7 of 275 comments (clear)

  1. Damned if they do... by mystikkman · · Score: 4, Informative

    "New Skype malware spreading at 2,000 clicks per hour to mine Bitcoins"

    http://thenextweb.com/insider/2013/04/05/new-skype-malware-spreading-at-2000-clicks-per-hour-makes-money-by-using-victims-machines-to-mine-bitcoins/

    And they try to prevent it by detecting malware and we get headlines like this. Looks like people are on a witch hunt here.

    1. Re:Damned if they do... by Sqr(twg) · · Score: 5, Informative

      Those who care about keeping the contents of their IM conversations secret should not use Skype. As stated in their privacy policy "Skype may gather and use information about you, including (but not limited to) information in the following categories: ... (n) Content of instant messaging communications, voicemails, and video messages"

      The EFF recommends using Pidgin or Audium with OTR encryption enabled, for reasonably secure instant messaging.

      I'm glad the non-tech-savvy folks use Skype, though. If Microsoft weren't able to intercept these things, I'd have to clean out viruses from my in-laws' computers more often.

    2. Re:Damned if they do... by interval1066 · · Score: 4, Informative

      (In the US) private entities don't need warrants. Warrants are a control on government. Microsoft can do whatever they want on communication channels they own. You don't have to use those channels of course.

      --
      Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
  2. Re:Alternate headline by Anonymous Coward · · Score: 5, Informative

    The problem with that, according to TFA, is that they only check https but not http. The latter being what malware sites use.
    Also, they are sending HEAD requests, not GET. They are only getting the headers, not the content, so have no way of knowing if there is malware at the URL.

  3. Re:So much for the "MS cares for your privacy". by Enderandrew · · Score: 4, Informative

    https://www.eff.org/who-has-your-back-2013

    Microsoft is extremely hypocritical in their claims of privacy protection, and their attacks on Google.

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
  4. Re:This is news? by Enderandrew · · Score: 4, Informative

    Except Microsoft does mine your email context to serve up contextual ads.

    http://www.nbcnews.com/technology/microsofts-new-outlook-mail-welcome-hotmail-replacement-917473

    They says theirs isn't as deep, so it respects your privacy more, but what it really means is that they're not as good at serving up contextual ads, but they're still scanning your email.

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
  5. Re:This is news? by Enderandrew · · Score: 4, Informative

    http://rt.com/usa/yahoo-microsoft-campaign-political-862/

    Microsoft has been caught selling DATA to advertisers.

    And they have a patent specifically covering selling your personal private data to advertisers, allowing advertisers to bid on that data.

    http://www.bizjournals.com/seattle/blog/techflash/2010/02/gates_ozzie_other_microsoft_execs_patent_personal_data_mining.html

    It is only bad business if the media calls them out on it, which hasn't really happened. That is why Microsoft spends a small fortune on astroturfing, shifting the focus on Google for privacy concerns.

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.