Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Reads Your Skype Chat Messages

Posted by timothy on from the but-they-don't-enjoy-them dept.

An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

2 of 275 comments (clear)

  1. Re:Alternate headline by Anonymous Coward · · Score: 5, Informative

    The problem with that, according to TFA, is that they only check https but not http. The latter being what malware sites use.
    Also, they are sending HEAD requests, not GET. They are only getting the headers, not the content, so have no way of knowing if there is malware at the URL.

  2. Re:Damned if they do... by Sqr(twg) · · Score: 5, Informative

    Those who care about keeping the contents of their IM conversations secret should not use Skype. As stated in their privacy policy "Skype may gather and use information about you, including (but not limited to) information in the following categories: ... (n) Content of instant messaging communications, voicemails, and video messages"

    The EFF recommends using Pidgin or Audium with OTR encryption enabled, for reasonably secure instant messaging.

    I'm glad the non-tech-savvy folks use Skype, though. If Microsoft weren't able to intercept these things, I'd have to clean out viruses from my in-laws' computers more often.