Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Reads Your Skype Chat Messages

Posted by timothy on from the but-they-don't-enjoy-them dept.

An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

8 of 275 comments (clear)

  1. Re:Damned if they do... by afidel · · Score: 5, Insightful

    Not if you agree to it in the TOS.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  2. This is news? by csumpi · · Score: 5, Insightful

    AOL reads your messages. Google reads your messages. Facebook reads your messages. Apple reads your messages. Microsoft reads your messages.

    How is this news? The price for free IM is that they read your messages and sell the info they gather to advertisers.

  3. Re:Damned if they do... by mu51c10rd · · Score: 5, Insightful

    Nobody else was dumb enough to click the link.

    You don't deal with many ordinary end users do you...

  4. Re:Alternate headline by Anonymous Coward · · Score: 5, Informative

    The problem with that, according to TFA, is that they only check https but not http. The latter being what malware sites use.
    Also, they are sending HEAD requests, not GET. They are only getting the headers, not the content, so have no way of knowing if there is malware at the URL.

  5. Re:Damned if they do... by Sqr(twg) · · Score: 5, Informative

    Those who care about keeping the contents of their IM conversations secret should not use Skype. As stated in their privacy policy "Skype may gather and use information about you, including (but not limited to) information in the following categories: ... (n) Content of instant messaging communications, voicemails, and video messages"

    The EFF recommends using Pidgin or Audium with OTR encryption enabled, for reasonably secure instant messaging.

    I'm glad the non-tech-savvy folks use Skype, though. If Microsoft weren't able to intercept these things, I'd have to clean out viruses from my in-laws' computers more often.

  6. Re:Damned if they do... by Sloppy · · Score: 5, Insightful

    Skype used to have a reputation of using encrypted peer-to-peer transmissions.

    That's funny. I remember their reputation always being "no one knows how the key exchange works and therefore nobody can trust it."

    "Encrypted" means jack shit. Skype never had a reputation for being secure because they never showed anyone that they are. With any serious VoIP protocol (e.g. zfone) they tell you how it works. If the design is a trade secret, then it's a scam. You've known that for decades.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  7. Re:Damned if they do... by KingMotley · · Score: 5, Insightful

    Email spam filters are evil too! My ISP is reading my emails, OMG!

  8. Re:Damned if they do... by caluml · · Score: 5, Insightful

    I once renamed shutdown.exe from the Windows resource kit to DONOTRUN.exe, and sent it in a mail round to the company (in the I love you/Melissa days), warning people in the subject, and message to NOT RUN THE ATTACHED attachment.

    People then started coming to me complaining they'd lost work because their computer had shutdown.

    It's amazing, it really is.

    --
    Get your own free personal location tracker