Slashdot Mirror
PSA: Microsoft Is Using Cortana To Read Your Private Skype Conversations (betanews.com)
BrianFagioli shares a report from BetaNews: With Cortana's in-context assistance, it's easier to keep your conversations going by having Cortana suggest useful information based on your chat, like restaurant options or movie reviews. And if you're in a time crunch? Cortana also suggests smart replies, allowing you to respond to any message quickly and easily -- without typing a thing," says The Skype Team. The team further says, "Cortana can also help you organize your day -- no need to leave your conversations. Cortana can detect when you're talking about scheduling events or things you have to do and will recommend setting up a reminder, which you will receive on all your devices that have Cortana enabled. So, whether you're talking about weekend plans or an important work appointment, nothing will slip through the cracks."
So, here's the deal, folks. In order for this magical "in-context" technology to work, Cortana is constantly reading your private conversations. If you use Skype on mobile to discuss private matters with your friends or family, Cortana is constantly analyzing what you type. Talking about secret business plans with a colleague? Yup, Microsoft's assistant is reading those too. Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions. With that said, there is the potential for abuse. Microsoft could use Cortana's analysis to spy on you for things like advertising or worse, and that stinks. Is it really worth the risk to have smart replies and suggested calendar entries? I don't know about you, but I'd rather not have my Skype conversations read by Microsoft.
So, here's the deal, folks. In order for this magical "in-context" technology to work, Cortana is constantly reading your private conversations. If you use Skype on mobile to discuss private matters with your friends or family, Cortana is constantly analyzing what you type. Talking about secret business plans with a colleague? Yup, Microsoft's assistant is reading those too. Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions. With that said, there is the potential for abuse. Microsoft could use Cortana's analysis to spy on you for things like advertising or worse, and that stinks. Is it really worth the risk to have smart replies and suggested calendar entries? I don't know about you, but I'd rather not have my Skype conversations read by Microsoft.
We all should know what LOVEINT is https://en.wikipedia.org/wiki/...
And it's not only NSA agents who use the tools of their job to check on all kinds of people they know. Cops to the same, to check if any new girlfriend has prior convictions or only arrests, etc. Data exists, so it will be used.
Are the employees of (in alphabetical order) Amazon, Apple, Google, Microsoft, Samsung, etc.who have access to Cortana, Siri, GMail, Bixbx,etc. databases doing the same? Are there even any safeguards against it?
Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions.
Intentions don't matter once a National Security Letter trundles in. Then only ability matters.
And that's even before Microsoft gets hacked.
Idiot AC doesn't understand the difference between a local only spell checker and Cortana which is listening to every Skype call and sending it to Microsoft. Or has Microsoft changed the spell checker to be evil too?
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
Agreed. I get around this by sending all my communications through gmail.
None of the current crop of assistants (Cortana, Siri, Alexa, OkGoole!, or even just speech engines like Houndify and Dragon Dictate) does run locally except for extremely simple processing (like google detecting locally the "Ok, Google !" stanza, and only starts streaming the audio to the mothership afterwards).
The text commands and audio are transmitted to the company's cloud, and all further processing (full speech recognition when input is audio, then extracting the meaning/intention from the text, taking a decision, and suggesting actions) is entirely done there.
Means that for any kind of assistant to work, their company needs necessarily to have received all of your data (voice stream, chat log, etc.)
And due to the way these thing work (Deep Neural Nets need a big amount of data to train - basically replicating in silico the popular saying that you need to have been doing 10'000 hours of anything to be good at it) they NEED to be centralized on the cloud.
It's not possible to have the learning done locally on your smartphone : not only it lacks processing power (for the backpropagation in the neural net) but it also lacks the big masses of data to train on.
So it would NOT be possible to have your very own local copy of Cortana
(or at least not in learning mode. Maybe GPU acceleration could at least make possible to simply apply an already trained neural net depending on how big cortana is).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
And yet it is surprising to a lot of people.
Ever since Snowden I pretty much assume every mouse click, keyboard press, sound, image and video on anything with a power button is potentially being watched.
This is just yet another sign of skype's future obsolescence. Skype has been one of those must-have tools for more than a decade - always worked, everyone had it, easy to use, did what it did well, solved a key problem better than anyone had previously done. But recently, it has really gone downhill on all fronts. For the first time in years, I have started having problems connecting with people, supposedly because one or the other isn't on the "correct" version of skype. Microsoft is trying to force people to update to the newest version, supposedly to get enhanced features, but those features in general suck and support for non-core platforms, such as Linux, has gone from bad to miserable. The latest version of skype is much more difficult to visualize and navigate (I hate those new icons), makes you think in order to do things that should be trivial (e.g., talk with someone and send chat messages to them at the same time) and adds a bunch of noisy features to the application that distract from its core abilities (why is it always asking me to send people video messages or add emojis to everything?). If both myself, computer programmer, and my mother, definitely not computer programmer, are confused about how to use skype, there is a serious problem.
In a vain and desperate attempt to change skype into some sort of mini-facebook or instagram or whatever, Microsoft has committed the cardinal error of making it harder for people to do the things that they installed the application for in the first place. Gobbling up your private data in order to monetize that information can only hasten it's decline...
Anyone who was paying attention at the time would have noticed that shortly after Microsoft acquired Skype, they made a fundamental change to the way the application operates.
In the original, pre-Microsoft world, when you made a connection to a counter-party for a Skype Call, the client would first check a dynamic, central registry to see if the counter-party could be identified and if they were on line. If these checks were positive, then your client would be given the connection handle [i.e. IP address] to establish a link with the counter-party, before the link to the central servers were dropped. This was a very efficient, effective use of a central directory model, which avoided overloading the central servers with traffic, and which guaranteed the best possible connection quality.
The key Microsoft change was to switch the clients such that all traffic is now run through central Microsoft Servers. Obviously, this is so that Microsoft can, if required, record your Skype conversations [you're not a terrorist, are you?] and pass them along to authorities who ask for them.
What Microsoft have done here is even smarter than that. They still want to better understand your conversations - likely, this time around, for advertising and marketing purposes - but by federating some of this activity to Cortana, they open the door for pushing some of the compute resources required down to your PC. As our machines become more powerful, the need for tools like Siri and Cortana to push audio clips to a cloud service for interpretation will be gradually reduced [OK, unlikely that we'll ever need to completely abandon cloud support]. But the key thing here is that Microsoft - who get to benefit from understanding what you're talking about by selling advertisements to third parties with greater claims of relevance - are opening up the door to using your hardware and electricity to do their hard work for them.
I wonder if they got the idea from this crypto-currency miners that were using browser-injected malware to perform the mining for them?
"...I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions."
I realize it was the person posting TFA who said this, not Microsoft itself. Nevertheless, this magnificent remark deserves to to take its place as another star in the firmament of "what could possibly go wrong" comments.
I propose that it be placed just below "Your cheque's in the mail" and "I'll just put the tip in", and immediately above "I won't let go in your mouth" and "We're from the government; we're here to help".
I've calculated my velocity with such exquisite precision that I have no idea where I am.
As much as I love to jump aboard the Microsoft hate-train, it should be noted that iOS does the exact same thing with reading your texts and e.g. suggesting adding upcoming plans to your calendar, even if Siri is turned off. If Siri is turned on, it does stuff like that but moreso. The real question is, does any of this 'message parsing' end up on Microsoft servers? If it's all local, and the results aren't sent to MS, then who cares?
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
Idiot AC doesn't understand the difference between a local only spell checker and Cortana which is listening to every Skype call and sending it to Microsoft. Or has Microsoft changed the spell checker to be evil too?
Microsoft stole Google's evil bit.
"I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions."
I'll say it: Microsoft has malicious intent by adding Cortana to Skype.
The admission that they're parsing and mining your "private" conversations means they're no longer "private".
Just cruising through this digital world at 33 1/3 rpm...
Ever since I heard Microsoft was turning Skype from a peer-to-peer architecture, where the clients directly transferred video/audio to each other, to a client-server model where all the video/audio passes through a server, I knew this was going to happen. Really.
Quoting Wikipedia:
"Skype was the first peer-to-peer IP telephony network. The network contains three types of entities: supernodes, ordinary nodes, and the login server. Each client maintains a host cache with the IP address and port numbers of reachable supernodes. The Skype user directory is decentralized and distributed among the supernodes in the network.
Previously any client with good bandwidth, no restrictions due to firewall or network address translation (NAT), and adequate processing power could become a supernode. This placed an extra burden on those who connected to the Internet without NAT, as Skype used their computers and Internet connections as third parties for UDP hole punching (to directly connect two clients both behind NAT) or to completely relay other users' calls. In 2012, Microsoft altered the design of the network, and brought all supernodes under their control as hosted servers in data centres. Microsoft at the time defended the move, saying they "believe this approach has immediate performance, scalability and availability benefits for the hundreds of millions of users that make up the Skype community." At the time there was some concern regarding the privacy implications of the change, which appear to have been proven true with the revelation of the PRISM surveillance program in June 2013."
so google isn't processing all of your browsing history in chrome, gmail conversations and google voice text messages for use with targeted marketing and god knows what else? don't you have to have cortana and skype installed for this to matter? I guess that pretty much rules out skype on android or iphone being an issue, so is this just a Win 10 "problem"? Wake me when we are pissed at Amazon, Facebook, and Google for the probe they have installed in all of us.
Gates is putting billions into eradicating Malaria and getting clean drinking water to people. How is that "pushing Big Pharma"?
Only the State obtains its revenue by coercion. - Murray Rothbard
Everyone seems to have forgotten that Microsoft patented "Legal Intercept" at around the the time they bought Skype, and they have it running on their Skype servers. Microsoft, or anyone they allow (hint: gov types), can eaves drop on any Skype conversation because Legal Intercept bypasses encryption.
Running with Linux for over 20 years!
Ubuntu constantly monitors your typing to sell you stuff from Amazon. How is that any different?
First, Ubuntu is not the sum total of all Linuxes -- just because one distro does something doesn't mean "Linux" does it.
Second, you can totally disable this.
Are there ANY OSes out there that don't spy on you? I don't think so...
Yes, there are quite a few, including the vast majority of Linux distros.
Personally, I define "secret" as anything I'm not intending to broadcast to the general public.
There is no XUL, only WebExtensions...
Skype was fundamentally flawed well before this came into play: Skype was always non-free software. Skype was therefore always untrustworthy. How proprietors (Skype pre-Microsoft, Microsoft, or any proprietor who comes to own it later) describe Skype's code is therefore also untrustworthy. So as much as centralized call routing makes spying easier, a mere optimization on an inherently untrustworthy program. This change certainly didn't mean that Skype was in any way trustworthy before, and therefore this change was simply not the significant event you make it out to be.
People really ought to stop arguing as if they know why spies spy. We don't know the reasons why they made these choices; you're simply speaking beyond your knowledge. We can reasonably talk about who benefits from their choices and what power proprietary software grants a proprietor, but that's about it. Collected data is useful for multiple purposes not just advertising. Some of the reasons collected data is useful may not yet be known to the spies. What's most important aren't the reasons for spying. The strongest argument for respecting one's privacy is that humans need privacy to live a dignified life. If computer users are to take on software proprietors in a meaningful way they'll have to support software freedom for its own sake. Software freedom (respecting a user's right to run, inspect, share, and modify all published computer software) is a practical means to show other computer users that respect for one's dignity and a means to enjoy that dignity oneself.
Digital Citizen