PSA: Microsoft Is Using Cortana To Read Your Private Skype Conversations

BrianFagioli shares a report from BetaNews: With Cortana's in-context assistance, it's easier to keep your conversations going by having Cortana suggest useful information based on your chat, like restaurant options or movie reviews. And if you're in a time crunch? Cortana also suggests smart replies, allowing you to respond to any message quickly and easily -- without typing a thing," says The Skype Team. The team further says, "Cortana can also help you organize your day -- no need to leave your conversations. Cortana can detect when you're talking about scheduling events or things you have to do and will recommend setting up a reminder, which you will receive on all your devices that have Cortana enabled. So, whether you're talking about weekend plans or an important work appointment, nothing will slip through the cracks."

So, here's the deal, folks. In order for this magical "in-context" technology to work, Cortana is constantly reading your private conversations. If you use Skype on mobile to discuss private matters with your friends or family, Cortana is constantly analyzing what you type. Talking about secret business plans with a colleague? Yup, Microsoft's assistant is reading those too. Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions. With that said, there is the potential for abuse. Microsoft could use Cortana's analysis to spy on you for things like advertising or worse, and that stinks. Is it really worth the risk to have smart replies and suggested calendar entries? I don't know about you, but I'd rather not have my Skype conversations read by Microsoft.

Any LOVEINT ?

[klingens]

We all should know what LOVEINT is https://en.wikipedia.org/wiki/...
And it's not only NSA agents who use the tools of their job to check on all kinds of people they know. Cops to the same, to check if any new girlfriend has prior convictions or only arrests, etc. Data exists, so it will be used.
Are the employees of (in alphabetical order) Amazon, Apple, Google, Microsoft, Samsung, etc.who have access to Cortana, Siri, GMail, Bixbx,etc. databases doing the same? Are there even any safeguards against it?

Re:Evil Spell checker

[phayes]

Idiot AC doesn't understand the difference between a local only spell checker and Cortana which is listening to every Skype call and sending it to Microsoft. Or has Microsoft changed the spell checker to be evil too?

Re: Solution

Agreed. I get around this by sending all my communications through gmail.

Cloud vs. Local

[DrYak]

None of the current crop of assistants (Cortana, Siri, Alexa, OkGoole!, or even just speech engines like Houndify and Dragon Dictate) does run locally except for extremely simple processing (like google detecting locally the "Ok, Google !" stanza, and only starts streaming the audio to the mothership afterwards).

The text commands and audio are transmitted to the company's cloud, and all further processing (full speech recognition when input is audio, then extracting the meaning/intention from the text, taking a decision, and suggesting actions) is entirely done there.

Means that for any kind of assistant to work, their company needs necessarily to have received all of your data (voice stream, chat log, etc.)

And due to the way these thing work (Deep Neural Nets need a big amount of data to train - basically replicating in silico the popular saying that you need to have been doing 10'000 hours of anything to be good at it) they NEED to be centralized on the cloud.
It's not possible to have the learning done locally on your smartphone : not only it lacks processing power (for the backpropagation in the neural net) but it also lacks the big masses of data to train on.

So it would NOT be possible to have your very own local copy of Cortana
(or at least not in learning mode. Maybe GPU acceleration could at least make possible to simply apply an already trained neural net depending on how big cortana is).

Re:This is surprising

[schleimkeim]

And yet it is surprising to a lot of people.

Skype has really gone downhill

This is just yet another sign of skype's future obsolescence. Skype has been one of those must-have tools for more than a decade - always worked, everyone had it, easy to use, did what it did well, solved a key problem better than anyone had previously done. But recently, it has really gone downhill on all fronts. For the first time in years, I have started having problems connecting with people, supposedly because one or the other isn't on the "correct" version of skype. Microsoft is trying to force people to update to the newest version, supposedly to get enhanced features, but those features in general suck and support for non-core platforms, such as Linux, has gone from bad to miserable. The latest version of skype is much more difficult to visualize and navigate (I hate those new icons), makes you think in order to do things that should be trivial (e.g., talk with someone and send chat messages to them at the same time) and adds a bunch of noisy features to the application that distract from its core abilities (why is it always asking me to send people video messages or add emojis to everything?). If both myself, computer programmer, and my mother, definitely not computer programmer, are confused about how to use skype, there is a serious problem.

In a vain and desperate attempt to change skype into some sort of mini-facebook or instagram or whatever, Microsoft has committed the cardinal error of making it harder for people to do the things that they installed the application for in the first place. Gobbling up your private data in order to monetize that information can only hasten it's decline...

Very Clever

[ytene]

Anyone who was paying attention at the time would have noticed that shortly after Microsoft acquired Skype, they made a fundamental change to the way the application operates.

In the original, pre-Microsoft world, when you made a connection to a counter-party for a Skype Call, the client would first check a dynamic, central registry to see if the counter-party could be identified and if they were on line. If these checks were positive, then your client would be given the connection handle [i.e. IP address] to establish a link with the counter-party, before the link to the central servers were dropped. This was a very efficient, effective use of a central directory model, which avoided overloading the central servers with traffic, and which guaranteed the best possible connection quality.

The key Microsoft change was to switch the clients such that all traffic is now run through central Microsoft Servers. Obviously, this is so that Microsoft can, if required, record your Skype conversations [you're not a terrorist, are you?] and pass them along to authorities who ask for them.

What Microsoft have done here is even smarter than that. They still want to better understand your conversations - likely, this time around, for advertising and marketing purposes - but by federating some of this activity to Cortana, they open the door for pushing some of the compute resources required down to your PC. As our machines become more powerful, the need for tools like Siri and Cortana to push audio clips to a cloud service for interpretation will be gradually reduced [OK, unlikely that we'll ever need to completely abandon cloud support]. But the key thing here is that Microsoft - who get to benefit from understanding what you're talking about by selling advertisements to third parties with greater claims of relevance - are opening up the door to using your hardware and electricity to do their hard work for them.

I wonder if they got the idea from this crypto-currency miners that were using browser-injected malware to perform the mining for them?

Re:Very Clever

[drinkypoo]

Anyone who was paying attention at the time would have noticed that shortly after Microsoft acquired Skype, they made a fundamental change to the way the application operates.

Anyone who was paying attention at the time would have noticed that shortly after the USDoJ found that under the leadership of Bill Gates, Microsoft was found guilty of abusing its monopoly position in basically every way possible, Gates stepped down from being in control of Microsoft and then founded the Gates Foundation, a massive tax dodge which leaves him in control of all of his money and on a mission of spreading western IP law to the rest of the world.

I have assumed that everything about Microsoft has been pure evil since that point. And lo, as Gates has been pushing Big Pharma's will around the globe, Microsoft has been spreading spyware. Supporting Big Pharma is also directly benefiting himself, since he has long had massive personal investments in Big Pharma; the foundation also profits from the same.

Secret conspiracies to harm the public are the norm, not the exception.

A Star Is Born

[hyades1]

"...I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions."

I realize it was the person posting TFA who said this, not Microsoft itself. Nevertheless, this magnificent remark deserves to to take its place as another star in the firmament of "what could possibly go wrong" comments.

I propose that it be placed just below "Your cheque's in the mail" and "I'll just put the tip in", and immediately above "I won't let go in your mouth" and "We're from the government; we're here to help".

Ha ha ha ha

[JustAnotherOldGuy]

"I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions."

I'll say it: Microsoft has malicious intent by adding Cortana to Skype.

The admission that they're parsing and mining your "private" conversations means they're no longer "private".

Re:Solution

[cheesybagel]

Quoting Wikipedia:
"Skype was the first peer-to-peer IP telephony network. The network contains three types of entities: supernodes, ordinary nodes, and the login server. Each client maintains a host cache with the IP address and port numbers of reachable supernodes. The Skype user directory is decentralized and distributed among the supernodes in the network.
Previously any client with good bandwidth, no restrictions due to firewall or network address translation (NAT), and adequate processing power could become a supernode. This placed an extra burden on those who connected to the Internet without NAT, as Skype used their computers and Internet connections as third parties for UDP hole punching (to directly connect two clients both behind NAT) or to completely relay other users' calls. In 2012, Microsoft altered the design of the network, and brought all supernodes under their control as hosted servers in data centres. Microsoft at the time defended the move, saying they "believe this approach has immediate performance, scalability and availability benefits for the hundreds of millions of users that make up the Skype community." At the time there was some concern regarding the privacy implications of the change, which appear to have been proven true with the revelation of the PRISM surveillance program in June 2013."