Microsoft Reads Your Skype Chat Messages 275
An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."
Damned if they do... (Score:5, Informative)
"New Skype malware spreading at 2,000 clicks per hour to mine Bitcoins"
http://thenextweb.com/insider/2013/04/05/new-skype-malware-spreading-at-2000-clicks-per-hour-makes-money-by-using-victims-machines-to-mine-bitcoins/ [thenextweb.com]
And they try to prevent it by detecting malware and we get headlines like this. Looks like people are on a witch hunt here.
Re:Alternate headline (Score:5, Informative)
The problem with that, according to TFA, is that they only check https but not http. The latter being what malware sites use.
Also, they are sending HEAD requests, not GET. They are only getting the headers, not the content, so have no way of knowing if there is malware at the URL.
Re:This is news? (Score:3, Informative)
Except not. As far as Microsoft has announced, they don't mine your messages for advertising's sake (if they did, their entire "Scroogled" campaign would be hugely hypocritical and I'm sure someone would have called them on it). This is exclusively scanning for a URL and matching against a database - they're not saving any information about your messages, especially if they don't contain a link.
I'd say "take your FUD elsewhere", but this is Slashdot and a post about Microsoft...
Re:Damned if they do... (Score:5, Informative)
Those who care about keeping the contents of their IM conversations secret should not use Skype. As stated in their privacy policy [skype.com] "Skype may gather and use information about you, including (but not limited to) information in the following categories: ... (n) Content of instant messaging communications, voicemails, and video messages"
The EFF recommends [eff.org] using Pidgin or Audium with OTR encryption enabled, for reasonably secure instant messaging.
I'm glad the non-tech-savvy folks use Skype, though. If Microsoft weren't able to intercept these things, I'd have to clean out viruses from my in-laws' computers more often.
Re:Damned if they do... (Score:5, Informative)
Re:So much for the "MS cares for your privacy". (Score:5, Informative)
https://www.eff.org/who-has-your-back-2013 [eff.org]
Microsoft is extremely hypocritical in their claims of privacy protection, and their attacks on Google.
Re:This is news? (Score:5, Informative)
Except Microsoft does mine your email context to serve up contextual ads.
http://www.nbcnews.com/technology/microsofts-new-outlook-mail-welcome-hotmail-replacement-917473 [nbcnews.com]
They says theirs isn't as deep, so it respects your privacy more, but what it really means is that they're not as good at serving up contextual ads, but they're still scanning your email.
Re:Damned if they do... (Score:4, Informative)
Google must be fucked then, as they provide antispam and antimalware functionality in Gmail, and have done for almost a decade.
Re:This is news? (Score:5, Informative)
http://rt.com/usa/yahoo-microsoft-campaign-political-862/ [rt.com]
Microsoft has been caught selling DATA to advertisers.
And they have a patent specifically covering selling your personal private data to advertisers, allowing advertisers to bid on that data.
http://www.bizjournals.com/seattle/blog/techflash/2010/02/gates_ozzie_other_microsoft_execs_patent_personal_data_mining.html [bizjournals.com]
It is only bad business if the media calls them out on it, which hasn't really happened. That is why Microsoft spends a small fortune on astroturfing, shifting the focus on Google for privacy concerns.
Re:...Not that unexpected, and not that big a deal (Score:3, Informative)
How would you even propose they filter spam links without a basic request? Do they blacklist all URL shorteners, or do you just let all spam that uses URL shorteners to go through?
Re:Problems with closed sorce (Score:4, Informative)
Re:Damned if they do... (Score:2, Informative)
They intercept it if they use it for anything else other than passing it to the receiver. It's not the skype client going to those URLs. It's microsofts system going to those URLs.
Re:Damned if they do... (Score:4, Informative)
It's a distinction between a federated and a proprietary network. When you make a telephone call, your mobile operator may or may not be the responsible for the far end. They are selling you access to a world wide telephone network, parts of which are operated by many companies even within a single country. The rules for this network are defined in part by the ITU and in part by the national laws of the various participating countries. In most of the western world, these place limits on who is allowed to listen in to messages. In contrast, Microsoft is selling you access to a private network that is owned and operated entirely by them.
The laws apply to federated networks because you may not have a direct business relationship with the carriers for a potentially large part. They do not need to apply for non-federated private services, because you have a direct business relationship with the supplier, in this case Microsoft.