Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Microsoft Communications Privacy

Microsoft Reads Your Skype Chat Messages 275

Posted by timothy from the but-they-don't-enjoy-them dept.
An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."
This discussion has been archived. No new comments can be posted.

Microsoft Reads Your Skype Chat Messages More

Microsoft Reads Your Skype Chat Messages

Comments Filter:

  • Alternate headline (Score:5, Insightful)

    by recoiledsnake ( 879048 ) on Tuesday May 14, 2013 @11:35AM (#43720553)

    Alternate headline: Microsoft protects hundreds of millions of Skype users by going to the effort of checking even https URLs in chat for malware and spam

  • Re:Damned if they do... (Score:5, Insightful)

    by afidel ( 530433 ) on Tuesday May 14, 2013 @11:36AM (#43720567)

    Not if you agree to it in the TOS.

  • This is news? (Score:5, Insightful)

    by csumpi ( 2258986 ) on Tuesday May 14, 2013 @11:36AM (#43720583)
    AOL reads your messages. Google reads your messages. Facebook reads your messages. Apple reads your messages. Microsoft reads your messages.

    How is this news? The price for free IM is that they read your messages and sell the info they gather to advertisers.

  • Re:Damned if they do... (Score:5, Insightful)

    by mu51c10rd ( 187182 ) on Tuesday May 14, 2013 @11:47AM (#43720745)

    Nobody else was dumb enough to click the link.

    You don't deal with many ordinary end users do you...

  • Re:Damned if they do... (Score:4, Insightful)

    by Lazere ( 2809091 ) on Tuesday May 14, 2013 @11:49AM (#43720771)
    But it's not illegal. The law makes it illegal to intercept those messages without warrant or permission. Wouldn't agreeing to the TOS be giving them permission?

  • Problems with closed sorce (Score:3, Insightful)

    by stewsters ( 1406737 ) on Tuesday May 14, 2013 @11:52AM (#43720819)
    This is the problem with closed source. You don't know what your software is doing, and its difficult to figure out.
    Just in case you weren't already certain that they were monitoring your communications through Skype, they are.
    Skype is not a secure communications channel. If this bothers you, use irc over i2p.

  • Re:Is there any way? (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Tuesday May 14, 2013 @12:02PM (#43720923) Journal

    Both Facebook and Google's chats use bog standard XMPP (aka Jabber). Normal, clueless people use Facebook to chat. The few that don't use Facebook use the chat inside Gmail, or the one installed on their smartphone. Encryption over XMPP is very common; You'd need to use a non-standard client (say, Pidgin), but it's feasible.

    The major problem is that encryption requires support at both ends:

    Even a totally proprietary chat network(if it's been cracked open far enough that 3rd party clients exist, or 3rd-party wrappers around the first party client or libraries exist) can be used to send encrypted payloads; but only if both users are set up for that(Pidgin with OTR, say, works just fine over AOL's 'Oscar' protocol; but only if both ends are using it. This is the real killer. If you don't have control over what your clueless compatriot is using, none of the client-side encryption options are going to help you much. Not supported in Google's gmail web app window thing? No deal. Not supported by cellphone's default chat client? no deal.

    You'll still probably get SSL, from all but the shittiest chat services; but that only protects you from people watching the wire, not from the service provider(who is the man in the middle, with one SSL-protected connection to you and a second to your chat compatriot).

    Same with email: it's less common than it used to be for email to go between the client and the mailserver in the clear; but it's still damn rare for messages to be encrypted at the client end and thus safe from the mailserver operator.

  • So what MS is saying.... (Score:2, Insightful)

    by domatic ( 1128127 ) on Tuesday May 14, 2013 @12:03PM (#43720935)

    .....is that they are Scroogling Skype users?

  • Re:I wonder... (Score:4, Insightful)

    by gallondr00nk ( 868673 ) on Tuesday May 14, 2013 @12:11PM (#43721035)

    What sort of security measures would they have in place for systems whose job it is to poke every last probably-malware link that goes across skype?

    I bet they run Linux.

  • Re:Damned if they do... (Score:5, Insightful)

    by Sloppy ( 14984 ) on Tuesday May 14, 2013 @12:12PM (#43721067) Homepage Journal

    Skype used to have a reputation of using encrypted peer-to-peer transmissions.

    That's funny. I remember their reputation always being "no one knows how the key exchange works and therefore nobody can trust it."

    "Encrypted" means jack shit. Skype never had a reputation for being secure because they never showed anyone that they are. With any serious VoIP protocol (e.g. zfone) they tell you how it works. If the design is a trade secret, then it's a scam. You've known that for decades.

  • Don't Get Scroogled! (Score:3, Insightful)

    by Nethemas the Great ( 909900 ) on Tuesday May 14, 2013 @12:18PM (#43721155)
    Wait... Who were we talking about?

  • Re:Damned if they do... (Score:5, Insightful)

    by KingMotley ( 944240 ) on Tuesday May 14, 2013 @01:05PM (#43721713) Journal

    Email spam filters are evil too! My ISP is reading my emails, OMG!

  • Re:Alternate headline (Score:5, Insightful)

    by bws111 ( 1216812 ) on Tuesday May 14, 2013 @01:14PM (#43721839)

    Since you don't have any way to know exactly what they are doing, it is kind of silly to call that a 'problem'. Maybe they only do a HEAD because the response indicates authorization is required. Maybe they only visit a URL once, and already have visited the http site. Maybe they only do anything if something else triggers it (number of hits on a URL in a certain amount of time). You have no way of knowing that they only check https, you just know that in this particular case they only checked https. You have no way of knowing that that only get the headers, just that in this particular case they only got the headers.

  • Re:Damned if they do... (Score:5, Insightful)

    by caluml ( 551744 ) <slashdot@@@spamgoeshere...calum...org> on Tuesday May 14, 2013 @05:18PM (#43725011) Homepage

    I once renamed shutdown.exe from the Windows resource kit to DONOTRUN.exe, and sent it in a mail round to the company (in the I love you/Melissa days), warning people in the subject, and message to NOT RUN THE ATTACHED attachment.

    People then started coming to me complaining they'd lost work because their computer had shutdown.

    It's amazing, it really is.

  • Re:Damned if they do... (Score:4, Insightful)

    by andy_t_roo ( 912592 ) on Tuesday May 14, 2013 @06:11PM (#43725833)
    the other thing here is this only makes it clear that the link is "accessed" -- it's quite possible that the link is not persisted in any way. In that case this would just be an automated part of the message passing process, and not a record of the conversation.

    It depends on if skype is sending all chats, or just the links. It depends on if microsoft is archiving what it receives or just checking them for malware. As usual, more information is required to make an informed judgement on this issue.

Slashdot Top Deals

HOST SYSTEM NOT RESPONDING, PROBABLY DOWN. DO YOU WANT TO WAIT? (Y/N)

Close