Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Microsoft Privacy Cellphones Communications The Internet

PSA: Microsoft Is Using Cortana To Read Your Private Skype Conversations (betanews.com) 180

BrianFagioli shares a report from BetaNews: With Cortana's in-context assistance, it's easier to keep your conversations going by having Cortana suggest useful information based on your chat, like restaurant options or movie reviews. And if you're in a time crunch? Cortana also suggests smart replies, allowing you to respond to any message quickly and easily -- without typing a thing," says The Skype Team. The team further says, "Cortana can also help you organize your day -- no need to leave your conversations. Cortana can detect when you're talking about scheduling events or things you have to do and will recommend setting up a reminder, which you will receive on all your devices that have Cortana enabled. So, whether you're talking about weekend plans or an important work appointment, nothing will slip through the cracks."

So, here's the deal, folks. In order for this magical "in-context" technology to work, Cortana is constantly reading your private conversations. If you use Skype on mobile to discuss private matters with your friends or family, Cortana is constantly analyzing what you type. Talking about secret business plans with a colleague? Yup, Microsoft's assistant is reading those too. Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions. With that said, there is the potential for abuse. Microsoft could use Cortana's analysis to spy on you for things like advertising or worse, and that stinks. Is it really worth the risk to have smart replies and suggested calendar entries? I don't know about you, but I'd rather not have my Skype conversations read by Microsoft.

PSA: Microsoft Is Using Cortana To Read Your Private Skype Conversations

Comments Filter:
  • Any LOVEINT ? (Score:3, Interesting)

    by klingens ( 147173 ) on Tuesday October 10, 2017 @06:08AM (#55341735)

    We all should know what LOVEINT is https://en.wikipedia.org/wiki/... [wikipedia.org]
    And it's not only NSA agents who use the tools of their job to check on all kinds of people they know. Cops to the same, to check if any new girlfriend has prior convictions or only arrests, etc. Data exists, so it will be used.
    Are the employees of (in alphabetical order) Amazon, Apple, Google, Microsoft, Samsung, etc.who have access to Cortana, Siri, GMail, Bixbx,etc. databases doing the same? Are there even any safeguards against it?

    • Are the employees of...Amazon, Apple, Google, Microsoft, Samsung... doing the same?

      Not a doubt in my mind, and don't forget FACEBOOK.

    • by OYAHHH ( 322809 )

      > Amazon, Apple, Google, Microsoft, Samsung,

      blah blah blah.....

      Personally I'm worried about MsMash reading my /. posts without my knowledge.

  • by Anonymous Coward

    Don't use skype, it's terrible anyway.

    • by Anonymous Coward on Tuesday October 10, 2017 @06:37AM (#55341801)

      Agreed. I get around this by sending all my communications through gmail.

      • by Bongo ( 13261 )

        Agreed. I get around this by sending all my communications through gmail.

        I send all my private conversations through Skynet.

        Because there's nobody there listening and deciding whether my life is a biological dead end.

        Oh...

    • Ever since I heard Microsoft was turning Skype from a peer-to-peer architecture, where the clients directly transferred video/audio to each other, to a client-server model where all the video/audio passes through a server, I knew this was going to happen. Really.

      • Re:Solution (Score:5, Informative)

        by cheesybagel ( 670288 ) on Tuesday October 10, 2017 @08:16AM (#55342127)

        Quoting Wikipedia:
        "Skype was the first peer-to-peer IP telephony network. The network contains three types of entities: supernodes, ordinary nodes, and the login server. Each client maintains a host cache with the IP address and port numbers of reachable supernodes. The Skype user directory is decentralized and distributed among the supernodes in the network.
        Previously any client with good bandwidth, no restrictions due to firewall or network address translation (NAT), and adequate processing power could become a supernode. This placed an extra burden on those who connected to the Internet without NAT, as Skype used their computers and Internet connections as third parties for UDP hole punching (to directly connect two clients both behind NAT) or to completely relay other users' calls. In 2012, Microsoft altered the design of the network, and brought all supernodes under their control as hosted servers in data centres. Microsoft at the time defended the move, saying they "believe this approach has immediate performance, scalability and availability benefits for the hundreds of millions of users that make up the Skype community." At the time there was some concern regarding the privacy implications of the change, which appear to have been proven true with the revelation of the PRISM surveillance program in June 2013."

    • Skype is awful. But if your concern is corporate spying, then don't use Cortana (or Siri, or Bixby, etc.)

  • by Anonymous Coward

    Certain users are constantly surprised that their complete abdication of personal liability in their wild rush to consume as much technology as possible in order to remain 'relevant' has led them to engage in something spectacularly stupid.

    This isn't news. This is olds.

  • by Anonymous Coward

    Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions.

    Intentions don't matter once a National Security Letter trundles in. Then only ability matters.

    And that's even before Microsoft gets hacked.

  • and i wont get an amazon alexa or any other brand of smart speaker/mic thing, they are just corporate/government spy bots
  • Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions.

    Where did I hear that before... Oh yeah, something along the lines of "The road to hell is paved with good intentions."

    • Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions.

      Where did I hear that before... Oh yeah, something along the lines of "The road to hell is paved with good intentions."

      For profit companies do not have good intentions. Their only intent is to maximize profit for their shareholders. It does not matter if this aligns with their customers' needs. Their customers' needs are nothing but a byproduct of their activities, not a necessary, or even sought-after, outcome. They will do whatever it takes, good or bad, moral or immoral, within the law, to attain profit maximization. In the case of many companies, Microsoft included, going without the law is standard operational procedur

  • Ever since Snowden I pretty much assume every mouse click, keyboard press, sound, image and video on anything with a power button is potentially being watched.
    • by gtall ( 79522 )

      There are potentially pink unicorns as well.

    • For a lot of folks, Snowden's revelations were merely a confirmation. The things outlined had been technologically feasible for a very long time, and practically all aspects existed in some form in corporate software already. One should assume that they are being watched watched by someone (or at least that the possibility exists), unless you've just completed the process of sealing yourself into a thick lead box.
  • by Anonymous Coward on Tuesday October 10, 2017 @06:50AM (#55341831)

    This is just yet another sign of skype's future obsolescence. Skype has been one of those must-have tools for more than a decade - always worked, everyone had it, easy to use, did what it did well, solved a key problem better than anyone had previously done. But recently, it has really gone downhill on all fronts. For the first time in years, I have started having problems connecting with people, supposedly because one or the other isn't on the "correct" version of skype. Microsoft is trying to force people to update to the newest version, supposedly to get enhanced features, but those features in general suck and support for non-core platforms, such as Linux, has gone from bad to miserable. The latest version of skype is much more difficult to visualize and navigate (I hate those new icons), makes you think in order to do things that should be trivial (e.g., talk with someone and send chat messages to them at the same time) and adds a bunch of noisy features to the application that distract from its core abilities (why is it always asking me to send people video messages or add emojis to everything?). If both myself, computer programmer, and my mother, definitely not computer programmer, are confused about how to use skype, there is a serious problem.

    In a vain and desperate attempt to change skype into some sort of mini-facebook or instagram or whatever, Microsoft has committed the cardinal error of making it harder for people to do the things that they installed the application for in the first place. Gobbling up your private data in order to monetize that information can only hasten it's decline...

  • Very Clever (Score:5, Interesting)

    by ytene ( 4376651 ) on Tuesday October 10, 2017 @06:51AM (#55341835)
    Anyone who was paying attention at the time would have noticed that shortly after Microsoft acquired Skype, they made a fundamental change to the way the application operates.

    In the original, pre-Microsoft world, when you made a connection to a counter-party for a Skype Call, the client would first check a dynamic, central registry to see if the counter-party could be identified and if they were on line. If these checks were positive, then your client would be given the connection handle [i.e. IP address] to establish a link with the counter-party, before the link to the central servers were dropped. This was a very efficient, effective use of a central directory model, which avoided overloading the central servers with traffic, and which guaranteed the best possible connection quality.

    The key Microsoft change was to switch the clients such that all traffic is now run through central Microsoft Servers. Obviously, this is so that Microsoft can, if required, record your Skype conversations [you're not a terrorist, are you?] and pass them along to authorities who ask for them.

    What Microsoft have done here is even smarter than that. They still want to better understand your conversations - likely, this time around, for advertising and marketing purposes - but by federating some of this activity to Cortana, they open the door for pushing some of the compute resources required down to your PC. As our machines become more powerful, the need for tools like Siri and Cortana to push audio clips to a cloud service for interpretation will be gradually reduced [OK, unlikely that we'll ever need to completely abandon cloud support]. But the key thing here is that Microsoft - who get to benefit from understanding what you're talking about by selling advertisements to third parties with greater claims of relevance - are opening up the door to using your hardware and electricity to do their hard work for them.

    I wonder if they got the idea from this crypto-currency miners that were using browser-injected malware to perform the mining for them?
    • Re: (Score:3, Interesting)

      by drinkypoo ( 153816 )

      Anyone who was paying attention at the time would have noticed that shortly after Microsoft acquired Skype, they made a fundamental change to the way the application operates.

      Anyone who was paying attention at the time would have noticed that shortly after the USDoJ found that under the leadership of Bill Gates, Microsoft was found guilty of abusing its monopoly position in basically every way possible, Gates stepped down from being in control of Microsoft and then founded the Gates Foundation, a massive tax dodge which leaves him in control of all of his money and on a mission of spreading western IP law to the rest of the world.

      I have assumed that everything about Microsoft ha

      • Gates is putting billions into eradicating Malaria and getting clean drinking water to people. How is that "pushing Big Pharma"?

    • In the original, pre-Microsoft world, when you made a connection to a counter-party for a Skype Call, the client would first check a dynamic, central registry to see if the counter-party could be identified and if they were on line.

      Skype was fundamentally flawed well before this came into play: Skype was always non-free software. Skype was therefore always untrustworthy. How proprietors (Skype pre-Microsoft, Microsoft, or any proprietor who comes to own it later) describe Skype's code is therefore also untr

  • A Star Is Born (Score:5, Insightful)

    by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Tuesday October 10, 2017 @06:58AM (#55341845)

    "...I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions."

    I realize it was the person posting TFA who said this, not Microsoft itself. Nevertheless, this magnificent remark deserves to to take its place as another star in the firmament of "what could possibly go wrong" comments.

    I propose that it be placed just below "Your cheque's in the mail" and "I'll just put the tip in", and immediately above "I won't let go in your mouth" and "We're from the government; we're here to help".

  • Pretty sure Skype is reading your messages and M$ is passing that off to Cortana for targeted ads. I wouldn't put it past them entirely, but having Cortana sift through an app's data they already have more readily available sources for would be Rube Goldberg levels of stupid.
  • by mentil ( 1748130 ) on Tuesday October 10, 2017 @07:23AM (#55341927)

    As much as I love to jump aboard the Microsoft hate-train, it should be noted that iOS does the exact same thing with reading your texts and e.g. suggesting adding upcoming plans to your calendar, even if Siri is turned off. If Siri is turned on, it does stuff like that but moreso. The real question is, does any of this 'message parsing' end up on Microsoft servers? If it's all local, and the results aren't sent to MS, then who cares?

    • by jez9999 ( 618189 )

      Two wrongs don't make a right. I hate Apple too.

  • Why are you discussing "secret" stuff on a non-secret network? The Internet is not a secure network and your computer is not secure either. Stupid.
    • Why do you assume that this is only a concern if you're discussing "secret" stuff?

    • by Jerry ( 6400 )

      Because it is possible to communicate using end-to-end encryption that doesn't depend on a 3rd party, or their server, and uses a 2048 byte or larger key.

      Case in point: Using FreeNet's "Friends" connection, a P2P open source application that allows you to create encrypted connections between you and only your friends.

  • Your skype conversations go through servers controlled by microsoft, they have always had the capability to read them and the potential for abuse has always existed.
    The only thing that's changed now is that they're providing a potentially useful service with the data that you were already giving them.

    • 100% correct. Most of your data is going through someone else's servers if you are using the Internet. How do people think things work? Magical fairy dust?
      • Most of your data is going through someone else's servers if you are using the Internet.

        Yes, but that doesn't mean that your data must be exposed to them.

  • Ha ha ha ha (Score:5, Insightful)

    by JustAnotherOldGuy ( 4145623 ) on Tuesday October 10, 2017 @08:09AM (#55342093)

    "I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions."

    I'll say it: Microsoft has malicious intent by adding Cortana to Skype.

    The admission that they're parsing and mining your "private" conversations means they're no longer "private".

    • by Jerry ( 6400 )

      Exactly.
      DuckDuckGo "Legal Intercept".
      A lot of Internet users do not remember "Embrace, Extend and Extinguish", which helped Gates become a billionaire. Now, Google's owners are doing the same business plan: pretending to show interest in a startup's technology and talking about partnering with them, until they acquire the startup's secrets, then they dump them. I can recall only one company, a French company, that won 2 Million suing Microsoft for breach of promise. Most victims run out of money for law

  • so google isn't processing all of your browsing history in chrome, gmail conversations and google voice text messages for use with targeted marketing and god knows what else? don't you have to have cortana and skype installed for this to matter? I guess that pretty much rules out skype on android or iphone being an issue, so is this just a Win 10 "problem"? Wake me when we are pissed at Amazon, Facebook, and Google for the probe they have installed in all of us.
    • so google isn't processing all of your browsing history in chrome, gmail conversations and google voice text messages

      Of course they are. Why is that relevant to Cortana and Skype?

    • by Jerry ( 6400 )

      They are doing more than that. Over time they will collect EVERY login name and password for every Internet account you have created, AND they'll acquire your wifi admin name and password as well.

  • Siri is also upfront in some of the settings that if enabled will involve SMS uploaded to the cloud for dictation support and so on. For the virtual assistants they all treat the phone as a thin client.
    • For the virtual assistants they all treat the phone as a thin client.

      Yep, which is why I won't be getting on board this "virtual assistant" train. The whole thing seems reckless and dangerous to me.

  • No sh*t. And? (Score:2, Interesting)

    I really don't get the crowd who's always on about security/privacy here. Sure, you don't want the inconvenience of stolen data. But as Equifax (latest in a long line) demonstrates, it's *going* to happen, and it doesn't require Skype or Google to be compromised. And as it happens more and more, the culture becomes more and more forgiving of individuals who may have been compromised. It's not a life-ending problem.

    Meanwhile, the life efficiency benefits from having good data vacuuming and processing are inc

    • Sure, you don't want the inconvenience of stolen data.

      This isn't about "stolen data", it's about Big Data.

      But as Equifax (latest in a long line) demonstrates, it's *going* to happen, and it doesn't require Skype or Google to be compromised.

      Absolutely true, but so what? Just because thieves are a thing doesn't mean that it's OK to let companies spy.

      Meanwhile, the life efficiency benefits from having good data vacuuming and processing are incredible.

      That's arguable, but not very important. If you choose to take part in Big Data, more power to you. That's your choice. The real issue is that it's largely forced on people whether they want it or not.

    • If someone came up with a phone that got an order of magnitude *more* of my behavioral, locational, and conversational data crunched by big services in order to leverage it all for customization/context/workflows, *that* is something I'd be interested in. Take my data. Make my life faster/better/more convenient.

      I don't need someone to make secret the fact that I like show X and buy product Y and often drive to place Z. I need someone to spread the word to as many services as possible and help them to make use of this data to make my life better.

      Is this sarcastic? How does all this crap make you life faster/better/more convenient? If anything, I think it has the opposite effect. We're inundated with data now to the point where the only way to truly focus on anything is to turn off the data feed. When you're "connected" you're multitasking all the time slowly accruing stress, and doing whatever you're trying to do not as well as you would if it was your singular focus.

      If not sarcastic, then I'm genuinely interested in specific examples of how these

      • if you try to handle it yourself. That's what the emerging round of services is FOR—the systems can handle the data for you, and do it well. But only if they know you and know what you care about.

        Google Now + Google Inbox, for example. Between these two services, about 90-95% of what I care about is surfaced for me automatically from the noise. Places, times, patterns in my schedule, traffic reports and weather reports for places I'm likely to go just now, events that are happening that are "my kinds"

        • I understand the appeal of these sorts of services to you, I really do. I won't ever tell you not to use them.

          Personally, however, they are simply too expensive for my tastes. Too much loss of control, too much datamining, too much exposure to corporations who don't have my interests at heart.

          But, as with all things, what's too expensive for one person is priced right for another.

    • by jez9999 ( 618189 )

      I just wouldn't be interested. I actively try to multiply the amount of data I'm providing to Google and others with the way I create and configure logins and use software, because it pays multiples and dividends in productivity and convenience.

      So basically what you're saying it: nothing to hide, nothing to fear?

      I'll just remind people that the UK home secretary recently talked about locking people up for 15 years for listening to "far right propaganda". Who gets to define what that is? The government.

    • I really don't get the crowd who's always on about security/privacy here.

      I don't think many people here are always on about security/privacy. Just like not many people here think security/privacy never matters. People just want the option of holding certain discussions in private. Because sometimes security/privacy matters.

      Unfortunately, very few of these online communications tools give you a trustworthy "secure" or "encrypted" option - trustworthy enough to exclude the author/server from monitoring

      • service, half of the /. comments are bemoaning its existence and sarcastically remarking on more data "slurping," how everyone is more owned by company X, and so on. (1) They don't have to use the service, and (2) the service exists that way intentionally, i.e. it's part of the model and intrinsic to the service, which many people find valuable. I *love* that my tech "knows" me and can increasingly deliver me what I want and help me to find/remember stuff that is important, etc.

        As far as basic privacy goes,

        • (1) They don't have to use the service

          The real issue is that it's becoming increasingly difficult to avoid being spied on even if you aren't using those services.

          Privacy is not an on/off thing.

          However, most of these services are architected so that it is essentially an on/off thing.

          This need is orthogonal to the very functionality of comm tech. Your communication will have to pass through other parties and systems.

          The need for privacy does not preclude the use of comm tech at all. End to end encryption is a thing. Your communication is passed through foreign servers, yes, but that doesn't mean that it has to be readable to them.

          Forget Microsoft, everyone knows about the NSA these days, it's an open "secret."

          NSA, Microsoft, Google, etc., are all hostile actors in the information space. N

  • One of the perks of using the Linux client is that we don't even have decent support for plain chats, so we won't be seeing Cortana in a while.

  • Don't Microsoft own the Skype servers already?

  • I'm sorry but was anyone ever assuming anything on Skype (or any other hosted IM platform, SMS platform, hosted email platform, etc) was really "private" to begin with?
  • "If you use Skype on mobile to discuss private matters with your friends or family, Cortana is constantly analyzing what you type."

    Last I checked, Cortana doesn't run on my old Droid phone or iPhone 4S.

  • Or, better yet, don't use Microsoft Windows at all. If you want to feel more secure then make the tradeoffs to get away from Microsoft operating systems and other software. Note I'm being honest about it: You'll have to make some compromises to make it happen. But if you want control of the hardware you own and control over access to your data and communications, then that's what you're going to have to do, plain and simple. Use encrypted communications to prevent as much spying over the Internet as you can
  • In Illinois, and perhaps other states, it is illegal to record someone in a private residence without their consent.

    Just because you agreed to the TOS and EULA doesn't mean that I've agreed to it. So, if Cortana records me in your house, it is very possible that Microsoft has broken the law. I never agreed to the EULA or the TOS, nor did I give you or Microsoft permission to record me.

    • So, if Cortana records me in your house, it is very possible that Microsoft has broken the law.

      That's an interesting question. I'm guessing that the courts would rule that it wasn't Microsoft breaking the law, but whoever brought the device into your home without your permission.

      If I bring running dictation recorder into your house without your permission, the manufacturer of the recorder didn't break any eavesdropping law -- I did.

      • More to the point, if I visit your house, and you record me without my consent, you've broken the law. However, if I visit your house, and Microsoft records me without my consent, Microsoft has broken the law. Microsoft may have obtained recording consent from you through the EULA/TOS, but they haven't obtained it from me.
        • However, if I visit your house, and Microsoft records me without my consent, Microsoft has broken the law.

          Well, if such a case ever hits the courts, we'll see. It still seems to me that in that situation the courts could rule that it was me, and not Microsoft, that broke the law.

          I also think that courts may very well take the stance that if the device is sitting in plain sight, then the law wasn't broken by anybody.

          This is an interesting question, though, since these are new situations that I don't think there's much, if any, legal precedent about.

  • For those still having problem to kill the Cortana background process, that is still running even if you disabled Cortana, because it respawns after a few seconds if you kill it, use task-manager and go to its home directory and rename it (to .bak or whatever)

    It won't allow that of course, because it's still running so you have to place the resulting "retry" window and the task-manager side by side, _then_ kill the process and immediately hit 'retry' to kill it dead,
    But you have to be fast.

  • It's ridiculous to even debate this.

    If a person (or a machine) overhears a private conversation, and then later—in a completely different context—betrays any understanding of such—name one animated, 3D-chessboard villain who can't sniff betrayal off a single, misplaced syllable—what you've got is a side channel that needs to sleep with the fishes.

    The only reason Cortana snoops is to later betray its gleanings though autocorrelated "suggestions".

    How strange or odd soe'er I bear myself

I am more bored than you could ever possibly be. Go back to work.

Working...