Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Microsoft Privacy Communications IT Technology

Skype Audio Graded by Workers in China With 'No Security Measures' (theguardian.com) 21

Posted by msmash from the privacy-woes dept.
A Microsoft program to transcribe and vet audio from Skype and Cortana, its voice assistant, ran for years with "no security measures," according to a former contractor who says he reviewed thousands of potentially sensitive recordings on his personal laptop from his home in Beijing over the two years he worked for the company. From a report: The recordings, both deliberate and accidentally invoked activations of the voice assistant, as well as some Skype phone calls, were simply accessed by Microsoft workers through a web app running in Google's Chrome browser, on their personal laptops, over the Chinese internet, according to the contractor. Workers had no cybersecurity help to protect the data from criminal or state interference, and were even instructed to do the work using new Microsoft accounts all with the same password, for ease of management, the former contractor said. Employee vetting was practically nonexistent, he added.

"There were no security measures, I don't even remember them doing proper KYC [know your customer] on me. I think they just took my Chinese bank account details," he told the Guardian. While the grader began by working in an office, he said the contractor that employed him "after a while allowed me to do it from home in Beijing. I judged British English (because I'm British), so I listened to people who had their Microsoft device set to British English, and I had access to all of this from my home laptop with a simple username and password login." Both username and password were emailed to new contractors in plaintext, he said, with the former following a simple schema and the latter being the same for every employee who joined in any given year.
This discussion has been archived. No new comments can be posted.

Skype Audio Graded by Workers in China With 'No Security Measures' More

Skype Audio Graded by Workers in China With 'No Security Measures'

Comments Filter:

  • So how much commercial espionage was done? (Score:4, Funny)

    by Anonymous Coward on Friday January 10, 2020 @10:47AM (#59606364)

    Way to hand over everything MS.

    Knew there was a reason I stopped using Skype.

  • Horrifying (Score:5, Funny)

    by XXongo ( 3986865 ) on Friday January 10, 2020 @11:06AM (#59606440) Homepage

    This is completely horrifying. Not merely the utter disregard of privacy--that's par for the course; you gotta train AIs, and, yeah, that's how you do it. But this: "instructed to do the work using new Microsoft accounts all with the same password, for ease of management... username and password were emailed to new contractors in plaintext..."

    WTF? Hasn't Micro$oft learned anything from the data breeches of the 20th century? (

    • Re:Horrifying (Score:5, Funny)

      by weilawei ( 897823 ) on Friday January 10, 2020 @11:07AM (#59606452)

      WTF? Hasn't Micro$oft learned anything from the data breeches of the 20th century?

      No, they've moved on to data pantaloons.

    • Re:Horrifying (Score:5, Insightful)

      by Mephistophocles ( 930357 ) on Friday January 10, 2020 @11:39AM (#59606564) Homepage
      Look, I share your horror but if you're surprised by this you're just not paying enough attention.

      If you decide to obtain ANY device that you 1) place in your home 2) that has a microphone and/or camera and 3) can be activated remotely to record audio/video in the cloud, you HAVE to assume that everything that happens in your home within earshot of the mic or view of the camera will be recorded and viewed by a human you don't know. You simply cannot assume you have any privacy in that space once one of those things is present.

      Otherwise, you're just blindly trusting the company who made the device, all of their employees, all of their associated 3rd party vendor, and all of those associated companies' employees, not to do that - and you have no reason whatsoever to do that. That's potentially 100's of thousands of people or even more. You don't know any of them, you have no idea whether they're trustworthy or not, and most of them (at least) have no incentive at all to maintain your privacy.

      So if you want to use one of these things, that's your decision and no one else's business - but you really should at least be honest with yourself about the implications first.

      • If you decide to obtain ANY device that you 1) place in your home 2) that has a microphone and/or camera and 3) can be activated remotely to record audio/video in the cloud, you HAVE to assume that everything that happens in your home within earshot of the mic or view of the camera will be recorded and viewed by a human you don't know. You simply cannot assume you have any privacy in that space once one of those things is present.

        This is made worse in the most common implementations because of user-subjuga

        • One could have a free software calling program that only sends encrypted data over the connection and would allow the user to at least know their end of the conversation isn't being recorded on their computer. Free software can't solve all of the attendant privacy problems (some are outside the scope of software freedom) but free software can help.

          That's a good point. Until tech companies are willing to provide full transparency, using something like that is definitely helpful if you have to use a privacy violating device (like most of us do).

          Just having full transparency, at a level even a "non-technically-capable" user can audit and review, is a step forward and would solve a lot of these issues. If I can, beyond a reasonable doubt, know what data is recorded, where it's stored, and exactly who has access to it, I might be willing to own someth

    • Re: (Score:3)

      by hey! ( 33014 )

      Why would they learn anything? The reason there is a never-ending stream of these stories is there is no *incentive* to learn anything if you're not caught.

      Put yourself in the position of the person who decided to go ahead with reviewing the audio this way. On one hand, he could spend a little time thinking about rudimentary security, then implement it even though it adds a tiny bit of time and cost to his operations. Or, he can just shoot from the hip and hope he doesn't get caught. This, in a corporate

  • Remembering: M$ Skype...

  • Cortana (Score:5, Funny)

    by samwichse ( 1056268 ) on Friday January 10, 2020 @11:22AM (#59606512)

    What a wonder gift Microsoft has given us.

    The power of a fast, integrated, never-disabled voice assistant. I'm sure that data will always be secure, though.

  • Why the surprise, does the license say otherwise (Score:5, Interesting)

    by Locutus ( 9039 ) on Friday January 10, 2020 @11:32AM (#59606544)
    it's well known the Microsoft sucks tons of user data off their desktops OS machines so why the surprise.

    Is there something in their Skype license agreement which says they won't or can't do what they did?

    LoB

  • While people at thinking about this general topic, I'd like to ask for thoughts on a different, but somewhat related thing.

    Suppose all of a companies voicemails were leaked. Maybe it's an insurance company, for example. What could the security implications be, do you think? What damage might be done if bad guys had access to a company's voicemails?

    • Re: (Score:2)

      by Anrego ( 830717 )

      I don't think it would be that disastrous in most cases.

      I mean first off, they probably aren't kept forever because, well, why would they be, so you probably at any given time only have so many stored.

      Then, how often do you leave sensitive voicemail? I'm sure some people do, but most of the time I leave someone a message its like.. "hey, the meeting moved to 2pm and we had to change to the 5th floor conference room" and not "hey, let me read you our sales plan".

  • The important questions this raises (Score:4, Funny)

    by bobstreo ( 1320787 ) on Friday January 10, 2020 @11:50AM (#59606594)

    1) What is the pay/workload like?

    2) Are they hiring people in the US?

    3) Do you have to report illegal activities you "overhear"?

    4) Will anyone care if you use this to make money from what you hear?

    5) Do you have to use Windows to do this work? Google Chrome works on other platforms...

  • Even worse (Score:3)

    by spaceman375 ( 780812 ) on Friday January 10, 2020 @12:11PM (#59606662)
    I know 3 people who work for the United Nations, two of them not in the US. All three are in the IT department. They tell me Skype is the default for all UN employee voice calls, far more than any phone system. Shudder

  • I guess this is the 2 minute hate for today? (Score:3)

    by Jzanu ( 668651 ) on Friday January 10, 2020 @12:52PM (#59606776)
    If you don't get the reference, look into the early model of an industrial distopia called 1984.

  • I think they just took my Chinese bank account details

    Oh they're vetting alright. They're just not vetting for what you think they are vetting for. Somebody else wants access to this data, but they don't want to be upfront about it. If you are willing to give your bank details to a shady company in China claiming to work for Microsoft, then you are qualified to be their unwitting conduit.

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close