Skype with care – Microsoft is reading everything you write

[DKT27]

If you thought Skype messaging was private, think again. The H's associates at heise Security have discovered that Skype/Microsoft analyses all data sent using the service

Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service. A few hours after their Skype messages, they observed the following in the server log:

65.52.100.214 - - [30/Apr/2013:19:28:32 +0200]
"HEAD /.../login.html?user=tbtest&password=geheim HTTP/1.1"

The access is coming from systems which clearly belong to Microsoft

They too had received visits to each of the HTTPS URLs transmitted over Skype from an IP address registered to Microsoft in Redmond. URLs pointing to encrypted web pages frequently contain unique session data or other confidential information. HTTP URLs, by contrast, were not accessed. In visiting these pages, Microsoft made use of both the login information and the specially created URL for a private cloud-based file-sharing service.

In response to an enquiry from heise Security, Skype referred them to a passage from its data protection policy:

"Skype may use automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or ( b ) identify URLs that have been previously flagged as spam, fraud, or phishing links."

A spokesman for the company confirmed that it scans messages to filter out spam and phishing websites. This explanation does not appear to fit the facts, however. Spam and phishing sites are not usually found on HTTPS pages. By contrast, Skype leaves the more commonly affected HTTP URLs, containing no information on ownership, untouched. Skype also sends head requests which merely fetches administrative information relating to the server. To check a site for spam or phishing, Skype would need to examine its content.

Back in January, civil rights groups sent an open letter to Microsoft questioning the security of Skype communication since the takeover. The groups behind the letter, which included the Electronic Frontier Foundation and Reporters without Borders expressed concern that the restructuring resulting from the takeover meant that Skype would have to comply with US laws on eavesdropping and would therefore have to permit government agencies and secret services to access Skype communications.

In summary, The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data.

:view: View: Original Article

[Diego T.]

I chat on Facebook... which in the end is the same thing LOL

[OrbingStorm]

More and more I am realizing the words freedom and privacy mean nothing as we allow corporations to OWN us and technology is the net we trap ourselves in.Trouble is,what else can you do?Be a hermit in a cave.. hmm not a bad idea ... :pos:

[DKT27]

While this may not be new or surprising, I personally think it's general issue that everything should be aware about, and Microsoft here needs to be more clear about these things.

[demoneye]

i got two Response to this matter .

1.ppl should know long time ago that u have been tracking this way or another in the first step u make in the net (ip) and in continue when u flip sites , and on and on

2.if u are not Russian spy u shouldn't give a F if unknown persons read your things .

anyway that my take on that :D

[majithia23]

I remember once chatting on WLM , the service censored my sent links to the other party !

So now that the Skype is owned by MSh!t , of course the modus operandi shall remain the same .

We forget , that the biggest control the governments have is the Control of info , about us and about everything .

You or anyone who controls it , is undoubtedly the puppet master . And here they are the Governments !

Control the Info , Control the sheep i.e the Public ----

Right from the Biblical ages when the Church controlled info ,

to the World War scene when Germany and Italy intercepted , snooped and analyzed every letter and phone call being exchanged ,

to this present WWW electronic age !

As after the end of the World War , when the fallen nations of Germany and the like could no longer amount to these tactics , a whole maze of rooms with open and unopened letters and telephone records were found and revealed to the general public ,

Someday there shall dawn such a day in the near future too !

[mray88]

While this may not be new or surprising, I personally think it's general issue that everything should be aware about, and Microsoft here needs to be more clear about these things.

i got two Response to this matter .

1.ppl should know long time ago that u have been tracking this way or another in the first step u make in the net (ip) and in continue when u flip sites , and on and on

2.if u are not Russian spy u shouldn't give a F if unknown persons read your things .

anyway that my take on that :D

Completely disagree! This is hardly a general issue, and you most definitely have something to be concerned about and should give an "F". What people don't recognize with all this intrusiveness, and invading your privacy in every which way possible, is that this information about you gets saved and if you get out of line, someone will dig around and find something to use against you. You don't have to be a "Russian spy" for that to happen, it could be no more than an unpopular opinion or something of an extremist view you held in another time or place-- it will be there to be used by the people in this world who think it their place, and position, to own you. That's what all this crap is about; this information is ultimately used to silence you. If you don't think that's true, then consider people coughing up their money to these copyright infringement troll/lawyers for no other reason than that they don't want to be humiliated by the dissemination of information that they happened to have downloaded some pornography. That's what this is about-- these people own you with this information, and you become neutered by what they have on you. This is just another way of people with money making slaves out of people that don't have money.

If people had any sense, upon learning of something like this they should cancel their account and be sure to let the company know it is because you disagree with the invasion of your privacy. If people took an action like that, rather than this absurd complacency that people have fallen into, things might actually change for the better.

[demoneye]

@mray88

i understand what u are saying and familiar with that kind of stuff ... my point is when u play in the BIG boys play-yard u are screwed from the first stand.

YES u can cry and and say its not fare (and it isnt !!! ) but when billions of $$$ are in it , u can just talk away and nothing critical will happen .

like old saying "the dogs keep barking and the convoy pass " :D

[insanedown58]

Do they also track video chat? Because my grandma has these disgusting talks with my aunt so I hope Microsoft can hear AND see those disgusting.. bleh... God its awful.

[dcs18]

Because my grandma has these disgusting talks with my aunt so I hope Microsoft can hear AND see those disgusting.. bleh... God its awful.

:rofl: :lmao:

I hope they can see my deeds, too - I've been using Skype to activate copies of (Windows 8 Pro + Microsoft Office 2013 Pro Plus) twice each week regularly, this year. :lol:

[Technology]

So v4.2 of Skype is still secure and encrypted compare to new Skype of Microsoft? If not then someone suggest me another communication software alternative to Skype.

[mray88]

I hope they can see my deeds, too - I've been using Skype to activate copies of (Windows 8 Pro + Microsoft Office 2013 Pro Plus) twice each week regularly, this year. :lol:

See, this is where it all gets problematic. Right now, a company like Microsoft doesn't really care all that much about your pilfering a few copies of Win 8 or Office 2013. Sure, they'd rather you weren't doing it, but given they deal with millions of copies of this stuff, your playing around isn't going to change their future. Because of that they're not going to do much about it, and it would cost more than it's worth to them, anyway.

But let's say something else comes up with you, you piss the wrong person off, or you do or say something that some authority finds threatening. Suddenly, they can put you in jail for your copyright infringement that they didn't care much about in the first place! It's as if they have a file saved on everyone now due to this lack of privacy, and if those in an economic position of authority suddenly want to be rid of you, they already have the ammunition they will need to take care of it. That's why this is so dangerous. It cuts off your ability to speak up in the future, to take a stand, to represent yourself..... you won't be able to do it, because these economic powers hold chits from your past that can cause you so much harm. Let's face facts, it's not as if you can play back and scour all of Microsoft's records to examine all the illegal things they have done, and use that information to keep them quiet. This is a one way street, and it's people like you and me that are on the down side. They have all this data on you and me, they can use it if they want, and we have nothing.

[STEEL]

This is Do :lol: gie Poo :shit:

Iam going back to Pigion Mail :P

[mazigh]

Well this is a known point, you are all watched :p, ISP, APP Makers...etc, not surprising at all

[dcs18]

I hope they can see my deeds, too - I've been using Skype to activate copies of (Windows 8 Pro + Microsoft Office 2013 Pro Plus) twice each week regularly, this year. :lol:

But let's say something else comes up with you, you piss the wrong person off, or you do or say something that some authority finds threatening. Suddenly, they can put you in jail for your copyright infringement that they didn't care much about in the first place!

Actually you're quite right - except for the fact that I hail from a country which grants me near-absolute immunity against Microsoft.

In fact, not only Microsoft - I can shaft the President of the US of A with impunity. In my country, one can get bail for a murder (not man slaughter) within a minimum of 15 days. There's a price tag attached here, to anything & everything - not limited to Obama's a$$.

I live in the biggest democracy of the planet where corruption is the buzzword laced with utter indiscipline (what that means is I don't get caught even if they try to - due to sheer incompetence.)

[Mitka]

Quite frankly I'm not concerned about Gov, etc. invading my privacy because I honestly think that they don't give a **** about what the average person is doing.

Life's way more complicated than it's made out to be.

I'm more concerned about entities that are purposely looking to wrong me for no reason whatsoever.

This site has probably already be found and monitored a million times but there's nothing of interest or no active threats; so let it be.

Live simple and seek not to gain attention and you shall not be bothered.

[OrioNeXus]

neither internet nor real life is any more safe

internet inside is full of error

world outside is full of terror

where shall i go now dear ?

[vissha]

I'm aware of these things long back. That is why i stopped chatting, even if chatting i won't use any personal info or any means of words linked to get to me. I'm shocked that no one commented about the below Challenging Q's!

1. Why MS counter attacking Google for Tracking and Privacy, while MS itself does it?
2. Why Google isn't telling about it to its Users with Ads, etc?
3. Why Govts, DMCA & Any Other organizations doesn't ask MS/Google/Facebook about these tracking people?

[johndoe]

So v4.2 of Skype is still secure and encrypted compare to new Skype of Microsoft? If not then someone suggest me another communication software alternative to Skype.

what's with Skype v4.2? why/how? and which specific build of v4.2?

http://www.oldapps.com/skype.php

[aurics]

Its not version related they could spy even Skype 3.8 - they know you password whatever you would change it and they just log in with your password ( Skype client doesn't inform you its logged in from other computer )

and they pull all your chat history and listen to every word you say. I personally use encryption addon for Skype chatting which is quite secure.