Skype with care - Microsoft is reading everything you write

Discussion in 'privacy general' started by Nebulus, May 14, 2013.

Thread Status:
Not open for further replies.
  1. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html
     
  2. guest

    guest Guest

    It seems that not only Uncle Google who loves to messing around with our privacy. :D I really have no idea at what's the benefit for Microsoft to do this. Google --> ads. Microsoft? I have no clue at what they're planning. :doubt:
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    To keep you safe. :rolleyes:
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Actually it is to keep you safe. This is an automated system you've probably heard of before, SmartScreen. This isn't someone "reading" your messages, total FUD article.

    SmartScreen is implemented in various Microsoft services including Windows itself and is a great security feature especially for the average Joe's that just click links without a thought. This is how "Skype malware" propagates and this is exactly what they're trying to prevent.

    FYI, Windows Live Messenger also did the same thing. Let's not stop that from having a good rant though. :rolleyes:

    More complete and utter FUD, who says malware and phishing can't be on HTTPS pages? Are AV companies implementing SSL scanning for the lulz? The article author is an idiot.

    FYI, it only scans links, not all chat messages like the article attempts to imply...
     
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    That might be true, but is there evidence to substantiate it? It seems to me that those who are interested in this would try to rule out server side snooping and then zero in any client side mechanism that is involved. So for starters:

    1) Assure that Smartscreen is disabled on both of the machines Skyping
    2) Someone should send, via Skype, a unique *unlikely to have been previously seen by Microsoft's Smartscreen servers* URL and *one that is not associated with a major site that could possibly be whitelisted* to the other. To play it safe don't even visit that URL from either machine that is Skyping.
    3) Watch server logs for hours/days to see if a Microsoft server or other unexpected party requests the URL.

    Then look for and play around with client side config options to see what it takes to disable the behavior. It would be extremely sad/bad if one can't exert fine-grained control over SmartScreen, Skype, etc. For example, configure things so that the sending of URLs via Skype *doesn't* cause them to be sent to Microsoft but browsing with IE does (unless you've created an exclusion for the site/URL in question).
     
  6. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,669
    Location:
    Philippines
    I see nothing here. Agree with elapsed. What is wrong with Skype verifying an URL that was sent on their system. Betcha the moderators do that here at Wilder's too.
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    There are some valid points inside the article (based on the assumption that they really tested it; I didn't make any tests myself):

    1. Microsoft automatically reads the content of all messages in order to determine if the message contains a link. This doesn't mean that someone from MS actually reads all your messages, but it is still a privacy problem (i.e. if this is possible, what keeps them from reading other type of content as well, or even store that on their servers?).
    2. Microsoft reads HTTPS links, but not HTTP links. Spammers can use both, so why discriminating between them?
    3. Microsoft doesn't read the site contents (uses HTTP HEAD), and the article points out correctly that this is not exactly a scientific method to check for spam.
    4. The request to the site in question is made after the fact, meaning that it doesn't protect the user in any way from clicking a spam link that appears in one of the messages.

    So, in my opinion, if these points are correct, Microsoft built a "spam protection" system that is both ineffective and a threat to privacy.
     
  8. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Ah the good ol' guilty until proven innocent of the privacy forum...


    http://www.zdnet.com/is-microsoft-reading-your-skype-instant-messages-7000015388/
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    There’s no evidence that anyone, human or machine, is reading your confidential messages.

    Interesting comment by Ed Bott.

    If nothing is reading, then how would it know what to look for? It needs to parse the content to check for some string that looks like a valid URL, doesn't it?

    If nothing is parsing, then nothing is checking URLs. If something is checking URLs, then something is parsing. If something is parsing, then something is reading.

    It doesn't take much science to figure it out. :argh:

    But, anyway, is it me or Ed Bott also had some "interesting" articles in the past? ;)
     
  10. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Ed never saw an MS 'anything' that he didn't love, IMO. I wonder what he thinks about the new MS/NYPD Surveillance System? You could test this out another way. Start a text session about an illegal drug deal, pointing to a price list on a website you created that is named something like -> the drug prices dot com <-. See if that gets any visits.

    PD
     
  11. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    599
    I would be using torchat for discussing such things :0

    Not skype :)
     
  12. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Does not really matter anyway as the NSA is capturing everything we do.
     
  13. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Without reading whatever article Mr. Bott wrote, I can already determine he's a clueless imbecile. Would he care to explain how ads in Gmail work then? Would he care to explain why it is Google flat out has said their systems scan content of emails to provide said ads?

    Would he care to explain how online stings/investigations work? What about DNS queries, "This page contains malware" blocking? Does he think little sprites sprinkle fairy dust around and magic happens?
     
  14. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Close to it, but they aren't omnipresent. Many other agencies in nations across the world do the same work though, so in the end yeah, we are basically under constant surveillance.
     
  15. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I love telling friends that don't believe...to send an email mentioning hotels for Hawaiian vacations...then to look at the ads to the right! Hahaha.

    PD
     
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    An interesting followup by H-Online... -http://www.h-online.com/security/features/Skype-s-ominous-link-checking-facts-and-speculation-1865629.html

    They mention something I wasn't aware of, especially because I don't use Skype, and that's the fact that, if this is all about SmartScreen, then how come the user has no option to disable it, and there's no mention of it, just like we know it exists for IE/Explorer (Windows :cool: and that can be disabled?

    Also, it seems that it took some hours for the URL to be checked, so quite hard to be related to SmartScreen. Otherwise, like HO mentions, it would be pretty much useless to work like that.
     
  17. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    You couldn't disable it in Messenger either, I don't see the issue. You're using one of their services (which has a bad issue with spreading spam and malware links) so they have the right to check URLs for spam. IE/Windows is software you've bought not an online service.

    This is similar to complains about CCTV on trains to stop vandalism IMO. You're using someone else's service.

    There's also the fact that the Skype team and the Microsoft teams are still pretty damn disconnected. There are Messenger features missing from Skype that will probably take months to gradually be introduced.
     
  18. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Clicking through that latest H-Online article to http://lists.randombit.net/pipermail/cryptography/2013-May/004224.html I notice that someone tested this with the sender using a Skype client on Ubuntu and the receiver using a Skype client on MAC OS X. Although the description isn't definitive, that makes it seem more likely that the URLs weren't getting phoned home by other software (such as SmartScreen functionality in IE/AV/OS) and instead 1) the Skype client software is harvesting and forwarding things, and/or 2) a Skype server is harvesting things.

    The:
    bits from http://www.skype.com/en/legal/privacy suggests to me that it is probably #2 and a Skype server that is doing it. It also sounds as though it isn't just URLs but all such message content that is at risk of being datamined by Microsoft and used for the variety of secondary purposes mentioned in section #2 of that privacy policy (which has some extremely broad clauses).
     
  19. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    This kind of attitude towards any corporation, coupled with the lack of reaction, allows them to limit both the user rights and the user choice.

    I'm really offtopic here, but CCTV (or any other form of surveillance) doesn't stop anything, it just makes catching the perpetrators easier.
     
  20. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Checking the URLs for spam/malware links is one thing, and something the user should have an option to disable for private information.

    Also, what kind of protection does it offer if it only "checks" the URL a few hours later? Makes no sense, of whatsoever.

    Some trains have bathrooms. Would you be OK with them monitoring you while in there? :argh: No, that's your "private" moment. I'd relate this to HTTPS, which is for privacy/security, not for breaking it.

    It's like malls, etc., they all have cameras, which is OK. But, there's a limit, and that limit is that cameras can't be everywhere, because there's still the right to privacy, and this privacy can't be breached for the sake of security, at least not in a democratic society. Unfortunately, in some places it's broken, for the sake of security.

    Anyway, the day people stop caring, corporations/etc can do whatever they want. I don't like this, and hopefully I won't live long enough to see most of the freedom I still got to go down the drain.
     
  21. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    That's incorrect. It's for reducing the likelyhood that it will happen, and it DOES work. A great example of this is speed cameras. Why do you think it's legal to download speed camera locations for your Sat Nav device? They don't exist to catch people, they exist to make people obey the speed limit. I don't know about you, but I slow down every time I hear that beep. ;)



    Where is your evidence of "hours later"?
    This argument is entirely flawed the same way as AVs add protection for threats "hours later" and browsers add protection against URLs "hours later".


    Oh please, Skype isn't advertised as "HTTPS chat". The only thing "HTTPS" about this is the link that was chosen to be sent. So I have no idea where you're factoring privacy into this or how it's being "violated".
     
  22. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    While I agree with you 100% that using surveillance cameras does help in deterring people to do all kind of bad things, I still stand by what I said earlier: it's not the camera that stops you from doing something wrong, it's a psychological feedback mechanism that does it. If that mechanism is broken (i.e. you don't care about consequences of your action), then the camera won't stop you.
     
  23. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    They should start putting actual slavery obligations into EULA's for free services. "Use this, and you have to work for free, for us, for 1 hour". Hey, it's free, why the complaining? Whatever happened to "It's just not right to do"? Hey, you're in public...I can take pictures of your little kids, all day long...stay in your house if you don't like it... World going to heck in a hand basket.

    PD
     
  24. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    That is sooooo debatable...but I don't want to derail the thread. Search UK CCTV 1 Crime Solved :D


    PD
     
  25. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,452
    Location:
    U.S.A.
    Removed Off Topic Posts. We Urge All Wilders Members to Report A Bad Post to Keep Threads On Topic.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.