EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.16.13

Microsoft Skype Messaging Surveillance Not the Main Issue, Audio Recording (Bugging) and Computer Hijacking Are

Posted in GNU/Linux, Microsoft, Windows at 12:03 pm by Dr. Roy Schestowitz

Nokia phone

Summary: Debates about the dangers of Skype focus on one of the least dangerous aspects of Skype

THE PROBLEM with Skype is not quite what The H focuses on. Microsoft claims to be scanning people’s conversations to mitigate the threat of phishing scams and such, but this doesn’t quite compute unless they only ever test for redirections in HEAD. To say that Skype is tracking people’s conversations would not be shocking because even years ago (before Skype was taken up by Microsoft and the NSA) China was given access to text conversations for censorship purposes (similar to security purposes in the practical sense). This is well documented in news sites, especially in Western news sites that like to berate China over practices that the West too harbours, but always under plausible denial clauses.

For those who have not seen the widely-syndicated and discussed report from Heise (or The H), in English the summary says: “A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs.”

“The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data.”
      –The H
As the article in The H puts it: “Anyone who uses Skype has consented to the company reading everything they write. The H’s associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

“A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service.”

Microsoft’s excuses didn’t pass muster (the security excuse for surveillance, where all they can really test for is a redirection). “In summary,” says the author, “The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data.”

And from the comments we learn it’s worse than The H originally put it: “We tested it at mooncascade.com. I can confirm there is correlation between URL-s in Skype chats and web server access logs with traces from Redmond. There are both https and http accesses.”

Another commenter says:

So much about the “AES encryption” Skype promisses:

> All Skype-to-Skype voice, video, and instant message conversations
> are encrypted. This protects you from potential eavesdropping by
> malicious users.
>
> (https://support.skype.com/en/faq/FA31/does-skype-use-encryption)

Aparently, this falls into the same category as “McDonalds food is
healty and tastes good”.

This whole debate, unfortunately, misses a key point; not just text conversations are being tracked but voice ones (relayed through US infrastructure) — the bread and butter of Skype — are also being tracked and Skype as a binary ensures not only that Windows is hijackable, as we showed before, but that all platforms are rendered hijackable when Skype is running in the background (Skype has no intention of addressing these issues). The debate should be altered to take account of these much greater threats. By the way, on Windows it doesn’t even take Skype to hijack a computer; Microsoft has just admitted that exploits in the wild exist that help hijack Windows through a built-in program and there is also software that lets people’s Facebook accounts get hijacked through Windows, including on Vista 8 (the operating system which hardly sells, leading Microsoft to lies and inexcusable disinformation).

“A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture.”
      –Gizmodo
The Free Software Foundation has long been campaigning against Skype, even before Microsoft took over. GNU/Linux with SKype binaries is just about as compromisable as other platforms. The weakest link counts. It is worth noting that even a Windows developer admits that Windows is inferior to Linux, stirring up further debate. As Gizmodo put it: “Right now, somewhere on the internet, there is a flame war occurring between devotees of Linux and Windows. It’s just the nature of passionate software evangelism. A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture.”

At Microsoft, backdoors are not a bug; sometimes they are a feature. Since nobody among the users can inspect the code or thoroughly interpret the binaries, it’s hard to remove the backdoors, let alone prove their existence.

“You assist an evil system most effectively by obeying its orders and decrees. An evil system never deserves such allegiance. Allegiance to it means partaking of the evil. A good person will resist an evil system with his or her whole soul.”Mahatma Gandhi

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 18/1/2018: MenuLibre 2.1.4, Git 2.16 Released

    Links for the day



  2. Microsoft, Masking/Hiding Itself Behind Patent Trolls, is Still Engaging in Patent Extortion

    A review of Microsoft's ugly tactics, which involve coercion and extortion (for businesses to move to Azure and/or for OEMs to preload Microsoft software) while Microsoft-connected patent trolls help hide the "enforcement" element in this whole racket



  3. Patent Prosecution Highway: Low-Quality Patents for High-Frequency Patent Aggressors

    The EPO's race to the bottom of patent quality, combined with a "need for speed", is a recipe for disaster (except for litigation firms, patent bullies, and patent trolls)



  4. Press Coverage About the EPO Board Revoking Broad's CRISPR Patent

    Even though there's some decent coverage about yesterday's decision (e.g. from The Scientist), the patent microcosm googlebombs the news with stuff that serves to distract from or distort the outcome



  5. Links 17/1/2018: HHVM 3.24, WordPress 4.9.2

    Links for the day



  6. No Patents on Life (CRISPR), Said EPO Boards of Appeal Just a Few Hours Ago

    Broad spectacularly loses its key case, which may soon mean that any other patents on CRISPR too will be considered invalid



  7. Only Two Weeks on the Job, Judge Patrick Corcoran is Already Being Threatened by EPO Management

    The attack on a technical judge who is accused of relaying information many people had already relayed anyway (it was gossip at the whole Organisation for years) carries on as he is again being pushed around, just as many people predicted



  8. EPO Board of Appeal Has an Opportunity to Stop Controversial Patents on Life

    Patent maximalism at the EPO can be pushed aback slightly if the European appeal board decides to curtail CRISPR patents in a matter of days



  9. Links 16/1/2018: More on Barcelona, OSI at 20

    Links for the day



  10. 2018 Will be an Even Worse Year for Software Patents Because the US Supreme Court Shields Alice

    The latest picks (reviewed cases) of the Supreme Court of the United States signal another year with little or no hope for the software patents lobby; PTAB too is expected to endure after a record-breaking year, in which it invalidated a lot of software patents that had been erroneously granted



  11. Patent Trolls (Euphemised as “Public IP Companies”) Are Dying in the United States, But the Trouble Isn't Over

    The demise of various types of patent trolls, including publicly-traded trolls, is good news; but we take stock of the latest developments in order to better assess the remaining threat



  12. EPO Management and Team UPC Carry on Lying About Unified Patent Court, Sinking to New Lows in the Process

    At a loss for words over the loss of the Unitary Patent, Team UPC and Team Battistelli now blatantly lie and even get together with professional liars such as Watchtroll



  13. China Tightens Its Knot of Restrictive Rules and Patents

    Overzealous patent aggressors and patent trolls in China, in addition to an explosion in low-quality patents, may simply discourage companies from doing production/manufacturing there



  14. Microsoft's Patent Racket Has Just Been Broadened to Threaten GNU/Linux Users Who Don't Pay Microsoft 'Rents'

    Microsoft revisits its aggressive patent strategy which it failed to properly implement 12 years ago with Novell; it wants to 'collect' a patent tax on GNU/Linux and it uses patent trolls to make that easier



  15. EPO Scandals Played a Considerable Role in Sinking the Unified Patent Court (UPC)

    Today's press coverage about the UPC reinforces the idea that the EPO saga, culminating in despicable attacks on Patrick Corcoran (a judge), may doom the UPC once and for all (unless one believes Team UPC)



  16. J Nicholas Gross Thinks Professors Stop Being Professors If They're Not Patent Extremists Like Him

    The below-the-belt tactics of patent trolls and their allies show no signs of abatement and their tone reveals growing irritation and frustration (inability to sue and extort companies as easily as they used to)



  17. The US Supreme Court Has Just Denied Another Chance to Deal With a Case Similar to Alice (Potentially Impacting § 101)

    There is no sign that software patents will be rendered worthwhile any time in the near future, but proponents of software patents don't give up



  18. Litigation Roundup: Nintendo, TiVo, Apple, Samsung, Huawei, Philips, UMC

    The latest high-profile legal battles, spanning a growing number of nations and increasingly representing a political shift as well



  19. Roundup of Patent News From Canada, South America and Australia

    A few bits and pieces of news from around the world, serving to highlight patent trends in parts of the world where the patent offices haven't much international clout/impact



  20. Links 15/1/2018: Linux 4.15 RC8, Wine 3.0 RC6

    Links for the day



  21. PTAB is Being Demeaned, But Only by the Very Entities One Ought to Expect (Because They Hate Patent Justice/Quality)

    The latest rants/scorn against PTAB -- leaning on cases such as Wi-Fi One v Broadcom or entities like Saint Regis Mohawk Tribe, Apple etc. -- are all coming from firms and people who profit from low-quality patents



  22. If Ericsson and Its Patent Trolls (Like Avanci and Unwired Planet) Cannot Make It, the Patent Microcosm Will Perish

    The demise of patent-asserting/patent assertion business models (trolling or enforcement by proxy) may see front groups/media supportive of it diminishing as well; this appears to be happening already



  23. European Patent Office Causes Physical Harm to Employees, Then Fires Them

    Another one (among many) EPO documents about the alarming physical wellbeing of EPO employees and the management’s attitude towards the issue



  24. Battistelli Was Always (Right From the Start and Since Candidacy) All About Money

    “I have always admired creative people, inventors, those who, through their passion and their work, bring about scientific progress or artistic evolution. I was not blessed with such talent myself,” explained the EPO‘s President when pursuing his current job (for which he was barely qualified and probably not eligible because of his political work)



  25. “Under the Intergovernmental EPC System It is Difficult to Speak of a Functional Separation of Powers”

    An illustration of the glaring deficiency that now prevails and cannot be tolerated as long as the goal is to ensure democratic functionality; absence of the role of Separation of Powers (or Rule of Law) at the EPO is evident now that Battistelli not only controls the Council (using EPO budget) but also blatantly attacks the independence of the Boards of Appeal



  26. The Patent Microcosm Thinks It's Wonderful That IP3 is Selling Stupid Patents, Ignores Far More Important News

    IP3, which we've always considered to be nothing but a parasite, does what it does best and those who love stupid patents consider it to be some sort of victory



  27. Automotives, Artificial Intelligence, Internet of Things and Industry 4.0 Among the Buzz Terms Used to Bypass Alice and the EPC Nowadays

    In order to make prior art search a lot harder and in order to make software patents look legitimate (even in various courtrooms) the patent microcosm and greedy patent offices embrace buzzwords



  28. Blockchain Becomes the Target Not Only of Financial Institutions With Software Patents But Also Trolls

    Blockchain software, which is growing in importance and has become ubiquitous in various domains other than finance, is perceived as an opportunity for disruption and also patent litigation; CNBC continues to publish puff pieces for Erich Spangenberg (amid stockpiling of such patents)



  29. EPC Foresaw the Administrative Council Overseeing the Patent Office, Jesper Kongstad Made It “Working Together”

    An old open letter from the EPO shows the famous moment when Jesper Kongstad and Battistelli came up with a plan to empower both, rendering the Administrative Council almost subservient to the Office (complete inversion of the desired topology)



  30. 2010: Blaming the Messenger (SUEPO) for Staff Unhappiness at the European Patent Office (EPO)

    Tactics of SUEPO (EPO union) blaming go further back than Battistelli and can be found in the previous administration as well


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts