EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.16.13

Microsoft Skype Messaging Surveillance Not the Main Issue, Audio Recording (Bugging) and Computer Hijacking Are

Posted in GNU/Linux, Microsoft, Windows at 12:03 pm by Dr. Roy Schestowitz

Nokia phone

Summary: Debates about the dangers of Skype focus on one of the least dangerous aspects of Skype

THE PROBLEM with Skype is not quite what The H focuses on. Microsoft claims to be scanning people’s conversations to mitigate the threat of phishing scams and such, but this doesn’t quite compute unless they only ever test for redirections in HEAD. To say that Skype is tracking people’s conversations would not be shocking because even years ago (before Skype was taken up by Microsoft and the NSA) China was given access to text conversations for censorship purposes (similar to security purposes in the practical sense). This is well documented in news sites, especially in Western news sites that like to berate China over practices that the West too harbours, but always under plausible denial clauses.

For those who have not seen the widely-syndicated and discussed report from Heise (or The H), in English the summary says: “A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs.”

“The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data.”
      –The H
As the article in The H puts it: “Anyone who uses Skype has consented to the company reading everything they write. The H’s associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

“A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service.”

Microsoft’s excuses didn’t pass muster (the security excuse for surveillance, where all they can really test for is a redirection). “In summary,” says the author, “The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data.”

And from the comments we learn it’s worse than The H originally put it: “We tested it at mooncascade.com. I can confirm there is correlation between URL-s in Skype chats and web server access logs with traces from Redmond. There are both https and http accesses.”

Another commenter says:

So much about the “AES encryption” Skype promisses:

> All Skype-to-Skype voice, video, and instant message conversations
> are encrypted. This protects you from potential eavesdropping by
> malicious users.
>
> (https://support.skype.com/en/faq/FA31/does-skype-use-encryption)

Aparently, this falls into the same category as “McDonalds food is
healty and tastes good”.

This whole debate, unfortunately, misses a key point; not just text conversations are being tracked but voice ones (relayed through US infrastructure) — the bread and butter of Skype — are also being tracked and Skype as a binary ensures not only that Windows is hijackable, as we showed before, but that all platforms are rendered hijackable when Skype is running in the background (Skype has no intention of addressing these issues). The debate should be altered to take account of these much greater threats. By the way, on Windows it doesn’t even take Skype to hijack a computer; Microsoft has just admitted that exploits in the wild exist that help hijack Windows through a built-in program and there is also software that lets people’s Facebook accounts get hijacked through Windows, including on Vista 8 (the operating system which hardly sells, leading Microsoft to lies and inexcusable disinformation).

“A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture.”
      –Gizmodo
The Free Software Foundation has long been campaigning against Skype, even before Microsoft took over. GNU/Linux with SKype binaries is just about as compromisable as other platforms. The weakest link counts. It is worth noting that even a Windows developer admits that Windows is inferior to Linux, stirring up further debate. As Gizmodo put it: “Right now, somewhere on the internet, there is a flame war occurring between devotees of Linux and Windows. It’s just the nature of passionate software evangelism. A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture.”

At Microsoft, backdoors are not a bug; sometimes they are a feature. Since nobody among the users can inspect the code or thoroughly interpret the binaries, it’s hard to remove the backdoors, let alone prove their existence.

“You assist an evil system most effectively by obeying its orders and decrees. An evil system never deserves such allegiance. Allegiance to it means partaking of the evil. A good person will resist an evil system with his or her whole soul.”Mahatma Gandhi

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 16/1/2017: Linux 4.10 RC4, Linux Mint 18.1 'Serena' KDE Edition Beta

    Links for the day



  2. 'Financial Director' Publishes Fake News About the Unitary Patent (UPC)

    Response to some of the latest UPC propaganda, which strives to misinform Financial Directors so as to enrich the author and his firm



  3. Independent and Untainted Web Sites About Patents Are Still Few and Rare

    Commentary about news sources that we rely on, as well as the known pitfalls or the vested interests deeply ingrained in them



  4. The 20% Rule: Patent Trolling Suffers Double-Digit Declines and Patent Troll Technicolor is Collapsing

    Significant demise or total catastrophe for the modus operandi (method) of going after companies with a pile of patents and threats of litigation



  5. US Supreme Court Did Not End Apple's Patent Disputes Over Android (Linux), More Cases Imminent

    An overview of some very recent news regarding the highest court in the United States, which has been dealing with cases that can determine the fate of Free/Open Source software in an age of patent uncertainty and patent thickets surrounding mobility



  6. Links 15/1/2017: Switching From OS X to GNU/Linux, Debian 8.7 Released

    Links for the day



  7. Number of New Patent Cases in the US Fell 25% Last Year, Thanks in Part to the Demise of Software Patent Trolls

    Litigation and prosecutions that rely on patents (failure to resolve disputes, e.g. by sharing ideas, out of court) is down very sharply, in part because firms that make nothing at all (just threaten and/or litigate) have been sinking after much-needed reform



  8. America Invents Act Improved Patent Quality, But Right Wingers Threaten to Make It Worse Again

    The past half a decade saw gradual improvement in assessment of patents in the United States, but there is a growing threat and pressure from the patent microcosm to restore patent maximalism and chaos



  9. PTAB -- Not Deterred by Courts -- Continues to Invalidate a Lot of Software Patents

    The Patent Trial and Appeal Board (PTAB) continues to make progress reforming the patent system by eliminating a lot of patents and setting an example (or new standards) for what is patent-eligible after Alice



  10. EPO Abuses Come Under Fire From Politicians in Luxembourg

    Luxembourg is the latest nation in which concerns about the EPO's serious abuses are brought up not only by the media but also by politicians



  11. Constitutionality as a Barrier and Brexit Barriers to UPC Keep the Whole Pipe Dream Deadlocked

    The UPC is still going nowhere fast, but the demise (or death) of the UPC as we know it must not be taken for granted



  12. Links 14/1/2017: Wine 2.0 RC5 and AryaLinux 2017 Released

    Links for the day



  13. Links 13/1/2017: Linux 4.9.3 and Linux 4.4.42

    Links for the day



  14. Brexit Means No UPC (Unified Patent Court)

    Now that Jo Johnson, Boris Johnson's brother, is officially declared the new minister for intellectual property in the UK everything that Lucy Neville-Rolfe wrote is as solid as paper bag on a rainy London day



  15. Patent Trolls and Software Patents: CloudTrade, Patent Practitioners Density, and Via Licensing

    Software patents armament from a British company, charted concentration of the patent microcosm in the United States, and US-leaning patent trolls that prey on China



  16. Patent Maximalism -- Like Copyright Maximalism -- Relies on Misconceptions and Mass Deception

    The latest examples of discussions about patent scope, courtesy of those looking to benefit financially by pushing such monopolies to the max



  17. Software Patents Still Promoted by IBM and Its Lobbyist (and Former Employee) David Kappos, in Defiance of Much-Needed US Patent Reform

    While the corporate media celebrates IBM as though it's some kind of 'champion' for hoarding patents that it then uses to attack companies which actually grow



  18. Brexit/Trump Effect: Patent Systems With Institutional Corruption and Nepotism

    Rumours about Britain's head of patents (and copyrights etc.) being the brother of the Brexit campaigner and Foreign Minister; meanwhile, on the other side of the Atlantic, rumours suggest that the corrupt judge Rader might be the next head of patents in the United States



  19. Links 11/1/2017: X.Org Server 1.19.1, GitHub's Atom 1.13

    Links for the day



  20. The Patent Microcosm is Already Sucking up to Donald Trump in an Effort to Enrich Itself at Everyone's Expense

    Four new examples of patent maximalists embracing/adopting the pseudo-populist slogan to advance their goals of increasing litigation (which they profit from) and undermining PTAB (which made patents great in the quality sense)



  21. Patent Quality in the United States Can Only be Assessed at the Patent Trial and Appeal Board (PTAB) and the Courts

    The travesty of patent offices in the US and China, where the goal or the accomplishment is measured in terms of the number of patents rather than their quality



  22. Gradual Collapse of Microsoft's Extensive (and External) Patent Trolling Operations

    The President of Microsoft Technology Licensing LLC (patent troll) leaves and the founder of Intellectual Ventures, Microsoft's largest peripheral patent troll, joins Sherpa Technology



  23. No End to Battistelli's Witch-hunts Against the Media, Against Staff, and Against Politicians

    Rumours about the fate of people who are (or have been) criticising Battistelli's reign of terror at the EPO



  24. Links 10/1/2017: Synfig 1.2, Kodachi Linux 3.7

    Links for the day



  25. With Help From the US Supreme Court (Key Cases), Patent Trolls Are Going Away

    The demise of patent trolls in the United States, a trend partly attributable to Alice and other Supreme Court decisions, will likely accelerate soon (later this year) as the future of the Eastern District of Texas courts is at stake



  26. Patent Maximalism on Display: Patent Aggressor IBM Celebrated in the Media

    The patent lust at IBM, which is suing if not just shaking down companies using software patents, earns plenty of puff pieces from the corporate media



  27. FFPE-EPO, the EPO Management's Pet/Yellow Union, Helps Union-Busting (Against SUEPO) in Letter to Notorious Vice-President

    In a letter to Elodie Bergot (as CC) and Željko Topić, who faces many criminal investigations, FFPE-EPO ringleaders reveal their allegiance not to EPO staff but to those who perpetually attack the staff



  28. Links 9/1/2017: Civilization VI Coming to GNU/Linux, digiKam 5.4.0 Released

    Links for the day



  29. Links 9/1/2017: Dell’s Latest XPS 13, GPD Pocket With GNU/Linux

    Links for the day



  30. Update on Patent Trolls and Their Enablers: IAM, Fortress, Inventergy, Nokia, MOSAID/Conversant, Microsoft, Intellectual Ventures, Faraday Future, A*STAR, GPNE, AlphaCap Ventures, and TC Heartland

    A potpourri of reports about some of the world’s worst patent trolls and their highly damaging enablers/facilitators, including Microsoft which claims that it “loves Linux” whilst attacking it with patents by proxy


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts