Skype is Stalin’s dream
Summary: Microsoft’s response to allegations that Skype is spying on all users is full of holes
Sometimes, albeit not always, silence is better than anything else. For Microsoft, keeping quiet amid the latest controversy would probably have worked out better.
Jürgen Schmidt, writing for the German technology press, contributes to a London-based branch to defend allegations against Microsoft Skype — allegations we wrote about before. He writes: “The next question is: how does Microsoft intend to rate a page without knowing its content? Potential explanations referring to a reputation database are not valid if no reference data is available for the pages – as was the case with the URLs that were specially generated for our test. Neither are we convinced by the suggestion that the only purpose of the HEAD request is to discover potential redirections to known malicious pages. Firstly, such a redirection could also be triggered in the HTML code that has not been retrieved (meta http-equiv=”refresh”), and secondly, many web pages embed the actual malware code via iFrame tags – which is not included in the HEAD data either.
“Microsoft should at least document the use of these surveillance techniques…”
–Jürgen Schmidt“Finally, the use of the SmartScreen Filter technique is documented, for example in Internet Explorer, and users can choose to disable it. Not so in Skype. There is no concrete information to suggest that SmartScreen filters are being used in Skype chats, and Skype users have no way of declining the use of this surveillance technique.
“Despite all this, it is likely that the observed access activity is connected to some form of security feature. However, if this is the case, the feature has been poorly implemented. It has very few potential benefits – especially in view of the rather substantial invasion of users’ privacy. After all, Microsoft purposefully accesses even personal information that is not intended for third parties – such as the URL to a private photo album of a family trip that is sent to mum – and then stores this information on its systems. Microsoft should at least document the use of these surveillance techniques and provide users with the option to decline the well-intended security measure.”