Bonum Certa Men Certa

Microsoft Skype Messaging Surveillance Not the Main Issue, Audio Recording (Bugging) and Computer Hijacking Are

Nokia phone



Summary: Debates about the dangers of Skype focus on one of the least dangerous aspects of Skype

THE PROBLEM with Skype is not quite what The H focuses on. Microsoft claims to be scanning people's conversations to mitigate the threat of phishing scams and such, but this doesn't quite compute unless they only ever test for redirections in HEAD. To say that Skype is tracking people's conversations would not be shocking because even years ago (before Skype was taken up by Microsoft and the NSA) China was given access to text conversations for censorship purposes (similar to security purposes in the practical sense). This is well documented in news sites, especially in Western news sites that like to berate China over practices that the West too harbours, but always under plausible denial clauses.



For those who have not seen the widely-syndicated and discussed report from Heise (or The H), in English the summary says: "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

“The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data.”
      --The H
As the article in The H puts it: "Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

"A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service."

Microsoft's excuses didn't pass muster (the security excuse for surveillance, where all they can really test for is a redirection). "In summary," says the author, "The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data."

And from the comments we learn it's worse than The H originally put it: "We tested it at mooncascade.com. I can confirm there is correlation between URL-s in Skype chats and web server access logs with traces from Redmond. There are both https and http accesses."

Another commenter says:

So much about the "AES encryption" Skype promisses:

> All Skype-to-Skype voice, video, and instant message conversations > are encrypted. This protects you from potential eavesdropping by > malicious users. > > (https://support.skype.com/en/faq/FA31/does-skype-use-encryption)

Aparently, this falls into the same category as "McDonalds food is healty and tastes good".


This whole debate, unfortunately, misses a key point; not just text conversations are being tracked but voice ones (relayed through US infrastructure) -- the bread and butter of Skype -- are also being tracked and Skype as a binary ensures not only that Windows is hijackable, as we showed before, but that all platforms are rendered hijackable when Skype is running in the background (Skype has no intention of addressing these issues). The debate should be altered to take account of these much greater threats. By the way, on Windows it doesn't even take Skype to hijack a computer; Microsoft has just admitted that exploits in the wild exist that help hijack Windows through a built-in program and there is also software that lets people's Facebook accounts get hijacked through Windows, including on Vista 8 (the operating system which hardly sells, leading Microsoft to lies and inexcusable disinformation).

“A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture.”
      --Gizmodo
The Free Software Foundation has long been campaigning against Skype, even before Microsoft took over. GNU/Linux with SKype binaries is just about as compromisable as other platforms. The weakest link counts. It is worth noting that even a Windows developer admits that Windows is inferior to Linux, stirring up further debate. As Gizmodo put it: "Right now, somewhere on the internet, there is a flame war occurring between devotees of Linux and Windows. It’s just the nature of passionate software evangelism. A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture."

At Microsoft, backdoors are not a bug; sometimes they are a feature. Since nobody among the users can inspect the code or thoroughly interpret the binaries, it's hard to remove the backdoors, let alone prove their existence.

"You assist an evil system most effectively by obeying its orders and decrees. An evil system never deserves such allegiance. Allegiance to it means partaking of the evil. A good person will resist an evil system with his or her whole soul." --Mahatma Gandhi

Recent Techrights' Posts

Fresh IBM Layoffs Reported in Europe and North America, Jobs Allegedly Moved to South Asia (Low Salaries)
As usual, IBM does not talk about this
Microsoft Has Not Much Left to Show Investors, Shares Fall Almost 20%
It's not even clear how Microsoft makes money anymore
The Fall of the Open Source Initiative (OSI): The OSI Election is Rigged, Biased Against People Who Oppose the Openwashing of GPL-Violating Bots Operated by Microsoft for Profit (OSI Gets Paid to Promote This)
they reckon that pretence of calm would serve them best, helped by puff pieces
In Vietnam, statCounter Sees Microsoft Windows Falling Below 7% "Market Share"
Can Microsoft still demand $500 or more per Windows licence?
 
Links 11/03/2025: NASA Besieged and "DOGE Has Become What It Claimed To Destroy"
Links for the day
Illuminating Injustice is Critical When Reckless Microsofters and Law Firms Try to Silence Reporters of Violence Against Women
I want to clarify that I'm well within my right (and not running afoul of any rules) by explaining what goes on here
EPO Central Staff Committee: "The Strategy of the Office Lacks Transparency and Cannot be Understood"
Microsoft and the EPO violate data protection laws
Links 11/03/2025: Spring and Misfin Server
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 10, 2025
IRC logs for Monday, March 10, 2025
Latvia (and Lithuania) Stepping Away From GAFAM, Microsoft
Windows becomes unessential as Android and GNU/Linux rise
Microsoft Layoffs Are Infectious (Don't Get Acquired or Become a Partner)
It seems like companies choosing to become "buddies" with Microsoft are dooming themselves and their products
A Closer Look Inside the EPO, Courtesy of Benoît Battistelli's Submissive Lapdogs Roberta Romano-Götsch and Elodie Bergot
new report comes from the Local Staff Committee Munich (LSCMN)
Links 10/03/2025: Staff Strikes, Mass Layoffs in Gaming Industry
Links for the day
Gemini Links 10/03/2025: "Eat The Rich" and Two-Year Anniversary of the 'Space Elevator' Orbit (Like 'Webring')
Links for the day
Links 10/03/2025: Small Web Praised, LLM Chatbots Exposed as Worse Than Useless Again
Links for the day
A Call for GNU/Linux and BSD Developers to Unite Against GAFAM and the Regime They Empower
We have long encouraged and continue to encourage people who value Software Freedom to altogether boycott GAFAM
The Ludicrous Mythology of Commonality as Signal of Value, Merit, Popularity
Devalue what's true, promote marketing?
[Video] Richard Stallman on the Four Essential Freedoms (Manuel Cuda News, 2025)
Added to a channel several days ago by Manuel Cuda News
Gemini Links 10/03/2025: Realisation About Young People, Punks, and Discord IPO
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 09, 2025
IRC logs for Sunday, March 09, 2025
[Video] Richard Stallman on Understanding the Misconception of So-called 'Artificial Intelligence'
to "know and understand"
FSF's Defective by Design (DBD): Amazon Tightens the Digital Handcuffs
Reproduced verbatim
The Fall of the Open Source Initiative (OSI): Plenty of Issues, Plenty of Censorship
The OSI is abusive on many levels!
EPO Staff Appraisals Apparently Benefit Kakistocracy, Including Cheaters Who Grant Illegal Patents and Punish Good Patent Examiners (Who Find Valid Reasons for Denials)
In prior reports the staff representatives said that rewards typically went to people who granted many patents, i.e. didn't do proper examination and instead just allowed many fake patents get enshrined as EPs, causing fiasco (from which some patent attorneys could profit)
As The Web Gets Drowned Out, Sinking in a Pool of LLM Slop, Real News Sites With Real News Become Increasingly Rare If Not Extinct
This is a real problem
Links 09/03/2025: Moderna Patents Thrown Out, Climate United Sues E.P.A.
Links for the day
Gemini Links 09/03/2025: Lagrange 1.18.5 and Writing Mannerisms
Links for the day
Links 09/03/2025: FiveThirtyEight Killed by Disney, Nature (Journal) Chooses Suicide by Slop
Links for the day
Links 08/03/2025: International Women's Day, Software Patents Being Squashed
Links for the day
Hiding Problems Doesn't Work
transparent organisations will be more stable and sustainable
The Harder They Try to Censor, the Bigger the Scandal (and the Impact) Will Be
We don't plan to self-censor our coverage; sometimes we just delay publication a little
Gemini Links 09/03/2025: Leasehold Derangement Syndrome, Raspberry Pi, and More
Links for the day
All-Time Low for Microsoft in Africa
it helps show how irrelevant Microsoft is becoming
French woman (frontaliere) trafficked to promote unauthorised cross border Swiss insurance
Reprinted with permission from Daniel Pocock
New York Times & Guardian reporting on Modern Slavery Act prosecution of Glodi Wabelua
Reprinted with permission from Daniel Pocock
Diana & Adrian von Bidder-Senn, EVP, Palm Sunday & Debian death on wedding day
Reprinted with permission from Daniel Pocock
The RTO (Return-to-office) Layoffs or 'Soft' Layoffs at IBM and Red Hat
There are certainly many layoffs going on there, but many are described as "resignations" or "retirements" after RTO or some other form of relocation
Under the Pen Name "John O'Donnell" (LLM Slop, Not Real Article or Author) LinuxLinks Pushes Spammy Page
it happened some hours ago.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 08, 2025
IRC logs for Saturday, March 08, 2025