Bonum Certa Men Certa

Microsoft Skype Messaging Surveillance Not the Main Issue, Audio Recording (Bugging) and Computer Hijacking Are

Nokia phone



Summary: Debates about the dangers of Skype focus on one of the least dangerous aspects of Skype

THE PROBLEM with Skype is not quite what The H focuses on. Microsoft claims to be scanning people's conversations to mitigate the threat of phishing scams and such, but this doesn't quite compute unless they only ever test for redirections in HEAD. To say that Skype is tracking people's conversations would not be shocking because even years ago (before Skype was taken up by Microsoft and the NSA) China was given access to text conversations for censorship purposes (similar to security purposes in the practical sense). This is well documented in news sites, especially in Western news sites that like to berate China over practices that the West too harbours, but always under plausible denial clauses.



For those who have not seen the widely-syndicated and discussed report from Heise (or The H), in English the summary says: "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

“The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data.”
      --The H
As the article in The H puts it: "Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

"A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service."

Microsoft's excuses didn't pass muster (the security excuse for surveillance, where all they can really test for is a redirection). "In summary," says the author, "The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data."

And from the comments we learn it's worse than The H originally put it: "We tested it at mooncascade.com. I can confirm there is correlation between URL-s in Skype chats and web server access logs with traces from Redmond. There are both https and http accesses."

Another commenter says:

So much about the "AES encryption" Skype promisses:

> All Skype-to-Skype voice, video, and instant message conversations > are encrypted. This protects you from potential eavesdropping by > malicious users. > > (https://support.skype.com/en/faq/FA31/does-skype-use-encryption)

Aparently, this falls into the same category as "McDonalds food is healty and tastes good".


This whole debate, unfortunately, misses a key point; not just text conversations are being tracked but voice ones (relayed through US infrastructure) -- the bread and butter of Skype -- are also being tracked and Skype as a binary ensures not only that Windows is hijackable, as we showed before, but that all platforms are rendered hijackable when Skype is running in the background (Skype has no intention of addressing these issues). The debate should be altered to take account of these much greater threats. By the way, on Windows it doesn't even take Skype to hijack a computer; Microsoft has just admitted that exploits in the wild exist that help hijack Windows through a built-in program and there is also software that lets people's Facebook accounts get hijacked through Windows, including on Vista 8 (the operating system which hardly sells, leading Microsoft to lies and inexcusable disinformation).

“A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture.”
      --Gizmodo
The Free Software Foundation has long been campaigning against Skype, even before Microsoft took over. GNU/Linux with SKype binaries is just about as compromisable as other platforms. The weakest link counts. It is worth noting that even a Windows developer admits that Windows is inferior to Linux, stirring up further debate. As Gizmodo put it: "Right now, somewhere on the internet, there is a flame war occurring between devotees of Linux and Windows. It’s just the nature of passionate software evangelism. A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture."

At Microsoft, backdoors are not a bug; sometimes they are a feature. Since nobody among the users can inspect the code or thoroughly interpret the binaries, it's hard to remove the backdoors, let alone prove their existence.

"You assist an evil system most effectively by obeying its orders and decrees. An evil system never deserves such allegiance. Allegiance to it means partaking of the evil. A good person will resist an evil system with his or her whole soul." --Mahatma Gandhi

Recent Techrights' Posts

You Should Probably Self-Host Your E-mail and Never Use a Web Browser for Mail
Does anyone still believe Gmail is "free"?
StatCounter Shows the Market Share of Vista 11 is Decreasing in Ukraine This Year
Microsoft abandoning Vista 10 users would be a victory for Vladimir Putin
The "Gold" Rule: Taking Money for Reputation Laundering and Openwashing Under the "Linux" Banner
Seller of expensive toilet paper, Jim Zemlin
LLM Slop Says Slop is "coming for white-collar jobs. Microsoft’s layoffs are just the start"
Look what the Web has become
Reporting Facts About Violence Against Women Deserves Awards, Not Frivolous Lawsuits and Threats
What is Microsoft's stance on women's safety?
Linux.com as Spamfarm of the Linux Foundation, Partner of the Gates Foundation
They no longer publish articles
Slopwatch: The Typical Slopfarms and the 'Brian Fagioli Dilemma'
To the Web and to society (exposed to the Web) LLMs are a net negative
 
Trump Authority (CA) With a Trump NSA is All About Security, But Whose?
A "turnkey tyranny", as the NSA whistleblower Thomas Drake loved to call it
Confirming IBM Shutdowns and Layoffs Today
It's not over yet
Gemini Links 16/04/2025: The 2010s Are Calling and Why "Tools Will Not Liberate Us"
Links for the day
Links 16/04/2025: Cliff Lynch RIP, More Attacks on Science (NASA)
Links for the day
Google Promotes Fake Articles (LLM Slop) Instead of Originals, Relaying Microsoft's Linux FUD Emanating From Microsoft LLMs
Shame on Google for participating in the slopfest
In Some Countries the Largest OEMs Already Dump Microsoft Windows
Windows at 18.9%, Android 60.2%
Microsoft Down From 100% to 10% in Myanmar/Burma
only about 4% of Web requests in Myanmar/Burma come from Vista 11, soon to be the only "supported" version of Windows
When Fedora Said It Was Looking to Integrate "AI" It Meant Promoting Microsoft's Proprietary Spyware and GPL-Violating Slop
When they say "AI" they mean Microsoft
It Used to be IBM, Now It's Microsoft (Why You Need to Fire Microsofters or CIOs Working for Microsoft)
Typically the only effective solution is to identity and remove Microsofters from one's project/organisation (before they can bring more Microsofters in)
IBM Closes Offices and Labs in the United States to Open New Ones in India
It's not layoffs per se; they're substituting/swapping veteran employees for lesser-paid ones
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 15, 2025
IRC logs for Tuesday, April 15, 2025
Gemini Links 16/04/2025: IndieWeb Carnival, Tinylog RFC, "Focus, the Web and Gemini"
Links for the day
Links 15/04/2025: Touchable Volumetric Display and Resistance to American Spying Firms
Links for the day
Links 15/04/2025: Some People Cannot Read and Re-discovering of 'Web 1.0'
Links for the day
Links 15/04/2025: China Admits Targetting Critical Infrastructure Using CALEA Back Doors, NASCAR Cracked by Windows Usage
Links for the day
Why We Support Carole Cadwalladr (Even If We Don't Agree With Everything She Said)
I first became aware of Cadwalladr's work a long time ago
Microsoft's Serial Strangler Chose to Attack Techrights With SLAPP When Over 400 Victims of Mohamed Al Fayed Complained About Media's Role in Enabling Him
There is a strong element of "free press" here
A Coalition or a Coup of Sexism
In the Free software community it's hard to avoid this issue
statCounter Sees GNU/Linux at New High of 6% in Bosnia and Herzegovina
GNU/Linux is measured at all-time high
To Celebrate Git Turning 20 Linus Torvalds is 'Selling Out' to Microsoft and Proprietary Software Which Attacks Git (E.E.E.)
He makes it seem like he's endorsing his attackers
Gemini Protocol Milestone (3,000 Active Capsules)
and a total of nearly 4,500
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, April 14, 2025
IRC logs for Monday, April 14, 2025
Gemini Links 14/04/2025: Silver Pigs and more Foundation, Disliking Computers
Links for the day
Hundreds of Microsoft Layoffs (Net Headcount Decrease) in the United Kingdom
headcount decreased
Links 14/04/2025: Russian Attack on Sumy Shows No Intention of Peace, Virgin Australia Admits Overcharging People
Links for the day
The Dilemma of Web Browsers Lying About What They Are (in Order to Bypass Discriminatory Gateways Like Clownflare) Worsens Due to LLM Slop
LLM crawlers/scrapers have made sites more restrictive and hostile towards browsers that are potent but not "famous"
What Really Matters to Companies is Net Income or Profit (Bankruptcy is Possible Even With High Revenue)
We ought to stop talking about revenue without focusing on actual profit
Carole Cadwalladr Talks About How Big Business Tried to Silence Her (and Why You Might be Next)
Our story is very different from Cadwalladr's for many reasons
Companies Conspiring to Keep Salaries Down and Undermine Competition
People who do all the practical work are being paid less and made to work for much longer
Links 14/04/2025: Disinformation, Public Disdain for LLMs, and "Lessons on Tyranny"
Links for the day
LLM Slop and SEO SPAM Take Us Further Away From Facts (the Case of IBM Layoffs)
Some of these can impact Red Hat as well
Gemini Links 14/04/2025: Ween and Historic Ada Project Management
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 13, 2025
IRC logs for Sunday, April 13, 2025
Influencers: Red Hat, Inc's IPO, 1999, post-mortem on the directed share offer to open source developer community
Reprinted with permission from Daniel Pocock