Bonum Certa Men Certa

Microsoft Skype Messaging Surveillance Not the Main Issue, Audio Recording (Bugging) and Computer Hijacking Are

Nokia phone



Summary: Debates about the dangers of Skype focus on one of the least dangerous aspects of Skype

THE PROBLEM with Skype is not quite what The H focuses on. Microsoft claims to be scanning people's conversations to mitigate the threat of phishing scams and such, but this doesn't quite compute unless they only ever test for redirections in HEAD. To say that Skype is tracking people's conversations would not be shocking because even years ago (before Skype was taken up by Microsoft and the NSA) China was given access to text conversations for censorship purposes (similar to security purposes in the practical sense). This is well documented in news sites, especially in Western news sites that like to berate China over practices that the West too harbours, but always under plausible denial clauses.



For those who have not seen the widely-syndicated and discussed report from Heise (or The H), in English the summary says: "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

“The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data.”
      --The H
As the article in The H puts it: "Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

"A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service."

Microsoft's excuses didn't pass muster (the security excuse for surveillance, where all they can really test for is a redirection). "In summary," says the author, "The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data."

And from the comments we learn it's worse than The H originally put it: "We tested it at mooncascade.com. I can confirm there is correlation between URL-s in Skype chats and web server access logs with traces from Redmond. There are both https and http accesses."

Another commenter says:

So much about the "AES encryption" Skype promisses:

> All Skype-to-Skype voice, video, and instant message conversations > are encrypted. This protects you from potential eavesdropping by > malicious users. > > (https://support.skype.com/en/faq/FA31/does-skype-use-encryption)

Aparently, this falls into the same category as "McDonalds food is healty and tastes good".


This whole debate, unfortunately, misses a key point; not just text conversations are being tracked but voice ones (relayed through US infrastructure) -- the bread and butter of Skype -- are also being tracked and Skype as a binary ensures not only that Windows is hijackable, as we showed before, but that all platforms are rendered hijackable when Skype is running in the background (Skype has no intention of addressing these issues). The debate should be altered to take account of these much greater threats. By the way, on Windows it doesn't even take Skype to hijack a computer; Microsoft has just admitted that exploits in the wild exist that help hijack Windows through a built-in program and there is also software that lets people's Facebook accounts get hijacked through Windows, including on Vista 8 (the operating system which hardly sells, leading Microsoft to lies and inexcusable disinformation).

“A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture.”
      --Gizmodo
The Free Software Foundation has long been campaigning against Skype, even before Microsoft took over. GNU/Linux with SKype binaries is just about as compromisable as other platforms. The weakest link counts. It is worth noting that even a Windows developer admits that Windows is inferior to Linux, stirring up further debate. As Gizmodo put it: "Right now, somewhere on the internet, there is a flame war occurring between devotees of Linux and Windows. It’s just the nature of passionate software evangelism. A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture."

At Microsoft, backdoors are not a bug; sometimes they are a feature. Since nobody among the users can inspect the code or thoroughly interpret the binaries, it's hard to remove the backdoors, let alone prove their existence.

"You assist an evil system most effectively by obeying its orders and decrees. An evil system never deserves such allegiance. Allegiance to it means partaking of the evil. A good person will resist an evil system with his or her whole soul." --Mahatma Gandhi

Recent Techrights' Posts

GNU/Linux is 486 in Ireland
4.86% that is
"Secure Boot" is a Security Problem, Not a Solution
These people don't try to improve security but to undermine security
Don't Talk to Bullies
This serious matter is still being examined by British authorities
 
Links 18/08/2025: LLM Reputation Damaged, Australia Catches Google Foul Play
Links for the day
Geeks Like GNU/Linux
The technical community seems to be consolidating and rallying around GNU/Linux
End of Reliable Media
it makes the world a worse place, it renders the Web a misinformation machine
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, August 17, 2025
IRC logs for Sunday, August 17, 2025
GitHub Won't Last Much Longer
Many things at Microsoft are going to go the way of the Skype (or "dodo"). GitHub will be among those.
We've Never Used Large Language Model (LLM)
we just never used an LLM
Gemini Links 18/08/2025: Retro and Endless Escape from the WWW
Links for the day
Working Whilst Away From Home
Decades ago being away meant all sorts of problems associated with workflows and connectivity
The Next Version of Windows Will Always be the Best (for Microsoft)
It's worse and slower over time
"End of the Smartphone Era" According to Jeffrey Epstein's Key Enabler
They call it "sour grapes"
Microsoft's Windows in Gabon: Still Moving Down
What is this Unknown? Who knows...
Links 17/08/2025: Strike Downs Air Canada, Postmortems of Putin's Red Carpet Summit
Links for the day
Links 17/08/2025: Slow Tools and Enshittification of YouTube
Links for the day
Links 17/08/2025: "The Performance of Power" and "My Undesirable Friends"
Links for the day
Growing Our Reach
Our goal was never "hits"
The Russian Vision of Technology
Russia's surveillance is very extensive
Sooner or Later Almost Everyone Will Know "AI" is Just a Go-To, Misused, Misapplied, and Grossly Overused Term of Liars and Con Jobs Who Ride a Ponzi Scheme
At the expense of people gullible enough to "invest" in this or take salaries/bonuses in the form of "stock" (tied to a Ponzi scheme)
The Register MS Has Begun Using Slop Images
It's not clear when it started; but it's definitely getting worse [...] Worst of all are 'articles' about slop that are themselves slop
Reddit Funded by Microsoft
Reddit is merely a filter and we knows who controls that filter (using money)
When It Comes to Technology, Mozilla and Firefox Are Illiberal
Last month in Planet Debian we saw one more person explaining to everyone how to "turn off" DRM in Firefox and hide the pop-up/s
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, August 16, 2025
IRC logs for Saturday, August 16, 2025
The Open Source Initiative Has Many Scandals, We'll Try to Summarise Them All
Open Source Initiative (OSI) hates facts
Open Source Initiative (OSI), Wikipedia, Molly De Blanc, and Censorship/Reputation Laundering
OSI is like SPLC. The old name remains, the mission changed
Gemini Links 17/08/2025: Misunderstanding "Geminiverse" and Let's Encrypt
Links for the day
Links 17/08/2025: Breaches, Layoffs, and Scams
Links for the day
The Case for Software Freedom in Europe Becomes Stronger as GAFAM and the US Become Allies of Those Who Invade Europe
"One would think that both sides of the pond would be very interested in this valuable commons and work to not just protect it but cultivate it further, rather than work to saw the legs from under it by advancing software patents instead."
Slopwatch: Google News, LinuxSecurity, LinuxBSDos.com, and Garbage From Brian Fagioli
nowadays when people search the Web or when one researches some topic (looking not just for news in Google News) one is increasingly likely to land on a fake 'article' spewed out by some Microsoft LLM
Gemini Links 16/08/2025: Back After Hiatus and News Aggregators in Geminispace
Links for the day
Links 16/08/2025: mRNA Being Abandoned, Putin Plant Flags in Alaska, Faces No Sanctions
Links for the day
Links 16/08/2025: Science Besieged, Confidentiality Standards Breached
Links for the day
Links 16/08/2025: Loners and Vacation, Climate Issues
Links for the day
Links 16/08/2025: Chatbots Bad for Kids, Software Patents Apple Battle
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, August 15, 2025
IRC logs for Friday, August 15, 2025
Slopwatch: WebProNews and Google News Promoting Fake Articles About "Linux"
Google News is being flooded by these slopfarms, so when Linux news is being sought online (via Google News) many people will read bots that spew out FUD
Original European Patent Convention (EPC, 1973), Routinely Violated by the European Patent Office, Now in Geminispace
hundreds of thousands of European Patents must be immediately revoked
Gemini Links 16/08/2025: Politics and Alhena 5.2.8
Links for the day