Bonum Certa Men Certa

Microsoft Skype Messaging Surveillance Not the Main Issue, Audio Recording (Bugging) and Computer Hijacking Are

Nokia phone



Summary: Debates about the dangers of Skype focus on one of the least dangerous aspects of Skype

THE PROBLEM with Skype is not quite what The H focuses on. Microsoft claims to be scanning people's conversations to mitigate the threat of phishing scams and such, but this doesn't quite compute unless they only ever test for redirections in HEAD. To say that Skype is tracking people's conversations would not be shocking because even years ago (before Skype was taken up by Microsoft and the NSA) China was given access to text conversations for censorship purposes (similar to security purposes in the practical sense). This is well documented in news sites, especially in Western news sites that like to berate China over practices that the West too harbours, but always under plausible denial clauses.



For those who have not seen the widely-syndicated and discussed report from Heise (or The H), in English the summary says: "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

“The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data.”
      --The H
As the article in The H puts it: "Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

"A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service."

Microsoft's excuses didn't pass muster (the security excuse for surveillance, where all they can really test for is a redirection). "In summary," says the author, "The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data."

And from the comments we learn it's worse than The H originally put it: "We tested it at mooncascade.com. I can confirm there is correlation between URL-s in Skype chats and web server access logs with traces from Redmond. There are both https and http accesses."

Another commenter says:

So much about the "AES encryption" Skype promisses:

> All Skype-to-Skype voice, video, and instant message conversations > are encrypted. This protects you from potential eavesdropping by > malicious users. > > (https://support.skype.com/en/faq/FA31/does-skype-use-encryption)

Aparently, this falls into the same category as "McDonalds food is healty and tastes good".


This whole debate, unfortunately, misses a key point; not just text conversations are being tracked but voice ones (relayed through US infrastructure) -- the bread and butter of Skype -- are also being tracked and Skype as a binary ensures not only that Windows is hijackable, as we showed before, but that all platforms are rendered hijackable when Skype is running in the background (Skype has no intention of addressing these issues). The debate should be altered to take account of these much greater threats. By the way, on Windows it doesn't even take Skype to hijack a computer; Microsoft has just admitted that exploits in the wild exist that help hijack Windows through a built-in program and there is also software that lets people's Facebook accounts get hijacked through Windows, including on Vista 8 (the operating system which hardly sells, leading Microsoft to lies and inexcusable disinformation).

“A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture.”
      --Gizmodo
The Free Software Foundation has long been campaigning against Skype, even before Microsoft took over. GNU/Linux with SKype binaries is just about as compromisable as other platforms. The weakest link counts. It is worth noting that even a Windows developer admits that Windows is inferior to Linux, stirring up further debate. As Gizmodo put it: "Right now, somewhere on the internet, there is a flame war occurring between devotees of Linux and Windows. It’s just the nature of passionate software evangelism. A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture."

At Microsoft, backdoors are not a bug; sometimes they are a feature. Since nobody among the users can inspect the code or thoroughly interpret the binaries, it's hard to remove the backdoors, let alone prove their existence.

"You assist an evil system most effectively by obeying its orders and decrees. An evil system never deserves such allegiance. Allegiance to it means partaking of the evil. A good person will resist an evil system with his or her whole soul." --Mahatma Gandhi

Recent Techrights' Posts

In Central African Republic Windows Has Pretty Much Fallen to Zero
We need to focus on Software Freedom
Microsoft Windows Down to 8.5% in South Africa
South Africa and Egypt are strategic in Africa
New Series: A Deep Dive Into the Severe Corruption of the Open Source Initiative (OSI), Nowadays a Front Group and Lobbyist of Microsoft
There's a lot to show
Doing Free Software for a Living in an Era or a Time of Abundance of Code (and Fast Internet to Pass It Around Freely) or Writing When the Web is Attacked by LLM Slop
Tailoring code to needs is the key
The UEFI hype and Microsoft's lies
By Sami Tikkanen
 
Gemini Links 03/03/2025: Copyrights, GrapheneOS, and SpaceBeans
Links for the day
Links 03/03/2025: Europe Rallies Behind Ukraine, Measles Flourishes in US Again
Links for the day
After Fund-raising Campaign the Free Software Foundation Still Raises About $13,000 Per Week (Without Campaigning for New Donors/Members)
Richard Stallman in the Board is not a liability
Links 03/03/2025: 'Monetisation' Myth' and Microsoft's LLMs Helping Criminals
Links for the day
The New Series About the Open Source Initiative (OSI) and the Microsoft Entryism in OSI is Closely Related to the SLAPP Against Techrights
Also based on the leading publication that they want removed
Links 03/03/2025: Mass Layoffs in IBM China, Intel Still in Trouble
Links for the day
3 Out of 4 in Cuba Use Linux to Access the Web
Maybe change does come about...
Links 02/03/2025: Day Off, POWER9, Console Challenge
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 02, 2025
IRC logs for Sunday, March 02, 2025
Microsoft Windows Falls to All-Time Low in Thailand
We're seeing many all-time records like these so far in 2025
Gemini Links 02/03/2025: Snowdrop Flower and Hostile Leaders
Links for the day
Links 02/03/2025: Microsoft Outlook Goes Offline, Foreign-Owned Social Control Media Interfering With Fair Elections
Links for the day
According to statCounter, Windows Falls Off a Cliff in Maharlika, GNU/Linux Surges to 5%
But mobile is king
New Video Clip of Richard Stallman's Latest Visit to and Talks in Italy
Richard Stallman or RMS giving his latest talk last week
Windows Used by Only One in Six Asians to Access the Web, According to statCounter
maybe more governments in Asia should move away from Microsoft
GNU/Linux Reaches 5% in Brazil, an All-Time High According to statCounter
There are hundreds of millions of people in that country
Google Already Dominates the Global South (via Android/Linux)
If one puts aside Russia and east Europe, not many countries exist that still connect to the Web from Windows more than from Android
GNU/Linux Widespread in Finland, Sweden, and Norway
Sweden has many Chromebooks in schools3 nations
Germany's Incoming Leader Said He'd Seek More Independence from the US, GNU/Linux Soars to 6%
Last month it was 5%
For the First Time GNU/Linux is Measured at Over 4% in Europe (Not Counting ChromeOS/Chromebooks)
Europe, on average, is now estimated to have GNU/Linux on 1 in 25 Web-connected laptops/desktops
Over 2 Years of LLM Hype and Nothing to Show for It
People still use search, not chatbots
Apple's iOS Almost Bigger Than Windows Now (Internationally), Windows Falls to 22% According to statCounter
Without Windows domination, there's not much left going for Microsoft
Putin's Loyal DOGE
We hereby crown Arvind Krishna "Putin's DOGE"
The Media Barely Reported This (Late Friday): IBM Lays Off About 2,000 More Workers, Effective Hours Ago
Maybe some diversity programs can help IBM recruit slaves or grossly-underpaid staff
Microsoft Money Being Spent to Bully Techrights Only Legitimises Techrights
The longer it goes on for, the greater the Streisand Effect
Suing One's Way Out of Real Trouble Won't Work (It Merely Increases the Trouble)
"Guns for hire" in London can only issue "legal" threats
Microsoft Writing Articles About Microsoft, Using Microsoft LLMs
Right now there are many articles about Microsoft Outlook being down completely
Gemini Links 02/03/2025: OFFLFIRSOCH 2025 and Programming
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 01, 2025
IRC logs for Saturday, March 01, 2025
Another Day and Another LLM Slopfest From Madame Day at the Slopfarm LinuxSecurity.com
Can't take a break, can she?
Sucking Up to Fascists (Like IBM's Watson Sucked Up to Adolf Hitler in the 1930s) Did Not Help IBM
IBM could stick to better principles, but instead it treats the Free software community and even its own staff like trash
Links 01/03/2025: GB News Loses Over 100 Million Pounds, Zelensky Wins World's Sympathy
Links for the day
Getting Serial Sloppers to Knock the Habit of Plagiarism by LLM Slop
All in all, the fewer the slop objects, the better
As Prices Soar and Services Shut Down (Even YouTube Starts Demanding Money for the Original or a Tolerable Experience) It's Time to Explore the Real Alternatives
https://inv.nadeko.net is the most viable instance of Invidious these days
Gemini Links 01/03/2025: Amends and GNU/Linux
Links for the day
Links 01/03/2025: Scam Altman's Latest Excuse, Google Price Hikes
Links for the day
Justice Will Find Its Way at the End
We deserve an award, not SLAPP, for what we've done
March Already, Rumours of IBM Layoffs in Brazil
Red Hat might be impacted too
Links 01/03/2025: Squashing Software Patents, USPTO Facing Additional Cuts
Links for the day
Links 01/03/2025: UNM Gopher and Getting One's Pages on gemini://
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, February 28, 2025
IRC logs for Friday, February 28, 2025