Bonum Certa Men Certa

Microsoft Skype Messaging Surveillance Not the Main Issue, Audio Recording (Bugging) and Computer Hijacking Are

Nokia phone



Summary: Debates about the dangers of Skype focus on one of the least dangerous aspects of Skype

THE PROBLEM with Skype is not quite what The H focuses on. Microsoft claims to be scanning people's conversations to mitigate the threat of phishing scams and such, but this doesn't quite compute unless they only ever test for redirections in HEAD. To say that Skype is tracking people's conversations would not be shocking because even years ago (before Skype was taken up by Microsoft and the NSA) China was given access to text conversations for censorship purposes (similar to security purposes in the practical sense). This is well documented in news sites, especially in Western news sites that like to berate China over practices that the West too harbours, but always under plausible denial clauses.



For those who have not seen the widely-syndicated and discussed report from Heise (or The H), in English the summary says: "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

“The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data.”
      --The H
As the article in The H puts it: "Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

"A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service."

Microsoft's excuses didn't pass muster (the security excuse for surveillance, where all they can really test for is a redirection). "In summary," says the author, "The H and heise Security believe that, having consented to Microsoft using all data transmitted over the service pretty much however it likes, all Skype users should assume that this will actually happen and that the company is not going to reveal what exactly it gets up to with this data."

And from the comments we learn it's worse than The H originally put it: "We tested it at mooncascade.com. I can confirm there is correlation between URL-s in Skype chats and web server access logs with traces from Redmond. There are both https and http accesses."

Another commenter says:

So much about the "AES encryption" Skype promisses:

> All Skype-to-Skype voice, video, and instant message conversations > are encrypted. This protects you from potential eavesdropping by > malicious users. > > (https://support.skype.com/en/faq/FA31/does-skype-use-encryption)

Aparently, this falls into the same category as "McDonalds food is healty and tastes good".


This whole debate, unfortunately, misses a key point; not just text conversations are being tracked but voice ones (relayed through US infrastructure) -- the bread and butter of Skype -- are also being tracked and Skype as a binary ensures not only that Windows is hijackable, as we showed before, but that all platforms are rendered hijackable when Skype is running in the background (Skype has no intention of addressing these issues). The debate should be altered to take account of these much greater threats. By the way, on Windows it doesn't even take Skype to hijack a computer; Microsoft has just admitted that exploits in the wild exist that help hijack Windows through a built-in program and there is also software that lets people's Facebook accounts get hijacked through Windows, including on Vista 8 (the operating system which hardly sells, leading Microsoft to lies and inexcusable disinformation).

“A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture.”
      --Gizmodo
The Free Software Foundation has long been campaigning against Skype, even before Microsoft took over. GNU/Linux with SKype binaries is just about as compromisable as other platforms. The weakest link counts. It is worth noting that even a Windows developer admits that Windows is inferior to Linux, stirring up further debate. As Gizmodo put it: "Right now, somewhere on the internet, there is a flame war occurring between devotees of Linux and Windows. It’s just the nature of passionate software evangelism. A much rarer event, however, is one of Redmond’s own unloading publicly on the faults of not only Windows, but Microsoft’s company culture."

At Microsoft, backdoors are not a bug; sometimes they are a feature. Since nobody among the users can inspect the code or thoroughly interpret the binaries, it's hard to remove the backdoors, let alone prove their existence.

"You assist an evil system most effectively by obeying its orders and decrees. An evil system never deserves such allegiance. Allegiance to it means partaking of the evil. A good person will resist an evil system with his or her whole soul." --Mahatma Gandhi

Recent Techrights' Posts

Destruction and Distortion of Information, Including Facts About Linux (Bonus: This is Destroying the Planet)
All that LLMs have going for them is hype, and moreover media that intentionally misrepresents them and their supposed capabilities
Google Seems to Have Just Killed All Instances of Invidious
YouTube is rapidly becoming just "another Neflix"
 
Italian Media Covers Richard Stallman's English Talk Ahead of Tonight's Public Appearance
article in La Stampa
Microsoft Skype in a Freefall: About 20% Decrease in Site Traffic in 3 Months (Amid Microsoft Phasing Out Credits)
Microsoft axing more services/features may mean that now they scrape the bottom of the barrel and Skype will simply die, discontinuing service (like ICQ) in a matter of years
Gemini Links 12/02/2025: Depression, Gabbro, WikiTok, and More
Links for the day
Links 12/02/2025: Health, Security, and Monopolies
Links for the day
Gemini Protocol is Increasingly Important to the Net
Gemini Protocol will turn 6 this summer
Former EPO Manager Warns That the Illegal 'Court' for "Unitary Patents" Enables “Law Shopping”
Daniel X. Thomas opposed the very existence of the UPC, which any honest person could recognise was both illegal and unconstitutional
Like GAFAM, the EPO is Passing the Financial Pains to Staff
the EPO is operating illegally at this point
Morale at Microsoft Ruined by the Company Labelling Thousands of Workers 'Low Performers', Sacking Them on the Spot and Denying Them Basic Benefits
people laid off as "low performers" go to social control media to bemoan the label
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 11, 2025
IRC logs for Tuesday, February 11, 2025
Links 11/02/2025: Current state of the Internet and Smallnet Information Services (SIS)
Links for the day
Conservative Estimate: Over 10,000 IBM Workers to Be Laid Off in the Next Two Waves
The morale is low and layoffs are expected soon, with mass layoffs likely happening next month and then again later
Links 11/02/2025: Trade Wars and "Crisis for American Universities"
Links for the day
Parasitic LLM Slop Sites Destroy the Ability to Find "Linux" News in Google News
Remember that Google News laid off lots of its workers
Richard Stallman's English Talk in Italy Less Than 24 Hours Away (Torino) and Then Another Talk in Italy Scheduled (University of Bozen-Bolzano)
He's active and he travels a lot in spite of his medical condition
IBM Layoff Rumours, Large-Scale Implementations Weeks Ahead (in March 2025)
There are some people corroborating
Links 11/02/2025: Nutritional Poverty, Closure of USAID, More Fictional 'Valuations' Around Buzzwords
Links for the day
Perl Programming Leftovers
recently in perl.org
Microsoft in Africa: From 98% to Less Than 10% in Just 16 Years
Microsoft being on less than 1 in 10 Web-connected devices in Africa is a very big deal
Almost as If MElon Reads Techrights
The joke we started appears to be spreading
Microsoft Blasted for Adding Insult to Injury: Workers Laid Off Without Prior Notice, Without Severance Payment and Basic Coverage (Like Health), Then Stigmatised as Bad Performers So They Cannot Find a Job Elsewhere
Such stereotypes end entire careers
Gemini Links 11/02/2025: NeoVim and Deploying Other People's Code
Links for the day
BetaNews is Still Publishing LLM Slop/SPAM About "Linux"
Assuming it is indeed LLM slop, it seems clear BetaNews has no intention of improving or is simply unable/unwilling to improve
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, February 10, 2025
IRC logs for Monday, February 10, 2025
Scheduled Maintenance Tomorrow and on Valentines
If the site (or Gemini capsule) is offline for a bit, the maintenance windows are likely the root cause
If Matthias Kirschner Loves Free Software, He'll Change the Name of the Microsoft-Sponsored Organisation He Governs (in Order to Avoid Confusion)
The FSF-EEE does not really like Software Freedom, it just loves money (including Microsoft's)
Soylent News Lessens the Scope of Discussion Due to Persistent Trolling and Online Abuse
if they make it a lot harder for new people to participate, then they limit the "general appeal" and reach
EPO's Local Occupational Health, Safety and Ergonomics Committee (LOHSEC) in The Hague: Workers Are Getting Sicker, Conditions in Which to Assess Patent Applications Deteriorate
"According to the Office statistics the total number of days of absence has gone up from 12.4 to 13.1 total number of sick days per Full Time Equivalent (FTE) from 2023 to 2024."
The Standard Needs to Improve Its Standards for Fact-Checking, Aaron Swartz Had Nothing to Do With Reddit and He Detested the Company That Created It
The Web is already bad enough as it is
When the Livestream of Richard Stallman is Apparently Bury-Brigaded Offline You Finally Learn to Avoid Google/YouTube for Streaming
Please, people, stop uploading to Google/YouTube
New Paper From the EPO Highlights Large-Scale Discrimination at the Office, Where People Are Rewarded for Granting More and More Illegal Patents
Even the Kremlin is probably more competent than this
Links 10/02/2025: Ban on D.E.I. Language, Listeria Risk/Outbreak
Links for the day
Links 10/02/2025: Announcing "Stringless" and Mental Health Improvement
Links for the day
Links 10/02/2025: Facebook Mass Layoffs, "Meta" Did What Aaron Swartz Had Done But to the Tune of 81.7 Terabytes
Links for the day
Microsoft Tarnishing the Brand of Arch
Of course Arch can do whatever it wants, but being associated with Microsoft is a badge of shame
The Ultimate and Inevitable Fall of OpenAI (Even Brave is 'Bigger' Now)
"When you advertise at the Super Bowl, you’ve reached just about every consumer in America. It’s the last stop. If you’re not profitable yet, you never will be."
Adding Slop to Your Blog Only Makes One Assume All the Text is LLM Slop
Simon Coter from Oracle has turned to slop
Macao is Leaving Microsoft Behind
Windows is falling to new all-time lows
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, February 09, 2025
IRC logs for Sunday, February 09, 2025
Microsoft's WSL (LSW) Shows That It Can Never Love Linux, Only Windows
that's just how Microsoft rolls
Activism in Times of War and a Coup
'Linux' Foundation works for fascism
What the Silencing of Neatnik Tells Us About Linus Torvalds Inside a Microsoft-Dominated 'Linux' Foundation
Is Linus Torvalds free to express his mind as he wishes about every topic, even just any technical topic?
Windows Down to 11.35% in Senegal, as Measured by statCounter
Another all-time low (Windows was at 99% in 2009)
"Latest Technology News" in BetaNews is LLM Slop Promoting OOXML and Proprietary Software at the Expense of LibreOffice and OpenDocument Format (ODF)
Remember that "open-source" and Open Source aren't the same; the former is fake