Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Reads Your Skype Chat Messages

timothy posted about a year ago | from the but-they-don't-enjoy-them dept.

Microsoft 275

An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

cancel ×

275 comments

Damned if they do... (4, Informative)

mystikkman (1487801) | about a year ago | (#43720511)

"New Skype malware spreading at 2,000 clicks per hour to mine Bitcoins"

http://thenextweb.com/insider/2013/04/05/new-skype-malware-spreading-at-2000-clicks-per-hour-makes-money-by-using-victims-machines-to-mine-bitcoins/ [thenextweb.com]

And they try to prevent it by detecting malware and we get headlines like this. Looks like people are on a witch hunt here.

Re:Damned if they do... (1)

Intrepid imaginaut (1970940) | about a year ago | (#43720535)

Fairly sure that intercepting private communications over a network is illegal without a warrant.

Re:Damned if they do... (5, Insightful)

afidel (530433) | about a year ago | (#43720567)

Not if you agree to it in the TOS.

Re:Damned if they do... (4, Funny)

Anonymous Coward | about a year ago | (#43720655)

What does Skype have to do with ST:TOS?

Re:Damned if they do... (1)

Anonymous Coward | about a year ago | (#43720675)

Not if you agree to it in the TOS.

Except those can *never* trump national law. If its illegal in law - no terms of service, agreement or contract can suddenly make it legal again.

Re:Damned if they do... (3, Interesting)

gl4ss (559668) | about a year ago | (#43720739)

Not if you agree to it in the TOS.

Except those can *never* trump national law. If its illegal in law - no terms of service, agreement or contract can suddenly make it legal again.

they don't technically need to intercept it at their end... if the filtering list is built into the client, then they never intercept it anymore than they intercept your typing in order to send it...

Re:Damned if they do... (4, Insightful)

Lazere (2809091) | about a year ago | (#43720771)

But it's not illegal. The law makes it illegal to intercept those messages without warrant or permission. Wouldn't agreeing to the TOS be giving them permission?

Re:Damned if they do... (3, Interesting)

afidel (530433) | about a year ago | (#43720779)

We reserve the right to monitor our network for the purposes of would fly in most any country. In the EU privacy laws would probably prevent them from storing or distributing the information, but I'd think an automated scan of the linked URL would be fine. If it's not then everyone in the EU can look forward to a LOT more spam and malware since any hosted or cloud scanning technology is out.

Re:Damned if they do... (0)

Anonymous Coward | about a year ago | (#43720823)

Most laws that make it illegal to record a conversation are written in such a way that it is illegal without the permission of one or two of the persons involved (aka one or two party consent)... If as a condition of your usage of the service... You give consent for your conversations to be monitored, the law doesn't apply.

or would you like to cite a law which offers no outs?

Re:Damned if they do... (1)

Anonymous Coward | about a year ago | (#43720731)

I do not know much US laws, but the TOS/EULA does not override the law in most European countries.

Re:Damned if they do... (1)

TheRaven64 (641858) | about a year ago | (#43720821)

I very much doubt the law says that, if a person sends up to a service that will relay messages for them and explicitly states in the ToS that it may read those messages, that the service is not allowed to read the messages. It's not a service like the post or the telephone system that is regulated under common carrier legislation, it is a proprietary service that stores and forwards messages between subscribers.

Re:Damned if they do... (0)

Anonymous Coward | about a year ago | (#43720937)

Skype is a telephony and messaging service, right? My mobile phone carrier is a telephony and messaging service. What's the difference? I know that there are _technical_ differences. If that's what counts, I can't see any laws making sense anymore ("I'm not pirating that movie, I'm just downloading a bunch of numbers and presenting them on my screen in a way that I find nice").

Re:Damned if they do... (1)

ADRA (37398) | about a year ago | (#43721121)

True enough, but I'd say they have no grounds for safe harbour in this case, so wouldn't that leave them open as being a copyright infringement provider?

Re:Damned if they do... (1)

Anonymous Coward | about a year ago | (#43720589)

Fairly sure that intercepting private communications over a network is illegal without a warrant.

Are you daft? It is traditionally illegal for the government to intercept private communications without a warrant. However, Microsoft bought Skype. They own this network. It's theirs to do what they want with.

Re:Damned if they do... (1)

Anonymous Coward | about a year ago | (#43720885)

Actually as a network operator they are not a party to the private communications carried over the network, so I do believe that they would be in violation. Not sure if the TOS could allow them to claim permission. Seems like a great opportunity for EFF or someone like that to develop some case law.

Re:Damned if they do... (1)

Anonymous Coward | about a year ago | (#43720623)

I'm pretty sure in the EULA for the service you gave them this permission.

Re:Damned if they do... (-1)

Anonymous Coward | about a year ago | (#43720763)

I don't accept the agreement. I will use the service anyway.

Re:Damned if they do... (1)

socode (703891) | about a year ago | (#43721269)

To read the message? Maybe.

But you didn't give permission for them to access any URL in your message, similarly they don't have a right to send a mail as/to any email address you include in a message.

Re:Damned if they do... (1)

sohmc (595388) | about a year ago | (#43720679)

Illegal for the government.

The Bill of Rights is a document that restricts (in theory) what the government can do to you. Corporations can quarter troops in your house, limit your speech, etc. You, of course, also have the right to shoot them right in their face. :-)

Re:Damned if they do... (0)

Anonymous Coward | about a year ago | (#43720769)

Unless you are the DoJ... In which case spying on the AP is just fine.

Re:Damned if they do... (-1)

Anonymous Coward | about a year ago | (#43720883)

And how exactly would I go about shooting Microsoft in the face?

Re:Damned if they do... (0)

Anonymous Coward | about a year ago | (#43720957)

Well there's a picture of them getting skullfucked somewhere in this thread...

Re:Damned if they do... (2)

Dins (2538550) | about a year ago | (#43721315)

And how exactly would I go about shooting Microsoft in the face?

I don't know...Ballmer's head is a pretty big target... Seems doable.

Re:Damned if they do... (4, Informative)

interval1066 (668936) | about a year ago | (#43720999)

(In the US) private entities don't need warrants. Warrants are a control on government. Microsoft can do whatever they want on communication channels they own. You don't have to use those channels of course.

Re:Damned if they do... (3, Informative)

Richard_at_work (517087) | about a year ago | (#43721095)

Google must be fucked then, as they provide antispam and antimalware functionality in Gmail, and have done for almost a decade.

Re:Damned if they do... (1)

WillgasM (1646719) | about a year ago | (#43720547)

Maybe all those Bitcoins are being mined in Redmond. Nobody else was dumb enough to click the link.

Re:Damned if they do... (5, Insightful)

mu51c10rd (187182) | about a year ago | (#43720745)

Nobody else was dumb enough to click the link.

You don't deal with many ordinary end users do you...

Re:Damned if they do... (1)

WillgasM (1646719) | about a year ago | (#43720897)

Actually, I do. They're all far too scared that viruses are stealing their internets. They're more likely to pester me with every damn piece of spam they receive.

Alternate headline (4, Insightful)

recoiledsnake (879048) | about a year ago | (#43720553)

Alternate headline: Microsoft protects hundreds of millions of Skype users by going to the effort of checking even https URLs in chat for malware and spam

Re:Alternate headline (0)

Anonymous Coward | about a year ago | (#43720711)

yea. very bad headline here for this article...

expect such a sensationalistic headline on the front page of a dead tree paper, or used as a teaser on fox news.. but slashdot editors *should* know better... will check back and compare it to the headlines used for the dupes next month.

Re:Alternate headline (0)

Anonymous Coward | about a year ago | (#43720761)

Soon, they will apply the same rules to files transfer as to outlook ... No .exe, no .zip with password, no .bat ...

Re:Alternate headline (5, Informative)

Anonymous Coward | about a year ago | (#43720765)

The problem with that, according to TFA, is that they only check https but not http. The latter being what malware sites use.
Also, they are sending HEAD requests, not GET. They are only getting the headers, not the content, so have no way of knowing if there is malware at the URL.

Re:Damned if they do... (1, Interesting)

Anonymous Coward | about a year ago | (#43720633)

Skype used to have a reputation of using encrypted peer-to-peer transmissions. For this snooping to work, Skype has to route all messages through Microsoft, and any encryption must have a backdoor for Microsoft.

Re:Damned if they do... (5, Insightful)

Sloppy (14984) | about a year ago | (#43721067)

Skype used to have a reputation of using encrypted peer-to-peer transmissions.

That's funny. I remember their reputation always being "no one knows how the key exchange works and therefore nobody can trust it."

"Encrypted" means jack shit. Skype never had a reputation for being secure because they never showed anyone that they are. With any serious VoIP protocol (e.g. zfone) they tell you how it works. If the design is a trade secret, then it's a scam. You've known that for decades.

Re:Damned if they do... (0, Funny)

Anonymous Coward | about a year ago | (#43720787)

You've been Scrroooooogled!!!!!!

Re: Damned if they do... (0)

Anonymous Coward | about a year ago | (#43720847)

How about they simply write better software?

Re: Damned if they do... (2)

mystikkman (1487801) | about a year ago | (#43721087)

Better software how?

How can you have a general purpose OS with installable programs from the Web, but still prevent malware?

If the user can install Firefox, they can install malware.

The only way past this is to lock down the apps the iOS App Store and Windows Store style with heavy sandboxing and DRM, which keeps system modifications out but is very good at combating malware.

You can install a rootkit on Linux and Android has a huge malware problem, are you implying that they're bad software because of that?

Re:Damned if they do... (-1)

Anonymous Coward | about a year ago | (#43720925)

Do you honestly think them reading everyone's communications is going to solve the malware problem? And that they're just doing this out of the goodness of their hearts? If so, there're a few bridges I'd like to sell you.

Re:Damned if they do... (5, Informative)

Sqr(twg) (2126054) | about a year ago | (#43720955)

Those who care about keeping the contents of their IM conversations secret should not use Skype. As stated in their privacy policy [skype.com] "Skype may gather and use information about you, including (but not limited to) information in the following categories: ... (n) Content of instant messaging communications, voicemails, and video messages"

The EFF recommends [eff.org] using Pidgin or Audium with OTR encryption enabled, for reasonably secure instant messaging.

I'm glad the non-tech-savvy folks use Skype, though. If Microsoft weren't able to intercept these things, I'd have to clean out viruses from my in-laws' computers more often.

Official Translation (1)

Anonymous Coward | about a year ago | (#43720967)

The google translate version is difficult to understand. Here is the official translation of what exactly happened:

http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html

The articles states what Microsoft did was not useful for detecting malware/phishing...

Re:Damned if they do... (-1)

Anonymous Coward | about a year ago | (#43721207)

Witch hunt or not, wasn't mucrosoft just lambasting Google for scanning emails as they are recieved? Gmail wasn't even going so far as to access URLs that were found. Whats good for the GooglGoose is good for the MicroGander.

Link to English version of TFA (1)

Anonymous Coward | about a year ago | (#43720531)

Re:Link to English version of TFA (1)

Anonymous Coward | about a year ago | (#43720681)

Amusingly, following this article saying Microsoft automatically scans URLs on Skype instant messaging to check for malware and spam, the next article down in the same newssource is "Trojans conceal themselves using instant messaging protocols" http://www.h-online.com/security/news/item/Trojans-conceal-themselves-using-instant-messaging-protocols-1789045.html [h-online.com]

So much for the "MS cares for your privacy". (0)

Anonymous Coward | about a year ago | (#43720551)

Knew they were lying.

Re:So much for the "MS cares for your privacy". (0)

Anonymous Coward | about a year ago | (#43720585)

If you didn't presume they were lying out their asses on pretty much everything they say, you're a fool.

Re:So much for the "MS cares for your privacy". (0)

Anonymous Coward | about a year ago | (#43720893)

If you didn't presume they were lying out their asses on pretty much everything they say, you're a fool.

There's a difference between "presume" and "have proof". The former is what bitter conspiracy-theory losers use. The latter is what matters.

Re:So much for the "MS cares for your privacy". (2)

drakaan (688386) | about a year ago | (#43720749)

"Don't get Scroogled^H^H^H^H^H^H^H^H^HMicrosofted!"

Re:So much for the "MS cares for your privacy". (4, Informative)

Enderandrew (866215) | about a year ago | (#43721013)

https://www.eff.org/who-has-your-back-2013 [eff.org]

Microsoft is extremely hypocritical in their claims of privacy protection, and their attacks on Google.

Is there any way? (-1)

Anonymous Coward | about a year ago | (#43720565)

If I want to actually communicate with people other than RMS and 12 other geeks world-wide, is there some kind of standard IM that will let me communicate safely with normal, clueless people, safely? I don't think that's technically possible as long as the use the official client and/or IM networks. Correct me if I'm wrong.

And barely even the official clients seem to be able to deliver messages properly... not to mention the problems with webcams and stuff like that.

Re:Is there any way? (1)

Anonymous Coward | about a year ago | (#43720753)

Both Facebook and Google's chats use bog standard XMPP (aka Jabber). Normal, clueless people use Facebook to chat. The few that don't use Facebook use the chat inside Gmail, or the one installed on their smartphone. Encryption over XMPP is very common; You'd need to use a non-standard client (say, Pidgin), but it's feasible.

Re:Is there any way? (4, Insightful)

fuzzyfuzzyfungus (1223518) | about a year ago | (#43720923)

Both Facebook and Google's chats use bog standard XMPP (aka Jabber). Normal, clueless people use Facebook to chat. The few that don't use Facebook use the chat inside Gmail, or the one installed on their smartphone. Encryption over XMPP is very common; You'd need to use a non-standard client (say, Pidgin), but it's feasible.

The major problem is that encryption requires support at both ends:

Even a totally proprietary chat network(if it's been cracked open far enough that 3rd party clients exist, or 3rd-party wrappers around the first party client or libraries exist) can be used to send encrypted payloads; but only if both users are set up for that(Pidgin with OTR, say, works just fine over AOL's 'Oscar' protocol; but only if both ends are using it. This is the real killer. If you don't have control over what your clueless compatriot is using, none of the client-side encryption options are going to help you much. Not supported in Google's gmail web app window thing? No deal. Not supported by cellphone's default chat client? no deal.

You'll still probably get SSL, from all but the shittiest chat services; but that only protects you from people watching the wire, not from the service provider(who is the man in the middle, with one SSL-protected connection to you and a second to your chat compatriot).

Same with email: it's less common than it used to be for email to go between the client and the mailserver in the clear; but it's still damn rare for messages to be encrypted at the client end and thus safe from the mailserver operator.

This is news? (5, Insightful)

csumpi (2258986) | about a year ago | (#43720583)

AOL reads your messages. Google reads your messages. Facebook reads your messages. Apple reads your messages. Microsoft reads your messages.

How is this news? The price for free IM is that they read your messages and sell the info they gather to advertisers.

Re:This is news? (3, Informative)

Anonymous Coward | about a year ago | (#43720773)

Except not. As far as Microsoft has announced, they don't mine your messages for advertising's sake (if they did, their entire "Scroogled" campaign would be hugely hypocritical and I'm sure someone would have called them on it). This is exclusively scanning for a URL and matching against a database - they're not saving any information about your messages, especially if they don't contain a link.

I'd say "take your FUD elsewhere", but this is Slashdot and a post about Microsoft...

Re:This is news? (4, Informative)

Enderandrew (866215) | about a year ago | (#43721059)

Except Microsoft does mine your email context to serve up contextual ads.

http://www.nbcnews.com/technology/microsofts-new-outlook-mail-welcome-hotmail-replacement-917473 [nbcnews.com]

They says theirs isn't as deep, so it respects your privacy more, but what it really means is that they're not as good at serving up contextual ads, but they're still scanning your email.

Re: This is news? (2)

AvitarX (172628) | about a year ago | (#43721275)

Interesting, didn't realize they needed to visit a site for a database lookup.

I would consider a private URL to an SSL site the equivalent to a password (the GET part being just as encrypted as the POST or a session cookie), that they would visit these sites is shocking to me.

Re:This is news? (1)

RedK (112790) | about a year ago | (#43720877)

Actually, no one sells the information they gather to advertisers, that's just bad business. What they sell is ad placement based on the information they've gathered. The advertiser has no access to it.

Re:This is news? (4, Informative)

Enderandrew (866215) | about a year ago | (#43721123)

http://rt.com/usa/yahoo-microsoft-campaign-political-862/ [rt.com]

Microsoft has been caught selling DATA to advertisers.

And they have a patent specifically covering selling your personal private data to advertisers, allowing advertisers to bid on that data.

http://www.bizjournals.com/seattle/blog/techflash/2010/02/gates_ozzie_other_microsoft_execs_patent_personal_data_mining.html [bizjournals.com]

It is only bad business if the media calls them out on it, which hasn't really happened. That is why Microsoft spends a small fortune on astroturfing, shifting the focus on Google for privacy concerns.

Re:This is news? (1)

c (8461) | about a year ago | (#43721319)

AOL reads your messages. Google reads your messages. Facebook reads your messages. Apple reads your messages. Microsoft reads your messages.

How is this news? The price for free IM is that they read your messages and sell the info they gather to advertisers.

Microsoft's recent ad campaign suggesting that Google reading your messages is somehow unethical make it news, I'd imagine.

There *may* be some moral difference between reading your messages for your protection versus reading your messages to target ads, but I doubt that Microsoft bothered to make that distinction when they were complaining about Google's practices.

Re:This is news? (0)

Anonymous Coward | about a year ago | (#43721321)

Let me explain it to you in a hyperbole, you UTTER MORON:

Person 1 raped a child. Person 2 raped a child. Person 3 raped a child. Person 4 raped a child.

How is this news?

Person 5 RAPED A CHILD! THAT MAKES IT NEWS! ALWAYS

Same thing with all other evildoings. It is ALWAYS news.

F**k the skull of M$ (-1)

Anonymous Coward | about a year ago | (#43720599)

http://static.funpic.hu/_files/pictures/630/3/36/3603.jpg

...Not that unexpected, and not that big a deal. (1)

Anonymous Coward | about a year ago | (#43720637)

They automatically run links through spam filters to detect spam. Spam is a big problem on Skype, it makes sense they would do this.

I know it's hard to believe, but guess what, your emails are scanned for spam too!

Re:...Not that unexpected, and not that big a deal (1)

ArcadeMan (2766669) | about a year ago | (#43720703)

They should also scan emails for egg, bacon, spam and sausage.

Re:...Not that unexpected, and not that big a deal (1)

lister king of smeg (2481612) | about a year ago | (#43720849)

...spam spam spam egg and spam; spam spam spam spam spam spam baked beans spam spam spam...

Re:...Not that unexpected, and not that big a deal (0)

Anonymous Coward | about a year ago | (#43720911)

Spam! Lovely spam! Lovely spam!
Spam spam spam spam...
Lovely spam! Wonderful spam!
Lovely spam! Wonderful spam!
Spam spam spam spam. Lovely spam! Wonderful spam!
Spam spam spam spam. Lovely spam! Wonderful spam! Spam spa-a-a-a-a-am spam spa-a-a-a-a-am spam. Lovely spam! Lovely spam! Lovely spam! Lovely spam! Lovely spam! Spam spam spam spam!

Re:...Not that unexpected, and not that big a deal (2)

Richy_T (111409) | about a year ago | (#43720709)

It's one thing to run links through spam filters, it's quite another to access those links directly.

"Hey Joe, we'll be running up the new turbine tomorrow. It's a new system so we've put in a kill switch. Access http://system.aviationco.com/automation/stop?user=joe&pass=uhoh [aviationco.com] " But don't use it unless, you have to, it drops a rod in the turbine and that's 50,000 bucks a pop".

Re:...Not that unexpected, and not that big a deal (1)

CRCulver (715279) | about a year ago | (#43720747)

A company that would send usernames and passwords over Skype instead of its own company-internal messaging setup, deserves to lose 50 grand for its stupidity.

Re:...Not that unexpected, and not that big a deal (2)

Richy_T (111409) | about a year ago | (#43721183)

*sigh* it's the principle of the thing, not the specific implementation. Guess what, I made the whole "Aviation Co" thing up. Joe doesn't even exist. Shock, horror, there *is no* turbine.

It's simply an example to illustrate the point that links sent in private emails should remain unmolested. You can't assume that accessing them is safe. And yes, people should not be sending unsafe links through IM but let me re-iterate, as a service provider, You can't assume that accessing them is safe

Re:...Not that unexpected, and not that big a deal (3, Informative)

Joshua Shaffer (2895571) | about a year ago | (#43721127)

How would you even propose they filter spam links without a basic request? Do they blacklist all URL shorteners, or do you just let all spam that uses URL shorteners to go through?

Re:...Not that unexpected, and not that big a deal (1)

Richy_T (111409) | about a year ago | (#43721351)

Good question. It seems that one would maintain a list of spammy URLs and you might carve out a special case for URL shorteners. They are typically well-known sites.

There's an old medical phrase, "First, do no harm". I try and apply it with what I do in IT.

Don't get SCROGGLED! (0)

Anonymous Coward | about a year ago | (#43720651)

Let us do the Scroggling!

Fishing URLs? (1, Funny)

Alter_3d (948458) | about a year ago | (#43720661)

Damn you Microsoft, what is wrong with fishing?? after this probably hunting URLs will be frowned upon by skype

Good (0)

Anonymous Coward | about a year ago | (#43720673)

I wish Twitter did this too. So much spam would disappear, especially the ones that hide behind URL masking/shortening services.

Re:Good (0)

Anonymous Coward | about a year ago | (#43721103)

Wish I had mod points today. This is (about) the only sane comment in the whole thread.

DUH (1)

eviljav (68734) | about a year ago | (#43720697)

Of course they do this.
Every online chat service reads your messages.

I like fishing (1)

SmSlDoo (414128) | about a year ago | (#43720727)

Not a huge fan of Phishing though...

I like Phishing (0)

Anonymous Coward | about a year ago | (#43720881)

Phishing is worthwhile; it's a great way to listen to an awesome band play some great music (if you don't mind the unavoidable clouds of second-hand marijuana smoke at the concerts). I'm not a huge fan of phishing though...

Retards (0)

Anonymous Coward | about a year ago | (#43720817)

LOL ! The least they can do is get an IP address in someone else's name. Retards !

Problems with closed sorce (2, Insightful)

stewsters (1406737) | about a year ago | (#43720819)

This is the problem with closed source. You don't know what your software is doing, and its difficult to figure out.
Just in case you weren't already certain that they were monitoring your communications through Skype, they are.
Skype is not a secure communications channel. If this bothers you, use irc over i2p.

Re:Problems with closed sorce (2)

elvinz (2920215) | about a year ago | (#43721223)

If you use an open source client you could end up with the same problem. You can connect with Pidgin to gtalk, using SSL, and still have Google read your messages.

I wonder... (3, Interesting)

fuzzyfuzzyfungus (1223518) | about a year ago | (#43720835)

Is anybody else suddenly feeling a sense of curiosity about what sorts of vulnerabilities, if any, the program that Microsoft probes URLs sent over skype with may possess?

If TFA is accurate, you can make whatever software this is visit a URL just by skype-chatting it to somebody. What sort of security measures would they have in place for systems whose job it is to poke every last probably-malware link that goes across skype?

Re:I wonder... (4, Interesting)

malakai (136531) | about a year ago | (#43720939)

It's no different than Google checking URL's for malware and warning you when you click a URL hosted on any of the Googleservices.
Also, this:

even if they are HTTPS URLs and contain account information

that makes no sense. First, why would HTTPS be some sort of exception? It's not like SSL'ing a website is all that difficult.
Second, why would you supposedly go through the trouble of using a 'secure' HTTP address if you are then going to pass in account credentials in the URL?
I know the whole communication is encrypted, but why would you pass "https://user:secret@www.supersecurebank.com/something?foo=bar" via a Skype message if it was really the intention to be secure ( putting aside the absurdity of leaving credentials in the URL ).

Long story short, this looks like Skype looking out for the 99% of the internet, and the 1% are crying foul. I'd rather every link my family sends each other via Skype be threat checked.

Re:I wonder... (2)

ADRA (37398) | about a year ago | (#43721205)

Well devil's advocate here, the URI string wouldn't be sent over the air unencrypted, so one could consider that more secure assuming you forget the fact that 99% of received email is also sent over the wire un-encrypted.

Maybe there is a common conception that Skype is a secure connection and one wouldn't have to worry about sending such a damning web link. If anything though, this article lays out quite clearly, that there are at least automated taps on Microsoft's end scanning all input messages.

Re:I wonder... (3, Insightful)

gallondr00nk (868673) | about a year ago | (#43721035)

What sort of security measures would they have in place for systems whose job it is to poke every last probably-malware link that goes across skype?

I bet they run Linux.

Re:I wonder... (1)

fuzzyfuzzyfungus (1223518) | about a year ago | (#43721335)

I'd honestly be fascinated to know; because, if you flip the context around, 'Microsoft reads your skype URLs' is equivalent to 'some poor sysadmin at MS runs a system that accesses any URL anybody on the internet chooses to feed it.' That sure as hell isn't something I'd want to take on lightly...

Hmmm ... (4, Interesting)

gstoddart (321705) | about a year ago | (#43720857)

So, as I fully expected, this whole campaign about users being "Scroogled" that Microsoft has been involved in is misdirection, and they do the same thing.

Wanna bet they also scrape your hotmail and everything else in the same way they accuse Google of doing?

Hate M$, sounds plausible (1)

WOOFYGOOFY (1334993) | about a year ago | (#43720869)

I hate M$ but their explanation sounds plausible. Not saying they don't have an unknown, secondary motivation also, just.,.. it sounds like something a programmer might think to do to combat the malware problem

Re:Hate M$, sounds plausible (0)

Anonymous Coward | about a year ago | (#43721147)

Yeah, and oh look - I've made another "mistake" that accidentally uses all this information for sales and marketing purposes. Ooopsie; I've gone and sold the information too. How careless of me. Now, I've dropped the soap - be a dear and pick it up for me?

Why isn't there more encryption to avg joes? (0)

Anonymous Coward | about a year ago | (#43720907)

I think every communication between people should be encrypted by default so nobody else can read it but the intended recipient.

"Microscroofted"? (0)

Anonymous Coward | about a year ago | (#43720915)

Don't get Microscroofted! Use... ah, hell, we've all been getting screwed by Microsoft for so long that's just what their name means anyway.

He's (nearly) always right (0)

Anonymous Coward | about a year ago | (#43720933)

Didn't Stallman say you shouldn't use Skype?
And what did you do?

So what MS is saying.... (2, Insightful)

domatic (1128127) | about a year ago | (#43720935)

.....is that they are Scroogling Skype users?

please .. "microscroofted" (0)

Anonymous Coward | about a year ago | (#43721115)

With even a little effort we can make this a thing

DOS? (1)

devloop (983641) | about a year ago | (#43721049)

Could this be used to instrument MS servers to effect a Denial Of Service attack upon the host of your choosing?

1. Select victim
2. Bomb URL via chat from a new/fake throwaway Skype account
3. ???
4. Profit

"Fishing URLs" (1, Funny)

wcrowe (94389) | about a year ago | (#43721073)

Here is an example of a fishing URL [wildlifedepartment.com] .

Re:"Fishing URLs" (0)

Anonymous Coward | about a year ago | (#43721197)

i Sea what you did there...

Denial of Service Potential? (3, Interesting)

duplo1 (719988) | about a year ago | (#43721075)

Hopefully MS does some dupe checking on their end, otherwise this could amount to a DoS attack. Imagine spamming out the victim's URL to hundreds of thousands of Skype users and then MS flooding that URL with requests.

Don't Get Scroogled! (2, Insightful)

Nethemas the Great (909900) | about a year ago | (#43721155)

Wait... Who were we talking about?

Totally plausible (3)

Kimomaru (2579489) | about a year ago | (#43721171)

I do not like to defend Microsoft, but I can see this as being the case. Skype's got quite a bit of problems with Messenger Spam, this may be a mechanism to review them.

By the way, if privacy is your problem, you're not fixing it by using someone else's infrustructure. You should expect, by default, that they're going through your information. Build your own server or forever hold your peace.

Is this really about phishing and spam? (0)

Anonymous Coward | about a year ago | (#43721327)

They only check https links and not normal http. They only read the header information and don't check the actual content of the site. Shouldn't they look at every link and download the acutal page to check its content?

So are they now responsible if they miss one? (2)

drjohn_97 (783685) | about a year ago | (#43721331)

If they are claiming that the reason to read/inspect the contents of the Skype messages is to protect users from spam and fishing URLs, can they be held legally responsible if they fail in that? It's no longer a "common carrier" if you are taking such actions, is it?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...