You probably think of Skype as a secure means of online communication, what with messages being secured with end-to-end communication. But according to an investigation by Ars Technia, you’d be dead wrong – it seems that Microsoft is making a habit of listening into your communications.
In a joint investigation with security researcher Askhan Soltani, Ars Technica transmitted a number of links to previously unseen web pages via Skype, discovering that half of them were immediately accessed by computers with an IP address that belongs to Microsoft. Their findings seriously undermine Microsoft’s credibility when its boasts of Skype’s end-to-end encryption, which is supposed to lock up your messages when they’re sent until they’re received by the person you’re chatting to. What Skype is actually doing is sending its messages across the web in a format that allows Microsoft to read the plaintext within them – something that it does all too often. Admittedly it’s probably only just a bot that’s doing the reading, but the potential exists for humans to read them to.
“Skype may use automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or (b) identify URLs that have been previously flagged as spam, fraud, or phishing links. In limited instances, Skype may capture and manually review instant messages or SMS in connection with Spam prevention efforts.”
That much is clear, so should we really be surprised that Microsoft is acting on its right? Well, maybe not surprised, but certainly we have good reason to be concerned. The point is that while we all know Microsoft has the ability and the authority to read our messages, we don’t actually expect them to do so. That they’re reading as much as 50% of our communications is therefore quite intriguing – are 50% of Skype users using it solely for spamming, defrauding and phishing scams? I don’t think so.
Granted that very few messages will ever be ready by humans, but the bots alone can cause all kinds of problems. The example of blogger Tienlon Ho is a case in point – she was famously “dumped” by Google back in March after its bots decided she’d uploaded an ‘illegal’ spreadsheet to Google Drive. Her blog post describing the ordeal reads like a nightmare for anyone who relies on Google’s services. Ho immediately lost access to everything – Gmail, contacts, calendar, Google+, YouTube, Blogger, Picasa – the whole lot, without so much as a word of explanation. Only after her blog post went viral and she contacted a friend working for Google did the company realize that its bot had in fact made a mistake.
So that’s one potential pitfall of bots reading your communications. The other big worry is who else might be reading them. The FBI has made no secret of the fact that it believes its quite within its rights to read your email and other private communications, and in all likelihood it’s probably already doing so whenever it deems it necessary. It was only a year ago that it officially requested backdoor access to a whole host of popular web services, including Skype, Facebook and Twitter. It’s not clear if this access was ever granted or not, but the fact that Microsoft has patented a number of ways to give it to them doesn’t give us much reason for confidence.
Okay so there probably won’t be too many criminals reading this post, but that doesn’t mean that the average, law abiding citizen shouldn’t care. If nothing else, it’s important to be aware that just because your communications are kept secure from hackers and the like, they’re not nearly as ‘private’ as you’d probably like them to be.