Want to know what's happening next in healthcare?

MedCityNews is the leading online news source for the business of innovation in healthcare.


“MedCity news is a peerless national resource for those of us who really want to stay on top the very latest news in healthcare from incumbents to startups. ”

Elliot Menschik, DreamIt Ventures partner; Venturef0rth founder; Penn professor


Sign up for our daily newsletter


Privacy is dead: Microsoft intercepts, decrypts, and reads Skype messages

May 20, 2013 7:02 pm by | 1 Comments

spy spies

Skype used to be what you would use to send secure, encrypted, and untraceable messages to friends, family, and business associates all over the world. Not any more.

According to a test by Ars Technica, Microsoft is intercepting, decrypting, and reading at least some Skype messages — to the point where URLs embedded in Skype chat are being visited by machines at IP addresses belonging to Microsoft … most likely a bot, but potentially a human being.

“And this can only happen,” Ars’ security expert Dan Goodin writes, “If Microsoft can convert the messages into human-readable form at will.”

Skype currently uses 256-bit AES encryption to secure communications between users, which is considered to be very secure. Secure, perhaps. But not very private — when Ars sent messages via Skype containing four web links created specifically for this experiment, two of them were accessed by a Microsoft-controlled machine.

Advertisement

skype-microsoft_thumb

Skype’s privacy policy openly states that Skype may check instant messages and SMS texts for spam, fraud, or phishing attempts, and, in some cases, have a human being check them. Ergo, we can decrypt our own encryptions, and can know what you say and know what you send.

Skype may use automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or (b) identify URLs that have been previously flagged as spam, fraud, or phishing links. In limited instances, Skype may capture and manually review instant messages or SMS in connection with Spam prevention efforts. Skype may, in its sole discretion, block or prevent delivery of suspected Spam, and remove suspicious links from messages.

That’s not good if you have an expectation of and desire for privacy. And now that it’s obvious that Microsoft itself can read your private messages, the question is who else has that ability too?

Almost a year ago, the FBI requested private backdoor access into multiple communication and social networks, including Facebook, Twitter, and yes, Skype. Wiretaps are increasingly useless, the FBI realized, and modern communications were defeating the bureau’s attempts at surveillance. Whether these were ever granted or not is unclear, but Microsoft has a patent on ways to make it happen.

And Skype’s terms of use also say the company can route your communications to law enforcement agencies:

Skype may disclose personal information to respond to legal requirements, exercise our legal rights or defend against legal claims, to protect Skype’s interests, fight against fraud and to enforce our policies or to protect anyone’s rights, property, or safety.

However, if you want more security — and privacy — on Skype, you can have it. You simply have to pre-encrpt any messages (as a Polish professor discovered) and then decrypt them on the receiving end.

I won’t do that, and most Skype users won’t do that, probably because we’re not discussion matters of national security or engaging in nefarious behavior. But it’s disappointing, if only the cold slap of reality in a dangerous and violent world, that private isn’t really private any more.

And it would be nice to know the exact limits of Skype privacy and security.

This article originally appeared on VentureBeat

Copyright 2014 MedCity News. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

By John Koetsier,

Visit website | More posts by Author

1 comments
Floye
Floye

Hi,

Problem is that we should take charge of our privacy......instead relaying on promises and assurances from big corporations.

Interesting video

http://www.youtube.com/watch?v=BrAGMUQ2Uow  how to ensure our skype chat conversations are private and secure

Cheers,

Hear the latest news first

Get our daily newsletter or follow us.

Advertisement