Skype Violated; Microsoft Silent

By Naveen Athrappully, Epoch Times
March 9, 2013 2:53 am Last Updated: April 3, 2013 6:57 am

“Is Skype secure? Skype is as secure as we can possibly make it. When you call another person on Skype your call is very strongly encrypted, ensuring your privacy. The same is true of your shared files, chats, and video.”

Does Skype sell my details to third parties? Finally, Skype never sells your registration details to third parties”

From Skype Support

But, will Skype constantly spy on me, censor what I can say and sell out my account’s username and details of transmission if I use “sensitive” words that are deemed inappropriate, according to authorities, for common usage (for ex: Tiananmen, Amnesty International, Human Rights Watch, etc.)? Yes, if you’re in China. But, does that affect me if I based in a free country like U.S.? Also, yes, if you are communicating with a user based in China.

Jeffrey Knockel, a 27-year-old computer-science graduate student at the University of New Mexico, Albuquerque, has uncovered (research report) how Skype’s partner in China, TOM Online, has been monitoring its Chinese users and relaying information regarding usage of certain keywords back to its servers based in the mainland. What it does then, is not yet known. But we can presume that the regime does not take lightly to such matters.

TOM-Skype is the available version of Skype in China used by nearly 96 million people. TOM Online is a Chinese wireless Internet company. For two years, Knockel has worked on Skype, cracking its encryption and decoding the keywords. According to Bloomberg’s report, Knockel found that “the surveillance feature in TOM-Skype conducts the monitoring directly on a user’s computer, scanning messages for specific words and phrases. When the program finds a match, it sends a copy of the offending missive to a TOM-Skype computer server, along with the account’s username, time and date of transmission, and whether the message was sent or received by the user.”

TOM-Skype servers send keyword lists to every Skype user’s machine. The keywords, based on time and relevance, keeps changing. And some keywords, regarding upcoming protests for example, are very specific including address and time, says Citizen Lab’s Crete-Nishihata who helped analyze the data.

When Bloomberg requested Microsoft to comment on Knockel’s findings and activists’ concerns, they issued a statement attributed to an unnamed spokesperson in its Skype unit, “Skype is committed to continued improvement of end user transparency wherever our software is used.” Regarding TOM Online, Microsoft said “…As majority partner in the joint venture, TOM has established procedures to meet its obligations under local laws.”

TOM Online and TOM-Skype have been found to disclose personal information of its users to the Chinese authorities for quite some time, according to research by Nart Villeneuve in 2008. When asked for clarifications, spokesperson Jennifer Caukin of eBay (Skype’s then parent company) responded “It exists within an administrative layer on Tom Online servers. We have expressed our concern to Tom Online about the security issue and they have informed us that a fix to the problem will be completed within 24 hours.”

Other security risks using Skype. For more information on Knockel’s research, visit his site.