[liberationtech] Microsoft Accesses Skype Chats

Julian Oliver julian at julianoliver.com
Tue May 14 09:08:40 PDT 2013 

..on Tue, May 14, 2013 at 11:04:11AM -0500, Andrés Leopoldo Pacheco Sanfuentes wrote:
> I understand that the Skype traffic IS encrypted. The problem is that
> Skype itself (and now, Microsoft) holds the key, not the conversants..

Yes, this is correct. There's a good lesson here in encryption, key ownership
and topology.

Cheers,

-- 
Julian Oliver
http://julianoliver.com
http://criticalengineering.org

> 
> On Tue, May 14, 2013 at 10:57 AM, Eduardo Robles Elvira
> <edulix at gmail.com> wrote:
> > On Tue, May 14, 2013 at 5:44 PM, Pranesh Prakash <pranesh at cis-india.org> wrote:
> >>
> >> "A Microsoft server accesses URLs sent in Skype chat messages, even if they
> >> are HTTPS URLs and contain account information. A reader of Heise
> >> publications notified Heise Security (link to German website, Google
> >> translation[2]). They replicated the observation by sending links via Skype,
> >> including one to a private file storage account, and found that these URLs
> >> are shortly after accessed from a Microsoft IP address. When confronted,
> >> Microsoft claimed that this is part of an effort to detect and filter spam
> >> and fishing URLs."
> >>
> >>  [1]:
> >> <http://www.heise.de/newsticker/meldung/Vorsicht-beim-Skypen-Microsoft-liest-mit-1857620.html>
> >>  [2]:
> >> <http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&eotf=1&u=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fmeldung%2FVorsicht-beim-Skypen-Microsoft-liest-mit-1857620.html>
> >
> > Hello:
> >
> > This confirms that the traffic between skype clients is not encrypted
> > as it was (supposed to be) before Microsoft acquired skype.
> >
> > Regards,
> >
> > --
> > Eduardo
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

More information about the liberationtech mailing list