[liberationtech] Microsoft Accesses Skype Chats
Rich Kulawiec
rsk at gsp.org
Fri May 17 04:31:24 PDT 2013
On Tue, May 14, 2013 at 09:14:19PM +0530, Pranesh Prakash wrote:
> Heise Security is reporting that Microsoft accesses links sent over
> Skype chat.[1]
Everyone who thinks that's the *only* thing that Microsoft is quietly
doing behind everyone's back, raise your hand.
And incidentally, the proffered rationale for this doesn't fly, given
that (a) they're only sending HEAD: actually scanning destination URLs
for malware et.al. would require fetching the whole page and (b) they're
only retrieving HTTPS URLs (per Heise) which is not what someone actually
looking for malware would do. Moreover (c) even if they classified
a URL as malicious, let's say https://example.net/blah, the recipient
of said URL is likely to access it via a data path outside their control,
thus -- unless they blocked it *inside* Skype -- they have no way to
prevent access to it and delivery of whatever malware payload awaits.
Source code is truth; all the rest is smoke and mirrors, hype and PR.
If Microsoft had the *slightest* interest in telling y'all the truth,
then they would have answered the group letter earlier this spring with
code, not with glib prose crafted by a committee of talented spokesliars.
---rsk
p.s. Heise's discovery is an existence proof that it's possible to
intercept the contents. Therefore we must presume that other entities
besides Microsoft may have this capability -- doubly so given that some
of those entities have not only the resources, but the motivation.
More information about the liberationtech
mailing list