Your Skype conversations aren't very private, a new report reveals.
In an experiment, tech news site Ars Technica found that two out of the four links they sent over Skype were accessed by a computer that matched Microsoft's IP address.
The report basically demolishes the commonly held notion that Skype is using so-called end-to-end encryption--basically locking up your message from when you send to when it's received, Ars Technica points out in its report on Monday.
Skype may use automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or (b) identify URLs that have been previously flagged as spam, fraud, or phishing links. In limited instances, Skype may capture and manually review instant messages or SMS in connection with Spam prevention efforts.
So why the fuss? Sure, everyone knows that Microsoft and Skype have the ability and right to read your messages, nobody ever expects their messages to be read. After all, what are you writing about that could be mistaken for "spam, fraud, or phishing?" Actually, these sorts of bots that scan for suspicious links and material have made big mistakes before.
Last March, San Francisco-based writer Tienlon Ho was kicked off of Google because the bots searching for spam and phishing thought that a document of usernames and passwords she had in Google Drive violated Google's terms of service.
The issue was first raised by The H Security last Tuesday. The security news site's associates in Germany experimented with sending HTTPS URLs through Skype's instant messaging tool and found that those URLs were visited by an IP address matching Microsoft headquarters soon after they were sent.
Ed Bott from ZDNet didn't agree with H Security's assertion that Microsoft is reading people's messages. He argues that there was no hard evidence that any humans or machines were reading any Skype communications. In a post from last Wednesday, Bott writes:
If you share a URL in a Skype instant message, there’s a possibility (not a guarantee, just a chance) that a SmartScreen server will ask for more information about the server from which that URL originated. It will then use that information to help determine whether that link is legit.