Microsoft sees all your HTTPS links in Skype, and you didn't know

4.5
While the Internet gets a reputation for being an anonymous playground, nothing is completely anonymous. Microsoft seems to be proving that point today, with the discovery they're accessing any secured links sent via Skype. Any HTTPS URL transmitted via Skype is picked up by the software giant, and then visited by an IP address from Redmond.

This was first picked up by an anonymous tipster, who informed Heise Security since it bore similarity to a replay attack. Somewhat ironically, Microsoft themselves explain what a replay attack is. In a nutshell, it's repeated legitimate traffic, which is then treated as such.

Heise was able to confirm the tipster's suspicions, using two test URLs to do so. They sent a URL containing login information, and one pointing to a cloud-based service. Both URLs were later revisited by a Redmond IP address, so it was no isolated incident.

You may wonder how this can be justified. It's in Skype's data protection policy, and is for 'preventing spam, fraud or phishing links'.


This bit in the policy has Microsoft covered.

You may remember the open letter which was published after Microsoft's Skype takeover. It queried how the giant would act with US government requests, and whether they would invade user privacy.

Whether you consider this revelation with secured web links an invasion or not, it'll doubtless have some effect.

Posted:
Related Forum: PC General Forum

Source: http://www.neowin.net/news/microsoft-sees-all-your-https-links-in-skype-and-you-didnt-know

Comments

"Microsoft sees all your HTTPS links in Skype, and you didn't know" :: Login/Create an Account :: 49 comments

If you would like to post a comment please signin to your account or register for an account.

slapshot101Posted:

This is crazy but is that far fetched, the U.S. government was just caught recording all the numbers and locations of the people who made calls with Verizon, because they said it was for Homeland Security, this is the same thing, but on a private scale.

NasyrPosted:

I seen something about this like a month ago. They listen into chats aswell!

EVGAPosted:

That's why I only send thetechgame.org links ;).

bdgrPosted:

LOL Skype will now hack us :P

ChiPosted:

Wiz- An easy way to bypass this is to add an extra character to the link. E.g thetechgame.com/scam/scam/scam, I would put thetechgame6.com/6scam/6scam. Basically, if you want to stay secure then agree with your buds on a certain character you'll add to links here and there, and then they'll know and remove them. Easy.


Ha, wouldn't that be something. ; )

AlbericiPosted:

Why do they spy on us -_- they have enough money so stop putting ads all overeverything and looking up what we look up.

GoldPeakTeaPosted:

Wiz- An easy way to bypass this is to add an extra character to the link. E.g thetechgame.com/scam/scam/scam, I would put thetechgame6.com/6scam/6scam. Basically, if you want to stay secure then agree with your buds on a certain character you'll add to links here and there, and then they'll know and remove them. Easy.


That makes perfect sense! LOL

Wiz-Posted:

TriGz_Recon If one person gets your Skype name and they hate you they can just boot you offline :/ so its always a good idea to use a VPN when in Skype


Why are you saying this? To seem like you know what's going on when someone's getting booted offline? Pfft. This is not on topic and plain retarded. I swear half of the users on here do the same thing, must be a disabled thing.

Wiz-Posted:

An easy way to bypass this is to add an extra character to the link. E.g thetechgame.com/scam/scam/scam, I would put thetechgame6.com/6scam/6scam. Basically, if you want to stay secure then agree with your buds on a certain character you'll add to links here and there, and then they'll know and remove them. Easy.

OGPurgePosted:

slapshot101
Cougar Like this wasn't known already, they have everything on you.

All these companies have all the information on you, don't you think that Safari, Firefox and Chrome save everything on you too?


Yep that`s how the government finds your crap out.