Microsoft appears to be snooping into Skype messages for security reasons, according to a recent report.
Microsoft, which bought Skype in 2011, regularly scans the contents of messages sent on the service for signs of fraud, but what's done with the information from those scans-whether it's stored indefinitely or destroyed-is unknown. This is according to a report by Ars Technica who partnered up with security researcher, Ashkan Soltani who found that links being sent across Skype were accessed by a machine whose IP address belonged to Microsoft.
In response, a Skype spokesperson sent the following from its privacy policy: "Skype uses automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or (b) identify URLs that have been previously flagged as spam, fraud, or phishing links." Another section of the policy reads: "Skype will retain your information for as long as is necessary to: (1) fulfill any of the Purposes (as defined in article 2 of this Privacy Policy) or (2) comply with applicable legislation, regulatory requests and relevant orders from competent courts."
However, H Security maintained that Microsoft appears to be leaving HTTP URLs untouched while scanning HTTPS URLS. HTTPS URLS are typically linked to secure websites and not spam sites.
The discovery by Ars and independent security researcher Ashkan Soltani raises questions about the privacy of communications on Skype.
"The problem right now is that there's a mismatch between the privacy people expect and what Microsoft is actually delivering. Even if Microsoft is only scanning links for 'good' purposes, say detecting malicious URLs, this indicates that they can intercept some of your text messages. And that means they could potentially intercept a lot more of them," said Professor Matt Green who specializes in encryption at Johns Hopkins University.
This is not the first time that Skype's privacy security has been questioned. Earlier this year a number of civil rights groups, including the Electronic Frontier Foundation and Reporters without Borders probed into the company's security practices.
"Many of its users rely on Skype for secure communications-whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends," the groups wrote in a letter to Skype and Microsoft officials.
The letter continued: "It is unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations and, in particular, the access that governments and other third parties have to Skype user data and communications."
