The latest privacy violation was discovered by Nart Villeneuve from the University of Toronto's Citizen's Lab, who discovered that the Chinese were data-mining the communications of TOM-Skype users.
"Skype is software that allows users to make telephone calls over the Internet. Calls to other users of the service and to free-of-charge numbers are free, while calls to other landlines and mobile phones can be made for a fee. Additional features include instant messaging, file transfer and video conferencing," according to Wikipedia.
When Nart Villenueve forgot the password to his Chinese MySpace page and began looking at the Chinese version of Skype (TOM-Skype), he uncovered the massive privacy breach with TOM-Skype. His findings were that full chat messages (including those of Skype users communicating with TOM-Skype users) were being stored on servers in China. He also discovered that the data was being stored on insecure publicly-accessible webservers along with the encryption key needed to decrypt the information. The messages are tracked by keywords relating to what the Chinese would consider "sensitive political subjects." Analysis also revealed that information might be maintained by specific user names.
Also discovered was evidence of security problems at TOM Online, the Chinese company that owns TOM-Skype. Evidence was found that the servers have been compromised in the past and used to store pirated movies. It probably wouldn't be hard for a malicious attacker to access these stored communications, which include detailed user profiles.
Article Author: Ed Dickson
Having worked around financial crimes for a number of years, I noticed they seemed to be on the rise. One reason for this is technology, which grows more rapidly than laws designed to protect us from it. …
Article comments
1 - Joanne Huspek
Thanks for the heads up.
I've been on SKYPE and wondered about that myself.
2 - Peter Parkes (Skype Blogger)
Just to clarify " (as you correctly point out) the issues highlighted in the Citizen Lab report affect only the TOM-Skype software distributed by TOM in China.
So, anyone using Skype to communicate with someone in China should be aware that they may be being monitored and avoid revealing any personal or sensitive information. We're working on ways of making it absolutely clear to users when they're in a situation in which their chats may be monitored.