« Microsoft “net-bans” a million modified Xbox 360s: My Prediction
Skype hogs port 80; beware when setting up WAMP server »

The end of privacy protected “secure” Skype

So, I was trying to download Skype the other day (from inside China) and I got silently redirected to the TOM Skype page (I wont link to it here because TOM Skype is malware) from the normal Skype domain name. My anti-virus browser plug-in started screaming “you’re at a malware site!” and this led me to do a bit of research about TOM Skype. Here are some interesting pages regarding the business partnership that TOM has with Skype:

There is a lot more information on the net about TOM Skype and how terrible it is – just use Google if you want to learn more. To quickly summarize the negative characteristics of TOM Skype, I’ve made a point form list:

  • chat messages of TOM Skype users as well as others who are using non-TOM Skype and communicating with TOM Skype users are monitored and stored (possibly insecurely stored at that)
  • advertisements (some not suitable for children) are displayed to TOM Skype users (no advertisements are currently present in the non-TOM version)
  • there have been reports of trojans being bundled with the TOM Skype software

To make this all the more ridiculous, as of this writing, this is Skype’s privacy policy regarding the sharing of customer information:

Skype’s current privacy policy

This is quite ridiculous and is hugely contradictory to Skype’s promises of “safety and security”. Skype then has the gall to make amazingly disingenuous statements such as this:

https://support.skype.com/en-gb/faq/FA74/Does-Skype-contain-any-malware-or-spyware

Why is there no mention of TOM Skype?!?!? I was originally under the impression that only TOM-Skype compromised user privacy, but it seems that normal Skype is also not safe or secure. Here’s a nice little gem that I found in the privacy policy:

Your information may be stored and processed in any country in which Skype and its group companies maintain facilities, including outside of the EU. In this regard, or for purposes of sharing or disclosing data in accordance with this article 4, Skype reserves the right to transfer information outside of your country. By using Skype software, Skype’s websites or Skype products you consent to any such transfer of information outside of your country. As Skype continues to develop its business, Skype might sell or buy subsidiaries or business units. In such transactions as well as in the event Skype or substantially all of its assets are acquired by a third party, personal information of Skype users will generally be one of the transferred business assets. We reserve the right to include your personal information, collected as an asset, in any such transfer to a third party.

which, given the knowledge of TOM Skype, and then combined with:

Skype will retain your information for as long as is necessary to: (1) fulfil any of the Purposes (as defined in article 3 of this Privacy Policy) or (2) comply with applicable legislation, regulatory requests and relevant orders from competent courts.

there is basically no reason why anyone who has even a rudimentary desire for privacy to ever even consider using Skype. Basically, I’m pretty sure this means that, although Skype might not directly use your information or messaging history for nefarious purposes, they’re free to sell the information to subsidiaries (like TOM) that basically will use and store your information however they please. I’ve actually purchased “Skype credit” and now I’m going to send them an email requesting a log of any time my personal information or messages have been shared or stored, as I feel that I’m entitled to some level of customer service given that I’ve given money for my service (I’ll post transcripts – as I’m assuming they’ll refuse). I’m particularly disgusted with Skype, as in the past I’ve suggested to others to use Skype because it’s “secure”. Shame on this company for letting down its users.

Social Bookmarks:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Live
  • Reddit
  • Technorati
  • Yahoo! Bookmarks

This entry was posted on Wednesday, December 2nd, 2009 at 2:30 pm and is filed under Tech. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “The end of privacy protected “secure” Skype”

  1. cal Says:
    December 3rd, 2009 at 11:39 am

    Great discussion! I’ll be waiting to hear what happens next. It’s disturbing that these legal disclosures say they are committed to our privacy and within a paragraph acknowledge that they will do these actions. I’m sure government regulation requires them to do these disclosure, but it only gives you a sense of what they CAN DO, not what they are IN FACT doing. Google’s motto is “do no evil”, yet they are engaging in questionable practices in China to gain a foothold in the market. To be fair, other major search engines are doing the same, but still. More to be said later on that if we get a chance to talk. I hope you can find out how this privacy compares to Messenger (is that our only alternative to talk via headset?).

  2. M Says:
    January 6th, 2010 at 12:27 am

    Out of context that policy snippet on the surface may appear to be quite negative, however if you think about what skype offers this policy is entirely necessary for them to operate. I’m not here to defend skype. I’m a paying skype user and I too have suggested it to people for a variety of reasons. I’m NOT a satisfied user these days. In fact I’m considering canceling my subscription as it is becoming increasingly unusable for calling purposes.

    As any business that deals with millions of users around the world you have to consider that the people you serve need protection, but the company and it’s staff and developers etc. also need some protections. This policy appears to be dealing with your contact and account related information and likely not your transcripts or voice conversations.

    I can’t speak to the issues with TOM skype as I have no experience with that side of things. I do hope you get a response from skype on your information requests. I too doubt you’ll get anywhere with it but you may find out some very interesting information along the way.

  3. Evan Says:
    January 6th, 2010 at 1:05 am

    They actually did reply, and after a few exchanges in which they essentially didn’t want to comment, they finally said something that basically equivocated to Skype “washing its hands” of TOM’s shady practices here’s what they said:

    “Thank you for your reply.

    We understand your concern that you wish to know whether the skype chats
    of regular skype users are monitored if they contact TOM Skype users.

    We would kindly ask you to contact TOM Skype regarding this question as
    we can only state that due to privacy reasons Skype does not monitor any
    chats or calls made by skype users.

    You can contact TOM Skype on the following email address:
    skype@bj.tom.com

    Please let us know if this has resolved the issue. If you need more
    assistance, feel free to contact us again; we will be glad to help.

    Best regards,”

    I suppose I will get to TOM to see what they have to say, but I’m assuming I’ll be stonewalled as it’s doubtful they care much about English language users.

Leave a Reply