Microsoft acquired Skype in 2011. Since then, internet users have kept fantasising a lot about Microsoft possibly keeping their communications under watch. This week, German company Heise Security observed a strange thing. Soon after a secure URL had been sent in a private Skype conversation, it received a visit from a Microsoft, Redmond, IP address.
A legitimate link verification?
Surprised by the coincidence, the Heise specialists repeated the experiment - and got the same results. When asked for an explanation, Skype said it happened as a result of its link verification policy. It is true that protecting internet users from malware implies a prior identification of harmful sites, hence a visit. Yes, but...
Yes but... before being acquired by Microsoft, Skype had the reputation of a reliable peer-to-peer site using good quality encryption. Its users felt comfortable communicating in a reasonably secure environment. Skype's acquisition by Microsoft had at first worried internet users. However, since most objections were based on a general conspiracy theory rather then factual arguments, they did not seem credible.
Verification
As the latest reported events were rather disturbing, the Navixia team decided to check them for themselves. On May 17, 2013, we transmitted a unique, secure site via Skype:
Shortly afterwards, our link received the following visit :
What we conclude...
Yes, Microsoft came and visited the URL we had sent over Skype. It's a fact: Skype conversations are really "listened to" by the Redmond firm.
The problem is not so much Microsoft verifying potentially harmful links. Skype's terms and conditions (article 5.7) anticipate this situation. The issue rather relates to the close interconnection between Sykpe and Microsoft and the security drifts this may entail. Supposing Microsoft was ordered by the US government to disclose the content of private conversations, they would have to obey.
Needless to say, then, that Skype communications should be handled more carefully than ever. Skype is not a safe communication channel, and not a place for confidential exchanges.