Microsoft is reading Skype messages

Run a Google search on “Skype encryption,” and chances are the first hit you’ll get is a link to Skype’s encryption assurance.

That’s the one that says this:

All Skype-to-Skype voice, video, and instant message conversations are encrypted. This protects you from potential eavesdropping by malicious users.

It certainly sounds like your Skype communications are safe from prying eyes and ears, doesn’t it?

Well, maybe not, actually.

MicrosoftAccording to Dan Goodin of Ars Technica, the Microsoft-owned Skype “regularly scans message contents for signs of fraud, and company managers may log the results indefinitely. … And this can only happen if Microsoft can convert the messages into human-readable form at will.”

Ars found this out by getting an independent privacy and security researcher, Ashkan Soltani, to work with them to cook up four links created solely for the purposes of the article.

Two of those links weren’t clicked on, while the other two – one an HTTP link and the other an HTTPS link – were accessed by a machine at, which is an IP address that belongs to Microsoft.

Plenty of people were curious to know what would happen, post-Microsoft acquisition, to Skype’s years-long reticence about allowing back doors to enable surveillance.

As Slate noted back in July, Skype’s been a roadblock to law enforcement agencies, with its strong encryption and complex peer-to-peer network connections.

In 2007, Skype even went on record to say that it couldn’t conduct wiretaps because of these architectural features.

Well, that all changed pretty fast after the May 2011 Microsoft buyout.

Hackers detected what they said was an architecture change last spring that they said could possibly make it easier to enable wiretapping – a charge that Skype rejected.

Skype logoStill, Skype wouldn’t confirm or deny whether it could facilitate wiretapping requests when asked point blank.

Here’s the rub: A month after the May 2011 purchase, Microsoft was granted a patent for “legal intercept” technology, designed to be used with VOIP services like Skype to “silently copy communication transmitted via the communication session.”

Was it integrated into Skype architecture? Skype’s not saying, and it’s impossible to say for sure.

But now, in fact, Ars Technica’s experiment has proved one thing for sure: Microsoft can and does peer at plaintext Skype communications.

This is not earth-shattering news, Goodin writes, given Skype’s privacy policy:

"Skype's privacy policy clearly states that it may (emphasis added) use automated scanning within Instant Messages and SMS to identify spam and links to sites engaged in phishing and other forms of fraud. And as Ars reported last year, since Skype was acquired by Microsoft, the network running the service has been drastically overhauled from its design of the preceding decade. Gone are the peer-to-peer 'supernodes' made up of users with sufficient amounts of bandwidth and processing power; in their place are some 10,000 Linux machines hosted by Microsoft. In short, the decentralization that had been one of Skype's hallmarks was replaced with a much more centralized network. It stands to reason that messages traveling over centralized networks may be easier to monitor."

Of course, this eavesdropping isn’t completely evil.

As Goodin’s sources point out, it’s the responsibility of services such as Skype and Facebook (which reportedly employs similar techniques) to ensure that their services aren’t used to distribute malware.

But still, perceptions of Skype being an un-tappable medium persist. As Goodin points out, that’s a dangerous presumption for dissidents, for example, to make.

For those adverse to the possibility of having their communications intercepted, consider yourself warned.