On Tue, May 14, 2013 at 09:14:19PM +0530, Pranesh Prakash wrote: > Heise Security is reporting that Microsoft accesses links sent over > Skype chat.[1]
Everyone who thinks that's the *only* thing that Microsoft is quietly doing behind everyone's back, raise your hand. And incidentally, the proffered rationale for this doesn't fly, given that (a) they're only sending HEAD: actually scanning destination URLs for malware et.al. would require fetching the whole page and (b) they're only retrieving HTTPS URLs (per Heise) which is not what someone actually looking for malware would do. Moreover (c) even if they classified a URL as malicious, let's say https://example.net/blah, the recipient of said URL is likely to access it via a data path outside their control, thus -- unless they blocked it *inside* Skype -- they have no way to prevent access to it and delivery of whatever malware payload awaits. Source code is truth; all the rest is smoke and mirrors, hype and PR. If Microsoft had the *slightest* interest in telling y'all the truth, then they would have answered the group letter earlier this spring with code, not with glib prose crafted by a committee of talented spokesliars. ---rsk p.s. Heise's discovery is an existence proof that it's possible to intercept the contents. Therefore we must presume that other entities besides Microsoft may have this capability -- doubly so given that some of those entities have not only the resources, but the motivation. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech