Skype used to be what you would use to send secure, encrypted, and untraceable messages to friends, family, and business associates all over the world. Not any more.
According to a test by Ars Technica, Microsoft is intercepting, decrypting, and reading at least some Skype messages — to the point where URLs embedded in Skype chat are being visited by machines at IP addresses belonging to Microsoft … most likely a bot, but potentially a human being.
“And this can only happen,” Ars’ security expert Dan Goodin writes, “If Microsoft can convert the messages into human-readable form at will.”
Skype currently uses 256-bit AES encryption to secure communications between users, which is considered to be very secure. Secure, perhaps. But not very private — when Ars sent messages via Skype containing four web links created specifically for this experiment, two of them were accessed by a Microsoft-controlled machine.
¿Creés que tus mensajes de Skype tienen cifrado o encriptación extremo a extremo? Mejor pensálo de nuevo
Ars catches Microsoft accessing links we sent in our test messages.
If you think the private messages you send over Skype are protected by end-to-end encryption, think again. The Microsoft-owned service regularly scans message contents for signs of fraud, and company managers may log the results indefinitely, Ars has confirmed. And this can only happen if Microsoft can convert the messages into human-readable form at will.
With the help of independent privacy and security researcher Ashkan Soltani, Ars used Skype to send four Web links that were created solely for purposes of this article. Two of them were never clicked on, but the other two—one beginning in HTTP link and the other HTTPS—were accessed by a machine at 220.127.116.11, an IP address belonging to Microsoft. For those interested in the technical details