Could somebody please remind me
what was Microsoft saying about a certain company that ruthlessly invades privacy of their users ?
Is Microsoft “snooping” on Skype text conversations, or merely protecting users from malware URLs? German publisher Heise Online has given that question prominence with the accusation that Redmond is snooping, as the result of receiving return visits from Microsoft IP addresses if they send HTTPS URLs through Skype text chats …
I don't know what useful information you can get from HTTP headers, but using replayed sign-in, a header request would obviously be safer than a full page request (you will always be able to do a stateless header request).
And clearly, using a replayed sign-in is how you test if a malicious site is using stealth tactics to hide from view a malicious payload. Such sites are already known to hide from AV companies, so this seems like an obvious test.
What I actually think is going on is a hidden criminal gang within their organization - or at least a few rotten insiders. I have clients who were attacked within the supposedly trusted Partner's network, and Microsoft just puts a blind eye on it, and doesn't do anything to check on the complaints as near as I can tell. They need to look in their own back yard as well as police the botnets.
what they are doing, if they really find such a malicious link in a online conversation?
Do they remove the link from the conversation? Do they block the sender for distributing malicious links?
And what is their definition of a malicious link? Do they filter links to jailbreak projects, warez sites, p2p software, etc?
And not the least of all - why do they monitor private conversations, anyway? In some countries that might even be illegal by itself.
I think it was President Clinton who let slip that the Echelon project collected data useful to USA corporations as well as it's intended use.
I stopped using Skype the moment MS bought it.
You'd be nuts to run your business using Office 365.
My MS trust level = 0
http://en.wikipedia.org/wiki/ECHELON
@ Mystic Megabyte
Too right, mate. It's common knowledge that even countries within the EU are aiming industrial espionage at each other. To store any commercially sensitive material in the cloud is just asking for it to be borrowed. Whatever assurances MS might offer, they are subject to US government control, formal and informal.
"Its still better than Google Apps though..."
Google Mail is apparently the choice of CIA operatives in Moscow, if recent reports are to be believed.
I think it is always sensible for users to think about the location and jurisdiction applying to any services or servers that they use and how those jurisdictions may treat foreigners and their data.
"Google Mail is apparently the choice of CIA operatives in Moscow, if recent reports are to be believed."
Errm, and the secret services are well known for disclosing the tools of their trade? It might be the choice for personal use, but i don't think you will find any of the CIA as has yet outsourced itself to Google Apps....The US Government prefers Office 365: http://finchannel.com/Main_News/Tech/127568_Businesses_choose_Microsoft_Office_365_over_Google_Apps/
The report said that when they passed unencrypted, http, links these weren't checked, only the encrypted, https, ones were.
How would Microsoft get to know of malicious sites if it doesn't scan the whole page for viruses to start with, so sending a head is useless?
It is probably just to do with the agreement that Microsoft have with the US government to record their users activities and retain them for a set period. Some thought that this would be likely to happen after Microsoft took over Skype.
I used to think that Skype conversations were encrypted end-to-end. That Microsoft is even able to intercept any URLs proves that this is not the case, that they are technically capable of snooping on any messages and voice conversations.
Given that you have clicked-through their terms of use, I'm sure that authorities will argue that there is no expectation of privacy in Skype conversations and calls, and that therefore no warrant is required to siphon them into their databases.
Sorry, but any URL that you post into a third-party service, you have to assume someone else can see it. It doesn't really matter if it's Skype, Facebook, XMPP, or anything else.
And anyone using sites with authentication information contained in the URL? Sorry, you deserve what you get. Even HTTPS sessions. The data is encrypted for a reason, and the URL *NOT* encrypted for the opposite reason - with cookies etc. there's no excuse for the URL to contain authentication within them.
Anyone this is an issue for? Don't go copy-pasting URL's into chat conversations that might give away details that you don't want to give away. If there's no way to transmit URL information WITHOUT revealing your authentication etc. details - stop using that site. Or at least tell people how to log in for themselves rather than copy-paste your own direct links.
It's not a security issue, but maybe a simple privacy issue. And I'm sure there's a clause in Skype/MSN/Google Talk and anything else that they may monitor conversations for the purposes of security etc.
And, if you're REALLY that worried, use OTR encryption via a third-party plugin through whatever IM provider you prefer.
I think fpx is onto the real story here. AFAIK Skype used to be peer-to-peer. Your IM was on your machine, the machine of the person you are talking to, and passed (encrypted) through some random supernodes along the way. This story demonstrates that the model has changed. Either all Skype IM is now passing through Redmond and getting decrypted there (= bad) or the Skype client is parsing the IM conversation and sending tasty morsels back to Redmond (= also bad). Sounds like vanilla Skype is now equivalent to TOM-Skype.
When Microsoft threw $8.5 billion on the table, my first thought was "I wonder if the NSA is funding this deal".
What's the problem!?
If it's a publicly accessible webpage, there is every chance another person is going to access it at some point. And whether they're using GET or HEAD, it's nothing more than any search engines do.
And as someone else said, if you are really that bothered about it, don't share it over a public network.