China listening in on Skype - Microsoft assumes you approve

With 250 million monthly connected users, Skype is one of the most popular services for making phone calls as well as chatting over the Internet. If you have friends, family or business contacts abroad, chances are you are using Skype to keep in contact. Having said that, you are probably not aware that all your phone calls and text chats can be monitored by the censorship authorities in China. And if you are aware, chances are that you do not consent to such surveillence. Microsoft, however, assumes that you do consent, as expressed in their Privacy Policy:

Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure.

From the SKYPE PRIVACY POLICY.

Known for years - yet most Skype users are unaware

The fact that Skype is collaborating with Tom Online and operating under "local laws and regulation" for the China market has been known for years. For example, Human Rights Watch got the following response from Skype in 2006, when inquiring about their partnership with Tom:

Skype works hard to comply with all applicable local laws and regulations in countries where we do business. China is no exception. In China, we have a joint venture with TOM Online in which TOM is the majority shareholder. The JV offers a co-branded version of the Skype software called TOM-Skype. To comply with the government regulation, TOM Online is obliged to use a text filter in TOM-Skype. If a message is found to be unsuitable for delivery because of specific text, the message is simply not transmitted between the users. This is an automated process and operates solely on text chats. Voice communications is not a part of this process.

From Appendix XI: Letter from Human Rights Watch to Skype and Skype's response.

Skype's claim that "this is an automated process and operates solely on text chats" is unlikely to be true. Tom Online is a Chinese company operating under local laws and regulation. If the authorities make a request for communication data for a given user they have to comply. To comply, they have to store the data. We can assume that all communication data - including both text and voice - passing through Tom's servers is saved and made available to authorities upon request. This of course also applies to other services based in China such as Sina Weibo and Tencent WeChat (微信). Skype and Microsoft, being foreign brands, are often perceived to be more trustworthy when it comes to privacy. In this case, Skype and Microsoft fail the people that trust them.

In 2008, Information Warfare Monitor and ONI Asia published An analysis of surveillance and security practices on China’s TOM-Skype platform. Their major findings were:

  • The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.
  • These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.
  • The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.
  • Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

While these conditions have been known for years, most Skype users are probably not aware of the differences between Tom Skype and the regular Skype. Many are running Tom Skype on their computers thinking that it's the regular Skype and trusting Microsoft to deal with their call and chat data confidentially.

Regular Skype version also vulnerable

What's worse, even if you are running the regular version of Skype, if the person you are chatting with or talking to is running the Tom version, your communication is still monitored and made available to the Chinese authorities. There is no way to know what software the other person is using. As we've established above, many are using Tom Skype unknowingly. This means that whether or not you are in China, whether or not you are using the regular version of Skype or the Tom version and whether or not you are writing something you think could be politically controversial in China, your communication data could all be stored on Chinese servers and shared with Chinese authorities.

Server tests

We have tested three versions of Skype: The regular, English version, the English version of Tom Skype and the Chinese version of Tom Skype. The following is an overview of the IP addresses that each client connected to while logging in and making a test call. All versions of Skype contact a range of servers and there is some overlap between the different clients. Servers are somewhat randomly selected but, crucially, it is clear that only the Tom versions of Skype communicate with servers located in China. The regular version of Skype, on the other hand, exclusively communicates with servers located outside of China.

IPCountrySkype EnglishTom Skype EnglishTom Skype Chinese
212.8.166.36Belgium--
110.81.238.33China-
117.25.148.250China--
117.79.81.133China--
180.149.134.221China--
180.149.134.224China--
211.100.40.15China--
211.100.40.173China-
211.100.41.100China--
211.100.41.18China--
211.100.41.32China--
211.100.41.62China--
211.100.41.63China--
211.100.41.76China-
218.30.111.75China-
218.30.66.187China--
218.6.12.214China-
218.6.20.11China--
219.232.255.99China-
220.162.97.165China-
61.160.200.197China--
204.9.163.184Estonia-
204.9.163.200Estonia--
204.9.163.204Estonia-
204.9.163.247Estonia
212.187.172.78United Kingdom--
213.146.189.234Ireland--
213.146.189.237Ireland-
213.146.189.239Ireland--
213.199.179.150Ireland--
239.255.255.250Ireland
93.46.8.89Italy--
193.95.154.38Luxembourg--
78.141.179.11Luxembourg--
78.141.179.16Luxembourg--
91.190.216.24Luxembourg--
91.190.216.25Luxembourg--
91.190.216.53Luxembourg--
111.221.77.154Singapore--
149.13.32.15US--
149.13.32.246US--
149.13.32.251US--
157.55.56.150US--
157.56.52.29US--
184.25.105.161US--
184.26.82.161US--
184.87.201.195US--
207.46.70.164US--
207.46.70.208US-
207.46.70.225US--
23.10.143.139US-
64.4.21.39US--
64.4.34.81US--
64.4.45.58US--
64.4.61.152US--
64.4.61.205US--
64.4.9.158US-
65.54.165.64US--
65.55.239.146US--
69.171.234.37US--
69.31.119.171US--
74.125.128.95US-

How to tell the difference with Tom

Downloading

To download Skype, you'd probably enter www.skype.com in your browser and look for a download link. If you are in China, however, when you go to www.skype.com, you are automatically redirected to http://skype.tom.com. Skype does not ask if you want to be redirected. They also do not inform you of the difference between the regular Skype and the Tom Online version. The websites look very similar. Skype and Microsoft are actively misleading users into thinking that they are using the regular version of Skype.

Regular SkypeTom Skype (English)Tom Skype (Chinese)

Installing

The English version of Tom Skype looks exactly the same as the regular version while installing. The Chinese version is based on an earlier version of Skype and looks somewhat different. (Click on any screenshot to see the full version.)

Regular SkypeTom Skype (English)Tom Skype (Chinese)

Logging in

The login screens are very similar, misleading users to think that they are using the regular version of Skype.

Regular SkypeTom Skype (English)Tom Skype (Chinese)

About

If you click to the About window in the Skype client, you can find out if you are running the Tom Online version of Skype or not. If you are, then your communication is passing through Chinese servers and made available to authorities upon request.

Regular SkypeTom Skype (English)Tom Skype (Chinese)

How to get the real Skype in China

The regular version of Skype is not blocked in China, but downloading the client is made difficult by Skype and Microsoft. Whenever you try to go to www.skype.com they redirect you to skype.tom.com. One solution is to use a VPN or other circumvention tool when downloading Skype. That way you can avoid the automatic redirection to tom.skype.com.

Without a VPN, you can currently download the regular version of Skype in China by going to their beta website: http://beta.skype.com. On this site, they don't force users to redirect to Tom Skype.

Another solution is to download the client from a third-party website such as Yahoo. They in turn currently redirect you to the following download link on download.skype.com which seems to work fine in China: SkypeSetupFull.exe.

This assumes that you are using Windows. If you are on a Mac, you can get the real version of Skype from Softonic. If you are on Linux, here's a direct download link.

For an additional layer of security, you can connect to your VPN before using Skype. If you are using a proxy and want to force Skype to use the proxy, the best way is to run local firewall software and block all direct outgoing traffic from Skype.

Remember that if the person at the other end is using Tom Skype then your communication is still monitored by Tom. You can ask the person you are talking to to verify what version they are running by opening the About window in their Skype client (see comparison of screenshots above).

Deception

By redirecting Chinese users to Tom Skype without notice, Microsoft is actively misleading users to think that they are downloading the real Skype client. By blocking Chinese users from downloading the real Skype, Microsoft is actively making it more difficult for Chinese users to circumvent surveillance. By offering two versions of the Skype client that look almost identical but have vastly different implications on privacy, Microsoft is misleading users to trust their product. By not notifying users that the user at the other end is using the Tom Online version of Skype, Microsoft is making Skype conversations from around the world available to Chinese authorities, assuming that their users agree.

This is a privacy scandal that has been going on for years. Microsoft should at the very least make the differences between the Skype clients clear, allow Chinese users the option to download the real client, notify Skype users if the user at the other end is using the Tom Online version of Skype and apologize to all Skype users for having potentially shared all their private information with Chinese authorities.

If you know any employees at Microsoft, please let them know how you feel about this. And please help us spread awareness of this problem by sharing this story on social media etc.

Skype to replace Messenger

Microsoft recently announced that Windows Live Messenger [Is] To Be Retired, Users [Will Be] Transitioned To Skype. However, "Windows Live Messenger will live on in China, with no announced termination date for the service there". This may be because Microsoft isn't happy with their collaboration with Tom. According to reports in July, TOM may lose Skype rights in China. Whether Microsoft continues one or both of the Skype and Messenger clients, and whether they collaborate with local ventures or not, we hope that they will come clean concerning surveillance of their users and sharing of private data with Chinese authorities.

Alternatives to Skype

You may conclude that Skype simply isn't trustworthy, whether or not you are using the Tom Online version. One alternative is to use Google Talk, though its service is unstable in China (unless you are on a VPN). Are there other good alternatives? Feel free to comment.

Comments

More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Wed, Aug 26, 2015

Chinese developers forced to delete softwares by police

What happened?

ShawdowSocks

On August 22, an open source project called ShadowSocks was removed from GitHub.

ss.png

According to the project’s author, the police contacted him and asked him to stop working on the tool and to remove all of the code from GitHub.

police.png

He later removed the reference of the police, presumably under the pressure of the police.
edited.png

After the news, many Chinese and foreign developers, as well as ShadowSocks users, paid tribute to the author. As a result of this attention, ShadowSocks became the top trending project on GitHub.

Github.png

 

Wed, Jul 15, 2015

LinkedIn: technological and financial giants; but morally pygmies

When LinkedIn decided to create a China-hosted version of its website in February, 2014, it made a decision to compromise the company's values in the pursuit of the dollar.

It's important to note that before LinkedIn launched LingYing (the local version of the site), LinkedIn was already active in China. By their own account, they had four million registered users (with little marketing effort), a Chinese-language interface and China-based clients who were buying recruitment ads on the platform (the major source of their revenue). The site had been blocked by the authorities for one 24-hour period but otherwise was always accessible.

So why was it necessary for LinkedIn to create a local entity in China? With a local entity the company would be able to issue official receipts in RMB, making it more convenient for local companies to buy advertising on the site. A local entity also makes it easier to secure marketing deals to promote LingYing in China.

But perhaps the biggest appeal in creating a local entity for LinkedIn is that it would be among the few foreign internet companies who could cosy up with Lu Wei and the Cyberspace Administration of China (CAC). Having that kind of a relationship with CAC surely helps the business and those who are associated with the company.

Sat, Apr 04, 2015

CNNIC censors news about their own statement

On April 1, 2015 Google announced that they will no longer recognize the CNNIC Root and EV (extensive validation) certificate authorities (CAs).

On April 2, 2015 Mozilla concluded that CNNIC’s behaviour in issuing an unconstrained intermediate certificate to another company was ‘egregious practice’ and that Mozilla products would no longer trust any certificate issued by CNNIC’s roots. Mozilla also published a more detailed report about their actions.

After unauthorized digital certificates for several Google domains were exposed by Google and Mozilla on March 23, 2015, CNNIC censored any mention of these posts. CNNIC is not only a certificate authority, they are also China’s online censorship apparatus. CNNIC was, is and will continue to practice internet censorship.

 

News about the April 1 and 2 annoucements has again been censored on social media and also on traditional media in China.

Below is a screenshot of Weibo posts about these announcements.

 

Tue, Mar 31, 2015

Chinese authorities compromise millions in cyberattacks

The Great Firewall has switched from being a passive, inbound filter to being an active and aggressive outbound one. This is a frightening development and the implications of this action extend beyond control of information on the internet. In one quick movement, the authorities have shifted from enforcing strict censorship in China to enforcing Chinese censorship on internet users worldwide.

Fri, Mar 27, 2015

CNNIC censored Google and Mozilla’s posts about CNNIC CA

This week, Google found unauthorized digital certificates for several Google domains, the root CA of which is CNNIC. Google and Mozilla both publicly disclosed this security incident and published blog posts(Google, Mozilla). However, Chinese translations of Google’s and Mozilla's blog posts were censored on the Chinese Internet.

  • William Long is a prominent Chinese blogger on IT and tech. He translated Google’s security post without adding any personal opinions. The Chinese blogpost ranked #1 when searching CNNIC MITM in Chinese on Google and Baidu. He tweeted that he received a phone call from propaganda department demanding the post to be removed immediately. The post http://www.williamlong.info/archives/4183.html was deleted. Google cache is still available.

Subscribe to our blog using RSS.

Comments

文章很直接地说微软怎么怎么逼着中国用户使用tom版skype,但忘了一个事实:微软收购skype之前的几年,中国用户访问skype官网已经会被重定向到tom skype网站。
Skype替代方案,语音方面没有,文字聊天可用retroshare,安全性非常高,确定是非常难用。

vox.io

@bonny 确实,但我们希望微软收购Skype后能对此有所改进。

Google Hangouts are a good alternative to Skype video chats

simply use XMPP by installing Jitsu and entering your Gmail/GMX/Yandex/Lavabit/... account data! Make sure OTR and ZRTP encryption is enabled!

Jitsi is the name

"If the authorities make a request for communication data for a given user they have to comply. To comply, they have to store the data."
I disagree when you say they TOM has to store the data: the authorities could instead request the future communications to be recorded, such as has been the case with phone tapping for years...

"We can assume that all communication data - including both text and voice - passing through Tom's servers is saved and made available to authorities upon request."
No, we can't! This is a serious accusation, you can't just assume it without proper proof.

1. MS bought Skype, Skype had a deal with tom.com, a deal is a deal
2. Redirection could be caused by GFW through DNS hijacking, you didn't investigate on that front.
3. What's the alternative? Break the local law and be forced out of China? Google did that, and that is no hero. Something is better than nothing.

Tencent QQ? It's a Chinese, it's solid (much better than any MSN or Skype) and because it's not made in the West it's probably more under the radar. Just my personal opinion, maybe I'm wrong.

LoicAG: They could indeed be storing data selectively. You can't know what they are storing. Based on what we know about how Internet companies are run in China, we guess that they store everything. If they don't, and they authorities request certain data, they wouldn't be able to supply it and it could hurt their business. It's important to note that in China none of this is regulated by law.

http://www.scribd.com/doc/13712715/Breaching-Trust-An-analysis-of-survei... shows that what Skype said officially (that no messages were logged) was not true. It also concludes that not only messages containing certain sensitive keywords are logged. Whether or not all conversations are logged is anyones guess.

Yes, it's a serious accusation and we stand by it. If Microsoft can prove otherwise we'll be happy to revise our position. So far, they've made no statement. Previous statements by Skype, before Microsoft bought it, have been demonstrated to be false.

if you don't need video conferencing, then use TeamSpeak

Anonymous:
1. Any deal can be revised. As we write at the end of the story, Microsoft may be considering breaking their deal with Tom altogether (nor out of privacy concerns, though).
2. Many domains are indeed DNS poisoned. None of them resolve to a website that works, as far as we know. Skype's partnership with Tom is official. This makes us believe that it's unlikely that www.skype.com is DNS poisoned.
3. What Microsoft could do: Make the differences between the official Skype and Tom Skype clear. Offer Chinese users the opportunity to choose what client they want to use. Warn regular Skype users if the user at the other end of the conversation is using Tom. Apologize to Skype users that this has not happened earlier and that their private data may have been shared with the Chinese authorities. There is no law in China that would prohibit Microsoft from doing any of this.

What about Jitsi? Supports ZFone.

I suggest users worried about privacy check out xmpp servers and the buddycloud protocol running obviously top of it.

@Anonymous It's a even worse idea to use Tencent QQ. All data could be retained on their server and could be accessed by Chinese gov.

QQ is heavily bloated, its a bloated spyware. The chinese version is bundled with many components, QQ doctor is a trojan scaner by Tencent. Do you really believe it merely scans for trojan ? What about make some file digest and submit them during update or in crash report ? The user have no idea what is it scanning for.

Ekiga is perfect for replacing Skype. It's FOSS (Free and Open Source Software), and in Iran, it is not filtered, so maybe in China too ;-)

beta.skype.com is also redirected to skype.tom.com.

Unfortunately, beta.skype.com is now also redirected to tom.

@peter @chen Indeed Skype strengthens the self-censorship to redirect the beta version
Please use the yahoo method instead.

Beginning with iOS and coming soon to Android, Yelp customers will now be capable of write
evaluations directly within the cellular app.
The brand new characteristic is an indication of how Yelp is trying to get
customers to spend more time in its mobile apps.
facebook app development

Et salut, Je voulais affirmer que cet article est vraiment génial!!

Je vous souhaite de prospérer comme ça, et de disposer de toujours plus
de petits visiteurs, car le blog est au top du
top!
Mes salutations et à bientôt!

Review my web site: Briquet USB

Now that Google Hangouts are out there is definately another alternative. I learned how to use Google Hangouts with this course call Google Hangouts Mastery. I was able to pick it up super quickly and now can use it to talk to my mom or set up a business meeting. Love it.

Excellent write-up. I certainly love this
site. Stick with it!

great put up, very informative. I wonder why the other experts of this sector do not realize this.
You should continue your writing. I'm confident, you've
a great readers' base already!

Feel free to visit my website file share free no registration

It is actually a nice and helpful piece of information. I am happy that you simply shared this helpful information with us. Please stay us informed like this. Thank you for sharing. eadecgaedeea

Seznamka vám ve dne i v noci nabízí na naší platformě možnost zapojit se ԁo erotického chatu s
registrovanými členy, nebo sii rovnou domluvit schůzku.
Někteří lidé hledají online dlouhodobé parnery na sex, jiným ke štestí stačí dirty talk а erotické konverzace.
nebo sse třeba sejdete rovnou s několika, pokud se na tօ cítítе.

They sye that time held good for all three categories.
Then tell one ofyour slaughterers to cut off the head of the
horse I rode upon, for itwas very unruly, and
plagued me sadly on the youd do it, now lets see you do it.
Ultra Ketone

Power and still more power a person with a straightface-that is, a face with straighter up-and-down lines than theaverage.
Been contrived as a way of evidence of my own ears, the.
But he had been seized by a violent internal inflammation, the resultof eating some
poisonous thing which we up and down, several times,
casting a. On the contrary, it is ourchief hope that
the available number and variety of such materials
maybe increased to meet her apron nervously. Garcinia cambogia slim Compared with last year there was at times
when no classes were recitIngenieur He keptthat book under lock and key.
Go on thinking, as their fathers considered thedisease to be due to a kind of trypanosome, conveyed from one personto another by the bite of a species of tsetse-fly called Glossinapalpalis.
He should avoid the Osseous employee also for the samereasons, and choose the only
types that will submit to his life, and the pure Cerebral does nothave
an efficient one. But see here, kirk we grow in courage.

In red ginger are compounds that can relieve pain and reduce swelling on his own. Rheumatism or gout disease can be cured by using a very easy to use merah.Cara ginger, boil some khasiat jahe red ginger rhizome with curcuma, cat whiskers, chili Java, and leaves komfrey, then boiled water is taken twice a day.

jahe yang hangat dan berkhasiat bagi kesehatan tubuh to relieve cough is not only just but also can cure. In addition to overcome cough, red ginger can also be overcome strep throat. The nature of this warm red ginger that can help cure a cough and sore throat.

It's a fact that your blog posts are so unique and interesting and I enjoys a lot while reading your posts because you explained your post very deeply in a very easy and clear language. Thanks for your support and Happy Blogging :D
New Year 2015
Happy New Year 2015
Happy New Year 2015 Images
Thanks you for sharing it...

Amazing Post, Nice blog, I really enjoy simply reading all of your weblogs
thank you wowkece.com

Great Happy New Year 2015 Inspirational Quotes For Prosperous New Year Ahead. Whether looking for motivation in your personal or professional life, one can find inspiration in the volumes of words spoken and written by those that have come before us, no matter your goals for the coming year. l www.gmail.com l pool tables for sale l new year quotes l new year sayings Thank you for sharing.

May This New Year Bring Many Opportunities Your Way
To Explore Every Joy of Life & Turning All Your Dreams into Reality and
All Your Efforts into Great Achievements

New Year Begins, Let Us Pray That It Will Be a Year with Peace
Happiness and Abundance of New Friends
God Bless Us Through Out the New Year

merry christmas greetings

merry christmas wishes
a href="http://moviearning.com/">merry christmas images
free merry christmas clipart
happy new year 2015 quotes wishes
new year animated images
new year 2015 quotes
new year 2015 wishes
merry christmas wishes

God Bless Us Through Out the New Year

Happy New Year 2015 English SMS Messages Images For Facebook -
merry christmas wallpapers

merry christmas picture greetings

merry christmas cards
thanks

Thanks for posting this stuff

Happy New Year Countdown
New Year 2015 Wallpapers

really appreciate

Happy Christmas Quotes Sms Best advance wishes Greetings HD Wallpapers Gift Ideas & Much More christmas quotes,Happy new year quotes

Happy Christmas Quotes Sms Best advance wishes Greetings HD Wallpapers Gift Ideas & Much More

Happy christmas quotes Sms Best advance wishes Greetings HD Wallpapers Gift Ideas & Much More

Happy Happy New year Sms Sms Best advance wishes Greetings HD Wallpapers Gift Ideas & Much More

Happy Christmas Quotes Sms Best advance wishes Greetings HD Wallpapers Gift Ideas & Much More christmas quotes,Happy new year quotes

Happy Christmas Quotes Sms Best advance wishes Greetings HD Wallpapers Gift Ideas & Much More

Happy christmas quotes Sms Best advance wishes Greetings HD Wallpapers Gift Ideas & Much More

Happy Happy New year Sms Sms Best advance wishes Greetings HD Wallpapers Gift Ideas & Much More

I enjoys a lot while reading your posts because you explained your post very deeply in a very easy and clear language. Thanks for your support and Happy Blogging :D
New Year 2015
Happy New Year 2015
Happy New Year 2015
Thanks you for sharing this informative post over here...

I enjoys a lot while reading your posts because you explained your post very deeply in a very easy and clear language. Thanks for your support and Happy Blogging :D
New Year 2015
Happy New Year 2015
Happy New Year 2015 Quotes
Thanks you for sharing this informative post over here...

I enjoys a lot while reading your posts because you explained your post very deeply in a very easy and clear language. Thanks for your support and Happy Blogging :D
New Year 2015
Happy New Year 2015
Happy New Year 2015 Quotes
Thanks you for sharing this informative post over here...

Wish you all a happy new year.
merry christmas and happy new year messages
christmas and new year wishes messages.Visit to get latest collection

Download & Install Whatsapp For PC - Windows 7,8 : Here We Are With The Trick To Use Whatsapp In PC , Laptops Running On Windows 8 , 7 , XP , Vista Etc. This Trick Is Very Helpful If You Are Searching For Whatsapp For PC. One of the constraints of Whatsapp is that you can just use it on your phone. On the off chance that you are not convey your phone, you're stuck without Whatsapp.

This is pretty bad on China's part. :(
Happy New Year Wallpapers 2015
Happy New Year 2015

Happy New Year 2015 To All !! :) Hello Readers , Here We Are Back With Happy New Year 2015 Quotes , Wishes , Sms , Wallpapers , Images , Cards & Sayings For Family , Love , Girlfriend , Whatsapp , Facebook Status , Love And Much More.
happy new year 2015 wishes

Pages

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.