China listening in on Skype - Microsoft assumes you approve

With 250 million monthly connected users, Skype is one of the most popular services for making phone calls as well as chatting over the Internet. If you have friends, family or business contacts abroad, chances are you are using Skype to keep in contact. Having said that, you are probably not aware that all your phone calls and text chats can be monitored by the censorship authorities in China. And if you are aware, chances are that you do not consent to such surveillence. Microsoft, however, assumes that you do consent, as expressed in their Privacy Policy:

Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure.

From the SKYPE PRIVACY POLICY.

Known for years - yet most Skype users are unaware

The fact that Skype is collaborating with Tom Online and operating under "local laws and regulation" for the China market has been known for years. For example, Human Rights Watch got the following response from Skype in 2006, when inquiring about their partnership with Tom:

Skype works hard to comply with all applicable local laws and regulations in countries where we do business. China is no exception. In China, we have a joint venture with TOM Online in which TOM is the majority shareholder. The JV offers a co-branded version of the Skype software called TOM-Skype. To comply with the government regulation, TOM Online is obliged to use a text filter in TOM-Skype. If a message is found to be unsuitable for delivery because of specific text, the message is simply not transmitted between the users. This is an automated process and operates solely on text chats. Voice communications is not a part of this process.

From Appendix XI: Letter from Human Rights Watch to Skype and Skype's response.

Skype's claim that "this is an automated process and operates solely on text chats" is unlikely to be true. Tom Online is a Chinese company operating under local laws and regulation. If the authorities make a request for communication data for a given user they have to comply. To comply, they have to store the data. We can assume that all communication data - including both text and voice - passing through Tom's servers is saved and made available to authorities upon request. This of course also applies to other services based in China such as Sina Weibo and Tencent WeChat (微信). Skype and Microsoft, being foreign brands, are often perceived to be more trustworthy when it comes to privacy. In this case, Skype and Microsoft fail the people that trust them.

In 2008, Information Warfare Monitor and ONI Asia published An analysis of surveillance and security practices on China’s TOM-Skype platform. Their major findings were:

  • The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.
  • These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.
  • The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.
  • Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

While these conditions have been known for years, most Skype users are probably not aware of the differences between Tom Skype and the regular Skype. Many are running Tom Skype on their computers thinking that it's the regular Skype and trusting Microsoft to deal with their call and chat data confidentially.

Regular Skype version also vulnerable

What's worse, even if you are running the regular version of Skype, if the person you are chatting with or talking to is running the Tom version, your communication is still monitored and made available to the Chinese authorities. There is no way to know what software the other person is using. As we've established above, many are using Tom Skype unknowingly. This means that whether or not you are in China, whether or not you are using the regular version of Skype or the Tom version and whether or not you are writing something you think could be politically controversial in China, your communication data could all be stored on Chinese servers and shared with Chinese authorities.

Server tests

We have tested three versions of Skype: The regular, English version, the English version of Tom Skype and the Chinese version of Tom Skype. The following is an overview of the IP addresses that each client connected to while logging in and making a test call. All versions of Skype contact a range of servers and there is some overlap between the different clients. Servers are somewhat randomly selected but, crucially, it is clear that only the Tom versions of Skype communicate with servers located in China. The regular version of Skype, on the other hand, exclusively communicates with servers located outside of China.

IP Country Skype English Tom Skype English Tom Skype Chinese
212.8.166.36 Belgium - -
110.81.238.33 China -
117.25.148.250 China - -
117.79.81.133 China - -
180.149.134.221 China - -
180.149.134.224 China - -
211.100.40.15 China - -
211.100.40.173 China -
211.100.41.100 China - -
211.100.41.18 China - -
211.100.41.32 China - -
211.100.41.62 China - -
211.100.41.63 China - -
211.100.41.76 China -
218.30.111.75 China -
218.30.66.187 China - -
218.6.12.214 China -
218.6.20.11 China - -
219.232.255.99 China -
220.162.97.165 China -
61.160.200.197 China - -
204.9.163.184 Estonia -
204.9.163.200 Estonia - -
204.9.163.204 Estonia -
204.9.163.247 Estonia
212.187.172.78 United Kingdom - -
213.146.189.234 Ireland - -
213.146.189.237 Ireland -
213.146.189.239 Ireland - -
213.199.179.150 Ireland - -
239.255.255.250 Ireland
93.46.8.89 Italy - -
193.95.154.38 Luxembourg - -
78.141.179.11 Luxembourg - -
78.141.179.16 Luxembourg - -
91.190.216.24 Luxembourg - -
91.190.216.25 Luxembourg - -
91.190.216.53 Luxembourg - -
111.221.77.154 Singapore - -
149.13.32.15 US - -
149.13.32.246 US - -
149.13.32.251 US - -
157.55.56.150 US - -
157.56.52.29 US - -
184.25.105.161 US - -
184.26.82.161 US - -
184.87.201.195 US - -
207.46.70.164 US - -
207.46.70.208 US -
207.46.70.225 US - -
23.10.143.139 US -
64.4.21.39 US - -
64.4.34.81 US - -
64.4.45.58 US - -
64.4.61.152 US - -
64.4.61.205 US - -
64.4.9.158 US -
65.54.165.64 US - -
65.55.239.146 US - -
69.171.234.37 US - -
69.31.119.171 US - -
74.125.128.95 US -

How to tell the difference with Tom

Downloading

To download Skype, you'd probably enter www.skype.com in your browser and look for a download link. If you are in China, however, when you go to www.skype.com, you are automatically redirected to http://skype.tom.com. Skype does not ask if you want to be redirected. They also do not inform you of the difference between the regular Skype and the Tom Online version. The websites look very similar. Skype and Microsoft are actively misleading users into thinking that they are using the regular version of Skype.

Regular Skype Tom Skype (English) Tom Skype (Chinese)

Installing

The English version of Tom Skype looks exactly the same as the regular version while installing. The Chinese version is based on an earlier version of Skype and looks somewhat different. (Click on any screenshot to see the full version.)

Regular Skype Tom Skype (English) Tom Skype (Chinese)

Logging in

The login screens are very similar, misleading users to think that they are using the regular version of Skype.

Regular Skype Tom Skype (English) Tom Skype (Chinese)

About

If you click to the About window in the Skype client, you can find out if you are running the Tom Online version of Skype or not. If you are, then your communication is passing through Chinese servers and made available to authorities upon request.

Regular Skype Tom Skype (English) Tom Skype (Chinese)

How to get the real Skype in China

The regular version of Skype is not blocked in China, but downloading the client is made difficult by Skype and Microsoft. Whenever you try to go to www.skype.com they redirect you to skype.tom.com. One solution is to use a VPN or other circumvention tool when downloading Skype. That way you can avoid the automatic redirection to tom.skype.com.

Without a VPN, you can currently download the regular version of Skype in China by going to their beta website: http://beta.skype.com. On this site, they don't force users to redirect to Tom Skype.

Another solution is to download the client from a third-party website such as Yahoo. They in turn currently redirect you to the following download link on download.skype.com which seems to work fine in China: SkypeSetupFull.exe.

This assumes that you are using Windows. If you are on a Mac, you can get the real version of Skype from Softonic. If you are on Linux, here's a direct download link.

For an additional layer of security, you can connect to your VPN before using Skype. If you are using a proxy and want to force Skype to use the proxy, the best way is to run local firewall software and block all direct outgoing traffic from Skype.

Remember that if the person at the other end is using Tom Skype then your communication is still monitored by Tom. You can ask the person you are talking to to verify what version they are running by opening the About window in their Skype client (see comparison of screenshots above).

Deception

By redirecting Chinese users to Tom Skype without notice, Microsoft is actively misleading users to think that they are downloading the real Skype client. By blocking Chinese users from downloading the real Skype, Microsoft is actively making it more difficult for Chinese users to circumvent surveillance. By offering two versions of the Skype client that look almost identical but have vastly different implications on privacy, Microsoft is misleading users to trust their product. By not notifying users that the user at the other end is using the Tom Online version of Skype, Microsoft is making Skype conversations from around the world available to Chinese authorities, assuming that their users agree.

This is a privacy scandal that has been going on for years. Microsoft should at the very least make the differences between the Skype clients clear, allow Chinese users the option to download the real client, notify Skype users if the user at the other end is using the Tom Online version of Skype and apologize to all Skype users for having potentially shared all their private information with Chinese authorities.

If you know any employees at Microsoft, please let them know how you feel about this. And please help us spread awareness of this problem by sharing this story on social media etc.

Skype to replace Messenger

Microsoft recently announced that Windows Live Messenger [Is] To Be Retired, Users [Will Be] Transitioned To Skype. However, "Windows Live Messenger will live on in China, with no announced termination date for the service there". This may be because Microsoft isn't happy with their collaboration with Tom. According to reports in July, TOM may lose Skype rights in China. Whether Microsoft continues one or both of the Skype and Messenger clients, and whether they collaborate with local ventures or not, we hope that they will come clean concerning surveillance of their users and sharing of private data with Chinese authorities.

Alternatives to Skype

You may conclude that Skype simply isn't trustworthy, whether or not you are using the Tom Online version. One alternative is to use Google Talk, though its service is unstable in China (unless you are on a VPN). Are there other good alternatives? Feel free to comment.

Comments

More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Thu, Nov 30, 2017

About those 674 apps that Apple censored in China

Apple opened the door on its censorship practices in China - but just a crack.

Tue, May 23, 2017

Is China establishing cyber sovereignty in the United States?

Last week Twitter came under attack from a DDoS attack orchestrated by the Chinese authorities. While such attacks are not uncommon for websites like Twitter, this one proved unusual. While the Chinese authorities use the Great Firewall to block harmful content from reaching its citizens, it now uses DDoS attacks to take down content that appears on websites beyond its borders. For the Chinese authorities, it is not simply good enough to “protect” the interests of Chinese citizens at home - in their view of cyber sovereignty, any content that might harm China’s interests must be removed, regardless of where the website is located.

And so last week the Chinese authorities determined that Twitter was the target. In particular, the authorities targeted the Twitter account for Guo Wengui (https://twitter.com/KwokMiles), the rebel billionaire who is slowly leaking information about corrupt Chinese government officials via his Twitter account and through his YouTube videos. Guo appeared to ramp up his whistle-blowing efforts last week and the Chinese authorities, in turn, ramped up theirs.

via https://twitter.com/KwokMiles/status/863689935798374401

Mon, Dec 12, 2016

China is the obstacle to Google’s plan to end internet censorship

It’s been three years since Eric Schmidt proclaimed that Google would chart a course to ending online censorship within ten years. Now is a great time to check on Google’s progress, reassess the landscape, benchmark Google’s efforts against others who share the same goal, postulate on the China strategy and offer suggestions on how they might effectively move forward.

flowers on google china plaque

Flowers left outside Google China’s headquarters after its announcement it might leave the country in 2010. Photo: Wikicommons.

What has Google accomplished since November 2013?

The first thing they have accomplished is an entire rebranding of both Google (now Alphabet) and Google Ideas (now Jigsaw). Throughout this blog post, reference is made to both new and old company names.

Google has started to develop two main tools which they believe can help in the fight against censorship. Jigsaw’s DDoS protection service, Project Shield, is effectively preventing censorship-inspired DDoS attacks and recently helped to repel an attack on Brian Krebs’ blog. The service is similar to other anti-DDoS services developed by internet freedom champions and for-profit services like Cloudflare.

Thu, Nov 24, 2016

Facebook: Please, not like this

Facebook is considering launching a censorship tool that would enable the world’s biggest social network to “enter” the China market. Sadly, nobody will be surprised by anything that Mark Zuckerberg decides to do in order to enter the China market. With such low expectations, Facebook is poised to usurp Apple as China’s favorite foreign intelligence gathering partner. If the company launches in China using this strategy they will also successfully erase any bargaining power that other media organizations may hold with the Chinese authorities.

Tue, Jul 05, 2016

GreatFire.org 现在开始测试VPN在中国的速度和稳定性

在中国有一个普遍观念,如果你有一个可以使用的VPN,那么你应该保持沉默。就信息自由而言,这种观念的问题在于获取知识竟成了一种秘密。今天,我们推出一个项目,希望能够摧毁这种模型。

我们最新的网站,翻墙中心,目的在于实时提供那些能够在中国使用的翻墙方案的信息和数据。在2011年以来我们就已经开始收集在中国被屏蔽的网站,现在我们也将增加那些可用的VPN和其他翻墙工具。

我们发布翻墙中心主要有四个目的。

我们的首要目标是助长使用翻墙工具的国人的数量。通过分享我们这些工具的信息和数据,我们希望对更广泛的受众展示那些工具时可以使用的。

我们的第二个目标是通过带来工具性能的透明化来提升中国用户的翻墙体验。我们将会测试工具的速度(流行网站的加载速度)和稳定性(流行网站加载成功的程度)。

我们开发速度测试的目的是要真实反映用户的体验。当用户在网站测速时,浏览器在后台会从10个世界上最流行的网站上下载一些资源文件。根据Alexa排名,这些网站分别是Google, Facebook, YouTube, Baidu, Amazon, Yahoo, Wikipedia, QQ, Twitter and Microsoft Live。速度的结果是简单的计算下载文件文件的大小和下载所需的时间。我们同样也会验证下载的文件是否完整。如果文件的内容是错误的或者在40秒内无法完成下载,我们会标记为失败。这个数据被我们用来生成另一个重要指标-稳定性。

其他的速度测试工具仅仅是通过发送数据到它们自己的服务器来测量上传和下载的速度。这种数据无法反应用户的体验,因为正常的浏览器通常会频繁的发送一系列的请求(而不是上传或下载一个大文件)到许多的服务器,而不止是一个。

我们的第二个指标 - 稳定性 - 是其他的服务通常不会测试的。一个健康的互联网连接应该达到100%的稳定性,除非有人在测试中把网线拔了。但是在中国使用翻墙工具却不是这样。任何时候连接都有可能变得不稳定或十分缓慢。根据请求的大小,最终的地点和代理的方式,一些请求有可能会失败。比较服务的稳定性要比比较速度更加重要。

你可以测试任意的翻墙工具,列表之外的也可以。中国的VPN用户也可以测试他们的工具,测试结果也会添加到数据库中。这些数据都将会对所有人开放。实时的在中国测试是非常重要的,因为VPN随时都可能被封锁或解封。我们欢迎任何的关于测试过程的反馈。有技术能力的用户也可以通过审查我们的javascript代码来获悉我们的测试是如何工作的。

我们郑重的邀请翻墙工具的开发者们向我们提供测试过程的反馈。我们的第三个目标是帮助这些开发人员改进他们的产品,让更多的选择适用于中国的顾客。此外,越多的工具可以工作,就意味着中国当局对翻墙的打击就会越难。

中国的用户都知道,在过去的18个月中当局加紧了对翻墙工具的攻击。而翻墙中心将会吹响反击的号角。反其道而行之,让这不再成为秘密。我们要鼓励人们分享翻墙工具可以工作的信息。

我们的第四个目标就是要为GreatFire.org创造收益。目前GreatFire仍然依靠世界各地的热心人士和组织的捐款。我们希望减少对这些机构的依赖,并探寻GreatFire.org自给自足的道路。用户只需到翻墙中心就能购买任意一款我们目前在测试的付费工具。GreatFire将作为这些工具在中国的经销商,因此VPN供应商会给予我们每个零售的一部分。用户也不必在中国购买这些翻墙服务。

Subscribe to our blog using RSS.

Comments

Thanks For Sharing.

PC Games

Great Article. Really impressive.

Tech News

http://www.laborday2015usa.com
I have never seen this type of article

International City Gurgaon offering luxury villas in Gurgaon. International City is located just off Dwarka Expressway Gurgaon.
http://www.internationalcity.in/presidential-luxury-villas-in-gurgaon

thanks for article and status www.mothersday-2014.org

Hey! thanks for sharing this article. I am planning to collaborate with you to work on my site .Thanks again

Hey thanks for sharing this and covering everuthing in detail.
http://www.printablecalendardownload.net
http://www.whatsappstatus143.net

Happy New Year Images, Wallpapers, Wishes, Poems, Status, Covers, Pictures
http://www.thehappynewyear2016images.com/

hello hello hello hello helo helo sfdjalksfalsnflasnflasjflaksjfjaslkjfaskfdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddsssssssssssssssssssssssssssssssssssssssssssssssssss

Thanks for sharing this information.
http://www.feliznavidad-anonuevo2016.com/

So far Windows 10 has received positive response from technical groups and it is not official released by Microsoft. However they have released a preview version. You can easily Download and Windows 10 Upgrade or Windows 10 free download full version for free of cost and get concept of how this product will work.

http://techviral.com/windows-10/

I’m also excited to install this on your new system.

Thank you for sharing of information, I am very pleased with the content of your article is very useful and I wait for the next article to update the information again.http://obatmaag.bestagaric.com/

In this site we will provide you about the fitoor box office collection as well as all the details like release date, trailer, poster, first look

Airlift Movie | Torrent Download | Akshay Kumar | 2016

Airlift 2016 an Indian war thriller film starring Akshay Kumar and Nimrat Kaur in lead roles. The film is directed by Raja Krishna Menon. The film is based on world's biggest civil evacuation in 1990, Iraq invades Kuwait, leaving approx 1,70,000 Indians trapped. This is a true story of how Ranjit Katyal and India facilitate the largest human evacuation. The film is scheduled for release on 22 January 2016. People have been searching for Airlift Torrent and it’s download links all over the internet so we thought that we might as well help such people by providing relevant and official download links for Airlift Torrent downloads.

I hope ICC t20 World Cup 2016 becomes one of the best tournament of the world and it brings so much of entertainment. People will love to get live score, live streaming, etc..
ICC World T20 2016 Live Streaming and live score is very important for all of you.
t20 World Cup Live.

Info untuk menyembuhkan sakit maag dengan http://obatmaag.bestagaric.com/

Great tips and very easy to understand. This will definitely be very useful for me when I get a chance to start my blog.
http://www.sscresults-2016.com/
This post is very simple to read and appreciate without leaving any details out. Great work!

thanks for this article... I'm gonna to share with my friends...
maru bharat

good article
IPL Live

Hmm... great article nice sharing
http://www.iplt20liveonline.com/

Hmm... great article nice sharing
http://www.marubharat.com/

Clash Royale Free Gems & Gold – No Download!
http://clashroyalegenerator.hack-trick.com

Learn English and Russian online in Skype! lingvoclass.c o m

This Trick Is Very Helpful If You Are Searching For Whatsapp For PC. One of the constraints of Whatsapp is that you can just use it on your phone. On the off chance that you are not convey your phone, you're stuck without Whatsapp.
http://www.azbirthdaycollections.com/
http://www.coloringpages-biographies.com/

Love to see this infor here
This Trick Is Very Helpful If You Are Searching For Whatsapp For PC. One of the constraints of Whatsapp is that you can just use it on your phone.

http://www.whatsappstutusjgm.com/
http://jandhanyojnascheme.com/

Your posts really great. Every one is indetailed and clear understanding. You are awesome.

Thank You

It is actually a nice and helpful piece of information.very deeply described.thanks.....
Happy new year 2017

thanks for your nice post
http://goo.gl/jR6Dj7

Very nice post mate. You have explained everything in very deep. Your post is simple to read and easy to learn. Very nice. You can also check
new year 2017

Dangal Box Office Collection
http://www.dangalboxofficecollection.org

Merry Christmas 2016 Wallpaper
http://www.merrychristmaswallpaper.com/

for all types templates visit at
Templates

Nice article
Watch full episod of The voice 2017
The voice 2017

For Technology
Tricomputo

For Gadget Review
fabulous Gadget

IPL news
IPL Season 10

thaks for share!!
https://tricomputo.com/

thanks sharing

http://www.otomags.com/

to relieve cough is not only just but also can cure. In addition to overcome cough, red ginger can also be overcome strep throat. The nature of this warm red ginger that can help cure a cough and sore throat.

Thanks for sharing this valuable information to our vision. You have posted a trust worthy blog keep sharing.

Jelly Gamat QnC

Pages

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.