China listening in on Skype - Microsoft assumes you approve

With 250 million monthly connected users, Skype is one of the most popular services for making phone calls as well as chatting over the Internet. If you have friends, family or business contacts abroad, chances are you are using Skype to keep in contact. Having said that, you are probably not aware that all your phone calls and text chats can be monitored by the censorship authorities in China. And if you are aware, chances are that you do not consent to such surveillence. Microsoft, however, assumes that you do consent, as expressed in their Privacy Policy:

Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure.

From the SKYPE PRIVACY POLICY.

Known for years - yet most Skype users are unaware

The fact that Skype is collaborating with Tom Online and operating under "local laws and regulation" for the China market has been known for years. For example, Human Rights Watch got the following response from Skype in 2006, when inquiring about their partnership with Tom:

Skype works hard to comply with all applicable local laws and regulations in countries where we do business. China is no exception. In China, we have a joint venture with TOM Online in which TOM is the majority shareholder. The JV offers a co-branded version of the Skype software called TOM-Skype. To comply with the government regulation, TOM Online is obliged to use a text filter in TOM-Skype. If a message is found to be unsuitable for delivery because of specific text, the message is simply not transmitted between the users. This is an automated process and operates solely on text chats. Voice communications is not a part of this process.

From Appendix XI: Letter from Human Rights Watch to Skype and Skype's response.

Skype's claim that "this is an automated process and operates solely on text chats" is unlikely to be true. Tom Online is a Chinese company operating under local laws and regulation. If the authorities make a request for communication data for a given user they have to comply. To comply, they have to store the data. We can assume that all communication data - including both text and voice - passing through Tom's servers is saved and made available to authorities upon request. This of course also applies to other services based in China such as Sina Weibo and Tencent WeChat (微信). Skype and Microsoft, being foreign brands, are often perceived to be more trustworthy when it comes to privacy. In this case, Skype and Microsoft fail the people that trust them.

In 2008, Information Warfare Monitor and ONI Asia published An analysis of surveillance and security practices on China’s TOM-Skype platform. Their major findings were:

  • The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.
  • These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.
  • The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.
  • Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

While these conditions have been known for years, most Skype users are probably not aware of the differences between Tom Skype and the regular Skype. Many are running Tom Skype on their computers thinking that it's the regular Skype and trusting Microsoft to deal with their call and chat data confidentially.

Regular Skype version also vulnerable

What's worse, even if you are running the regular version of Skype, if the person you are chatting with or talking to is running the Tom version, your communication is still monitored and made available to the Chinese authorities. There is no way to know what software the other person is using. As we've established above, many are using Tom Skype unknowingly. This means that whether or not you are in China, whether or not you are using the regular version of Skype or the Tom version and whether or not you are writing something you think could be politically controversial in China, your communication data could all be stored on Chinese servers and shared with Chinese authorities.

Server tests

We have tested three versions of Skype: The regular, English version, the English version of Tom Skype and the Chinese version of Tom Skype. The following is an overview of the IP addresses that each client connected to while logging in and making a test call. All versions of Skype contact a range of servers and there is some overlap between the different clients. Servers are somewhat randomly selected but, crucially, it is clear that only the Tom versions of Skype communicate with servers located in China. The regular version of Skype, on the other hand, exclusively communicates with servers located outside of China.

IP Country Skype English Tom Skype English Tom Skype Chinese
212.8.166.36 Belgium - -
110.81.238.33 China -
117.25.148.250 China - -
117.79.81.133 China - -
180.149.134.221 China - -
180.149.134.224 China - -
211.100.40.15 China - -
211.100.40.173 China -
211.100.41.100 China - -
211.100.41.18 China - -
211.100.41.32 China - -
211.100.41.62 China - -
211.100.41.63 China - -
211.100.41.76 China -
218.30.111.75 China -
218.30.66.187 China - -
218.6.12.214 China -
218.6.20.11 China - -
219.232.255.99 China -
220.162.97.165 China -
61.160.200.197 China - -
204.9.163.184 Estonia -
204.9.163.200 Estonia - -
204.9.163.204 Estonia -
204.9.163.247 Estonia
212.187.172.78 United Kingdom - -
213.146.189.234 Ireland - -
213.146.189.237 Ireland -
213.146.189.239 Ireland - -
213.199.179.150 Ireland - -
239.255.255.250 Ireland
93.46.8.89 Italy - -
193.95.154.38 Luxembourg - -
78.141.179.11 Luxembourg - -
78.141.179.16 Luxembourg - -
91.190.216.24 Luxembourg - -
91.190.216.25 Luxembourg - -
91.190.216.53 Luxembourg - -
111.221.77.154 Singapore - -
149.13.32.15 US - -
149.13.32.246 US - -
149.13.32.251 US - -
157.55.56.150 US - -
157.56.52.29 US - -
184.25.105.161 US - -
184.26.82.161 US - -
184.87.201.195 US - -
207.46.70.164 US - -
207.46.70.208 US -
207.46.70.225 US - -
23.10.143.139 US -
64.4.21.39 US - -
64.4.34.81 US - -
64.4.45.58 US - -
64.4.61.152 US - -
64.4.61.205 US - -
64.4.9.158 US -
65.54.165.64 US - -
65.55.239.146 US - -
69.171.234.37 US - -
69.31.119.171 US - -
74.125.128.95 US -

How to tell the difference with Tom

Downloading

To download Skype, you'd probably enter www.skype.com in your browser and look for a download link. If you are in China, however, when you go to www.skype.com, you are automatically redirected to http://skype.tom.com. Skype does not ask if you want to be redirected. They also do not inform you of the difference between the regular Skype and the Tom Online version. The websites look very similar. Skype and Microsoft are actively misleading users into thinking that they are using the regular version of Skype.

Regular Skype Tom Skype (English) Tom Skype (Chinese)

Installing

The English version of Tom Skype looks exactly the same as the regular version while installing. The Chinese version is based on an earlier version of Skype and looks somewhat different. (Click on any screenshot to see the full version.)

Regular Skype Tom Skype (English) Tom Skype (Chinese)

Logging in

The login screens are very similar, misleading users to think that they are using the regular version of Skype.

Regular Skype Tom Skype (English) Tom Skype (Chinese)

About

If you click to the About window in the Skype client, you can find out if you are running the Tom Online version of Skype or not. If you are, then your communication is passing through Chinese servers and made available to authorities upon request.

Regular Skype Tom Skype (English) Tom Skype (Chinese)

How to get the real Skype in China

The regular version of Skype is not blocked in China, but downloading the client is made difficult by Skype and Microsoft. Whenever you try to go to www.skype.com they redirect you to skype.tom.com. One solution is to use a VPN or other circumvention tool when downloading Skype. That way you can avoid the automatic redirection to tom.skype.com.

Without a VPN, you can currently download the regular version of Skype in China by going to their beta website: http://beta.skype.com. On this site, they don't force users to redirect to Tom Skype.

Another solution is to download the client from a third-party website such as Yahoo. They in turn currently redirect you to the following download link on download.skype.com which seems to work fine in China: SkypeSetupFull.exe.

This assumes that you are using Windows. If you are on a Mac, you can get the real version of Skype from Softonic. If you are on Linux, here's a direct download link.

For an additional layer of security, you can connect to your VPN before using Skype. If you are using a proxy and want to force Skype to use the proxy, the best way is to run local firewall software and block all direct outgoing traffic from Skype.

Remember that if the person at the other end is using Tom Skype then your communication is still monitored by Tom. You can ask the person you are talking to to verify what version they are running by opening the About window in their Skype client (see comparison of screenshots above).

Deception

By redirecting Chinese users to Tom Skype without notice, Microsoft is actively misleading users to think that they are downloading the real Skype client. By blocking Chinese users from downloading the real Skype, Microsoft is actively making it more difficult for Chinese users to circumvent surveillance. By offering two versions of the Skype client that look almost identical but have vastly different implications on privacy, Microsoft is misleading users to trust their product. By not notifying users that the user at the other end is using the Tom Online version of Skype, Microsoft is making Skype conversations from around the world available to Chinese authorities, assuming that their users agree.

This is a privacy scandal that has been going on for years. Microsoft should at the very least make the differences between the Skype clients clear, allow Chinese users the option to download the real client, notify Skype users if the user at the other end is using the Tom Online version of Skype and apologize to all Skype users for having potentially shared all their private information with Chinese authorities.

If you know any employees at Microsoft, please let them know how you feel about this. And please help us spread awareness of this problem by sharing this story on social media etc.

Skype to replace Messenger

Microsoft recently announced that Windows Live Messenger [Is] To Be Retired, Users [Will Be] Transitioned To Skype. However, "Windows Live Messenger will live on in China, with no announced termination date for the service there". This may be because Microsoft isn't happy with their collaboration with Tom. According to reports in July, TOM may lose Skype rights in China. Whether Microsoft continues one or both of the Skype and Messenger clients, and whether they collaborate with local ventures or not, we hope that they will come clean concerning surveillance of their users and sharing of private data with Chinese authorities.

Alternatives to Skype

You may conclude that Skype simply isn't trustworthy, whether or not you are using the Tom Online version. One alternative is to use Google Talk, though its service is unstable in China (unless you are on a VPN). Are there other good alternatives? Feel free to comment.

Comments

More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Fri, Mar 18, 2022

Well-intentioned decisions have just made it easier for Putin to control the Russian Internet

This article is in large part inspired by a recent article from Meduza (in Russian).

Since the beginning of the war in Ukraine, Russian users have had problems accessing government websites and online banking clients. Browsers began to mark these sites as unsafe and drop the connection. The reason is the revocation of digital security certificates by foreign certificate authorities (either as a direct consequence of sanctions or as an independent, good will move); without them, browsers do not trust sites and “protect” their users from them.

However, these actions, caused - or at least triggered by - a desire to punish Russia for their gruesome actions in Ukraine, will have long-lasting consequences for Russian netizens.

Digital certificates are needed to confirm that the site the user wants to visit is not fraudulent. The certificates contain encryption keys to establish a secure connection between the site and the user. It is very easy to understand whether a page on the Internet is protected by a certificate. One need just look at the address bar of the browser. If the address begins with the https:// prefix, and there is a lock symbol next to the address, the page is protected. By clicking on this lock, you can see the status of the connection, the name of the Certification Authority (CA) that issued the certificate, and its validity period.

There are several dozen commercial and non-commercial organizations in the world that have digital root certificates, but 3/4 of all certificates are issued by only five of the largest companies. Four of them are registered in the USA and one is registered in Belgium.

Mon, Aug 03, 2020

Announcing the Release of GreatFire AppMaker

GreatFire (https://en.greatfire.org/), a China-focused censorship monitoring organization, is proud to announce that we have developed and released a new anti-censorship tool that will enable any blocked media outlet, blogger, human rights group, or civil society organization to evade censors and get their content onto the phones of millions of readers and supporters in China and other countries that censor the Internet.

GreatFire has built an Android mobile app creator, called “GreatFire AppMaker”, that can be used by organizations to unblock their content for users in China and other countries. Organizations can visit a website (https://appmaker.greatfire.org/) which will compile an app that is branded with the organization’s own logo and will feature their own, formerly blocked content. The app will also contain a special, censorship-circumventing web browser so that users can access the uncensored World Wide Web. The apps will use multiple strategies, including machine learning, to evade advanced censorship tactics employed by the Chinese authorities.  This project will work equally well in other countries that have China-like censorship restrictions. For both organizations and end users, the apps will be free, fast, and extremely easy to use.

This project was inspired by China-based GreatFire’s first-hand experience with our own FreeBrowser app (https://freebrowser.org/en) and desire to help small NGOs who may not have the in-house expertise to circumvent Chinese censorship. GreatFire’s anti-censorship tools have worked in China when others do not. FreeBrowser directs Chinese internet users to normally censored stories from the app’s start page (http://manyvoices.news/).

Fri, Jul 24, 2020

Apple, anticompetition, and censorship

On July 20, 2020, GreatFire wrote to all 13 members of the Subcommittee on Antitrust, Commercial and Administrative Law of the U.S. House Committee on the Judiciary, requesting a thorough examination into Apple’s practice of censorship of its App Store, and an investigation into how the company collaborates with the Chinese authorities to maintain its unique position as one of the few foreign tech companies operating profitably in the Chinese digital market.  

This letter was sent a week before Apple CEO TIm Cook will be called for questioning in front of the Subcommittee on Antitrust, Commercial and Administrative Law. The CEOs of Amazon, Google and Facebook will also be questioned on July 27, as part of the Committee’s ongoing investigation into competition in the digital marketplace.

This hearing offers an opportunity to detail to the Subcommittee how Apple uses its closed operating ecosystem to not only abuse its market position but also to deprive certain users, most notably those in China, of their right to download and use apps related to privacy, secure communication, and censorship circumvention.

We hope that U.S. House representatives agree with our view that Apple should not be allowed to do elsewhere what would be considered as unacceptable in the U.S. Chinese citizens are not second class citizens. Private companies such as Apple compromise themselves and their self-proclaimed values of freedom and privacy when they collaborate with the Chinese government and its censors.

Mon, Jun 10, 2019

Apple Censoring Tibetan Information in China

Apple has a long history of censorship when it comes to information about Tibet. In 2009, it was revealed that several apps related to the Dalai Lama were not available in the China App Store. The developers of these apps were not notified that their apps were removed. When confronted with these instances of censorship, an Apple spokesperson simply said that the company “continues to comply with local laws”.

In December, 2017, at a conference in China, when asked about working with the Chinese authorities to censor the Apple App Store, Tim Cook proclaimed:

"Your choice is: do you participate, or do you stand on the sideline and yell at how things should be. And my own view very strongly is you show up and you participate, you get in the arena because nothing ever changes from the sideline."

In the ten years since Apple was first criticized for working with the Chinese authorities to silence already marginalized voices, what has changed? Apple continues to strictly follow the censorship orders of the Chinese authorities. When does Tim Cook expect that his company will help to bring about positive change in China?

Based on data generated from https://applecensorship.com, Apple has now censored 29 popular Tibetan mobile applications in the China App Store. Tibetan-themed apps dealing with news, religious study, tourism, and even games are being censored by Apple. A full list of the censored apps appear below.

Thu, Jun 06, 2019

Report Shines Spotlight on Apple’s Censorship Practices in China

The newest Ranking Digital Rights Corporate Accountability Index makes recommendations on what companies and governments need to do in order to improve the protection of internet users’ human rights around the world. Ranking Digital Rights (RDR) works to promote freedom of expression and privacy on the internet by creating global standards and incentives for companies to respect and protect users’ rights.

In their 2019 Accountability Index, RDR looks at the policies of 24 of the world’s most important internet companies in respect to freedom of expression and privacy and highlights the companies that have made improvements and those companies that need to do more. RDR notes that:

Insufficient transparency makes it easier for private parties, governments, and companies themselves to abuse their power over online speech and avoid accountability.

In particular, the report highlights how Apple has abused their power over online speech, and notes instances of this in China. According to the report, Apple has not disclosed data around the content that it removes from its App Store when faced with requests from the government authorities.

While [Apple] disclosed data about government requests to restrict accounts, it disclosed no data about content removal requests, such as requests to remove apps from its App Store. Apple revealed little about policies and practices affecting freedom of expression, scoring below all other U.S. companies in this category.

The report makes intelligent and sensible recommendations for governments. However, the recommendations also highlight how difficult it is to have these discussions with governments like China’s.

Subscribe to our blog using RSS.

Comments

Game Of Thrones Season 7 Episode 1 (Premier) :: Dragonstone: https://gameofthronesthronesseason7livestreaming.com/

first episode of game of thrones https://gameofthronesseason7episode1streaming.com

you have really great content thanks for sharing with usmAadhaar App Download
mAadhaar Apk Download

There are many calendars that still paperduke use months to divide up the year.

storage plans. Now you can quickly get and even iCloud Sign Up things up, let's walk you with several of the options

i am visiting first time to your blog awesome post you have written, thank for sharing
https://padmavatiboxofficecollection.com

Now, copy this url and paste this on your browser url box after that tap on entering. tweakboxx.com You likewise do not require a WiFi link for TweakBox to service your Android.

It's a fact that your blog posts are so unique and interesting and I nuansaenjoys a lot while reading your posts because you explained your post very deeply in a very easy and clear language. Thanks for your support and Happy Blogging

Pages

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.