October 01, 2008

Breaching Trust: surveillance and security on China's TOM-Skype

I'll echo:

Information Warfare Monitor
ONI Asia
Joint Report
An analysis of surveillance and security practices on China's TOM-Skype platform

Nart Villeneuve, Psiphon Fellow, the Citizen Lab


Our investigation reveals troubling security and privacy breaches affecting TOM-Skype--the Chinese version of the popular voice and text chat software Skype, marketed by the domestic Chinese company TOM Online. TOM-Skype routinely collects, logs and captures millions of records that include personal information and contact details for any text chat and/or voice calls placed to TOM-Skype users, including those from the Skype platform. These records are kept on publicly-accessible servers, along with the information required to decrypt these log files. These files contain the full text of chat messages sent and/or received by TOM-Skype users that contain particular keywords that trigger TOM-Skype's content-filtering capability.

Just amazing stuff. I shouldn't say any more.

[ Memesterbation: (linking so that this post shows up on trackers)]

By Seth Finkelstein | posted in censorware | on October 01, 2008 11:33 PM (Infothought permalink)
Seth Finkelstein's Infothought blog (Wikipedia, Google, censorware, and an inside view of net-politics) - Syndicate site (subscribe, RSS)

Subscribe with Bloglines      Subscribe in NewsGator Online  Google Reader or Homepage


Josh Silverman, Skype's president, has now posted a statement on the Skype blog explaining where we stand currently, and what we're doing to sort things out.

Posted by: Peter Parkes (Skype Blogger) at October 2, 2008 05:16 PM