The mask slips

A security flaw on the part of the Chinese partner of Skype apparently reveals the extent to which Skype is selling out its customers (from ARS Technica):

The report published yesterday, titled “BREACHING TRUST: An analysis of surveillance and security practices on China’s TOM-Skype platform” (PDF), explains that full chat text messages from TOM-Skype users were found on insecure, publicly-accessible web servers along with the encryption key required to decrypt the data (TOM Online is Skype’s operating partner in China). This-along with “millions of records containing personal information” such as IP address, usernames, and landline phone numbers-were stored along with additional data detailing Skype users outside of China who have communicated with TOM-Skype users in China.

Keep in mind that this is surveillance not only of traffic in China (which would be bad enough) but of anyone worldwide who has used Skype to communicate with anyone in China.

Unfortunately I suspect that this sort of practice is a lot more common that is believed. You just don’t usually see the mask slip like this to reveal the ugly truth.

If find EBay’s response to this to be quite risible:

When asked for comment about the findings, eBay (Skype’s parent company) spokesperson Jennifer Caukin only responded to the security implications. “The security breach does not affect Skype’s core technology or functionality,” she told the New York Times. “It exists within an administrative layer on Tom Online servers. We have expressed our concern to Tom Online about the security issue and they have informed us that a fix to the problem will be completed within 24 hours.”

In other words they wont stop spying on you for the Chinese, they will just hide it better.

This is a big problem for SaaS vendors. As a customer you need to find out if you SaaS provider does business in China, Russia, or any other country where there rule of law is non-existant. In those countries your service provider will be forced to choose between compromising the privacy of your data or being kicked out of the country.

History has shown they will choose the former.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s