How to sniff at HTTPs and URLs

Redmond - Anyone who thinks their chat logs are private has not read Skype's terms and conditions correctly. A test now revealed how much Microsoft uses the rights granted to snoop around.

Anyone who sets up a Skype account agrees to the terms and conditions. In which Microsoft - the software giant bought Skype in 2011 - can be granted the right to automatically scan instant messages and SMS. According to its own statement, Skype wants to identify, for example, spam, fraudulent or phishing links. But the security experts from heise.de have now discovered that Skype scans the private chat logs specifically for https URLs that refer to encrypted web pages. Ordinary http addresses, which heise.de also sent for test purposes, were left untouched by Skype.

Although, according to the report, the company asserted on request that the messages were only scanned to filter links to spam and phishing sites, the facts, according to heise.de, speak a different language. Because there are usually no potentially dangerous pages hidden behind https URLs. And if Skype really had honest intentions to track down spam and phishing sites, the company would actually have to check the content of the websites behind the links and not just retrieve the administrative information of the server.

Security risk is low: "That's mostly small talk"

The fact is: the short messages in messenger services are not safe. "At least the service provider can always read my messages if he wants", explains Urs Mansmann from the computer magazine "c't". "So I have to trust that as a user." What Microsoft does with the data from the Skype protocols, for example, remains in the dark.

The question is anyway which information would fall into the hands of any other readers. “That's mostly small talk,” says Mansmann. “For most users, security hardly plays a role.” Anyone who absolutely wants to send confidential information, such as banking transactions, via a messenger service should encrypt the information.

mm / dpa

How to make your password secure