A report released on Wednesday exposed the fact that the Chinese version of Skype has been snooping and storing the full text chat messages of TOM-Skype users (along with regular Skype users who have communicated with TOM-Skype users) on publicly-accessible servers.
The report, BREACHING TRUST: An analysis of surveillance and security practices on China’s TOM-Skype platform, was authored by Canadian Nart Villeneuve, of the Citizen Lab, an interdisciplinary research and development lab that performs research at the intersection of technology, civic networks, and human rights (and whose site is seemingly blocked in China).
The key findings of the report:
- The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.
- These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.
- The captured messages contain specific keywords relating to sensitive political topics such as
, the
, and political opposition to the
.
- Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.
Skype president, Josh Silverman, was quick to respond to the situation on the Skype blog – saying little other than confirming the seriousness and authenticity of the report. Corporate Blog Damage Control at work.
An important distinction in the security breech and censorship is that it only involves the TOM-Skype software. TOM Online is a Chinese company that partnered with Skype in 2004 to bring Skype services to China.
When in China if you visit skype.com you are redirected to the TOM-Skype (skype.tom.com) site. If you downloaded your version of Skype from this site, or communicated with people using this version of Skype, your privacy may have been compromised.
To make sure you are using the secure, and unaltered to allow censorship, version of Skype, download it directly from the international Skype.com pages:
And, again, be aware that even using the standard (non TOM-Skype) version of Skype, if you communicate with users using the TOM-Skype software (ie. most Chinese users) your conversations are being censored and possibly flagged for investigation.
Ryan came to China in the wee morning of 2005 as a way to get to Australia. He assumes there's still a visa waiting for him at the Sydney airport. 
xx
A good tip, Ryan, to download the generic, international version of Skype, and not the TOM-Skype version.
However, most Chinese users have already got, and use, the TOM version, from all the paid ads and links out there in the chinese webosphere. Skype’s international page seems to have no Chinese version, so inevitably any Chinese who want Skype get corralled into getting the TOM version.
I’ve uninstalled my girlfriend’s version of TOM-Skype, after pointing this out to her, and installed the international version (with Chinese localisation), and recommend anyone reading this to do so too.
This is scary news man.
I’m just glad that I talk and message my friends in China via cellphone… but then again, who knows if the mobile lines have been tapped. But this is scary…. just adds proof to the theory, that the more connected we are the easier it is to deceive.
I will warn my friends about the Chinese Skype version. Thanks for this information.
if you type:skype.com in China the browser will jump to TOM-SKYPE . but i have downloaded the real skype version.
I wanna improve my english
my skype name is furaograce
Have you noticed that your link to the Skype ceo blog has been blocked in China? Those of us in China can’t even read his comments about TOM Skype. Why would Skype put up with this? Why would they sell out and allow their product to be used by the Chinese state to spy on citizens and foreigners communications?
I have been using Skype while traveling in China to call USA for more than a week. Then when I arrived in Shanxi provence near the city of Taiyuan, suddenly I can’t dial out except for Skype’s sound tester (which works fine).
I would appreciate any thoughts or suggestions?
This is a great post. I have a similar one at http://www.laowise.com/blog/view/10 but I used proxies to get the original version and your links are a much easier and smarter way to bypass the redirection. Good work!
Leumas,
laowise.com