skype-censorshipA report released on Wednesday exposed the fact that the Chinese version of Skype has been snooping and storing the full text chat messages of TOM-Skype users (along with regular Skype users who have communicated with TOM-Skype users) on publicly-accessible servers.

The report, BREACHING TRUST: An analysis of surveillance and security practices on China’s TOM-Skype platform, was authored by Canadian Nart Villeneuve, of the Citizen Lab, an interdisciplinary research and development lab that performs research at the intersection of technology, civic networks, and human rights (and whose site is seemingly blocked in China).

The key findings of the report:

  • The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.
  • These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.
  • The captured messages contain specific keywords relating to sensitive political topics such as [*taiind*], the [*FLG*], and political opposition to the [*cpc*].
  • Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

Skype president, Josh Silverman, was quick to respond to the situation on the Skype blog – saying little other than confirming the seriousness and authenticity of the report. Corporate Blog Damage Control at work.

An important distinction in the security breech and censorship is that it only involves the TOM-Skype software. TOM Online is a Chinese company that partnered with Skype in 2004 to bring Skype services to China.

When in China if you visit skype.com you are redirected to the TOM-Skype (skype.tom.com) site. If you downloaded your version of Skype from this site, or communicated with people using this version of Skype, your privacy may have been compromised.

To make sure you are using the secure, and unaltered to allow censorship, version of Skype, download it directly from the international Skype.com pages:

And, again, be aware that even using the standard (non TOM-Skype) version of Skype, if you communicate with users using the TOM-Skype software (ie. most Chinese users) your conversations are being censored and possibly flagged for investigation.

Discussion

12
  1. A good tip, Ryan, to download the generic, international version of Skype, and not the TOM-Skype version.

    However, most Chinese users have already got, and use, the TOM version, from all the paid ads and links out there in the chinese webosphere. Skype’s international page seems to have no Chinese version, so inevitably any Chinese who want Skype get corralled into getting the TOM version.

    I’ve uninstalled my girlfriend’s version of TOM-Skype, after pointing this out to her, and installed the international version (with Chinese localisation), and recommend anyone reading this to do so too.

  2. Pingback: Using Skype in China? | A China Blog on Suzhou Expat Life | The Humanaught

  3. This is scary news man.

    I’m just glad that I talk and message my friends in China via cellphone… but then again, who knows if the mobile lines have been tapped. But this is scary…. just adds proof to the theory, that the more connected we are the easier it is to deceive.

    I will warn my friends about the Chinese Skype version. Thanks for this information.

  4. Pingback: Blog Roundup 8th October | China-teachers.com

  5. if you type:skype.com in China the browser will jump to TOM-SKYPE . but i have downloaded the real skype version.
    I wanna improve my english
    my skype name is furaograce

  6. Have you noticed that your link to the Skype ceo blog has been blocked in China? Those of us in China can’t even read his comments about TOM Skype. Why would Skype put up with this? Why would they sell out and allow their product to be used by the Chinese state to spy on citizens and foreigners communications?

  7. I have been using Skype while traveling in China to call USA for more than a week. Then when I arrived in Shanxi provence near the city of Taiyuan, suddenly I can’t dial out except for Skype’s sound tester (which works fine).

    I would appreciate any thoughts or suggestions?

    • If you are staying in a hotel, the service provided to the hotel may be blocking some of the ports required for Skype to Skype or Skype to phone communications. It is no secret that the gov here considered blocking Skype entirely to “protect the revenue of telecoms in China”. Try connecting at a cafe or other local before changing your Skype settings.

  8. Pingback: Big Brother-like spy net traced back to China | A China Blog on Suzhou Expat Life

  9. I had the international version download in March. Now, I can’t find a single source anywhere that wont re-direct.
    Even your links in the article goes to Skype.tom.com
    and Laowise.com wont open.
    What a strange world we choose to live in.

    • The easiest way is simply to download it with a VPN on. If you don’t have a VPN, then try this link, it’ll put the page through a proxy. I just checked it and that proxy site isn’t (yet) blocked.

Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Return to Top ▲Return to Top ▲