Skype on China TOM-Skype censorship
p2pnet news view | P2P | Politics:- Skype boss Josh Silverman (right) hasn’t said Thank You to Canadian researcher Nart Villeneuve for uncovering a major security hole in its TOM-Skype product, marketed in China.
But he admits the eBay company is “very concerned”.
Yesterday, full text chat messages from TOM-Skype users, along with users who’ve communicated with TOM-Skype users, “are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China,” p2pnet said, quoting Villeneuve, who’s CTO of psiphon inc and the psiphon research fellow at the Citizen Lab, Munk Centre for International Studies, University of Toronto.
The revelation comes in his new report, Breaching Trust: an analysis of surveillance and security practices on China’s OM-Skype platform.
He went on the messages, and millions of records containing personal information, “are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data”.
Captured messages, “contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China,” says the report, also noting the analysis suggests surveillance isn’t solely keyword-driven.
“Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system,” states Villeneuve.
Now, “You may have seen some reports in the media about a security and privacy breach in the software provided by our Chinese partner, TOM Online,” says Silverman, going to admit “local laws and regulations” include, “the requirement to monitor and block instant messages containing certain words deemed ‘offensive’ by the Chinese authorities”.
In other words, if companies such as Skype, Google, Microsoft, Yahoo, Cisco (the line forms on the right) want to get in on the ground floor in the world’s only expanding — and by far the largest — market, they need to be willing to co-operate with China’s Communist rulers by agreeing to act as censors in one form or another.
Says Silverman »»»
In April 2006, Skype publicly disclosed that TOM operated a text filter that blocked certain words in chat messages, and it also said that if the message is found unsuitable for displaying, it is simply discarded and not displayed or transmitted anywhere.
It was our understanding that it was not TOM’s protocol to upload and store chat messages with certain keywords, and we are now inquiring with TOM to find out why the protocol changed.
We also learned yesterday about the existence of a security breach that made it possible for people to gain access to those stored messages on TOM’s servers.
We were very concerned to learn about both issues and after we urgently addressed this situation with TOM, they fixed the security breach.
In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with TOM.
Yesterday’s report refers only to, “communications in which one or more parties are using TOM software to conduct instant messaging,” Silverman states.
Definitely stay tuned.
p2pnet – Skype China censors messages: Canadian report, October 2, 2008
Silverman – Skype President Addresses Chinese Privacy Breach, October 2, 2008
Use free p2pnet newsfeeds for your site. It’s really easy!Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
