It appears that Microsoft has the ability to intercept, decrypt, and read messages sent over its Skype platform, and it has been doing so for some time.
This, coming from a company who takes Google to task for reading emails and proclaims "your privacy is our privacy," isn't a good sign for those concerned with, and need, privacy.
An investigation by Ars Technica and security researcher Ashkan Soltani found that Microsoft has the ability to read any messages sent over Skype at will. To prove this, they sent four customized links over an apparently secure Skype connection. Two of the links were intercepted and briefly investigated. Whether the links were investigated by a bot program or a human is unknown, though both have the authority to investigate links.
This may end up changing the perception around Skype, which is often used by human rights activists and journalists under the assumption that all communication over the program is encrypted end-to-end. That is demonstratively no longer the case.
Microsoft's ability to investigate messages is a largely thanks to its reworking of Skype's infrastructure. Before being bought by Microsoft in 2011, Skype used a peer-to-peer method, hooking up users who have excess bandwidth to those who'd want to use it for messaging.The move gave Skype more stability and security, but it also made messages easier to monitor.
"In short, the decentralization that had been one of Skype's hallmarks was replaced with a much more centralized network," Ars writer Dan Goodin said. "It stands to reason that messages traveling over centralized networks may be easier to monitor."
But, as VentureBeat's John Koetsier notes, those who're concerned with privacy can pre-encrypt messages to keep them from prying eyes.
Apparently not everything is fluffy clouds and rainbows with Skype.