Skype telemedicine users, here’s more bad news for you when it comes to Skype privacy. The H Security team recently found evidence that Microsoft does make use of their Skype security policies to read users’ text chats. As they put it “Anyone who uses Skype has consented to the company reading everything they write.After sending out 2 test HTTPS URLs using Skype instant messaging service, H Security found those URLs receive an unannounced visit from Microsoft HQ in Redmond. The significance of this H Security explains is that
URLs pointing to encrypted web pages frequently contain unique session data or other confidential information…. In visiting these pages, Microsoft made use of both the login information and the specially created URL for a private cloud-based file-sharing service.
Skype claims that accessing URLs is standard way to check for spam and phishing sites, but the H Security isn’t buying it:
Spam and phishing sites are not usually found on HTTPS pages. By contrast, Skype leaves the more commonly affected HTTP URLs, containing no information on ownership, untouched. Skype also sends head requests which merely fetches administrative information relating to the server. To check a site for spam or phishing, Skype would need to examine its content.