Oct 02 2008

Detailed report on PRC.gov monitoring Tom-Skype

Published by at 6:11 am under Censorship,Other attacks

tom-skype-report
The WSJ – China Journal blog covered a recent report (pdf) by Nart Villeneuve of the Citizen lab that details some very interesting findings about PRC government monitoring of “Tom-Skype“, the Chinese localized version of Skype.

It probably isn’t suprising to anyone that Tom-Skype is being monitored. “Breaching Trust” details the process by which conversations with matching keywords are uploaded to a webserver. The suprising bit is that the server is pretty much accessible to anyone. From the report:

The full text chat messages of TOM-Skype users, along with Skype users who have
communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and
if present, the resulting data are uploaded and stored on servers in China.

These text messages, along with millions of records containing personal information, are
stored on insecure publicly-accessible web servers together with the encryption key required to
decrypt the data. 

Update (2 Oct 08, 1617GMT): Some other news organizations have picked this up:

- International Herald Tribune
- CBC News Canada
- Wall Street Journal posts Skype’s response

11 responses so far

11 Responses to “Detailed report on PRC.gov monitoring Tom-Skype”

  1. Peter Parkes (Skype Blogger)on 02 Oct 2008 at 1:55 pm

    Josh Silverman, Skype’s president, has now posted a more comprehensive statement on the Skype blog explaining where we stand currently, and what we’re doing to sort things out.

  2. jumperon 02 Oct 2008 at 5:15 pm

    Thanks for the update Peter!

  3. CBRP1R8on 03 Oct 2008 at 7:42 am

    Didn’t the German intelligence or police do something simialr to this, a little while ago? I remember reading something along those liines.

  4. jumperon 03 Oct 2008 at 8:24 am

    The German and Austrian police have claimed to be able to monitor Skype communications.

    http://www.theregister.co.uk/2008/07/25/skype_backdoor_rumours/

  5. Peter Parkes (Skype Blogger)on 03 Oct 2008 at 10:06 am

    Just to confirm – there isn’t, and has never been, a backdoor into Skype itself. Skype-to-Skype communications (i.e. those not involving the TOM-Skype software distributed in China) are, and always have been, completely secure and private.

  6. jumperon 03 Oct 2008 at 12:13 pm

    @Peter -

    The article that I linked to is pretty clear on that.

  7. [...] “It probably isn

  8. [...] on October 15th: The Dark Visitor blog has a link to the detailed report. A direct link to the pdf file is [...]

  9. [...] will have to send in a fee of several hundred RMB to collect the prize.  I wonder if the officials reading Tom Skype users’ messages are falling for this [...]

  10. Leumason 25 May 2009 at 11:23 am

    If you are living in China you can get around Tom-Skype here: http://www.laowise.com/blog/view/10

  11. jumperon 26 May 2009 at 7:16 am

    Thanks for the tip Leumas!