- 10 IT security companies to watch
- Mobile phone chargers are energy vampires
- Smartphone smackdown: Storm vs. iPhone
- Video game collisions I'd like to see
- Court slams door on sale of spyware
Tom-Skype, a joint venture in China between eBay's Skype unit and Tom Online, has been known to operate a text filter on text chats, but a new report says that the data is stored insecurely and the text messages and records containing personal data can be easily accessed.
Tom-Skype regularly scans text chat messages for politically sensitive keywords, and stores them insecurely, according to a study by researchers in Canada.
If the keywords are present, the text messages and records containing personal information, are stored on insecure publicly-accessible servers together with the encryption key required to decrypt the data, according to a joint report by The Citizen Lab at the University of Toronto, and The SecDev Group in Ottawa.
The report, called "Breaching Trust: An analysis of surveillance and security practices on China's Tom-Skype platform", does not directly implicate the Chinese government, though it suggests this surveillance is yet another instance of corporate complicity with the Chinese authorities.
It raises troubling questions regarding how these practices are related to the Chinese government's censorship and surveillance policies, said the report by Nart Villeneuve, a fellow at the Citizen Lab. The captured messages contain keywords relating to topics considered sensitive to the Chinese government such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.
Villeneuve was able to view, download, and archive millions of private communications, ranging from business transactions to political correspondence, along with their identifying personal information, according to the report.
Besides being driven by keywords, the surveillance system may also be capturing messages using other criteria, such as user names, the report said.
A Skype spokeswoman said in an e-mail statement on Thursday that the security flaw had been fixed, after Skype informed Tom about the flaw. The flaw did not affect the vast majority of Skype users outside of China, she added.
Tom Group did not not respond to an e-mail requesting its comments on the new report.
The idea that the Chinese government might be monitoring communications in and out of the country shouldn't surprise anyone, and in fact, it happens regularly with most forms of communication such as e-mails, traditional phone calls, and chats between people within China and between people communicating to people in China from other countries, the spokeswoman said.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment