
Microsoft Contractors Are Listening to Some Skype Calls - djug
https://www.vice.com/en_us/article/xweqbq/microsoft-contractors-listen-to-skype-calls
======
darkcha0s
>Although Skype's website says that the company may analyze audio of phone
calls that a user wants to translate in order to improve the chat platform's
services, it does not say some of this analysis will be done by humans.

I'm sorry, but isn't this just nitpicking? Just because they don't say how
it's analyzed doesn't make this a scandal.

~~~
human20190310
It's not nitpicking. If the word "analyze" was chosen because the word
"eavesdrop" would result in users leaving the platform, and _eavesdropping is
what they 're actually doing_, then they're obscuring their actions with a
euphemism.

~~~
jmull
Well, eavesdrop means _secretly_ listening to a conversation. If they
communicate it in a reasonable way, it's not eavesdropping.

~~~
tjoff
Well, since they don't communicate it in a reasonable way it is eavesdropping
then.

~~~
vinay427
If they communicate that they're eavesdropping, which is what was proposed
here, it seems excessive to then claim that they're not communicating this
monitoring or listening of calls in a reasonable way which would mean it's not
eavesdropping.

------
_Understated_
I think we have to assume at this point that all online communication tools
owned by for-profit mega-corps are compromised and that they can and do
listen/analyse everything.

I have long assumed that with Whatsapp... I honestly don't believe that it's
as secure as it used to be: Facebook'a raison d'etre is all about data
gathering.

Also, when I read a WhatsApp message on my phone, it's unencrypted as I see it
on the screen, it kind of has to be... what stops FB (or anyone for that
matter) from reading it too at that point.

Sorry, I went on a tangent a bit there but I feel it was relevant.

~~~
ocdtrekkie
Specifically, you should realize anything that companies say is done with "AI"
is probably in some part done by poorly paid contractors. And not always on
the analysis end, for example:
[https://www.forbes.com/sites/johanmoreno/2019/05/28/25-of-
go...](https://www.forbes.com/sites/johanmoreno/2019/05/28/25-of-google-
duplex-calls-are-placed-by-humans-but-likely-not-for-long)

There's something incredibly dystopian by using humans as part of a process
you literally tell people is entirely machines.

~~~
_Understated_
Haha, I never realised it was that immature.

As an aside: Being a tech I have been asked numerous times by non-techs "What
actually is AI?"

I usually answer "a lot of if-statements" :)

~~~
xthestreams
AI researcher here. While industry doesn't usually find the need for huge
complex models, I don't think your statement is fair, nor accurate. Can you
provide some examples of AI tech that in your opinion is "a lot of if
statements"?

~~~
google2342
How do you expect someone to justify a statement that's not true? I suppose
you could say that it's a fair characterization of a basic decision tree but
that doesn't describe modern ML methods.

------
kjaftaedi
Slate and Forbes wrote an article about this in 2012 when it was noticed
Microsoft had filed a patent for this.. although nobody from Microsoft would
publicly comment on the issue.

This has likely been going on for some time.

[https://www.forbes.com/sites/ericjackson/2012/07/22/its-
terr...](https://www.forbes.com/sites/ericjackson/2012/07/22/its-terrifying-
and-sickening-that-microsoft-can-now-listen-in-on-all-my-skype-calls/)

~~~
umeshunni
Nitpicking, but "Forbes" didn't write that article as much as "Medium" or
"Blogger" wrote any article you see hosted on those sites.

Notice that the article you linked is hosted on
forbes.com/sites/ericjackson...

Some guy named Eric Jackson
([https://twitter.com/ericjackson](https://twitter.com/ericjackson)) - who
appears to be a PE investor wrote that article.

Forbes is a content farm that hosts opinion posts:
[https://en.wikipedia.org/wiki/Forbes#Forbes.com](https://en.wikipedia.org/wiki/Forbes#Forbes.com)

Forbes.com uses a "contributor model" in which a wide network of
"contributors" writes and publishes articles directly on the website.
Contributors are paid based on traffic to their respective Forbes.com pages;
the site has received contributions from over 2,500 individuals, and some
contributors have earned over US$100,000, according to the company. Forbes
currently allows advertisers to publish blog posts on its website alongside
regular editorial content through a program called BrandVoice, which accounts
for more than 10 percent of its digital revenue.

------
rvz
So the gist of this unsuprising discovery is that Microsoft's translator 'AI'
is actually supervised by contractors who listen to users voice data to
correct their requests.

I'm very skeptical of these privacy claims. The fact that my voice commands
are being sent to a random person on one end listening to them at home makes
me reconsider the real purpose of these 'Smart Assistants' in general. If
Microsoft thinks that the contractor can only access it via a 'secure portal'
means that they are respecting your privacy, then the security is as a good as
it being compromised and contradicts their end-to-end encryption claims.

To these companies, 'privacy' is just another buzzword used to keep us using
their services. I think it would take something far worse than this to break
the social inertia around these services and for us to reconsider using them.

------
morpheuskafka
If it's not end to end encrypted--and by that I mean using audited, open
source cryptography--you should assume that the full contents may be made
public at any time. And you should basically assume that metadata will be made
public no matter what you do.

~~~
auiya
And if it IS end-to-end encrypted, you should assume that the full contents
may be made public at any time. Companies don't only record contents of
communications over the wire you know, eventually they have to be decrypted on
the end points.

------
snvzz
I do remember how Skype used to be end-to-end encrypted.

~~~
jchw
I don’t know much about how it worked but I’ve heard it described more like
obfuscation than encryption. It also used to be P2P but that ended under
Microsoft’s ownership.

Funny enough, at one point Microsoft basically merged Skype and MSN, and the
text chat parts of Skype started using “MSNP24”, a couple version numbers up
from the latest MSN protocol, MSNP22. I never dug in to see how much it was
really like MSNP from MSN because I lost interest in Skype not long after.

~~~
giancarlostoro
Once they ditched p2p the quality derailed. The worst thing was the Skype
mobile app trying to sync on my phone. It never seemed to cache convos well
enough, it also would not sync properly between devices in regards to
notifications. Also Skype would try to pull in my entire history. I feel like
some P2P concepts stuck deeply within Skype and thats what left it so awkward.

~~~
jchw
The mobile app is probably _why_ they ditched P2P. As much as I love old
Skype, it existed in a pre-mobile world, and never translated well to
phones... and in fact, most P2P platforms won't translate well to phones,
since you at least need centralization for the push notifications. Such is
life.

Though to be clear, yeah, it didn't really fix the mobile app. It felt just as
broken up to the moment I uninstalled Skype.

~~~
swiley
>most P2P platforms won't translate well to phones, since you at least need
centralization for the push notifications. Such is life

This isn't a fact of life, this is a flaw in the API of most popular mobile
OSes. Open source comunnity maintaned operating systems have solved the
problem of providing a network service for handling push notifications (local
or not) multiple times now and these companies have refused to implement them
because it makes it much easier to create an ecosystem around their crap.

This gives them controll and controll can be traded for money, it has
aboslutely nothing to do with technology. _That 's_ just life

~~~
jchw
I work for Google and use an iPhone so I can’t claim to be unbiased. (My eyes
have been on the Librem phone, with some skepticism and lately mostly
excitement, but I’m just not quite sold on it as a daily driver.)

However, even if you allow apps to run in the background basically
indefinitely as Android once did (there were IRC clients that Worked, using
only the phone,) it simply is bad for battery life. Having multiple push
services that are blessed to run periodically is also just not good for
battery life. The proof is in the pudding; I switched to IRCCloud for IRC on
the go after noticing what a terrible battery drain it was.

Now, third party push services can certainly do better than IRC, but they’re
still centralized. Decentralized networks are just not power efficient. It
requires always on machines to be effective.

I’m not saying I love the status quo, but it’s unclear how to do better.

(Obligatory legal line noise: these are my own opinions and not those of my
employer.)

~~~
Fnoord
If you need push notification, yes, it is going to cost (if its an Electron
app, it'll cost you also RAM). Google provides such already, via GCM/Firebase.

I mean, you could just run IRC in a TUI (e.g. Irssi or WeeChat) and connect to
that via Mosh plus Tmux. You'd have low latency, 24/7 uptime, resuming, low
resource usage... but no push notifications.

------
dmix
So does Twillio... not surprising at all when there's no encryption and they
need to debug real phone calls routed all over the world which is not an easy
task.

As long as they're only spot checking and not browsing through any one persons
calls for no reason I don't see why it's a big deal. It's mostly business
lines anyway.

That said, they should have some protocols and controls in place for listening
to any calls, with solid paper trails. Every company like that should have a
privacy manager to direct and monitor these measures. They could even
document/blog about their work on privacy for marketing purposes (assuming the
executives are aware of just how in-demand privacy has become these days).

~~~
AlexandrB
> As long as they're only spot checking and not browsing through any one
> persons calls for no reason I don't see why it's a big deal.

Go back 50 years and apply this same logic to AT&T instead of Skype to see how
far our expectations of privacy have degraded.

~~~
poslathian
I thought 50+ years ago you had operators punching in and out of calls on as
as needed basis....

------
monster99
That's kind of the point, the upper class is at war with the masses, hear it
in their own words:

Zbigniew Brezinski, former national security advisor of the United states:

[https://www.youtube.com/watch?v=n7ZyJw_cHJY](https://www.youtube.com/watch?v=n7ZyJw_cHJY)

"The technetronic era involves the gradual appearance of a more controlled
society. Such a society would be dominated by an elite, unrestrained by
traditional values. Soon it will be possible to assert almost continuous
surveillance over every citizen and maintain up-to-date complete files
containing even the most personal information about the citizen. These files
will be subject to instantaneous retrieval by the authorities."

[https://www.amazon.com/Between-Two-Ages-Americas-
Technetroni...](https://www.amazon.com/Between-Two-Ages-Americas-
Technetronic/dp/0313234981)

Book - governments not to work for the people:

[http://trilateral.org/download/doc/crisis_of_democracy.pdf](http://trilateral.org/download/doc/crisis_of_democracy.pdf)

------
jasonmorton
Can anyone recommend a good open-source chat and call solution? I'm looking
for something I can run on my own server to support friends and family, with
an iOS and Android app. It doesn't have to support more than one or two video
calls at a time. I figure this is sadly the long term solution.

~~~
317070
I use jit.si as replacement for Skype. It's in browser, encrypted, p2p and EFF
approved.

I don't know if they have apps, but as far as I know their server code is on
github.

~~~
est31
Note that jit.si is only encrypted in the sense that Skype is encrypted, aka
transport stream encrypted. The server needs access to the decrypted video
stream so that it can do split screen. See this thread for details:
[https://github.com/jitsi/jitsi-
meet/issues/409](https://github.com/jitsi/jitsi-meet/issues/409)

I personally use jitsi because it is FLOSS software and it's less likely to
send conversation contents to the NSA or other dragnet surveillance entities.
But it's not end to end encrypted.

~~~
317070
Aha, I did not know that! On the plus side, you could set up your own server,
having the guarantee.

------
mikorym
I may be misinformed, but when those Estonian programmers wrote Skype it was
at the time both decentrialised and encrypted by default. Is that not the case
anymore? A pre-emtive apology if I remember the story incorrectly.

~~~
Fnoord
> I may be misinformed, but when those Estonian programmers wrote Skype it was
> at the time both decentrialised and encrypted by default. Is that not the
> case anymore?

That is indeed not the case anymore, as per the PRISM program, which was
leaked during the Snowden leaks of 2013.

From Wikipedia [1] the following three quotes:

"The documents identified several technology companies as participants in the
PRISM program, including Microsoft in 2007, Yahoo! in 2008, Google in 2009,
Facebook in 2009, Paltalk in 2009, YouTube in 2010, AOL in 2011, Skype in 2011
and Apple in 2012"

"Internal NSA presentation slides included in the various media disclosures
show that the NSA could unilaterally access data and perform "extensive, in-
depth surveillance on live communications and stored information" with
examples including email, video and voice chat, videos, photos, voice-over-IP
chats (such as Skype), file transfers, and social networking details."

"According to The Guardian, NSA had access to chats and emails on Hotmail.com
and Skype because Microsoft had "developed a surveillance capability to deal"
with the interception of chats, and "for Prism collection against Microsoft
email services will be unaffected because Prism collects this data prior to
encryption.""

Regarding that last quote, Wikipedia mentions these sources [2] [3] [4]

[1]
[https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%...](https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29)

[2] [https://www.theguardian.com/world/2013/jul/11/microsoft-
nsa-...](https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-
collaboration-user-data)

[3] [https://www.rt.com/usa/microsoft-nsa-snowden-
leak-971/](https://www.rt.com/usa/microsoft-nsa-snowden-leak-971/)

[4] [https://www.theguardian.com/us-news/the-nsa-
files](https://www.theguardian.com/us-news/the-nsa-files)

------
hestipod
I remember when Skype debuted and after only crackly POTS calls as a reference
point, the clarity whilst speaking from the USA to a friend in Berlin was
AMAZING. I am not sure of dates but at some point it started to decline not
just in call quality but UI and everything really, I assume this is when it
was sold but cannot be sure. I had hoped Wire would fill that void for me PLUS
add encryption, since some original Skypers were involved, but it seems to be
fading as well on the Personal side.

~~~
cameronbrown
Switching from P2P to centralised servers might be when things went south.
Quality got much worse then it seems. Nowadays Skype's totally lost most of
its gamer/techie audience to Discord because they actually are aware of what
their customers want.

------
cryptozeus
“"Some stuff I've heard could clearly be described as phone sex. I've heard
people entering full addresses in Cortana commands, or asking Cortana to
provide search returns on pornography queries. While I don't know exactly what
one could do with this information, it seems odd to me that it isn't being
handled in a more controlled environment," the contractor said.

------
heyyyouu
I'm not sure how this is anything new. Phone company employees sometimes
listened to phone calls. Unless your communication is encrypted somehow you
have to assume that at least some employees of the service may have access
(which is probably detailed somewhere in a user agreement).

------
lunias
Not surprised at all. I worked with DialogFlow (building a Google Assistant
app) for a major retailer. I had easy access to everything that anyone had
ever said while interacting with our app; we saved it all in Elasticsearch.

------
walterbell
From the creators of Skype: Wire provides E2E encrypted text and high-quality
audio, has an open-source server and client, does not mandate disclosure of
phone number or contacts, and is moving towards the IETF MLS protocol for E2E
encrypted messaging.

------
kevin_thibedeau
If only we had a network where end users could exchange data without a
middleman.

------
johnflan
Skype until relatively recently was a fully peer-to-peer end-to-end encrypted
messaging (voice and text) platform, as part of Microsofts purchase and
development of the platform rebuilt it as a centralised service.

------
tomdell
I hope they hear me complaining about how poorly Skype works.

------
e40
I remember a change to the ToS that said they might listen in for quality
purposes... pretty sure I read it here on HN. Anyone remember that?

------
PedroBatista
Gotta love Big Corp poetry with their "some", "a few", "a small number"
verses.

------
beart
Does Microsoft Teams piggyback off the Skype protocol and servers or is that a
separate service?

------
anewguy9000
when oh when will enough be enough

~~~
java-man
never

