
Skype and Microsoft man-in-the-middle chats to give targeted ads - phrasz
TL;DR: I sent a friend a link to Kotaku that had the word pizza, and a Dominos ad showed up magically at the top of my browser. I disabled my settings not knowing these are enabled by default.<p>Long version:
Today I was surfing Kotaku for kicks and started laughing as I was skipping through the YouTube video &#x2F; article about using a Red Baron Pizza Coupon that was 17 years old. (Link: http:&#x2F;&#x2F;kotaku.com&#x2F;man-uses-17-year-old-coupon-for-frozen-pizza-bundled-wi-1539878046).<p>I thought it was great, so I decided to use Skype to pass the word around. No more than 2 seconds after sending the link out I had a nice &quot;Order Dominos Now!&quot; ad at the top of my screen.<p>FYI: Skype and Microsoft enable targeted ads by DEFAULT. I don&#x27;t mind having ads be presented to me from past traffic&#x2F;links&#x2F;urls&#x2F;etc. However, I thought it was really uncool that they are man-in-the-middling my chats to give me &quot;a better ad experience&quot; by parsing&#x2F;mining all my chats.<p>Link how to disable: https:&#x2F;&#x2F;support.skype.com&#x2F;en&#x2F;faq&#x2F;FA140&#x2F;how-do-i-manage-my-privacy-settings-in-skype-for-windows-desktop<p>As always Buyer Beware, and if you don&#x27;t pay for the product - you ARE the product.<p>Happy Sunday!
-Phrasz
======
rlu
I didn't know this but I'm not outraged.

How is this different in your view from targeted ads in gmail? You say "I
don't mind having ads be presented to me from past traffic" ... why? How does
that offend you less? I understand the difference from a technical
perspective, but from an "end user that cares about privacy" perspective it
seems the same to me.

FWIW even with this off, I think Skype will still MITM you to check to make
sure URLs you link aren't spammy. Messenger did that ages ago and Facebook
does it too (try IMing someone a porn website for example). Not sure what
Hangout/gmail's behavior is here.

Btw it seems funny to me to use the term "MITM you". It's a chat service. It
has servers that route IM and do other things. Of course it's going to be in
the middle of you and your friend. Now, if you're upset that one of the many
things they do while your IM is in the cloud is see if they can serve an ad
for it, then fine. But any chat service that isn't p2p will "MITM you" \-
that's the entire point.

~~~
Houshalter
I thought skype was p2p, which is why sent messages only load when the other
person is online. You can't get messages you sent earlier from a different
computer unless it is online.

Anyways, whether or not this has become 'normal', how is this not the
equivalent of someone opening and reading your mail? Or worse, recording all
your private conversations?

~~~
noblethrasher
The Skype infrastructure became more centralized in order to accommodate the
increasing use of smartphones.

[http://www.slashgear.com/skype-supernode-switch-for-
stable-s...](http://www.slashgear.com/skype-supernode-switch-for-stable-
scaling-not-project-chess-nsa-spying-25287830/)

------
tsuraan
> if you don't pay for the product - you ARE the product

I paid full price for my XBox 360, within the first year or so of its release.
It had a simple and clean interface, pretty much enough to play games and
search for/demo/sometimes buy new games. Since then, the UI has gone through
various terrible iterations, including full-screen ads for Bing and Zune, and
embedded ads for other (non-MS, even non-XBox) products within the main
landing page. Even if you do pay for the product, you probably are the
product.

~~~
garrettgrimsley
Same deal with T-Mobile, they have opt-out marketing that you can't disable
through the text messaging.

~~~
garrettgrimsley
Even more upsetting are all of the marketing emails that I receive in my
student inbox.

------
blibble
I personally wouldn't mind, but then Microsoft comes out with crap like this:
[http://www.scroogled.com/mail](http://www.scroogled.com/mail)

------
phrasz
"...at the top of my browser." == "top of my Skype Window."

To avoid any confusion: they were NOT in my web browsers.

~~~
ryanbrunner
At the end of the day, it doesn't even really matter that much. The fact that
it appeared in the Skype window doesn't indicate that the targeting of that ad
was determined solely by your Skype history.

If you visited a site mentioning pizza, and later saw a pizza ad, normal
everyday web targeting is a far more likely explanation than Skype secretly
violating it's privacy policy as a routine matter of business.

------
ig1
This just speculation with close to zero evidence. It could be coincidence, it
could be real-time retargeting based on web traffic, etc.

Dominos buys lots of online advertising so the chances of _someone_ seeing a
dominos ad straight after talking about Pizza are very high just by pure
randomness.

If you read the details of the privacy setting it's about Microsoft targeting
based upon profile demographics (gender and age).

Skype are pretty specific about what they use to target and the reasons they
process your messages in their legal docs:

[http://www.skype.com/en/legal/privacy](http://www.skype.com/en/legal/privacy)

So let's not jump to conclusions without actual evidence.

------
devx
Skype has been MITM'ing chats and even other https links for a long time:

[http://arstechnica.com/security/2013/05/think-your-skype-
mes...](http://arstechnica.com/security/2013/05/think-your-skype-messages-get-
end-to-end-encryption-think-again/)

[https://www.eff.org/deeplinks/2013/07/why-doesnt-skype-
inclu...](https://www.eff.org/deeplinks/2013/07/why-doesnt-skype-include-
stronger-protections-against-eavesdropping)

------
guiambros
No reason for any surprise or conspiracy theories.

1\. You visited a site that had "pizza" all over it

2\. The page drops SIXTEEN cookies, including all popular ad networks: Criteo,
Vizu, SkimLinks, Quantcast, and Google's DoubleClick.

3\. For the next couple of hours (or whatever duration specified by Domino's
media agency), pizza ads will follow you _everywhere_.

While Skype may be parsing your chat to detect keywords, this would be
complicated and potentially against their ToS. Using your browsing behavior is
simpler, and a lot more precise.

If you're worried about privacy, you should protect your browser in the first
place. Start by forcing the Do-Not-Track option, then install Ad Block, and
opt-out from all ad tracking networks [1]. Or simply use Incognito mode.

Companies can still use IP and browser fingerprinting to uniquely identify
you, but that's more work and not portable across ad networks. Not worth the
effort for them, just to target a bunch of HN-ers.

[1]
[http://www.networkadvertising.org/choices/](http://www.networkadvertising.org/choices/)

------
gcb0
> was browsing a site with ads.

> saw content X on that site

> other sites showed me ads with X

kid, this is just targeted advertisement.

~~~
Houshalter
Skype is a separate application.

~~~
Rizz
So? The user's IP address matches his web traffic, no reason why they couldn't
send pizza ads to him that way. Remember Microsoft is a Gawker advertising
partner (which runs Kotaku), they're even listed first in the list of
partners, so no doubt visiting Kotaku will give some of your info to
Microsoft, which they can then use to target ads in their ad network. That's
how advertising on the internet works. Every visit to an ad supported website
means your information is shared with dozens if not hundreds of advertising
partners and partners of partners.

Edit: I just checked that video page. For me it connects to at least 11
different parties:

    
    
      Facebook + its CDN
      Youtube + its CDN
      Google Analytics
      t.skimresources.com/api.track.php
      Gawker advertising API
      Gawker CDN
      Twitter
      imrworldwide.com
      quantserve.com
      chartbeat.net
      scorecardresearch.com
      criteo.com
      doubleclick.net
    

And your ISP, your DNS service provider, your router manufacturer (yes, some
routers intercept traffic and certainly redirect failed dns requests, but
might also inject or track other stuff), and of course all running software
and browser toolbars/scripts/addins can also know what you visit.

And that's just directly, on the background each of those is more than likely
to send your information to other advertising partners.

------
gesman
I like that statement, so true:

"If you don't pay for the product - you ARE the product"

I'd add that even if you pay for product - you're still the product.

If you don't like being the product, stop using the product :)

------
zeeed
Not that disabling the setting would keep them from reading or mining your
chats though. All that happens is that now you don't get reminded of it
anymore.

------
MichaelGG
It may be as you say, or it could just be sharing ads between sites and
systems (maybe Skype tracks URLs you click).

It's also quite possible that on Sunday around lunchtime, Domino's ran an ad
for pizza and you just noticed the coincidence.

------
camus2
im.imo used to do skype over https... I'm still looking for a good skype
alternative, with video, with secure communications. Cant find a good
software.:(

~~~
phaer
Jitsi on your desktop and CSipSimple on Android for SIP+ZRTP (ostel.co
provides accounts, for example). Jitsi does support Video-Chats, CSipSimple
does not.

Maybe tox.im if it becomes stable (experimental releases are available).

------
stal
Tox.IM Is the Open Source Skype REplacement!

------
wdr1
Scroogled!

