You do realize that the scanning is meant for checking the links for malware, redirection and metadata for previews. Which popular chat service doesn't do this? Paste a link into Facebook, Google+, Gchat and all are likely to do the same or the least passively scan it against a list of known malwares.
You are more likely to leak information by just using your browser. Remember chrome does sent full URLs of your downloads/malware sites when detected back to its HQ. [1] or post a comment on Slashdot and get your entire computer port scanned for free. [2]
I thought it was common sense by now that if you have something sensitive to share do NOT use a cloud based chat or repository!
[1] Information regarding a potentially harmful site or executable file download (including the full URL of the site or executable file download) may be sent to Google to help determine whether the site or download is harmful. - https://www.google.com/chrome/browser/privacy/
> You do realize that the scanning is meant for checking the links for malware, redirection and metadata for previews. Which popular chat service doesn't do this? Paste a link into Facebook, Google+, Gchat and all are likely to do the same or the least passively scan it against a list of known malwares.
The first time I noticed Microsoft was doing it, was not long after the skype purchase and moving to a centralized comm model; gchat for sure was not at the time, and decentralized skype wasn't either. Furthermore, following that chat, Bing started scanning a server that was not linked from anywhere on the internet. I find the correlation more than suspicious.
Anecdotal, but skype ads on a friend's computer tend to reflect chat subjects - which is NOT just "malware protection". I wouldn't know - I only use it with an iPhone 4 and its old adless client when I do.
> I thought it was common sense by now that if you have something sensitive to share do NOT use a cloud based chat or repository!
I thought it would be too. But I keep meeting people who have the general idea that "well, all my email is already on gmail/the cloud, and it's working ok - so I guess all cloud services are trustworthy". And it seems for this kind of people, until their own gmail gets hacked, nothing gets the message through - and sometimes even if their own gmail gets hacked.
I was a consultant for one (rather successful) company who keeps all their precious data on AWS (a few TB of it), without even a local copy, and I couldn't convince them that yes, even though Amazon probably has better IT and security than they do, it's still a SPOF, and if anyone (e.g. hacker) changed their data-at-rest, they would be none the wiser.
Don't put anything in there that you really care about, without using something like git-crypt.
[0] https://news.ycombinator.com/item?id=5704574