Free Speech Activists Use Skype Data Channel To Bypass Government Censorship

Skype Journal is blocked by China's government. Millions work around censorship and monitoring with networking tools like GTunnel. The GTunnel proxy on your PC connects to GTunnel servers. The client connects directly, through the TOR network, or through the Skype network. Connecting through Skype assures your packets are encrypted from beginning to end. This hides your IP address from servers. This also circumvents blockades of target servers like mine.

GTunnel is run by Garden Networks for Freedom of Information, a member of the Global Information Freedom Consortium. When you combine GTunnel with UltraSurf, FreeGate, FirePhoenix, GPass, and Ranking you get a complete suite for surviving online censorship and monitoring.

Caution for Chinese users: Skype cannot assure what you download from TOM-Skype does not include spyware. So download the international version from the Skype.com site or another independent source.

tags: security, censorship, iran, china, gfw, encryption, anonymity, gtunnel, anti-jamming system, jamming, blocking, blocks, blocked, globalinformationfreedom, gift

Call me at +1-510-316-9773, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private technologist roundtable, one of the longest running public Skype chats.

China requires real names of online gamers

Online gamers have to give real names (China Daily), eroding the privacy that comes with anonymity and pseudonymity. How long until TOM-Skype is required to compel its users to give up their identities too?

Anonymous communication is a right. It allows political free speech. It protects people who blow the whistle on evil. It lets people call for help without retribution. It empowers people to explore their wild sides. Privately.

So anonymity in Skype is important. Skype users can be anonymous on Skype up to the point they spend money. Will Skype comply when China asks for your real name? Will Skype require TOM-Skype users to give real names too?

That's Skype's next moral challenge.

tags: skype, china, tom-skype, privacy, security, freedom, identity, id, regulation, anonymity, pseudonymity

Talk with Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

photo: Scott Beale / Laughing Squid

Skype at CES 2009, Part II: An Overview and Observations

There's a "new sheriff in town" when it come to running Skype; CES 2009 was a "coming out" event for the new executive team.

CES 2009 provided an opportunity to catch up personally with many of the vendors we have covered in Skype Journal including Skype, Truphone, SlingMedia, Philips and Research in Motion (BlackBerry). I also had a chance to attend a most informative afternoon session of Jeff Pulver's Social Meia Jungle event. Unfortunately Palm closed their suite after only two days of CES; thus, I missed an opportunity to learn more about the Palm Pre on Saturday. As Palm had just been awarded a CES "Best of Show" award, that was a "Huh?" moment when there was only a security guard at the suite's door.. I also wanted to catch iPevo and Nokia but did not have time to get to their booths.

With respect to Skype we had three activities: the Skype press conference, an interview with new COO Scott Durschlag and Skype's first reception event Friday evening. It was our first opportunity to observe the new Skype executive team in action. While I will be providing some more detailed posts, here are a few observations:

• For the first time, a senior C-level Skype executive personally acknowledged Skype Journal's participation as a playing a significant role in the Skype ecosystem. Scott thanked us for our loyalty to Skype through all the challenges of the past two years. (That does not mean we'll always be cheerleaders; it's important that we maintain a skeptical and critical viewpoint within the context of the overall IP-based communications space.)

While we have had co-operation in the past, usually via Skype's public relations agency, from many Skype employees at an operating level, it's important for the media to be able to communicate regularly and openly with those at the C-level who are providing overall direction and developing high level strategy. Josh has initiated such openness through his blogging and interviews; now we are seeing it on a person-to-person basis.

• On the other hand many times, last week in both the press conference and our discussions, Scott acknowledged the existence of several previous controversial issues, such as technical support, platform development, the role of partners and internal management structure issues as requiring attention by the new management team. The newly recruited management team will be introducing a new level of experience and maturity to address these issues; execution over the next few months now becomes critical.
• One future post will cover Skype's new operating and management structure focused on products and geographical markets.
• Another will cover Skype's overall focus as a software platform developer and the standards being set for these developments. Within this context I'll provide my perspective on what is meant by "liquid communications".
• We'll soon have a follow up post about our discussion with Scott of what Skype's new executive team learned from the TOM-Skype privacy breach last fall and how it became a bonding exercise within Skype as well as establishing some new operating parameters to avoid a repeat.
• Skype is NOT shoving its partners under the bus. The new executive team is determining what innovation Skype will drive and what innovation they can expect partners to drive. Andy Abramson articulates his perspective on the issue:

Most of all, Skype is not sitting back. The are pushing the envelope, but at the same time sending mixed messages externally to partners and developers. But that too will change. Some recent hires have brought maturity to the table.

• We learned the answer to "Will There Be a Skype Client on the iPhone?"
• Finally, for the first time since I have been writing about Skype, we can see some well-articulated high level vision for where Skype is heading, where they need to focus and how they want to play in the real time communications market space at a strategic level.

Looking forward to writing about the evolution of Skype as it grows from a $500MM per year operation with 500 employees into a business with a revenue level and valuation that finally justifies eBay's initial investment in Skype.

Powered by Qumana

Would you trust Skype with your vote?

I've been wracking my brain for the defining Skype moments of 2008.

It comes down to Skype's identity. The marketing, psychology, defining oneself sense; not the login, badge sense.

Brand marketers may talk of lovemarks, but trust comes before love. We trust Coke products to be Coke-like in taste, feel, fragrance, color, and packaging, for example. We trust products not to hurt or endanger us (unless you're into that kind of thing). We trust brands to keep their promises.

The people of Estonia trust their electronic voting systems with the fate of their nation. In a country that recently survived cyberwar, that's a lot of trust.

Estonia conducts elections online.  Building on successes in 2005 and 2007 they recently approved voting with mobile phones by 2011. The Estonian National Electoral Committee (VVK) will provide SIM chips to Estonian voters for free. The special chips from AS Sertifitseerimiskeskus (SK) will authenticate voters and keep vote transmissions secret using public key encryption.

Would you trust Skype's technology and Skype's business with your vote?

If you asked me in 2007, I'd have said yes. Skype's brand promises privacy and safety. Outside security experts applauded Skype's authentication, strong encryption, and ability to bypass most obstacles. Skype is an eBay company (though few people know this) and borrows some of our trust of eBay and PayPal.

I'm unsure now, as 2009 starts.

Skype's technology is strong but incomplete. Skype's encryption is end-to-end, from Skype client to Skype client. Nobody can listen in. So the weak points are the end points: a user's PC or Skype-enabled device and the gateway to the the voting system. Secure those end points and you'd have a pretty secure system.

That's not the whole story, though. We learned in 2008 that Skype shared a copy of their desktop source code with the TOM-Skype joint venture in China. That includes Skype's authentication (proving who you are) and encryption (foiling eavesdroppers) code.

We don't know how many people, including TOM-Skype former employees, contractors, and members of Chinese security services, have access to that code. (Hypothetically, if I offer a $1000 bounty, would someone sell me a copy?) Many people have the means to interfere with an election conducted through Skype. Given time, we know a way finds itself in the hands of those with a will. 

Speaking of intent, let's return to the joint venture. Skype's founding executives traded code for access to China. China is now Skype's largest market. The new executive team tightened up operational security, minimizing unauthorized access to log files, surveillance, and source code.

Despite Skype's 2008 policy review, the original deal stands:

• TOM-Skype gets a copy of Skype's source code with each major release,
• TOM-Skype modifies the Skype software to comply with China's government agencies,
• TOM-Skype shares data collected with users with Chinese agencies,
• TOM-Skype does not disclose that privacy breach to customer before or after sharing. 
• Skyper's talking with a TOM-Skype users are surveilled like TOM-Skype users

This is the arrangement we know of. We don't know if Skype agreed to similar arrangements with, for example, EU law enforcement or USA intelligence agencies.

Landline and mobile phone companies have long given keys to their networks to law enforcement and communications intelligence agencies. We're accustomed to the rule of law applying to our phones. We hope, we assume, we believe, perhaps naïvely, that our phone company keeps our secrets.

It is sad to let go of those illusions regarding Skype.

So this goes back to Skype's brand promise of privacy and security.

Do you trust Skype? 

Would you trust Skype's corporation with your vote?

With your country? With your liberty and freedom?

I'm less certain.

 

photo: Coca-Cola Blāk by The Rocketeer

Skype adds a light installer

Skype is changing the way users download and install software.

Starting with your next full update to Skype 4.0 Beta 2 for Windows, you'll download a quick 2.5MB "light installer." It will then download the full  Skype client, around 24MB. From the Skype FAQs:

"It manages the download for you so if you have any hardware or network issues, the download can be resumed. It serves the purpose of a download manager for Skype, allowing pause/resume and recovery from failures. It also gives information about features as it is downloaded and installed."

This is a common strategy.

Users get more immediate gratification from downloading (about ten times faster) and a greater sense of control over installation.

Skype gets more and better information about the desktop to configure what gets downloaded and from where.

UPDATE: Pondering that last point… What will the experience be for TOM-Skype users? Will they be given a choice of clients (monitored/filtered vs. private/free) at first download? at update?

tags: skype, 4, 4b2, downloads, downloader, installer, windows

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

TOM-Skype Breach: Nart's Recommendations to Skype

This is the fourth and final of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".

Having discussed some background to Nart's research, the activities of the Citizen Lab and answers to Phil's questions, Nart had a couple of recommendations for Skype going forward. As background, the Citizen Lab is a affiliated with the BerkmanCenter for Internet & Society's "Principles on Free Expression and Privacy" initiative"to protect and advance individuals' rights to free expression and privacy on the Internet through the creation of a set of principles and supporting mechanisms for ICT companies".

The goal of this project is:

Through the articulation of a broad set of common principles, the development of resources for implementation and a compliance structure, this collaborative effort is working to formulate an industry-wide response to guide businesses when they encounter laws and practices that may contravene international human rights standards or be at odds with law or culture in their home jurisdiction.

Participants in this project include Microsoft, Google, Yahoo along with several human rights organizations. It is hoped that having a joint industry-activist initiative would help companies avoid situations similar to the one which Skype has encountered in its TOM-Skype relationship.

Update: as I was writing this post today, a New York Times story on this initiative, now called the Global Network Initiative, broke and has more details.

An initial draft document (update: final document to be released tomorrow) is under review amongst the participants but Nart brought out three recommendations for Skype that would be consistent with the guidelines in the draft document:

1. Include in Skype and/or the TOM-Skype client, as appropriate, an ability to provide notification to all participants in a conversation that a contact is participating in the conversation via the TOM-Skype client. In effect, this could be included in a more general identification of the version of Skype that other participants in a conversation are using. The reasoning for the providing version information was to let other participants know, via the version number, which feature set a participant can use in their Skype client installation.
   
2. When a user types a message that is diverted via the TOM-Skype filter, a message, indicating that the recipient is missing content due to government regulations, comes back to the initiating party. For example: "To comply with local laws, this message has not been displayed to your contact." Often Nart found conversations where someone would type a message repeatedly when it was apparent the receiving party was not understanding the message being sent, yet the sender did not realize that the message was being filtered.
   
3. Become a participant in the Global Network Initiative and its dialogue.

The hope is that, through an industry-wide initiative, foreign companies entering the Chinese market would have more negotiating power and a protocol for addressing issues that are raised in the process of establishing a business relationship in countries where the climate for free expression and human rights is restrictive. In an Opinion piece today, Om has other thoughts on the morality of this approach.

Tags: TOM-Skype, Skype, Nart Villeneuve, Citizen Lab, Global Network Initiative

Powered by Qumana

TOM-Skype Breach: Answers to Phil's Questions from 2006 SJ Post

This is the third of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".
Two weeks ago Phil republished an April 2006 Skype Journal post with about sixteen questions related to the TOM-Skype security breach discovered by Nart. My interview provided answers to several of these questions but I ran them by Nart for more completeness, where an answer or response was feasible.
1. Is TOM only filtering chats where at least one of the callers' accounts were signed up by TOM Online?
A: One party must have the TOM-Skpe client installed. For example, if you (a normal skype user) sign in via a friends Tom_Skype client you'll be filtered. If you (tom user) sign in on a normal Skype client, you won't be filtered.
2. Will TOM filter chats if both parties are Chinese nationals but outside the PRC, say traveling in the US?
A: It is all dependent on which client software is installed. If you are using TOM-Skype you'll be filtered no matter where you are (although the degree to which you are filtered may be dependent on your IP address). TOM-Skype would definitely have the Call Detail Record associated with the call.
3. Is TOM only filtering conversations where at least one of the parties are using the custom [TOM-Skype] version of the Skype client written for the joint venture?
A: Yes
4. Will TOM filter conversations using the TOM client being used by non-PRC nationals who are outside of China?
A: Since you have a TOM-Skype client here, Yes.
5. Does TOM's contract with Skype provide for disclosure to Skype and Skype users when their information is provided to a government official? Not at this time.
A: I don't know. It would be nice to have a Chinese speaker read the EULA you agree to on the install.
6. Are records of what the filter does kept? If so, by whom? Does Skype have or keep copies of those records?
A: Yes: TOM-Skype’s servers: unknown.
7. Does the filtering mechanism use a list of keywords? If so, is the list public? May I have a copy? Who has the list? How often does it change?
A: There is an encrypted keyfile that the TOM-Skype client downloads that I believe contains the keywords. There are also a few entries from the keyfile hardcoded in skype.exe (TOM-Skype version)
8. Are the keywords only in Simplified Chinese or are they in other languages too?
A: All languages but 60% English and 40% Chinese for the majority of conversations. English appears to be swear words, Chinese appears to be political.
9. Is China the only country where Skype and Skype's partner have set up filtering? Have you done any testing for any other countries?
A: I haven't tested any others.
10. Do all Skype chats have the potential for a hidden participant, whether human or a robot? ??
A: I don't know.
11. Are filenames for transfer subject to filtering?
A: There are logged messages that are essentially the "this file was shared with participants of this conversation" message.
12. Are people's names among the keywords?
A: Possibly SkypeID's (but not real names), but also names of Chinese political people e.g. Hu Jintao
13. Are the content of files transferred via Skype also subject to filtering?
A: Unknown.
14.. Does Skype encrypt end-to-end the IMs that are subject to filtering? ??
A: Yes. TOM added an addition layer to the client that uploads the messages.
15. In a multiparty, multinational chat, can I as an American citizen have my text to a British subject filtered if someone from Shanghai is in that chat too?
A: I am not sure about it being filtered (such as not to be displayed in the recipient's chat window) but it can be logged.

16. Are audio conversations, where at least one party is in China, being listened to, filtered or recorded?

A: Only the Call Detail Record, there appears to be no interception of the voice stream.
17. Are all calls filtered, or only if users meet certain criteria, or are conversations selected for filtering randomly?
A: Other than the call detail record I don't have evidence that suggests the content of voice calls were being filtered or monitored, but I wouldn't rule it out as a possibility.
Bottom Line: If your chat conversation includes someone using TOM-Skype, you can assume there may be filtering of chat messages and/or logging of Call Detail Records. Conversations where all participants are using the normal Skype client cannot be filtered or logged.
Next post: Nart's recommendations to Skype.
Tags: Skype, Citizen Lab, Breaching Trust, TOM Online, TOM-Skype, Nart Villeneuve, china, privacy, security, regulation

Powered by Qumana

TOM-Skype Breach: The Citizen Lab

This is the second of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".

After discussing the report itself and some of the follow up activity, we went on to talk about The Citizen Lab, its mission and its activities. From their own website they are "focusing on advanced research and development at the intersection of digital media and world civic politics". Nart described their activity as research on the politics of technology.
Under the leadership of Professor Ronald Diebert, their activities are carried out by graduate students with an undergraduate degree in either computer science or political science who join the lab to build up expertise in the other discipline while carrying out their research. They explore issues using their strong understanding of technology to "lift the hood" behind various politically and/or economically motivated intervention of web-based information exchange by governments and other agencies.
Assisted by a worldwide network of volunteers and a check list of relevant websites, they can develop a sense of the content that governments are censoring. According to Nart, all governments do some form of surveillance but definitely not to equal levels of resulting actions. At one extreme one finds outright blocking of content but the UAE has economic motivation to block Skype to protect a local communications monopoly. Apparently the Saudis are most interested in blocking porn. China obviously allows "uncensored" content to pass through but we are aware that Skype Journal is often blocked.
They will look at filtering techniques used by various countries, the type of content being blocked and try to determine the "local" government's policy environment in which filtering is taking place. At this point in time most filtering addresses websites but gradually some countries are moving into screening applications (as we have seen with TOM-Skype). There is also "social filtering" censorship activity that involves blocking of porn, drugs and gambling.
At this point companies, such as Google, Microsoft and Yahoo, are modifying their products to address various "local" issues. For instance, Google has modified their process for enquiries from designated countries to "pre-filter" results delivered from their own servers in the U.S.. But then they put out a notification for "filtered" results with the wording for some search results: "to comply with local law, some results are not displayed". On the other hand Google will not offer GMail accounts with a ".cn" domain name and does not make Blogger available in China.
The Citizen Lab also participates in a broader effort to develop guidelines for Internet companies operating in China. But, given that has much broader implications, it will be the subject of another post.
Next post: Answers to Phil's Questions

Tags: Citizen Lab, censor, filter, Nart Villeneuve, Ronald Diebert

Powered by Qumana

TOM-Skype Breach: Meeting the Primary Investigator

This is the first of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".

Last Tuesday afternoon I returned to a University of Toronto building I had last visited in its role as an engineering students' residence in the mid-1960's. Abandoned as a residence in the 1980's, the building was restored in the late 1990's to house the Munk Centre for International Studies, when the university's Centre for International Studies was designated as a strategic priority for future growth. In the basement of the former Devonshire Place South House, I found the Citizen Lab, "an interdisciplinary laboratory focusing on advanced research and development at the intersection of digital media and world civic politics".


I spent 90 minutes with Nart Villeneuve, the PhD student and Psiphon Fellow, who was the principle investigator resulting in the Citizen Lab's recently published "Breaching Trust: An analysis of surveillance and security practices of China's TOM-Skype platform". We covered a wide range of issues related to this report, from the initial contact with New York Times through to the follow up activities as a result of the report's release. We also discussed the broader mission of the Citizen Lab and some recommendations for how Skype should address the challenge of participating in the China market while making all parties aware that their conversation activity may be tracked.

Key points about the report and the follow up activity:

• A major issue to address in dealing with the media has been the confusion resulting because there is a need to separate out the security breach that allowed Nart to gather the data he has gathered and the functionality of the TOM-Skype servers resulting in the capture and logging of chat conversations and Skype calling activity. (There was no evidence of capturing voice calls themselves).
• As a result of reporting this breach prior to release of the document to New York Times, the security breach itself has been closed but there is no evidence that the actual information capture activity has ceased. Nart has been checking periodically to confirm that the security breach remains closed.
• There was a period of several hours between finally establishing contact with someone at Skype who could initiate action to address the security breach and the final close down of the breach. During this time Nart observed blocking of read access to the directories but since he knew the file names he was still able to follow a reconfiguration of the web servers, removal of sensitive files, such as an encryption key, and disappearance of the log files such that they were not accessible.
• While they have captured a significant quantity of call log data going back a year, they are being careful not to expose any of the detailed information which comprised both chat message logs and what amounts to call detail records for voice calls; more details are in the report itself. Basically they don't want to compromise anyone individually.
• While the log files are still under analysis, they have been encrypted while he continues to mine them for any additional information they may expose. Eventually it is his intention to destroy even these files.
• Messages were about 40% Chinese, 60% English with a small smattering of other languages.
• While it would be very difficult to reconstruct an entire conversation thread, as only each individual message was logged with no ready reference to other messages within the thread, they could build social graphs of conversing parties.
• There are at least two versions of the TOM-Skype client: a normal version and a second version with additional features such as a Baidu Toolbar; however, the promote.dll module in this can trigger off anti-virus scanners such as Norton.
• Other evidence that the servers had been compromised was the discovery that the servers were hosting "pirate" movies and had the appropriate software to support Bit Torrent transfers.

Nart had three definite recommendations for Skype; we also covered the broader issue of global enterprises doing business in China. These will be covered in future posts.
Next post: The Citizen Lab: Its broader mission and findings.
Tags: Skype, Citizen Lab, Breaching Trust, TOM Online, TOM-Skype, Nart Villeneuve, Munk Centre for International Studies

Powered by Qumana

Michael Robertson: Use Skype - Go Directly To A Chinese Prison

Reposted with permission from Michael Robertson's blog.

A research firm recently revealed that eBay and TOM are colluding with the Chinese government to spy on users of Skype. Together they monitored user's text chats and stored those containing politically sensitive topics like freedom, democracy, Tibet, opposition to the communist party and Falun Gong. They also track voice call participants. Presumably they turned this data over to the government and it's impossible to track how that data has been used.

“What people have been implicated by their Skype usage and subsequently interrogated, imprisoned or executed?”

If history can be a guide it's logical to assume that the data resulted in prison terms or worse. In 2005, Yahoo was involved in a similar disclosed incident in which it turned over emails to authorities which netted a 10 year prison sentence for a reporter who dared to talk about democracy. I wrote about it when it happened and questioned where one draws the line chasing the almighty dollar (or Yuan). Two years later Yahoo CEO Jerry Yang was in front of Congress explaining the situation and apologizing to the mother of the imprisoned.

In response to the revelation of spying on calls and instant messages a spokesman for Skype incredibly stated that Skype is "the most secure forum of publicly available communication." eBay points the finger at their Chinese partner TOM claiming they had "no knowledge or consent" of this privacy breach. This level of compromise requires access to source code which eBay would have had to provide them. Maybe eBay didn't have direct knowledge of these alterations. However no one can deny China's well known efforts to police and censor their citizens net activities which surely eBay executives know about. To provide the source code with no auditing or oversight shows at best a convenient excuse. One wonders how long this would have continued without the whistleblower and how many other countries Skype cooperates with to allow the same spying.

More likely at least some within eBay/Skype knew exactly what TOM was doing and consented because it gave them access to the enormous Chinese market. Its estimated that nearly half of Skype users are from China. This is why Cisco and others design special networking equipment enabling the Chinese government to snoop and lock down their country's net activities. Similar to Skype they are lured by the dollars awaiting any country that cracks the Chinese market.

I would call on eBay to be forthcoming with information on this situation by publicly disclosing details of this situation which will require tough questions of their partner and Chinese government. This would demonstrate that eBay's publicly stated "concern" is more than a press tactic. Specific questions eBay should answer include:

1. When did this spying start?
2. What users did it affect?
3. When specifically did it stop? Has it stopped?
4. What specific terms were monitored? (Users have a right to know if their messages have been implicated.)
5. What people have been implicated by their Skype usage and subsequently interrogated, imprisoned or executed?
6. What steps will be taken to defend these people or get their convictions overturned?
7. Has previously stored data been deleted? How can users be sure?
8. What will eBay do to insure that this spying isn't reactivated as soon as the press attention subsides?
9. What other companies and countries are monitoring Skype communications?
10. What auditing steps is eBay implementing to make sure this does not happen again?

Let me be clear about Gizmo5's policy and refute Skype's spokesman's claim that Skype is the "most secure". Gizmo5 doesn't spy on calls and messages and we wouldn't give that info to any government. We encrypt calls between Gizmo5 users and have given no one the decrypt key. We would not allow a partner or government to do wholesale monitoring of communications - no matter how many billions of prospective customers they have. If ordered to take action by a government that defies basic Western freedoms we would do it only under threat of imprisonment and the information would then be disclosed in this blog condemning the action and striving to defend any of those adversely impacted. I challenge eBay/Skype to do the same. Defend their users. Defend their brand. Defend freedom.

-- MR

Michael Robertson is an entrepreneur, co-founder of Linspire, SIPphone, and MP3tunes.

tags: skype, gizmo5, china, freedom, encryption, privacy, censorship

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

TOM-Skype Breach: Questions from 2006

Reblogging this post from 19 April 2006.

The Financial Times' Alison Maitland scored an interview with Niklas Zennström that ran yesterday. In it Zennström confirms the TOM-Skype joint venture censors text messages on behalf of the Chinese government. He claims: "One thing that’s certain is that those things are in no way jeopardising the privacy or the security of any of the users."

I posed the following questions to Skype but they have no comment beyond trying to insulate Skype from responsibility.

"The Skype offering in China is actively managed by our joint venture in the country; TOM Online. Skype works hard to co-operate with local laws and regulations in all markets where we do business."

1. Is TOM only filtering chats where at least one of the callers' accounts were signed up by TOM Online?
2. Will TOM filter chats if both parties are Chinese nationals but outside the PRC, say traveling in the US?
3. Is TOM only filtering conversations where at least one of the parties are using the custom version of the Skype client written for the joint venture?
4. Will TOM filter conversations using the TOM client being used by non-PRC nationals who are outside of China?
5. Does TOM's contract with Skype provide for disclosure to Skype and Skype users when their information is provided to a government official?
6. Are records of what the filter does kept? If so, by whom? Does Skype have or keep copies of those record?
7. Does the filtering mechanism use a list of keywords? If so, is the list public? May I have a copy? Who has the list? How often does it change?
8. Are the keywords only in Simplified Chinese or are they in other languages too?
9. Is China the only country where Skype and Skype's partner have set up filtering?
10. Do all Skype chats have the potential for a hidden participant, whether human or a robot?
11. Are filenames for transfer subject to filtering?
12. Are people's names among the keywords?
13. Are the content of files transferred via Skype also subject to filtering?
14. Does Skype encrypt end-to-end the IMs that are subject to filtering?
15. In a multiparty, multinational chat, can I as an American citizen have my text to a British subject filtered if someone from Shanghai is in that chat too?
16. Are audio conversations, where at least one party is in China, being listened to, filtered or recorded?
17. Are all calls filtered, or only if users meet certain criteria, or are conversations selected for filtering randomly?

Skype's founders are not strangers to prickly questions of international law and corporate ethics. Their background with file sharing firm Kazaa left them very aware of the business and technology strategies available and their legal and social consequences. This is also a context where phone companies completely block Skype.com and Skype conversations.

Did the ethics conversation ever take place at Skype when they agreed to the Chinese joint venture?

Who was involved and was there a real debate?

And did eBay understand this situation before the acquisition?

See also:

• Jan in Malaysia: "The difference between Asia where Internet is seen as venue for free expression in Asia, unlike China. Thank god I live in Malaysia. Malaysia Boleh ! Wawasan 2020."
• Metafilter thread. "Oh dear, I had high hopes that Skype would hold out. Still, I guess they are telling us. Can anyone find the list of banned words in the TOM client?"
• China Herald: "But on a positive note, unlike Yahoo, Skype does not help to send their users to prison"
• 21talks: "And dear readers, the next time you want to give a call to the holy Dalai Lama, just say you’re trying to reach the smiling guy with glasses and a yellow head cap."
• IP Democracy: "Yeah, well, last I checked, the U.S. and Germany don’t lock up their journalists and throw away the key."

tags: skype, skypejournal, china, chinese, tomonline, tom-skype, filter, filtering, censorship, censor, blocking, ebay inc, ebayinc, ebay, skypetechnologies, policy, strategy, ethics, moral, legal, packetsniffing, surveillance

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

TOM-Skype Breach: Does TOM-Skype bring users?

So, why Skype doesn't just walk away from a partnership?

Results matter.

86 thousand new people have signed up daily for two years.

You have to do what's right, but the temptation to stay and the cost of leaving is strong.

Source material...  

In the 2006 Annual Report:

At the end of January 2007, there were over 31.5 million registered TOM-Skype users, up from over 9.0 million at the end of February 2006, an increase of over 22.5 million new registered users.

In the 2007 Annual Report:

At the end of February 2008, TOM-Skype registered users were close to 63 million, up from about 31 million and 51 million at the end of December 2006 and July 2007, respectively.

In the news release titled "TOM Online Reports Second Quarter 2007 Results":

At the end of June 2007, we have over 42.0 mn TOM-Skype registered users up from over 35.5 mn at the end
of March 2007.

So, moving things one day for the convenience of starting on the first of a month:

Date	TOM-Skype Accounts (millions)		Source
3/1/2006	9.0		ANNUAL REPORT 2006
1/1/2007	31.0	71k	ANNUAL REPORT 2007
2/1/2007	31.5	16k	ANNUAL REPORT 2006
4/1/2007	35.5	67k	TOM Online Q2-2007
7/1/2007	42.0	71k	TOM Online Q2-2007
8/1/2007	51.0	290k	ANNUAL REPORT 2007
3/1/2008	63.0	56k	ANNUAL REPORT 2007

tags: skype, trends, accounts, statistics, china, tom-skype, tom, chart

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

TOM-Skype Breach: A Promise

Skype made a promise to its users from the very start. Here's a page on their web site, No adware, spyware or malware, where they make that promise to this day.

No adware, spyware or malware

Skype is totally safe from these pesky blighters.

Skype protects and maintains your online security and peace of mind. This means that it will not display unwanted and intrusive advertising, or allow any malware or spyware to operate.

• No adware – no intrusive adverts.
• No spyware – nothing logs your online activity.
• No malware – no programs that could adversely affect your computer.

What is adware?

Adware is a type of software that makes money by automatically delivering unwanted advertisements usually as pop-ups. Normally it is very hard, if not impossible, to turn off the adware causing the problem.

Because you always have the ability to turn advertising messages off on the Skype software, we believe Skype is free of adware.

What is spyware?

Spyware is a type of software that automatically installs itself on your computer, usually without your knowledge, and covertly collects and transmits data about your computer use. For example, spyware may monitor a user’s behaviour and pass on details of a their online activity (for example, their usernames or passwords) to a third party for use in identity theft and fraud.

Skype does not allow any spyware to be included.

What is malware?

Malware (or malicious software) relates to software that is designed to infiltrate or damage a computer operating system or other programs. These are often described as computer viruses, worms, or Trojan horses. They sometimes come combined with other software and load in the background.

Skype never allows any other programs to be installed unless you are clearly informed of their presence.

As of 6 October 2008.

tags: skype, adware, spyware, malware, brand, marketing, behavior

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

TOM-Skype Breach: What is filtered most?

Milk powder. Ah, so the list is updated frequently. 

SARS. Cripple public safety worker communications for the next outbreak?

Skype. Hah!

Chart and terms provided in BREACHING TRUST: An analysis of surveillance and security practices on China’s TOM-Skype platform by Nart Villeneuve, Psiphon Fellow, The Citizen Lab, Toronto, Ontario, Canada. Information Warfare Monitor Joint Report, ONI Asia (JR01-2008). 1 October 2008.

 

tags: skype, tom-skype, communist, Communist Party, Falun, Hu Jintao, Taiwan independence, Wen Jiabao, quit the party, Jiang Zemin, June 4, Olympic Games, Nine Commentaries, Li Hongzhi, earthquake, democracy, Tibet, Mao Zedong, Circumvention, Deng Xiaoping, Diaoyu Islands, Kuomintang, Tiananmen, milk powder, SARS, Voice of America, free door, filter, anti-blockade browser, Garden Network

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

TOM-Skype Breach: Chinese TV News

Ｓｋｙｐｅ在中國的合資公司Ｔｏｍ－Ｓｋｙｐｅ，爆發擅自儲存數以百萬則用戶的簡訊， 並且將訊息儲存在缺乏足夠保密措施的電腦上，使外部人士可以很容易監控這些簡訊，對此 Ｓｋｙｐｅ公司向用戶道歉。

根據加拿大多倫多大學的電腦安全專家發表報告披露，Ｓｋｙｐｅ在中國的合資公司Ｔｏｍ－Ｓｋｙｐｅ長期監控用戶在網上聊天的記錄，並且把包含了敏感內容的訊息，儲存在可從公司外部進入的伺服器上，但是由於缺乏安全措施，使外部人士可以輕易的查看經過監控系統過濾的超過一百萬則簡訊，其中很多包括政治敏感詞彙，包括共產黨、法輪功、胡錦濤、台灣獨立、溫家寶等政治敏感關鍵字，地震、奶粉等字眼也在監控範圍之內，由於Ｔｏｍ－Ｓｋｙｐｅ並沒有將事先這項行為通報Ｓｋｙｐｅ或是獲得Ｓｋｙｐｅ批准，因此Ｓｋｙｐ ｅ向用戶提出道歉。

[Google machine translation:]

Skype's joint venture in China, Tom-Skype, the outbreak of the unauthorized storage of millions of messages the user and the message will be stored in a lack of adequate security measures on the computer, so that outsiders can easily monitor these messages, the Skype's users are An apology.

According to the University of Toronto, Canada, computer security experts issued a report on disclosure, Skype's joint venture in China, Tom-Skype users in the long-term monitoring on-line chat records, and to contain sensitive content of the message can be stored in an external company to enter the server , But due to the lack of safety measures, so that outsiders can easily see through the monitoring system to filter the more than 1,000,000 text messages, many of which include politically sensitive terms, including the Communist Party, Falun Gong, Hu Jintao, Taiwan independence, Wen Jiabao, and other politically sensitive keywords , Earthquakes, and words such as milk powder is also within the scope of monitoring, as the Tom-Skype has not informed in advance of this act or Skype was approved by Skype, so Skype apology to the users.

tags: skype, breach, china, news, tom-skype

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

TOM-Skype Breach: Stated Risks

This excerpt from the eBay Form 10K for the year ending 2006, Item 1A: Risk Factors, page 32 (screen 36 in the PDF), refers to Tom Online. TOM Group took TOM Online private. 

Our operations in China are subject to risks and uncertainties relating to the laws and regulations of the People’s Republic of China.

Our operations in the People’s Republic of China, or PRC, are conducted through our EachNet subsidiary, a recently announced joint venture between EachNet and Tom Online, and a PayPal subsidiary. EachNet and PayPal are Delaware corporations and foreign persons under the laws of the PRC are subject to many of the risks of doing business internationally described above in “There are many risks associated with our international operations.” The PRC currently regulates its Internet sector through regulations restricting the scope of foreign investment and through the enforcement of content restrictions on the Internet. While many aspects of these regulations remain unclear, they purport to limit and require licensing of various aspects of the provision of Internet information services. These regulations have created substantial uncertainties regarding the legality of foreign investments in PRC Internet companies, including the entities through which we do business in the PRC, and the business operations of such companies. In order to meet local ownership and regulatory licensing requirements, EachNet is operated through a foreign-owned enterprise indirectly owned by eBay’s European operating entity, which acts in cooperation with a local PRC company owned by certain local employees. The PayPal China website is operated through a foreign-owned enterprise owned by a PayPal subsidiary, which acts in cooperation with a local PRC company owned by certain local employees. We believe the current ownership structures of EachNet, the joint venture between EachNet and Tom Online, and PayPal comply with all existing PRC laws, rules, and regulations.

The law may not mean what we think it means.

There are, however, substantial uncertainties regarding the interpretation of current PRC laws and regulations, and it is possible that the PRC government will ultimately take a view contrary to ours. The People’s Bank of China, or PBOC, has recently proposed guidelines for payment settlement organizations which may require PayPal to identify and negotiate a new business relationship to act in cooperation with a local PRC entity that is not owned by local employees and has a substantial operating history, and to obtain prior approval of the relationship from the PBOC.

Just because we have a contract, doesn't mean we have any control.

There are also uncertainties regarding EachNet’s and PayPal’s ability to enforce contractual relationships they have entered into with respect to management and control of the company’s business.

If our partners break PRC rules, we could lose everything.

If any of the entities through which we do business in the PRC were found to be in violation of any existing or future PRC laws or regulations, they could be subject to fines and other financial penalties, have their business and Internet content provider licenses revoked, or be forced to discontinue business entirely. In addition, any finding of a violation of PRC laws or regulations by any of the entities through which we do business in the PRC could make it more difficult for us to launch new or expanded services in the PRC.

About Skype specifically:

Although Skype does not conduct operations in the PRC directly, it makes its software available through a joint venture with Tom Online and its software is used by residents of the PRC. PRC regulations surrounding VoIP telephony are unclear and the PRC or one or more of its provinces may adopt regulations or enforce existing regulations that restrict or prohibit the use of Skype’s software.

Does China have laws protecting citizen privacy?

Did Skype contract for detailed, SLA-degree security and privacy with TOM-Skype? Or were requirements left general and abstract?

tags: skype, china, privacy, prc, regulations, tom online, law, tom-skype, tom skype

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

The Story Behind the Story: How a Canadian cracked the Great Firewall of China

As a four time graduate of the University of Toronto, I am glad to see the atmosphere for investigative research is thriving at my alma mater. A researcher at their unique Citizen Lab, "focusing on advanced research and development at the intersection of digital media and world civic politics", is responsible for uncovering the TOM-Skype security breach that has had widespread coverage.
Globe and Mail reporter Matt Hartley has obviously gone to the lab for an interview with researcher Nart Villeneuve for his article in today's editions: How a Canadian cracked the Great Firewall of China. .... the irony of where "lost passwords" can lead you:

When he couldn't remember the password to his Chinese MySpace account he decided to take a look at Skype.
...Using a TOM-Skype account on one computer and a regular Skype account on a nearby laptop, Mr. Villeneuve would type a word into one computer and see if the other computer received the message, to see what information would be filtered out by the service's censorship tools. When he typed in a common four-letter expletive and hit send, it didn't show up on the other computer. But he noticed something else.

Read on. Further along Matt reports:

After he contacted Skype on Wednesday to inform them of the breach, the company moved quickly to plug the holes in the TOM-Skype servers, Mr. Villeneuve said.

And, as Phil has already reported, Skype President Josh Silverman responds here, including this comment:

It's important to remind everybody that the issues highlighted in yesterday's Information Warfare Monitor / ONI Asia report refer only to communications in which one or more parties are using TOM software to conduct instant messaging. It does not affect communications where all parties are using standard Skype software. Skype-to-Skype communications are, and always have been, completely secure and private.

New York Times, Oct. 2 (registration required)
Wall Street Journal (may encounter a walled garden), noting that TOM-Skype has 69 million users, places this story in the perspective of other "Doing business in China" stories involving Microsoft, Google and Yahoo.

Powered by Qumana

Skype President Addresses Chinese Privacy Breach

Read Josh Silverman's announcement.

a year in china

"@johnkreiss When my friend spend a year in China, she used Skype to talk to her family back home. Apparently great quality, low/no cost." --  Jenny