I can only say Josh this is a major breach of trust, one of the cornerstones of Skype IM. And of course I am not talking about the flakey webservers, but (as I understand it) TOM spywaring the Skype codebase.

I think that's a pretty unfair comment. As he said, "Our challenge is to bring this valuable service to people all over, including China, while being transparent to our users", and that's exactly what he just did - was transparent about what happened. I thought that was a great explanation of how Skype have acted openly and honestly, and they have been caught out by a trusted partner - you can't hold them responsible for that. You might argue that you can't trust anyone in China as censorship exists there, and therefore you shouldn't deal with them, but then you can't chat to people in China. Which would you prefer? You could also argue that if you do live or choose to live in China then you have to expect it, and as someone outside China with connections in China, then you should expect it too.

@notice as Josh says above, the integrity of the Skype codebase is unaffected by this issue:

"It does not affect communications where all parties are using standard Skype software. Skype-to-Skype communications are, and always have been, completely secure and private."

I hope this clears things up

I didn't want to imply the general code base was corrupted. I apologize if my comment seemed that way. But what did happen is that TOM "censorized" it. We can argue if that happened "under Skype's nose" or not. My guess (meaning nothing) is that Skype has indeed been unpleasantly surprized in that TOM took it a bit furher than anticipted. My issue, and really I do not think this is unfair @benempson, is that for the better informed, the end to end encryption is a main thingy Skype is trusted for. Implying that China's skype is different and we should expect it to be is a gross simplification: the Skype brand is on the table here. We all knew about the silly censorware build in. But if it is being "tapped" it shouldn't be "Skype". God knows how many people trusted the advertised features that yes, I completely trust are unaffected in the regular Skype.

Now don't get me wrong, I am a very VERY strong Skype advocate and talked many, many people in using it, and still will. And yes I *do* appreciate Josh's openness about the issue, even as I didn't mention that in my earlier comment. I do. I am still disappointed, see my reasoning above. The unfortunate lesson seems to be you can't (always) trust your partners. Tough lesson.

will this breach of trust change skype's position on opening up to allow 3r party, credible encrytption packages to run on top of the software? skype and ebay have proven that you can not be trusted, and to keep your users and rebuild your trust you need to demonstrate to the community that you understand the importance of security and privacy, no matter who provides it

a longtime, loyal but wavering skype user

Josh,

You write: TOM, like every other communications service provider operating in China, has an obligation to be compliant if they are to be able to operate in China at all.

That is true, and I agree, though you could have done more to disclose exactly how you were complying and to verify that you partner was doing what you said you were doing.

But what about the US and terrorist surveillance program run by the NSA? Have you been asked by the NSA or any other organ of the US government to open up your backdoor to government surveillance? Can you give Skype users any comfort that either 1. you do not or 2. you would not. And if you can not, probably because whatever you may or may not have been asked is classified, how can you expect your users to believe that you would protect them against eavesdropping intrusions by the US or other Western governments, given your record?

The only way you do that is by allowing Skype to interoperate with other encryption packages. I believe your encryption is excellent. But it is not a technology or software problem, it is a people problem. I, and I am sure an increasing number of your users, just don't believe you as a company can now be trusted to protect our privacy.

"TOM, like every other communications service provider operating in China, has an obligation to be compliant if they are to be able to operate in China at all."

You have a moral obligation not to support the Chinese government's suppression of free speech. "I was only following orders" doesn't cut it any more.

I can't believe you trusted that TOM not to do something like this! Basically all Chinese media and ISPs are under state supervision. Why didn't you properly check their software for this kind of spying? My guess is that you knew about this all along but decided it was better to let the spying take place than give up the Chinese market. There's no way to describe that decision other than "really foolish." You have really shaken my trust. I do hope there will be verification that voice communications and communications using the US version of Skype are safe.

Before you read my comment. Realize that Skype is owned by eBay and the CEO that runs Skype is the boss. The boss runs the company... The boss is always right, even when he is not but that does not matter, because the only reason why Skype is present on the China market via Tom.com is to gain market share and little hickup won't stop them. They will continue to compete with QQ.Tencent on the Chinese 1.3 billion user market. Monitor or not. It's not a matter of ethics and conscience, it's matter of getting more users and more revenue for Skype. All the rest is nice chat and good PR.

You can read here that the Skype President Addresses Chinese Privacy Breach where they wash away the current concerns as if it’s nothing to worry about.

For Skype it is all about “TOM, just like any other communications company in China, has established procedures to meet local laws and regulations. These regulations include the requirement to monitor and block instant messages containing certain words deemed "offensive" by the Chinese authorities.”

This a very funny statement from a company that advocates free communications with a 256-AES uncrackable system. They are also proud not to put spyware and adware in their software, but with this tom.com spyware surfacing, maybe this is not the case anymore… At least they are investigating the topic “In April 2006, Skype publicly disclosed that TOM operated a text filter that blocked certain words in chat messages, and it also said that if the message is found unsuitable for displaying, it is simply discarded and not displayed or transmitted anywhere. It was our understanding that it was not TOM's protocol to upload and store chat messages with certain keywords, and we are now inquiring with TOM to find out why the protocol changed.”

This means “Josh Silverman said his company had no idea that the Tom-Skype software, distributed to Skype users in China, was logging chat messages and storing them on a publicly accessible server.” source : Skype says it was unaware of China message-logging. I don’t believe that Skype was not aware of this.. That chat logging software has been there for about 5 years… I reported on this skype.exe tom.com content-filter in my blog in http://webtown.typepad.com/webtown/2007/09/skypes-cooper-1.html and http://webtown.typepad.com/webtown/2008/09/skype-coming-to.html and Never use the Skype phone ? The point is that there is no point in denying anything of this. Skype should also know what tom.com is doing with their software. I think they knew this but they did not expect this spark to give such a big blow when it reached the gunpowder.

Finally I still have to grin when reading “Skype-to-Skype communications are, and always have been, completely secure and private.” A big HA HA HA comes to mind. Think about the dual login without notification, think about the fact that the control panel of Skype, the Skype client, the Skype forum uses the same login and user name. And don’t forget that anybody can be anybody over and over without proper authentication. Way to go…

Josh Silverman end his short statement with this “Our challenge is to bring this valuable service to people all over, including China, while being transparent to our users and staying within the boundaries of the local laws.”

Let me say this :

• Skype is not transparent, it’s closed source, it obfuscated.
• eBay owns Skype, Skype has to do what eBay shareholders dictate and want
• Skype is runned by eBay boys, anybody who thinks or acts differently has to go and so they did.

Let the transparency be documented and be clair. What happened now in the blogosphere and global news is clarifications. Maybe more will come. Good Public relations from Skype. I wonder if Josh Silverman would be willing to answer the hard and tough questions in the Skype Cheerleader blog www.skypejournal.com  ?

The summary is that China is surveilling Skype, Skype admits breach, apologizes and they will move on as they always do. Meaning the Skype service in China recording, censoring messages without feeling guilty of it and without even having to justify themselves and this is all perfectly legal. We can just sit back, relax and enjoy the eBay show. Shopping comes first.

Skype apologizes for Chinese privacy breach [Breakdowns] , Skype Admits China Privacy Breach a blog and news storm on the topic can be witnessed. What is the next disaster news lurking around the corner and how will this affect Skype as a company…

Maybe it’s Time To Look For A Skype Alternative since Skype Cannot be Trusted, Period, after all they allowed this Snooping and Censoring Skype Messages to go on for about 5 years and now the shit hits the fan.

In the early days of this blog, you might have seen what I wrote about the Hidden Process Installed by Skype to Monitor Your Computer! … It’s been there a long long time..

"It is common knowledge that censorship does exist in China and that the Chinese government has been monitoring communications in and out of the country for many years."

It's a sad day when giving up free speech is merely a "cost of business" and not considered a serious issue. How many times must we repeat the mistakes of history before we learn them?

My nation fought hard and bitterly for the right to free speech and freedom from oppression. It is truly sad to see people treat a fundamental human right as a mere business deal, to be thrown away so easily simply for the chance to enter a new market.

"and we are now inquiring with TOM to find out why the protocol changed."

Inquire if you feel like it, but I think we all know why it changed.

so what is skype doing to solve the problem. according to skype / ebay, what is the problem ? maybe there is no problem, since you guys simply comply with the government regulations...