Report Claims Major Skype Privacy Lapse

A report in The Guardian claims that Skype and Cortana audio was accessed by workers in China with “no security measures.”

A former contractor who says he was hired with minimal vetting told the publication that “he reviewed thousands of potentially sensitive recordings on his personal laptop from his home in Beijing over the two years he worked for the company.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

“I judged British English (because I’m British), so I listened to people who had their Microsoft device set to British English, and I had access to all of this from my home laptop with a simple username and password login,” he claims. “They just give me a login over email and I will then have access to Cortana recordings. I could then hypothetically share this login with anyone. I heard all kinds of unusual conversations, including what could have been domestic violence. It sounds a bit crazy now, after educating myself on computer security, that they gave me the URL, a username and password sent over email.”

The program he was allegedly part of was discovered by Vice last summer, along with similar programs at Amazon, Apple, and Google. Each of these companies has taken steps since then to shore up the privacy of this work. Microsoft says it no longer carries out these reviews in an insecure manner.

“We review short snippets of de-identified voice data from a small percentage of customers to help improve voice-enabled features, and we sometimes engage partner companies in this work,” a Microsoft statement notes. “Review snippets are typically fewer than ten seconds long and no one reviewing these snippets would have access to longer conversations. We’ve always disclosed this to customers and operate to the highest privacy standards set out in laws like Europe’s GDPR.”

The statement continues.

“This past summer we carefully reviewed both the process we use and the communications with customers. As a result we updated our privacy statement to be even more clear about this work, and since then we’ve moved these reviews to secure facilities in a small number of countries. We will continue to take steps to give customers greater transparency and control over how we manage their data.”

 

Share post

Please check our Community Guidelines before commenting

Conversation 10 comments

  • nicholas_kathrein

    10 January, 2020 - 1:04 pm

    <p>You can say Microsoft is more trustworthy than Google but no company is really trust worthy in a world where things get outsourced and temps hired.</p>

  • willc

    10 January, 2020 - 1:24 pm

    <p>”<span style="color: rgb(0, 0, 0);">Microsoft is a much more trustworthy company [than Google] and has a good privacy story.” – Paul Thurrott</span></p>

    • Kelly Hunter

      10 January, 2020 - 2:45 pm

      <blockquote><em><a href="#511707">In reply to willc:</a></em></blockquote><p>It is possible to be better without being faultless. </p>

    • ghostrider

      10 January, 2020 - 3:10 pm

      <blockquote><em><a href="#511707">In reply to willc:</a></em></blockquote><p>MS are far from the 'trustworthy' company some say they are, and are in fact probably as bad as the worst out there. They consume vast quantities of personal data, and do what with it exactly? The co-erce and trick their customers into achieving their goals, they don't actually provide a total 'opt out' option for telemetry collection – for a very good reason that suits them.</p><p>Sorry, for those who believe MS are holier-than-though, think again. You and your data are the 'product' MS are monetizing. Saying that, I'd say by far the least trustworthy tech company are Facebook. A truly abhorrent business. </p>

      • willc

        10 January, 2020 - 6:22 pm

        <blockquote><em><a href="#511749">In reply to ghostrider:</a></em></blockquote><p>Facebook is bad, yes, but they don’t have the 30 year track record of unethical behavior that Microsoft does.</p>

  • Winner

    10 January, 2020 - 1:42 pm

    <p>And yet so many worry about Google "selling their data" (incorrect) but feel safe with Microsoft, with their advertising ID in the OS and now this.</p>

  • karlinhigh

    Premium Member
    10 January, 2020 - 2:56 pm

    <p><em>For whosoever shall keep the whole law, and yet offend in one point, he is guilty of all.&nbsp;</em></p><p>(James 2:10, which apparently inspires today's compliance and security work.)</p><p><br></p>

  • branpurn

    10 January, 2020 - 4:06 pm

    <p>The unspoken price of doing business in China. </p>

    • wright_is

      Premium Member
      11 January, 2020 - 4:16 am

      <blockquote><em><a href="#511767">In reply to branpurn:</a></em></blockquote><p>This has nothing to do with China. The other employees for Apple, Amazon and Google were all over the world; for much of Europe, I believe they were in the former East Block countries (Poland, Rumania etc.).</p><p>It is just where they can find cheap labour with the necessary language skills.</p><p>It is the unspoken price of using Voice Assistants at the beginning of the AI revolution, they still need training and still need humans to monitor the conversations to ensure that they are being interpreted correctly.</p>

  • red.radar

    Premium Member
    15 January, 2020 - 12:11 pm

    <p>Key point of distinction: Did he have access to every skype call and could freely browse anyone's conversation ? Or was he given an inbox of samples for him to verify accuracy</p><p><br></p><p><br></p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC