Comments on: TOM-Skype Q & A

By: Mutant Palm » Blog Archive » Chinese Fonts for the Censortive Plugin

Mutant Palm » Blog Archive » Chinese Fonts for the Censortive Plugin — Tue, 25 Nov 2008 02:55:42 +0000

[...] Here’s a Google Doc of the banned words used in the Tom Online version of Skype. [...]

By: Pajamas Media » The Identity (Theft) Crisis

Pajamas Media » The Identity (Theft) Crisis — Sun, 16 Nov 2008 08:41:57 +0000

[...] This was discovered by a University of Toronto researcher in relatively simple fashion — by checking out what happened when he used the f-word in a message. (To be clear, this is a joint venture between Chinese phone [...]

By: nart

nart — Tue, 14 Oct 2008 19:43:36 +0000

Hi Sarah, I have seen no reaction by the Chinese government. I have seen posts on Chinese forums and blogs about the study.

By: Sarah

Sarah — Mon, 13 Oct 2008 19:49:01 +0000

Nart,

Has there been any reaction from the Chinese government to your study? I’m curious about how this is playing in China, if at all.

Sarah

By: nart

nart — Fri, 10 Oct 2008 13:48:47 +0000

Agreed. Knowing that you are communicating with a TOM user is a good idea. I have two additional recommendations. The first is for Skype to get involved with the multi-stakeholder initiative (see http://cyber.law.harvard.edu/research/principles ) and the second is to consider notifying users (as does Google, Yahoo, Microsoft and the Chinese search engine Baidu) when something is censored.

By: Peter Parkes (Skype Blogger)

Peter Parkes (Skype Blogger) — Fri, 10 Oct 2008 10:04:23 +0000

@Good idea – as Josh Silverman said in his blog post, we’re working on ways of making it clear to users that their messages may be monitored – we owe it to you to make things as transparent as possible.

By: Caso Tom-Skype: domande e risposte da chi ha scoperto il fattaccio « Noiano’s Blog

Sun, 05 Oct 2008 21:01:29 +0000

[...] Internet , Privacy , Sicurezza Tags: censura, cina, skype, tecnocontrollo, tom Dal blog di Nart Villeneuve Is “normal” Skype [...]

By: Good idea

Good idea — Sun, 05 Oct 2008 02:13:11 +0000

I think Skype should develop function that indicates to the Skype user if they are talking to a TOM-Skype user.

I have used Skype in China for a number of years and had to reinstall Skype and was redirected to TOM-Skype. I was immediately suspicious and deleted the program and instead used Google through TOR to get Skype.

By: concerned

concerned — Fri, 03 Oct 2008 16:18:54 +0000

The Ebay.com USA sites allows Hong Kong sellers to list their products. I have a US skype account. If I engage (or vice versa) with a seller based in Hong Kong, how do I know if they are using a Tom Skype system. Couldn’t this example potentially subject my conversations to logging or censoring?

Also, while this is considered a security breach, what happens when Ebay itself censors & snoops on its users? When ebay revised their user agreement last year there was discussion that this would open up ebays ability to screen messages through their P2P messaging system. I have experienced dropped non-deliverable messages by ebay based on certain types of conversations. And I had verified it by messaging my friends who also are on the ebay site. How is ebays censorship of our communications any different? If the exploit exists, how would we know if ebay is doing the same to monitor buyer and seller conversations. Do we take them for their word

By: nart

nart — Fri, 03 Oct 2008 14:10:27 +0000

Hi Brendan, thanks for the q. I heavily relied on machine translation. While its is possible to get a sense of the message it would be, as I noted in the report, far better to re-parse the logs matching Chinese characters. I intend to do this at some point. That’s why I used the key words to characterize the content of the messages.

In short, there were very short messages that contained “sensitive words” and not much else, and they were frequently logged. I parsed the log files to check for the frequency, from that I inferred what triggered the messaged to be logged.

Skype publicly characterized the type of content the filtering list contains, what I found matches their description.

That said, there were messages that appeared to be innocuous and very short, a “:)” smiley face for example. That cannot be logged for everyone leading me to believe that there are criteria other than key words in messages (usernames for example) that could trigger filtering and/or logging of the message.

There is an encrypted keyfile that appears to contain the trigger words, 110 at last count. Some of these are hardcoded into the tom-skype binary, so even if you delete the keyfile and block it from being downloaded by the client, you can still trigger the filtering/logging. I am working on decrypting this file.