I received a request regarding the types of logs that TOM-Skype keeps and have seen some discussion around what Skype could possibly be keeping. (For background on TOM-Skype censorship and surveillance practices, see Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform and blog posts here, here and here.) While my report focused on the “content filter” logs that contained the text of chat messages there were a variety of other logs:
- contentfilter*.log – ip, username, message, date, time (+ unknown parameters)
- skypecallinfo*.log – ip, username, version, username/phone number, date, time (+ unknown parameters)
- skypelogininfo*.log – ip, version, username, date, time
- skypenewuser*.log – ip, version, username, date, time
- skypenewusersendmoneytest*.log – unable to decrypt
- skypeonlineinfo*.log – ip, username, version date, time (+ unknown parameters)
- skypeversion*.log – version, ip, date, time (not encrypted)
The function of each logs is pretty self-explanatory based on the name of the file. In addition to the “contentfilter” logs, the “skypecallinfo” logs were very important as these files contain a record of who called who (skype usernames or phone numbers). In total, between the “skypecallinfo” logs and the “contentfilter” logs there are upwards of 4.5 million unique skype usernames or phone numbers in the logs I was able to download.
This doesn’t tell us anything about possible wiretapping with Skype or whether or not voice calls (other than the call data record in “skypecallinfo”) can be logged in other ways. Still, in many cases just knowing who is talking to who is as valuable as the content of the conversation itself.