Tom-Skype Filtering in China
UPDATE: See the 2008 report which shows that:
- The full text chat messages of TOM-Skype users, along with Skype users who have
communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and
if present, the resulting data are uploaded and stored on servers in China. - These text messages, along with millions of records containing personal information, are
stored on insecure publicly-accessible web servers together with the encryption key required to
decrypt the data.
Skype’s partner in China, Tom Online, has implemented filtering of Skype’s text chat for Chinese users. Skype is not being transparent about the filtering fucntionality that has been introduced. Here is my initial attempt at trying to figure out Tom-Skype’s filtering.
Tom-Skype can be downloaded from skype.tom.com and I installed in in Chinese and English. I also installed the 2.5 beta version, all appeared to function the same. The tests below are from Tom-Skype 2.0 installed in English.
The first thing I noticed is that Tom-Skype is bundled with an executable called ContentFilter.exe. It is an application developed by Tom Online called Tom Word Review. It is digitally signed by Skype.
Tom’s ContentFilter.exe loads after one logs into Skype and runs in the background. It is visible in the process list.
After logging in to Skype several plain text connections are made to Tom’s web server, in addition to some to Skype’s server. Some are just to get the version number of Skype the user is running while others are for the content that appears in the Tom content tab — mine had to do with the FIFA World Cup :) . But there are two rather odd connections:
Connection 1
GET /agent/skypever.php?md5=nofile HTTP/1.1 Content-Type: text/html Host: skypetools.tom.com Accept: text/html, */* User-Agent: Mozilla/3.0 (compatible; Indy Library) HTTP/1.1 200 OK Date: Tue, 13 Jun 2006 17:39:14 GMT Server: Apache Connection: close Transfer-Encoding: chunked Content-Type: text/html 1 0 0
This looks like its checking for a version number.
Connection 2
GET /agent/keyfile HTTP/1.1 Content-Type: text/html Host: skypetools.tom.com Accept: text/html, */* User-Agent: Mozilla/3.0 (compatible; Indy Library) HTTP/1.1 200 OK Date: Tue, 13 Jun 2006 17:39:15 GMT Server: Apache Last-Modified: Mon, 07 Nov 2005 11:02:50 GMT ETag: "1a73b-8166-436f345a" Accept-Ranges: bytes Content-Length: 33126 Connection: close Content-Type: text/plain
This connection downloads a file called “keyfile” into Skype’s installation directory. I assume its a keyword list file of some sort. It has 123 lines that look like this:
006F00000000000000C600EA007B00EF000100C900190080007 E000C001B00E7003C006900F80003002B00C000790084008D00 900002005E0018005C00C60067004400B8007C00F5002500F60 061009F00A900F4005600AE0065009100AE007F002A00D400D5 0024005800930033004600A90055005A008500E4006100A30025 00FA00F10030005A005F00E00096005700A6009C00F9008600E5 0083005100FF00A0007700FD000800B70037000300B7006F004C0 0E70047002D00BE00DA004300AB00A500B800210009002B00E1008F 00560055000A004F001900C60004009A004000D20051007B
I have not been able to decode this. It looks like hex but does not convert nicely (utf-8, utf-16, gb18030, gb2312 etc…)
(By the way, when you uninstall Tom-Skype the “keyfile” is not removed form your computer.)
However, I could only trigger the filtering with the work “fuck”. I tried all the words from the QQ list plus list of political words and phrases. I also tried some mandarin slang and some Chinese sex related words.
Here is what it looks like. I sent text chat from one Skype account using Tom-Skype on one computer to another with the same set-up. (I was able to make a Skype user name through Tom-Skype called “falun99″, I thought they may want to filter screen names, but they do not seem to.) When you receive any text — a word, a sentence or a paragraph — that contains a keyword, in this case “fuck”, the entire message is not displayed to the user using Tom_Skype.
The message sender, using Tom-Skype, can see the text, including the banned keyword. And if that message is sent to a normal Skype user, the receiver can also see it.
However, if a message with banned words is received by a Tom-Skype users (from a normal Skype user or a Tom-Skype user) the message will not be displayed at all.
- Tom-Skype is bundled with ContentFilter.exe which makes two connectiopns to Tom Online’s web server, one appears to download a keyword file.
- Tom-Skype message blocking is done on the client side while receiving messages, normal Skype users can receive messages from Tom-Skype users that contain banned keywords.
- The total amount of keywords appears to be low, so far only “fuck” has been found.