Tom-Skype Filtering in China

Posted by on June 15th, 2006. 22 comments... »
Tags: .

UPDATE: See the 2008 report which shows that:

  • The full text chat messages of TOM-Skype users, along with Skype users who have
    communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and
    if present, the resulting data are uploaded and stored on servers in China.
  • These text messages, along with millions of records containing personal information, are
    stored on insecure publicly-accessible web servers together with the encryption key required to
    decrypt the data.

Skype’s partner in China, Tom Online, has implemented filtering of Skype’s text chat for Chinese users. Skype is not being transparent about the filtering fucntionality that has been introduced. Here is my initial attempt at trying to figure out Tom-Skype’s filtering.

Tom-Skype can be downloaded from skype.tom.com and I installed in in Chinese and English. I also installed the 2.5 beta version, all appeared to function the same. The tests below are from Tom-Skype 2.0 installed in English.

The first thing I noticed is that Tom-Skype is bundled with an executable called ContentFilter.exe. It is an application developed by Tom Online called Tom Word Review. It is digitally signed by Skype.

Tom’s ContentFilter.exe loads after one logs into Skype and runs in the background. It is visible in the process list.

After logging in to Skype several plain text connections are made to Tom’s web server, in addition to some to Skype’s server. Some are just to get the version number of Skype the user is running while others are for the content that appears in the Tom content tab — mine had to do with the FIFA World Cup :) . But there are two rather odd connections:

Connection 1

GET /agent/skypever.php?md5=nofile HTTP/1.1
Content-Type: text/html
Host: skypetools.tom.com
Accept: text/html, */*
User-Agent: Mozilla/3.0 (compatible; Indy Library)

HTTP/1.1 200 OK
Date: Tue, 13 Jun 2006 17:39:14 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

1  
0
0

This looks like its checking for a version number.

Connection 2

GET /agent/keyfile HTTP/1.1
Content-Type: text/html
Host: skypetools.tom.com
Accept: text/html, */*
User-Agent: Mozilla/3.0 (compatible; Indy Library)

HTTP/1.1 200 OK
Date: Tue, 13 Jun 2006 17:39:15 GMT
Server: Apache
Last-Modified: Mon, 07 Nov 2005 11:02:50 GMT
ETag: "1a73b-8166-436f345a"
Accept-Ranges: bytes
Content-Length: 33126
Connection: close
Content-Type: text/plain

This connection downloads a file called “keyfile” into Skype’s installation directory. I assume its a keyword list file of some sort. It has 123 lines that look like this:

006F00000000000000C600EA007B00EF000100C900190080007
E000C001B00E7003C006900F80003002B00C000790084008D00
900002005E0018005C00C60067004400B8007C00F5002500F60
061009F00A900F4005600AE0065009100AE007F002A00D400D5
0024005800930033004600A90055005A008500E4006100A30025
00FA00F10030005A005F00E00096005700A6009C00F9008600E5
0083005100FF00A0007700FD000800B70037000300B7006F004C0
0E70047002D00BE00DA004300AB00A500B800210009002B00E1008F
00560055000A004F001900C60004009A004000D20051007B

I have not been able to decode this. It looks like hex but does not convert nicely (utf-8, utf-16, gb18030, gb2312 etc…)

(By the way, when you uninstall Tom-Skype the “keyfile” is not removed form your computer.)

However, I could only trigger the filtering with the work “fuck”. I tried all the words from the QQ list plus list of political words and phrases. I also tried some mandarin slang and some Chinese sex related words.

Here is what it looks like. I sent text chat from one Skype account using Tom-Skype on one computer to another with the same set-up. (I was able to make a Skype user name through Tom-Skype called “falun99”, I thought they may want to filter screen names, but they do not seem to.) When you receive any text — a word, a sentence or a paragraph — that contains a keyword, in this case “fuck”, the entire message is not displayed to the user using Tom_Skype.

The message sender, using Tom-Skype, can see the text, including the banned keyword. And if that message is sent to a normal Skype user, the receiver can also see it.

However, if a message with banned words is received by a Tom-Skype users (from a normal Skype user or a Tom-Skype user) the message will not be displayed at all.

  • Tom-Skype is bundled with ContentFilter.exe which makes two connectiopns to Tom Online’s web server, one appears to download a keyword file.
  • Tom-Skype message blocking is done on the client side while receiving messages, normal Skype users can receive messages from Tom-Skype users that contain banned keywords.
  • The total amount of keywords appears to be low, so far only “fuck” has been found.

22 comments.

  1. […] Nart@CitizenLab of the University of Toronto has the first detailed investigation into the filtering of the Tom-Skype, cobranded version of the VoIP/chat client in China. As you may well know, Skype has partnered with Tom.com, but has agreed to filtering the text chat. […]

    Posted by Andrew Lih » Blog Archive » Tom-Skype Filtering on June 18th, 2006.

  2. […] Internet censorship tech-expert Nart Villeneuve reports that Skype’s Chinese client installs censorware on the user’s computer without telling: Skype’s partner in China, Tom Online, has implemented filtering of Skype’s text chat for Chinese users. Skype is not being transparent about the filtering fucntionality that has been introduced. Here is my initial attempt at trying to figure out Tom-Skype’s filtering. Tom-Skype can be downloaded from skype.tom.com and I installed in in Chinese and English. I also installed the 2.5 beta version, all appeared to function the same. The tests [that follow in this blog-post] are from Tom-Skype 2.0 installed in English. The first thing I noticed is that Tom-Skype is bundled with an executable called ContentFilter.exe. It is an application developed by Tom Online called Tom Word Review. It is digitally signed by Skype. […]

    Posted by newsBreaks.net » Report: Skype’s China client installs censorware on users’ PCs on June 22nd, 2006.

  3. Tried sensitive phrases like “falun gong”?

    Posted by J. Random Commenter on June 23rd, 2006.

  4. This content filtering technique may prove to be just another possible scam, where Tom Online might dump in some excess codes on to your PC. Whatever for do you really need to filter off what others say?

    Posted by Keith on June 23rd, 2006.

  5. i skype chat with an english learner in china. We were discussing hand gestures and some vulgar terms. When I tried to teach him about “fuck you” he was uncharacteristically unresponsive. I thought maybe i crossed some cultural barrier that left him insulted and quiet. Thanks for the explanation. My wife’s school filtering is gotten around with flick. So flick the censors.

    Posted by jack on June 23rd, 2006.

  6. […] Un informe de Nart Villeneuve revela que el cliente de Skype distribuido  en China, llamado Tom-Skype, contiene un programa censorware (ContentFilter.exe) que filtra el texto de las conversaciones de chat. Añade este artículo a: […]

    Posted by despuesdegoogle » Archivo del weblog » China: Censorware en Skype on June 23rd, 2006.

  7. So, no problems with “Tiananmen” or “Tibet independence” then?

    Not so bad considering it’s China.

    Posted by Alan on June 23rd, 2006.

  8. What about such words as democracy?

    Posted by dudeland on June 23rd, 2006.

  9. Tried again today, there was no cultural barrier, Fuck can’t get through. Makes you wonder why that word is one they chose to censor. Is it dangerous?

    Posted by jack on June 23rd, 2006.

  10. […] China se ha convertido en el país donde existe más censura en el ciberespacio, y no solamente ahí. El gobierno pretende aislar a los internautas chinos del mundo real. Primero fue Google, y ahora es el turno de Skype. El cliente del software VoIP más popular del mundo instala un censorware de forma oculta, lo cual implica que el usuario no puede iniciar conversaciones instantáneas (chats) ni acceder a ciertos contenidos que son filtrados por el software que corre en segundo plano. La versión internacional de Skype no contiene ningún tipo de filtro o censorware, pero en cambio, la versión disponible para China si. Skype no está siendo transparente con los tipos de filtros de contenidos que está aplicando en su software. Hay un reporte más detallado con capturas de pantalla, de la censura del gobierno Chino a Skype […]

    Posted by Bitperbit - Actualidad y Tecnologia hoy » Skype instala Censorware en computadoras de usuarios Chinos on June 23rd, 2006.

  11. […] “Skype’s partner in China, Tom Online, has implemented filtering of Skype’s text chat for Chinese users. Skype is not being transparent about the filtering fucntionality that has been introduced. Here is my initial attempt at trying to figure out Tom-Skype’s filtering.”read more | digg story    • • • […]

    Posted by Peppery’s Blog»Blog Archive » Skype’s China client installs censorware on users’ PCs on June 23rd, 2006.

  12. Wow, the coder of that program really did a crappy job. Instead of doing all the coding by himself, it added the indy libraries to do it completely. The coder should have mentioned the indy copyright in the binary file or he has violated the indy license:

    “Portions of this software are Copyright (c) 1993 – 2003, Chad Z. Hower (Kudzu) and the Indy Pit Crew – http://www.IndyProject.org/

    … –>

    “User-Agent: Mozilla/3.0 (compatible; Indy Library)”

    Check the binary for the copyright and if it isn’t there you should be able to sue them. Mmmmmm deja vu *Sony Spyware* =D .

    Posted by michielh (eprog) on June 25th, 2006.

  13. 国外的月亮和中国的月亮…

    应该说,国外的月亮,呃,还有国外的太阳和国外的星星,都和中国的没有什么分别。
    但老外在国外用的产品,和国人在国内用的同样品牌的产品,却是不一般:澳大利亚产的柯达胶片拍出…

    Posted by PODCAST PODIUM 播客宝典 on June 25th, 2006.

  14. […] Nart Villeneuve 这个老外近来就发现,如果你从Tom的网站skype.tom.com下载Skype,Skype软件里就会多出一个3760K的ContentFilter.exe小软件: […]

    Posted by PODCAST PODIUM 播客宝典 » 国外的月亮和中国的月亮 on June 25th, 2006.

  15. […] China se ha convertido en el país donde existe más censura en el ciberespacio, y no solamente ahí. El gobierno pretende aislar a los internautas chinos del mundo real. Primero fue Google, y ahora es el turno de Skype. El cliente del software VoIP más popular del mundo instala un censorware de forma oculta, lo cual implica que el usuario no puede iniciar conversaciones instantáneas (chats) ni acceder a ciertos contenidos que son filtrados por el software que corre en segundo plano. La versión internacional de Skype no contiene ningún tipo de filtro o censorware, pero en cambio, la versión disponible para China si. Skype no está siendo transparente con los tipos de filtros de contenidos que está aplicando en su software. Hay un reporte más detallado con capturas de pantalla, de la censura del gobierno Chino a Skype […]

    Posted by Agregador » Blog Archive » Skype instala Censorware en computadoras de usuarios Chinos on June 25th, 2006.

  16. […] Nart Villeneuve has discovered that Skype’s partner in China, Tom Online, has implemented filtering of Skype’s text chat for Chinese users without informing the users. […]

    Posted by little bridge » For your own safety - beware of Chinese net-ware on June 26th, 2006.

  17. It’s OK for such thing. But what I can’t bear is they filter the technical website.

    FUCK GFW

    Posted by Kent Wei on July 26th, 2007.

  18. try “GFW”?

    Posted by DreamXWay on June 18th, 2008.

  19. Not so long ago I had a conversation on skype with a friend in China. This friend told me the following in Chinese on skype: “I can provide you some info you want to know but don’t know” Then the next message appeared but in a flash was removed and replaced by the following notice: “[15:34:40] This message has been removed by the host” This happened two times. It was very possible that this person mentioned “Falun Gong” on that moment (but i dont know since the message was removed) But what really made me wonder was whether this host was a person or a computer. So my question is whether any sentence with the words “Falun Gong” automatically is removed? Did anybody ever try that? (i dont want to send it to a chinese skype user because i fear it might already put the chinese receiver in a dangerous position)Can anybody give me some feedback on this?

    Posted by peter on October 4th, 2008.

  20. great information. i have seen this stuff 4 years ago also, but you have done a good job in properly documenting it. good luck. don’t get into trouble…

    Posted by jan geirnaert | tropicaljantie on October 5th, 2008.

  21. So what happens if you end the cotentfilter.exe process with clt-alt-del? Is there no response or does it close down the program? Sorry if this on has already been asked

    Sam,
    laowise.com

    Posted by Leumas on May 24th, 2009.

  22. Also, this is how you can get the original version of Skype if you are living in China: http://www.laowise.com/blog/view/10

    Posted by Leumas on May 25th, 2009.

Post a comment.