Skype was unaware of a major privacy problem affecting Skype users in China, the company’s president said Thursday.
In a blog posting to the eBay subsidiary’s corporate blog, Skype President Josh Silverman said his company had no idea that the Tom-Skype software, distributed to Skype users in China, was logging chat messages and storing them on a publicly accessible server. “It was our understanding that it was not Tom’s protocol to upload and store chat messages with certain keywords,” he wrote.
Tom-Skype is developed by China-based Internet service provider Tom Online.
On Wednesday, Canadian researchers published a report (pdf) finding that the Tom-Skype client was storing certain text messages and user information on public servers. The data was encrypted, but the encryption key required to read the data was publicly available.
Messages that referred to politically sensitive topics such as the Falun Gong spiritual movement, Taiwan and opposition to China’s ruling Communist Party were flagged and stored on the servers, the researchers said. These computers were also logging details of voice calls placed to Tom-Skype users, they said.
Like all China ISPs, Tom Online has an obligation to monitor communications, Silverman wrote. But Skype believed that the Tom-Skype software was merely filtering certain words from chat messages, not storing them on a server, he added.
“We are now inquiring with Tom to find out why the protocol changed.”
Tom Online has now fixed the security problem discovered by the researchers. “We are currently addressing the wider issue of the uploading and storage of certain messages with Tom,” Silverman said.
Tom Online’s parent company, Tom Group, said Thursday that it complies with Chinese law.
(John Ribeiro in Bangalore contributed to this story.)