Sounds really smart to me: get tons of feedback on a critical branding decision, while having a fun, unique, and potentially buzz-building little experiment that could drive users to your home page daily. Perhaps most importantly, it requires no commitment on Yahoo's part, considering the bad PR Microsoft and eBay both recently experienced when announcing their new logos.
She is crazy smart, likely a genius in her field. I just think this move to Yahoo is a long shot, motivated by Hubris more than anything and I still don't think it will bode well for her. I hope I'm wrong, but there are some things all the brains in the world can't fix.
Skype was originally marketed as having end-to-end encryption. Now, we know that since Microsoft bought Skype they've added wiretapping support, which works by making themselves a man-in-the-middle. They claim they only do this temporarily for people they are actively wiretapping.
This, however, shows that Microsoft regularly MITMs you, for the purpose of evaluating whether links are dangerous. This means that basically all of Skype's former privacy claims are no longer true. They simply regularly look at your unencrypted traffic, which means that they are a target for attackers, governments, and pretty much anyone who wants to eavesdrop or read your messages.
How do you know if Microsoft is actually eavesdropping the entire conversation, or it's just the Skype client filtering out URLs in the conversation for additional screening? Sorry if I missed something in the article.
The URLs are being pinged by computers within Microsoft, so even if the filtering was only occurring on the client side (which I doubt) it still makes its way back to MS servers.
I wouldn't call this man-in-the-middle, they are the man at both ends and in the middle.
MITM usually refers to 3rd parties routing your traffic. So if your ISP or network admin was sniffing your Skype messages, that would be what is generally called MITM.
That article is very dismissive and pretty flimsy. "A single experiment"? No, it was replicated by multiple people. I’ve concluded that the reason for the mysterious visit is almost certainly innocent.... I’m reasonably certain that address is part of Microsoft’s SmartScreen infrastructure. First, that's not very reassuring. The data should not be readable by Microsoft. Second, since the traffic showed up hours after the message was sent, it is not useful as a screening service. The link would have been clicked long before the URL was checked out. The only mitigating piece of this mess is that the request was a HEAD and not a GET, so they're not fetching the whole contents of the page. But the damage is done long before.
Then again, some people have discovered that GET requests came in probably from the same person and with a google referrer after the HEAD request from the google bot:
The ZDNet do not say that Microsoft aren't reading and interpreting what people write in private chat. ZDNet just say its "almost certainly innocent" because its done automatically by a machine for the purpose of increased security.
I for once disagree here that such actions are innocent. When peoples private conversation is read and interpreted, even by a machine, most people still get a feeling of lost security. This in turn causes a real problem from lower personal security, increased mental stress, and social self-imposed restrictions.
In addition to sp332's well-taken points, there is the fact that what Microsoft sees, it cannot prevent the USA government and its allies from seeing. Many Skype customers would see that as an unacceptable threat.
The article concludes: There’s no evidence that anyone, human or machine, is reading your confidential messages.
Well obviously, a machine is reading your confidential messages, if only to scan them for links. In the most benign case, the link scanning could be done in the skype client (closed source software on your machine), and MS's servers are seeing a list of links + an encrypted message.
"As for my writing… I wouldn’t expect much to change. I’ll still be writing columns for TechCrunch and I’ll still be writing here and elsewhere as time permits.
Obviously, there will be some knowledge that I become privy to that I won’t be able to share — but that’s not any different than it has been with many of the startups I’ve worked with over the past 19 months. The difference now is that some of that knowledge will be about one of the most successul startups of all time: Google.
Yes, they’re letting an Apple fanatic into the building — wild, I know. But as I said, I left the reporting path long ago. I’m on a new path now. Don’t worry, I’m bringing my iPhone with me."
