Skype Accused Of Handing Out Private Info To Private Company
from the massive-fail dept
Over the last year or so, there’s been concern about Skype’s commitment to privacy following its acquisition by Microsoft. Now a situation in the Netherlands is serving to renew those fears. As highlighted by Slashdot, it appears that Skype handed over information on a 16-year-old user to a private information technology firm that was investigating some denial of service attacks against PayPal.
The security firm, iSIGHT, was hired by PayPal to investigate the attacks, and an employee of the company reached out to Skype seeking information about one user who he thought might be involved. And Skype coughed up the info — including username, real name, email address and home address — no questions asked. As the article notes, there was no court order or anything like that. Just a guy from a private company asking and Skype said, “sure, here’s all the info.”
There are questions about whether this move violated some European privacy directives. At the very least it seems clear that it violated Skype’s own policies, which include not providing customer data unless required by law, or if official law enforcement is involved. In this case, neither thing is true. One hopes that this is just a one-off mistake by Skype, but it’s worrying nonetheless.
Filed Under: ddos, investigation, netherlands, private info
Companies: microsoft, paypal, skype
Comments on “Skype Accused Of Handing Out Private Info To Private Company”
“There are questions about whether this move violated some European privacy directives.”
You have a talent for understatement. If Google got into all kinds of trouble for driving down the street and taking pictures, how can this be ok?
Unfortunately, I expect the stereotypical 16 year old hacker/anonymous persona will be used to justify this.
or for the less evolved…
but but but hackers!
Skype was never trustworthy. Does anyone really trust it since it was acquired by Microsoft?
well its not like they are turning off MS Messenger and moving everyone to skype… er wait..
screw microsoft skype
Use Jitsi instead. Be sure to encrypt whenever possible (Jitsi supports encryption, Skype doesn’t).
Any ‘hacker’ worthy of the title wouldn’t be tracable via some half-assed product like Skype. Not saying he deserves it, but wow what a rough way to learn that lesson.
I hope Skype gets fined into oblivion for breaking both the law and their own stated policy. More likely they’ll be held up as a paradigm of law & order.
Example #9678970 why not to use/trust proprietary software.
Re: screw microsoft skype
Yep, XMPP with OTR and ZRTP are the way to go.
If you want your privacy protected, stay away from Skype. It’s as simple as that. They are WAY too loose with people’s data.
Huh? Hasn’t Skype told them yet that the other company is a “business partner”? I thought every “Universal Privacy Denial” statement had an exception for business partners.
Because when a corporation has been wronged, special rules apply.
Wasn’t paypal saying the DDOS was merely an inconvenience that hadn’t affected them deeply?
So why is it this much later they are still hunting down 16 yr olds?
Think of the children! Oh wait….
Everone’s probably just blowing this out of proportion. Skype merely wants to know where this kid lives so they can offer him some free candy.
Breaking the law?
“I hope Skype gets fined into oblivion for breaking the law”
And which law would that be?
Re: Breaking the law?
Making the wild assumption you’re replying to me, I must say after submitting that comment I realized some people may lack the ability to infer that what was meant was their violation of EU directives mentioned in TFA.
Makes the case for NEVER using your real name and address in ANYTHING you do, especially with unscrupulous companies such as Microsoft, Skype, Google, Apple… etc., etc….