With 250 million monthly connected users, Skype is one of the most popular services for making phone calls as well as chatting over the Internet. If you have friends, family or business contacts abroad, chances are you are using Skype to keep in contact. Having said that, you are probably not aware that all your phone calls and text chats can be monitored by the censorship authorities in China. And if you are aware, chances are that you do not consent to such surveillence. Microsoft, however, assumes that you do consent, as expressed in their Privacy Policy:

Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure.

From the SKYPE PRIVACY POLICY.

Known for years - yet most Skype users are unaware

The fact that Skype is collaborating with Tom Online and operating under "local laws and regulation" for the China market has been known for years. For example, Human Rights Watch got the following response from Skype in 2006, when inquiring about their partnership with Tom:

Skype works hard to comply with all applicable local laws and regulations in countries where we do business. China is no exception. In China, we have a joint venture with TOM Online in which TOM is the majority shareholder. The JV offers a co-branded version of the Skype software called TOM-Skype. To comply with the government regulation, TOM Online is obliged to use a text filter in TOM-Skype. If a message is found to be unsuitable for delivery because of specific text, the message is simply not transmitted between the users. This is an automated process and operates solely on text chats. Voice communications is not a part of this process.

From Appendix XI: Letter from Human Rights Watch to Skype and Skype's response.

Skype's claim that "this is an automated process and operates solely on text chats" is unlikely to be true. Tom Online is a Chinese company operating under local laws and regulation. If the authorities make a request for communication data for a given user they have to comply. To comply, they have to store the data. We can assume that all communication data - including both text and voice - passing through Tom's servers is saved and made available to authorities upon request. This of course also applies to other services based in China such as Sina Weibo and Tencent WeChat (微信). Skype and Microsoft, being foreign brands, are often perceived to be more trustworthy when it comes to privacy. In this case, Skype and Microsoft fail the people that trust them.

In 2008, Information Warfare Monitor and ONI Asia published An analysis of surveillance and security practices on China’s TOM-Skype platform. Their major findings were:

The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.

These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.

The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.

Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

While these conditions have been known for years, most Skype users are probably not aware of the differences between Tom Skype and the regular Skype. Many are running Tom Skype on their computers thinking that it's the regular Skype and trusting Microsoft to deal with their call and chat data confidentially.

Regular Skype version also vulnerable

What's worse, even if you are running the regular version of Skype, if the person you are chatting with or talking to is running the Tom version, your communication is still monitored and made available to the Chinese authorities. There is no way to know what software the other person is using. As we've established above, many are using Tom Skype unknowingly. This means that whether or not you are in China, whether or not you are using the regular version of Skype or the Tom version and whether or not you are writing something you think could be politically controversial in China, your communication data could all be stored on Chinese servers and shared with Chinese authorities.

Server tests

We have tested three versions of Skype: The regular, English version, the English version of Tom Skype and the Chinese version of Tom Skype. The following is an overview of the IP addresses that each client connected to while logging in and making a test call. All versions of Skype contact a range of servers and there is some overlap between the different clients. Servers are somewhat randomly selected but, crucially, it is clear that only the Tom versions of Skype communicate with servers located in China. The regular version of Skype, on the other hand, exclusively communicates with servers located outside of China.

IP Country Skype English Tom Skype English Tom Skype Chinese 212.8.166.36 Belgium - - 110.81.238.33 China - 117.25.148.250 China - - 117.79.81.133 China - - 180.149.134.221 China - - 180.149.134.224 China - - 211.100.40.15 China - - 211.100.40.173 China - 211.100.41.100 China - - 211.100.41.18 China - - 211.100.41.32 China - - 211.100.41.62 China - - 211.100.41.63 China - - 211.100.41.76 China - 218.30.111.75 China - 218.30.66.187 China - - 218.6.12.214 China - 218.6.20.11 China - - 219.232.255.99 China - 220.162.97.165 China - 61.160.200.197 China - - 204.9.163.184 Estonia - 204.9.163.200 Estonia - - 204.9.163.204 Estonia - 204.9.163.247 Estonia 212.187.172.78 United Kingdom - - 213.146.189.234 Ireland - - 213.146.189.237 Ireland - 213.146.189.239 Ireland - - 213.199.179.150 Ireland - - 239.255.255.250 Ireland 93.46.8.89 Italy - - 193.95.154.38 Luxembourg - - 78.141.179.11 Luxembourg - - 78.141.179.16 Luxembourg - - 91.190.216.24 Luxembourg - - 91.190.216.25 Luxembourg - - 91.190.216.53 Luxembourg - - 111.221.77.154 Singapore - - 149.13.32.15 US - - 149.13.32.246 US - - 149.13.32.251 US - - 157.55.56.150 US - - 157.56.52.29 US - - 184.25.105.161 US - - 184.26.82.161 US - - 184.87.201.195 US - - 207.46.70.164 US - - 207.46.70.208 US - 207.46.70.225 US - - 23.10.143.139 US - 64.4.21.39 US - - 64.4.34.81 US - - 64.4.45.58 US - - 64.4.61.152 US - - 64.4.61.205 US - - 64.4.9.158 US - 65.54.165.64 US - - 65.55.239.146 US - - 69.171.234.37 US - - 69.31.119.171 US - - 74.125.128.95 US -

How to tell the difference with Tom

Downloading

To download Skype, you'd probably enter www.skype.com in your browser and look for a download link. If you are in China, however, when you go to www.skype.com, you are automatically redirected to http://skype.tom.com. Skype does not ask if you want to be redirected. They also do not inform you of the difference between the regular Skype and the Tom Online version. The websites look very similar. Skype and Microsoft are actively misleading users into thinking that they are using the regular version of Skype.

Regular Skype Tom Skype (English) Tom Skype (Chinese)

Installing

The English version of Tom Skype looks exactly the same as the regular version while installing. The Chinese version is based on an earlier version of Skype and looks somewhat different. (Click on any screenshot to see the full version.)

Regular Skype Tom Skype (English) Tom Skype (Chinese)

Logging in

The login screens are very similar, misleading users to think that they are using the regular version of Skype.

Regular Skype Tom Skype (English) Tom Skype (Chinese)

About

If you click to the About window in the Skype client, you can find out if you are running the Tom Online version of Skype or not. If you are, then your communication is passing through Chinese servers and made available to authorities upon request.

Regular Skype Tom Skype (English) Tom Skype (Chinese)

How to get the real Skype in China

The regular version of Skype is not blocked in China, but downloading the client is made difficult by Skype and Microsoft. Whenever you try to go to www.skype.com they redirect you to skype.tom.com. One solution is to use a VPN or other circumvention tool when downloading Skype. That way you can avoid the automatic redirection to tom.skype.com.

Without a VPN, you can currently download the regular version of Skype in China by going to their beta website: http://beta.skype.com. On this site, they don't force users to redirect to Tom Skype.

Another solution is to download the client from a third-party website such as Yahoo. They in turn currently redirect you to the following download link on download.skype.com which seems to work fine in China: SkypeSetupFull.exe.

This assumes that you are using Windows. If you are on a Mac, you can get the real version of Skype from Softonic. If you are on Linux, here's a direct download link.

For an additional layer of security, you can connect to your VPN before using Skype. If you are using a proxy and want to force Skype to use the proxy, the best way is to run local firewall software and block all direct outgoing traffic from Skype.

Remember that if the person at the other end is using Tom Skype then your communication is still monitored by Tom. You can ask the person you are talking to to verify what version they are running by opening the About window in their Skype client (see comparison of screenshots above).

Deception

By redirecting Chinese users to Tom Skype without notice, Microsoft is actively misleading users to think that they are downloading the real Skype client. By blocking Chinese users from downloading the real Skype, Microsoft is actively making it more difficult for Chinese users to circumvent surveillance. By offering two versions of the Skype client that look almost identical but have vastly different implications on privacy, Microsoft is misleading users to trust their product. By not notifying users that the user at the other end is using the Tom Online version of Skype, Microsoft is making Skype conversations from around the world available to Chinese authorities, assuming that their users agree.

This is a privacy scandal that has been going on for years. Microsoft should at the very least make the differences between the Skype clients clear, allow Chinese users the option to download the real client, notify Skype users if the user at the other end is using the Tom Online version of Skype and apologize to all Skype users for having potentially shared all their private information with Chinese authorities.

If you know any employees at Microsoft, please let them know how you feel about this. And please help us spread awareness of this problem by sharing this story on social media etc.

Skype to replace Messenger

Microsoft recently announced that Windows Live Messenger [Is] To Be Retired, Users [Will Be] Transitioned To Skype. However, "Windows Live Messenger will live on in China, with no announced termination date for the service there". This may be because Microsoft isn't happy with their collaboration with Tom. According to reports in July, TOM may lose Skype rights in China. Whether Microsoft continues one or both of the Skype and Messenger clients, and whether they collaborate with local ventures or not, we hope that they will come clean concerning surveillance of their users and sharing of private data with Chinese authorities.

Alternatives to Skype

You may conclude that Skype simply isn't trustworthy, whether or not you are using the Tom Online version. One alternative is to use Google Talk, though its service is unstable in China (unless you are on a VPN). Are there other good alternatives? Feel free to comment.