January 11th, 2017

The Permanent Damage of Skype

1
January 11th, 2017

Over the holidays I had my Skype account hacked.

It happened while I was en route to Montréal. I had just downloaded Waze on my phone to help navigate an intensifying snow storm when I received a message from a friend: “What is the link you just sent me on Skype?” I opened the app to find a flurry of inappropriate messages sending nonstop to all my contacts.

In an attempt to swiftly mitigate the fallout, I tried to delete my Skype account. I could not find anything in the app. I logged into the web version and found no option to delete my account either. So I took the next logical step and googled, “how to delete Skype account?” I found hundreds of similar inquiries. To my disbelief, it appeared the only way to delete the account was through a customer service agent.

Continuing with my vast millenial knowhow, I googled “How do I contact Skype Customer Service?” After I found a form and filled it in, I began chatting with a “Microsoft Answer Tech.” I was informed this was a typical malware issue on desktop computers, and that I would not need to delete my account. I thought to myself, if this was a common issue — why hadn’t Microsoft addressed it yet? “Not now,” I said to myself, “focus.” The Answer Tech proceeded to instruct me to uninstall Skype and install Sophos Antivirus. Since I was in a car at the time, stuck in a snowstorm, I reminded the Answer Tech that I did not have access to my computer but still needed this issue resolved urgently. Nothing could be done from the phone. So much for ‘mobile-first.’

Two hours later, I finally arrived at the hotel in Montréal, and by now hundreds of my contacts had received messages. I opened a new form and began chatting with another “Microsoft Answer Tech.” They were unable to view my previous conversation with the other Tech, so I debriefed them. I thought this was a bit odd, but again, I tried to stay focused on the task at hand. Sophos Antivirus did not find any significant vulnerabilities. As such, I returned to the original plan and requested to delete my account in fear that the messages were still sending.

I received a standardized pasted response:

“I’d like to set your expectations before deleting your Skype account. Skype and other Microsoft products are now migrated. All MSA’s (Microsoft accounts) are equal. It is not possible to unlink the Skype account from MSA so it’s therefore also not possible to cancel without the other. If you’ll be deleting this Skype account your email address/phone number will be unlinked to Microsoft services along with other Microsoft products associated to this email address/phone number such as OneDrive, Xbox, etc. You will lose access to all Microsoft products. We strongly recommend you to use your remaining credits and subscriptions. When an account is closed, Microsoft has a 60-day waiting period before permanently deleting the account.”

I had to read it twice. If I wanted to delete my Skype account, which I do not pay for, I was going to lose my OneDrive and my Xbox Live account, which I do pay for?

The Answer Tech’s response: “sorry about that.”

How can Microsoft propose something as absurd as this?

I further inquired. “So, there is no way to delete my Skype account? Despite that I never consented to ‘migrating’ these completely separate services?”   The Answer Tech reiterated, “I am sorry for the inconvenience this has caused you.”

While my problems do not amount to a hill of beans, the fact that so many others have had the same problem makes me wonder why Microsoft’s handling of the matter is not more customer-oriented.  Aside from the colossal personal inconvenience and my dissatisfaction as a customer, there are a few bigger issues involved which should concern everyone.

To begin, Skype records everything you do. Due to the Snowden leaks, we know the full capture of traffic began as early as 2011 where the NSA had the capability of requesting all peer-to-peer Skype communications— video, audio, Skype-to-phone, etc., using decryption keys provided by Microsoft through the PRISM warrant request. It is not just the NSA either, it appears even Russian authorities can easily request your Skype conversations.

Skype also has significant vulnerabilities. So many that it even has its own dedicated Wikipedia page, “Skype security.”

Imposing contrived interdependence with other services unnecessarily backs users into a corner when making decisions about the products they want to use and pay for. Furthermore, making it near-impossible to ever unsubscribe from a service that covertly records everything you do on it, is a dangerous precedent.

Along with the rising concerns for privacy, important developments like the EU’s “right to be forgotten” ruling, the growing threat of cyber security and even people’s own freedom to choose, it is important that leading technology companies like Microsoft set the right example.

To be notified of a new article
(you will never be spammed)
Mailchimp
Sending