Will Disney Block Star Wars Fan-Made Content?

Skype Accused Of Handing Out Private Info To Private Company

from the massive-fail dept

Tue, Nov 6th 2012 3:51pm — Mike Masnick

Over the last year or so, there's been concern about Skype's commitment to privacy following its acquisition by Microsoft. Now a situation in the Netherlands is serving to renew those fears. As highlighted by Slashdot, it appears that Skype handed over information on a 16-year-old user to a private information technology firm that was investigating some denial of service attacks against PayPal.

The security firm, iSIGHT, was hired by PayPal to investigate the attacks, and an employee of the company reached out to Skype seeking information about one user who he thought might be involved. And Skype coughed up the info -- including username, real name, email address and home address -- no questions asked. As the article notes, there was no court order or anything like that. Just a guy from a private company asking and Skype said, "sure, here's all the info."

There are questions about whether this move violated some European privacy directives. At the very least it seems clear that it violated Skype's own policies, which include not providing customer data unless required by law, or if official law enforcement is involved. In this case, neither thing is true. One hopes that this is just a one-off mistake by Skype, but it's worrying nonetheless.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ddos, investigation, netherlands, private info
Companies: microsoft, paypal, skype

14 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Atkray (profile), 6 Nov 2012 @ 3:19pm

"There are questions about whether this move violated some European privacy directives."

You have a talent for understatement. If Google got into all kinds of trouble for driving down the street and taking pictures, how can this be ok?

Unfortunately, I expect the stereotypical 16 year old hacker/anonymous persona will be used to justify this.
[ link to this | view in thread ]
Shmerl, 6 Nov 2012 @ 4:21pm

Skype was never trustworthy. Does anyone really trust it since it was acquired by Microsoft?
[ link to this | view in thread ]
F!, 6 Nov 2012 @ 4:29pm

screw microsoft skype
Use Jitsi instead. Be sure to encrypt whenever possible (Jitsi supports encryption, Skype doesn't).

Any 'hacker' worthy of the title wouldn't be tracable via some half-assed product like Skype. Not saying he deserves it, but wow what a rough way to learn that lesson.

I hope Skype gets fined into oblivion for breaking both the law and their own stated policy. More likely they'll be held up as a paradigm of law & order.

Example #9678970 why not to use/trust proprietary software.
[ link to this | view in thread ]
Anonymous Coward, 6 Nov 2012 @ 6:16pm

If you want your privacy protected, stay away from Skype. It's as simple as that. They are WAY too loose with people's data.
[ link to this | view in thread ]
Coyne Tibbets, 6 Nov 2012 @ 8:19pm

Huh? Hasn't Skype told them yet that the other company is a "business partner"? I thought every "Universal Privacy Denial" statement had an exception for business partners.
[ link to this | view in thread ]
That Anonymous Coward (profile), 6 Nov 2012 @ 8:41pm

Re:
or for the less evolved...
but but but hackers!
[ link to this | view in thread ]
That Anonymous Coward (profile), 6 Nov 2012 @ 8:42pm

Re:
well its not like they are turning off MS Messenger and moving everyone to skype... er wait..
[ link to this | view in thread ]
That Anonymous Coward (profile), 6 Nov 2012 @ 8:43pm

Because when a corporation has been wronged, special rules apply.

Wasn't paypal saying the DDOS was merely an inconvenience that hadn't affected them deeply?
So why is it this much later they are still hunting down 16 yr olds?
[ link to this | view in thread ]
Shmerl, 6 Nov 2012 @ 10:01pm

Re: screw microsoft skype
Yep, XMPP with OTR and ZRTP are the way to go.
[ link to this | view in thread ]
Anonymous Coward, 6 Nov 2012 @ 10:50pm

Re:
Think of the children! Oh wait....
[ link to this | view in thread ]
JJJoseph, 7 Nov 2012 @ 1:59pm

Breaking the law?
"I hope Skype gets fined into oblivion for breaking the law"

And which law would that be?
[ link to this | view in thread ]
F!, 7 Nov 2012 @ 10:48pm

Re: Breaking the law?
Making the wild assumption you're replying to me, I must say after submitting that comment I realized some people may lack the ability to infer that what was meant was their violation of EU directives mentioned in TFA.
Cheers
[ link to this | view in thread ]
The Groove Tiger (profile), 8 Nov 2012 @ 7:07am

Re:
Everone's probably just blowing this out of proportion. Skype merely wants to know where this kid lives so they can offer him some free candy.
[ link to this | view in thread ]
Tex Arcana (profile), 8 Nov 2012 @ 4:22pm

Makes the case for NEVER using your real name and address in ANYTHING you do, especially with unscrupulous companies such as Microsoft, Skype, Google, Apple... etc., etc....
[ link to this | view in thread ]