Skype Accused Of Handing Out Private Info To Private Company

from the massive-fail dept

Over the last year or so, there's been concern about Skype's commitment to privacy following its acquisition by Microsoft. Now a situation in the Netherlands is serving to renew those fears. As highlighted by Slashdot, it appears that Skype handed over information on a 16-year-old user to a private information technology firm that was investigating some denial of service attacks against PayPal.

The security firm, iSIGHT, was hired by PayPal to investigate the attacks, and an employee of the company reached out to Skype seeking information about one user who he thought might be involved. And Skype coughed up the info -- including username, real name, email address and home address -- no questions asked. As the article notes, there was no court order or anything like that. Just a guy from a private company asking and Skype said, "sure, here's all the info."

There are questions about whether this move violated some European privacy directives. At the very least it seems clear that it violated Skype's own policies, which include not providing customer data unless required by law, or if official law enforcement is involved. In this case, neither thing is true. One hopes that this is just a one-off mistake by Skype, but it's worrying nonetheless.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ddos, investigation, netherlands, private info
Companies: microsoft, paypal, skype


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Atkray (profile), 6 Nov 2012 @ 3:19pm

    "There are questions about whether this move violated some European privacy directives."

    You have a talent for understatement. If Google got into all kinds of trouble for driving down the street and taking pictures, how can this be ok?

    Unfortunately, I expect the stereotypical 16 year old hacker/anonymous persona will be used to justify this.

    link to this | view in thread ]

  2. identicon
    Shmerl, 6 Nov 2012 @ 4:21pm

    Skype was never trustworthy. Does anyone really trust it since it was acquired by Microsoft?

    link to this | view in thread ]

  3. identicon
    F!, 6 Nov 2012 @ 4:29pm

    screw microsoft skype

    Use Jitsi instead. Be sure to encrypt whenever possible (Jitsi supports encryption, Skype doesn't).

    Any 'hacker' worthy of the title wouldn't be tracable via some half-assed product like Skype. Not saying he deserves it, but wow what a rough way to learn that lesson.

    I hope Skype gets fined into oblivion for breaking both the law and their own stated policy. More likely they'll be held up as a paradigm of law & order.

    Example #9678970 why not to use/trust proprietary software.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 6 Nov 2012 @ 6:16pm

    If you want your privacy protected, stay away from Skype. It's as simple as that. They are WAY too loose with people's data.

    link to this | view in thread ]

  5. identicon
    Coyne Tibbets, 6 Nov 2012 @ 8:19pm

    Huh? Hasn't Skype told them yet that the other company is a "business partner"? I thought every "Universal Privacy Denial" statement had an exception for business partners.

    link to this | view in thread ]

  6. icon
    That Anonymous Coward (profile), 6 Nov 2012 @ 8:41pm

    Re:

    or for the less evolved...
    but but but hackers!

    link to this | view in thread ]

  7. icon
    That Anonymous Coward (profile), 6 Nov 2012 @ 8:42pm

    Re:

    well its not like they are turning off MS Messenger and moving everyone to skype... er wait..

    link to this | view in thread ]

  8. icon
    That Anonymous Coward (profile), 6 Nov 2012 @ 8:43pm

    Because when a corporation has been wronged, special rules apply.

    Wasn't paypal saying the DDOS was merely an inconvenience that hadn't affected them deeply?
    So why is it this much later they are still hunting down 16 yr olds?

    link to this | view in thread ]

  9. identicon
    Shmerl, 6 Nov 2012 @ 10:01pm

    Re: screw microsoft skype

    Yep, XMPP with OTR and ZRTP are the way to go.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 6 Nov 2012 @ 10:50pm

    Re:

    Think of the children! Oh wait....

    link to this | view in thread ]

  11. identicon
    JJJoseph, 7 Nov 2012 @ 1:59pm

    Breaking the law?

    "I hope Skype gets fined into oblivion for breaking the law"

    And which law would that be?

    link to this | view in thread ]

  12. identicon
    F!, 7 Nov 2012 @ 10:48pm

    Re: Breaking the law?

    Making the wild assumption you're replying to me, I must say after submitting that comment I realized some people may lack the ability to infer that what was meant was their violation of EU directives mentioned in TFA.
    Cheers

    link to this | view in thread ]

  13. icon
    The Groove Tiger (profile), 8 Nov 2012 @ 7:07am

    Re:

    Everone's probably just blowing this out of proportion. Skype merely wants to know where this kid lives so they can offer him some free candy.

    link to this | view in thread ]

  14. icon
    Tex Arcana (profile), 8 Nov 2012 @ 4:22pm

    Makes the case for NEVER using your real name and address in ANYTHING you do, especially with unscrupulous companies such as Microsoft, Skype, Google, Apple... etc., etc....

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.