Keeping up with your health is everything, so why do so many patients have trouble doing this? Well it’s not just apathy or simple inconveniences. There are many reasons that can prevent a patient from either Seeking care when they need it Keeping up with their prescribed care Following through on annual check-ups What are […]
October 22, 2018Skype and Microsoft: a HIPAA nightmare
Posted May 27, 2013
Heise Security, a top German internet security firm, has done some research that will be somewhat frightening to Skype users, especially those who believe their Skype sessions retain any promise of privacy.
A recent H-online article detailed research showing that Microsoft servers are programmed to visit HTTPS (SSL) URLs typed into the Skype instant messaging application. When questioned about this, Microsoft’s response was not believable, from a technical or business standpoint.
“A spokesman for the company confirmed that it scans messages to filter out spam and phishing websites. This explanation does not appear to fit the facts, however. Spam and phishing sites are not usually found on HTTPS pages. By contrast, Skype leaves the more commonly affected HTTP URLs, containing no information on ownership, untouched. Skype also sends head requests which merely fetches administrative information relating to the server. To check a site for spam or phishing, Skype would need to examine its content.”
The most troubling aspect here to me, is that Microsoft requires users, in order to use Skype, to accept that their information may be accessed by Microsoft; but then, Microsoft will not disclose exactly how the information will be used.
This untrustworthy approach is one of the reasons we started SecureVideo.com. And I don’t think you want Microsoft in your therapy session any more than I do.