Skype is perhaps the world's most-used Internet video- and voice-calling application. In a pinch, it also works pretty well as a standard text-based instant-messaging service.
If you insist on absolute privacy for your instant messages, though, you might want to look elsewhere: Microsoft, which owns Skype, can and will investigate any user-sent Web link that it deems suspicious.
The tech blog Ars Technica, working alongside security expert Ashkan Soltani, discovered the privacy snag while investigating earlier claims of whether Skype offers "end-to-end" security.
(When a program uses end-to-end encryption protocols, a message is indecipherable from the moment a user hits "send" until it shows up on the recipient's screen.)
The researchers sent messages containing four URLs, or Web links, and tracked the messages' progress across the Web.
The researchers found that a server at a Microsoft-owned IP address accessed two of the sites whose URLs were mentioned in the messages. One of the two sites was a basic website; the other, an HTTPS page that established a secure connection with visitors.
Microsoft's behavior may sound intrusive, but should not come as a surprise to anyone who's read Skype's end-user license agreement (EULA). [See also: 5 Worst-Case Scenarios for Skype's Errant Messages ]
The Skype EULA states that Microsoft reserves the right to scan any links in outgoing Skype instant messages in order to search for malicious URLs. These websites could contain malware or phishing attacks.
Skype's "purposes," indeed, can be broadly defined. While Skype claims that it collects data to "resolve disputes" and "protect your and Skype's interests … to enforce our Terms of Service and prevent and fight against fraud," Skype is perfectly within its rights to use any sent data in other pursuits as well.
Other Skype "purposes" aim to "provide other services for you," "customize, measure and improve Skype software and websites, as well as other Microsoft products and services" and "organize and carry out Skype's marketing or promotional operations."
While the company has been judicious thus far in using personal information, as far as we know, there is no reason why it couldn't leverage user data for more selfish purposes.
Why Microsoft singles out certain hyperlinks is not clear, although it likely has algorithms in place to identify likely malware carriers and ignore more innocuous URLs.
Still, while this process probably protects users from unauthorized malicious spam messages, it also raises some concerns about sharing private information via Skype.
Skype is not a public forum, and most users expect their communications to be free from prying eyes.
Unless you're sending malicious links over Skype, you probably have nothing to worry about, although this practice could raise some concerns about linking to illegal material as well, especially among dissident groups in countries with sedition laws.
In the meantime, stick to Skype video or voice conversations, if at all possible. They're not quite as easy to log.