Skype "Click to Call"

[prehistoric]

While I expect that most people here are aware that Microsoft bought Skype some time back, I'm afraid others are blithely unaware that the familiar blue logo has taken on a different meaning. A recent discovery moved me to tell others.

I was setting up a computer with W7 pro for a friend who is still tied to M$ apron strings by her job. This gave me the perfect opportunity to try a fresh installation of Skype with the ability to restore to a previous point without inconvenience.

I think all of us would have predicted that the installation program would suggest we really wanted to change our search engine to bing! This I declined as well as their choice of browser tool bar. I also declined the offer of context-related ads via Skype.

When I accessed Skype help I noticed that it brought up Internet Explorer, even though I normally use Google Chrome. I had not actually removed IE from the machine because I need it to visit M$ sites (which can't be bothered with standards compliance) when I check for updates to M$ products.

(I could get into a digression here about evidence of changes to Skype which make me wonder about other software standards compliance. I suspect the enhancements M$ is describing are primarily enhancements to their revenue streams.)

Having clearly stated my preference for browsers and search engines, I might have assumed that would be the end of the matter -- if I did not know M$.

At this point I encountered a novel feature of Skype which has been added since M$ took over. It is called "Click to Call". The stated intent is to allow me to place Skype calls to any telephone number I click on while browsing. Please note: you may assume most of these will be Skype out calls, which are not the free Skype to Skype calls you may have been thinking. You can check telephone numbers appearing on-line to decide the actual percentages. The charges are modest, but they are not necessarily what you expected.

My next concern was how this feature was implemented. It turns out that allowing this feature gave them permission to install a browser helper object in Google Chrome or Firefox, if I did not use IE. This not only has access to my entire browsing history, it also gets invoked on every click, to see if this is a click on a telephone number.

By default, the Skype installation assumes you want Skype launched at start up. Code inside Skype is proprietary. This means understanding what Skype does with your browsing activity depends on reverse engineering and/or analyzing the legal documents concerning privacy. Reverse engineering is specifically prohibited in licensing documents. I will leave the question of what those privacy statements actually prohibit M$ from doing with data obtained this way to experienced law professors.

Recent scandals about private on-line communications raise troubling questions. I do not believe you can answer those questions with publicly available information about Skype. You have two alternatives: 1) do not use Skype; 2) use Skype and trust M$.

Take it or leave it.

[prehistoric]

After a real struggle with a friend's machine which was deeply infested, and working for a botnet, I've decided the line between malware and software from M$ is thinner than expected.

Know how you have trouble uninstalling programs which compromise security and/or privacy? Consider what happened when I was removing programs which made heavy use of .NET frameworks while chasing a serious problem causing BSOD crashes.

I removed Skype from the machine using the official uninstaller because this was an obvious risk when the networking software had been compromised. This did not remove the browser helper object (BHO) Skype Click-To-Call had inserted in browsers, including Internet Explorer.

What happens when IE or Windows detects the orphaned BHO? It brings up a dialogue which tells you to reinstall Skype to restore functionality. No other option, like removing the BHO, is offered. Presumably, anyone who doesn't want M$ to track every click they make in any browser can figure out how to avoid this, but that is not a M$ problem.

Remind you of any malware you have encountered?

[Barkin]

... What happens when IE or Windows detects the orphaned BHO? It brings up a dialogue which tells you to reinstall Skype to restore functionality. No other option, like removing the BHO, is offered.

HiJackThis ... http://sourceforge.net/projects/hjt/ shows up BHO's and helps you delete the unwanted ones.

[prehistoric]

Hi Barkin,

You can actually delete it from the normal IE user interface, if you know what to do. The thing I'm pointing out is that M$ now makes it easy to reinstall Skype and hard to take any other action without deeper knowledge. This resembles too many programs classified as malware.

On an amusing note of petty foolishness, when I brought up a new installation of W7 and went to install Google Chrome as I always do, I found that the download page suggested by bing in IE was one which offered a long list of crapware in addition to Chrome.

If you need to use IE to access the Google Chrome download, and Google is not set as the search engine, go to www.google.com to start looking for the Chrome download.

Meanwhile, I've found the solution for a really nasty W7 bug (Error 0x8E5E0247) on machines with Western Digital hard drives larger than 500 GB is a new version of Intel's Rapid Storage Technology driver from here.

The bug kills a good many things that use .NET, including Windows Update. This leads to a cascade of problems as system crackers discover you have not been applying updates revealed on "patch Tuesdays". Among the problems resulting from this were crashes causing BSOD and messages about incompatible versions of .NET framework. This stopped me from updating the AMD Radeon driver. You may also need to run the M$ repair tool for .NET, in addition to reinstalling.

It would be hard to parody this situation.