Microsoft censoring MSN Messenger conversations
quote:
According to communications director of MSN Sweden, Jessica Börjel, this is being done to protect users against exploits and worms spreading through the MSN Messenger service.
Among the things Microsoft appears to want to block are URLs and file name references. And this is where the trouble starts:
* You cannot use the string download.php anywhere in a message, not even when it’s not part of a URL.
* The link filter does not take canonical URLs into account: http://evil.example.com/download.php and http://evil.example.com/down%6Coad.php is the same URL, expressed in two different ways. The first one is blocked, while the second one is not.
* Even if Microsoft fixed the canonization issue, and were able to block both, there are a loads and loads of redirector services, like as TinyURL that can be used to mask known bad URLs
And, for the truly paranoid: Since Microsoft are automatically monitoring your conversations, and block certain messages — what prevents them from eavesdropping on your messages, and sending any “suspicious” content off to third parties, such as governments and their agencies?
( Thanks to Jakob for the tip )
Update: After this story got dugg, one question that has been cropping up, both on digg and in other forums is this: Is this filtering of messages taking place in the client or on the server? It is taking place on the server. This means that all clients, such as GAIM, Adium, Trillian and others are affected.
BTW, Diggers, I’ve written something about the Digg effect if you want numbers.
Try it, it actually works lol. Done tested it.
