Microsoft censoring MSN Messenger conversations

“Computer Sweden”:http://computersweden.idg.se/ is reporting that Microsoft is doing “automatic real-time censoring”:http://computersweden.idg.se/ArticlePages/200602/15/20060215143949_CS090/20060215143949_CS090.dbp.asp of certain messages on MSN Messenger.
According to communications director of MSN Sweden, Jessica Börjel, this is being done to protect users against exploits and worms spreading through the MSN Messenger service.
Among the things Microsoft appears to want to block are URLs and file name references. And this is where the trouble starts:
* You cannot use the string download.php anywhere in a message, not even when it’s not part of a URL.
* The link filter does not take canonical URLs into account: http://evil.example.com/download.php and http://evil.example.com/down%6Coad.php is the same URL, expressed in two different ways. The first one is blocked, while the second one is not.
* Even if Microsoft fixed the canonization issue, and were able to block both, there are a loads and loads of redirector services, like as “TinyURL”:http://tinyurl.com/ that can be used to mask known bad URLs
And, for the truly paranoid: Since Microsoft are automatically monitoring your conversations, and block certain messages — what prevents them from eavesdropping on your messages, and sending any “suspicious” content off to third parties, such as governments and their agencies?


( Thanks to “Jakob”:http://www.grimstveit.no/jakob/blog/ for the tip )
*Update:* After this story got “dugg”:http://digg.com/software/Microsoft_censors_MSN_Messenger, one question that has been cropping up, both on digg and in other forums is this: Is this filtering of messages taking place in the client or on the server? It is taking place _on the server._ This means that *all* clients, such as GAIM, Adium, Trillian and others are affected.
BTW, Diggers, I’ve written something about the “Digg effect”:http://virtuelvis.com/archives/2006/07/overrated-digg-effect if you want numbers.

Next Post

1 Comment

  1. pmb

     /  2006-04-03

    Another blacklisted string: “gallery.php”. As in http://evil.example.com/gallery.php