China-based voice recording from Skype and Cortana users had "no security measures"

Written 5 months ago by IanDorfman

Microsoft did not implement proper security measures when outsourcing the handling of its users' audio recordings.

According to a former Microsoft contractor in an interview with The Guardian, Microsoft ran its Small Cortana iconCortana and Small Skype iconSkype audio transcription program in China with minimal vetting of those who worked with the program. The contractor said the following:

"There were no security measures. I don’t even remember them doing proper KYC [know your customer] on me. I think they just took my Chinese bank account details. After a while, [they] allowed me to do it from home in Beijing. I judged British English (because I’m British), so I listened to people who had their Microsoft device set to British English, and I had access to all of this from my home laptop with a simple username and password login... They just give me a login over email and I will then have access to Cortana recordings. I could then hypothetically share this login with anyone."

This lack of oversight should give any privacy conscious person pause before using Cortana or Skype for remotely important or personal information. A good privacy focused alternative for group audio and video conversations can be found in Small Wire iconWire, with alternatives to voice assistance not being quite as easy to pin down. An open source voice assistant, Small Mycroft iconMycroft, is available for Linux, Android, and Raspberry Pi.

Further coverage:
The Guardian
Gizmodo