MSN Censors your Instant Messages
Posted by Jon Lee in Offtopic, tags: censorship, Microsoft, MSN, privacy, security
I found an article about this on digg and frankly, I’m very surprised. It turns out that Microsoft censors all instant messages that go through their network.
This is done server-side and it doesn’t matter what IM client you use, whether it is MSN Messenger, Trillian, GAIM, Pidgin etc.
What’s being censored?
If your message meets any of the following criteria, the entire message will not be sent and you don’t even get a message telling you it’s been blocked. Try it out for yourself!
- If it contains “download.php”
If any part of your message contains the string “download.php”, the message will be blocked. This is probably because download.php pages can be attributed to automatic spyware and malware installation. This is stupid because the file can simply be renamed to something else, this “solution” probably creates more problems than it solves. - If it contains “gallery.php”
Similar to download.php rules but I can’t understand why they would block this. Galleries are bad? Who knows. - If it contains “.info”
If any part of your message contains the string “.info” whether or not it is part of a domain, it will be blocked. I’m guessing MSN is doing this due to the huge number of .info spam sites. Notorious as the cheapest top level domain you can buy (almost free), .info domains are very popular amongst spammers.
Concerns
This raises a couple concerns with the most obvious being privacy. This is not to say MSN is reading your messages since this is undoubtedly being done by a script (a bad one at that) but the fact that Microsoft has control over what you can and cannot write in your messages is just absurd.
The second concern is the number of false-positives this can lead to due to poor implementation on Microsoft’s part. If any part of your message contains .info the entire message will be blocked. If you try to send someone a news article from http://www.informationweek.com, it will be blocked. If you try to send someone to a legitimate .info site such as New York’s transit authority, it will be blocked. Hell, if you write “hey joe.inform jenny i’ll be late.thx”, it’ll be blocked.
Also, since they don’t tell you your message was blocked, I can just imagine the awkward scenarios that could arise.
Boss: Hey, can you send me that site with the report?
Jon: sure thing, it’s http://www.myreport.info
Boss: Hello? Are you there?
Jon: yeah
Boss: Can you send me the site already?
Jon: i just did, it’s myreport.info
Boss: Listen, if you can’t find it, just say so. Don’t ignore me.
Jon: screw this, i quit.inform human resources for me. see ya
Boss: Let’s go have lunch.
Workarounds
There are a couple workarounds. The first is to replace a single character in the offending URI with its URL encoded equivalent (i.e. down%6Coad.php instead of download.php). This is unbelievably inconvenient for the normal user and incredibly easy for potential spammers to implement.
The second is to completely encode your message, a feature supported by third-party IM clients like Pidgin and Trillian. However, this requires the receiving party to have support for encryption as well.
End Result
I don’t think this censorship will help Microsoft at all in gaining IM market share. In the United States, AIM is the most popular IM client but not by much. In the rest of the world, MSN actually holds the largest market share (60% as of 2006). Even if they remove this ineffective censorship, the fact that they can read and censor your messages is enough for me to consider switching IMs.
Popularity: 14% [?]
Entries (RSS)