Skip to main content

Microsoft contractors reviewed Skype, Cortana audio with ‘no security measures’

Microsoft contractors reportedly reviewed recordings from Skype and Cortana with “no security measures” in place, compromising the security of the apps’ users.

The Guardian reported the security risk from an interview with a former contractor, who said that he used his personal laptop while working on the project over a span of two years from his home in Beijing.

The source, a British national, claimed that the recordings, which included Skype phone calls and Cortana activations, were simply accessed by workers through a Google Chrome app over China’s internet. The workers were given new Microsoft accounts that had the same password for easier management, and the employees were hired without proper background checks.

The former contractor said that he started his employment in an office, but he was eventually allowed to work at home on his personal laptop after he was issued a username and password to access the recordings.

“I heard all kinds of unusual conversations, including what could have been domestic violence. It sounds a bit crazy now, after educating myself on computer security, that they gave me the URL, a username and password sent over email,” The Guardian’s source said.

The interview with The Guardian follows Vice’s report in August 2019 that revealed humans were vetting Skype calls with the live text translation enabled, as well as Cortana recordings.

Microsoft said in a statement that since Vice’s report, it ended its grading programs for Skype and Cortana for Xbox, and transferred the rest of its human grading work into “secure facilities” that are not in China. The company also said that review snippets are usually less than 10 seconds long, with workers in the program not allowed access to longer recordings.

“We will continue to take steps to give customers greater transparency and control over how we manage their data,” said Microsoft.

Microsoft is not the only company that has been criticized for allowing workers to listen to recordings made by its users, as Amazon, Apple, and Google were also sending audio to contractors for grading. For Alexa-enabled device users, here is how you can stop Amazon from listening in on your Alexa conversations.

Editors' Recommendations

Aaron Mamiit
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
Microsoft Edge gets hit with the same serious security bug that plagued Chrome
The Microsoft Edge browser is open on a Surface Book 2 in tablet mode.

Microsoft just released an Edge browser update that patches a dangerous flaw that could allow a cleverly designed attack to execute arbitrary code. While every security update should be installed promptly, this one is a bit more urgent because the attack is "in the wild" already, meaning that hackers are already taking advantage of this vulnerability to breach security.

Designated CVE-2022-2294, this vulnerability was actually a flaw with the Chromium project, the open-source code that Google's Chrome browser is built upon. Microsoft uses the same base code for the Edge browser, meaning bugs that affect one often plague the other. Google patched the same bug recently and has been keeping quiet about details of the attack to allow others to make similar fixes, since Chromium is quite a popular codebase.

Read more
Microsoft Defender finally feels like proper antivirus software for individuals
The Windows Security app in Windows 11.

With password attacks and ransomware on the rise, Microsoft has announced the general availability of Microsoft Defender for individuals, a premium, cross-platform, consumer security application for Windows, Android, iOS, and Mac.

Available for paid Microsoft 365 Personal and Family subscribers, this new security offering from Microsoft is the latest step in a journey to bring its security features to all of its users. Building on what's been done with the Windows Security app on Windows, Microsoft Defender for individuals will bring together multiple protections into a single online dashboard.

Read more
Microsoft Edge just got a new way to protect your privacy
Microsoft Edge Secure Network graphic.

Microsoft Edge just got even more secure. After a tease a few weeks ago, Microsoft has just officially announced the availability of Edge Secure Network, the new built-in VPN feature for the Microsoft Edge browser.

Though still in an experimental stage with a small audience using the Canary version of the browser, Microsoft hopes this feature can provide extra peace of mind when using Edge on unsecured networks. As with most other VPN services, this built-in Secure Network can mask your device's IP address, encrypt your data, and route it through a secure network that's geographically co-located.  This will make it harder for hackers and others with bad intent to see your true location. The company that provides your internet also won't be able to collect your browsing data for ads.

Read more