Home » Communications

MSN Messenger Censorship

Posted 6 Aug 2007 | Comments Off on MSN Messenger Censorship | 1,478 views

A recent Slashdot article publicized a recent discovery by the Adium team.  For those who are not familiar with Adium, it is a multi-protocol messenger client for the Mac.  It’s similar to Pidgin in functionality.  After some investigation, they discover that MSN in censoring certain messages from the channel, and the Adium team is keeping a list in their Wiki. Apparently, there are certain URLs that expose the MSN user to a security vulnerability.  It appears that Microsoft has chosen to filter the URLs rather than fix the vulnerabilities behind them.  The Wiki list contains several relatively common URL page names like “gallery.php” and “pics.php”.

Unfortunately, the community is generally forced to live with the service as provided when it’s free. The big four messenger services (AIM, MSN, Yahoo IM, Google Talk) are pretty good at making their service available (on of the three As of choosing a service).  The two As that are lacking are authorization and authenticity.  As we can see by this recent discovery, Microsoft is able to intercept the messages.

How do you get around this?  It would be pretty difficult to build and implement an IM service that can provide availability, authorization, and authenticity so the next best thing is to change your client when connecting to these services.  One of the side benefits of changing clients is that you can merge all of your buddy lists in to one using a multi-protocol client.  The nice thing about Adium is that it comes with OTR by default, end enabling this feature provides end-to-end message security.  We happen to like Pidgin with the pigdin-encryption and OTR plugins.  These two plugins allow users to exchange keys to securely send messages.

In short, take advantage of the services availability that messenger services provide, but add your own security to the mix.

Comments are closed.