Msn Tribe: Quanto è sicuro il tuo instant messenger?

Molti utenti Internet utilizzano continuamente i molteplici servizi che offrono i client IM e anche quest’ultimi stessi.

Il famoso sito di News, Cnet.com, ha pubblicato di recente un breve sondaggio di circa 10 domande e le ha poste ad ogni società che offre progetti di messaggistica istantanea. Tra quelli c’era anche Windows Live Messenger di Microsoft.

Gli altri candidati sono i seguenti: AOL, Google Talk, IMB Lotus Sametime, Skype, Facebook Chat e Yahoo! Messenger.

Una cosa da precisare è che Facebook si è rifiutata di rispondere alla maggior parte di domande che, nel complesso con le altre negative, hanno dato il risultato di IM meno sicuro.

Solamente pochi dei servizi offrono una crittografia completa e sono: AOL, Google Talk, IMB Lotus Sametime e Skype.

Vi lasciamo alla tabella dei risultati del sondaggio e alle domande poste a WLM (che sono praticamente le stesse della tabella):
TEST:

“Q: Does your service use encryption for authentication when users log on? Windows Live Messenger accounts that are accessed upon authentication of a user's Windows Live ID and password are protected by industry standard SSL encryption. [Ed. Note: SSL is Secure Sockets Layer, also known as Transport Layer Security.]

Q: Does your service use encryption for message delivery, meaning when your users send and receive messages?
We do not provide encryption for instant messages at this time. However, if a customer chooses to send or receive messages that contain a file, like a document or photo, Windows Live Messenger protects those files with the industry standard SSL encryption.

Q: Is encryption turned on or off by default?
Encryption of file transfer functions automatically and cannot be turned off.

Q: Does your service support the OTR standard? If it uses non-OTR encryption, what kind?
Windows Live does not use the OTR standard. Windows Live Messenger accounts are protected by industry standard SSL encryption.

Q: Does your service keep server-based logs of connection information, such as when a particular user signs on or off and from what IP address? If so, what information is stored?
Windows Live Messenger does not maintain server-based logs of connection information. Microsoft is committed to protecting the privacy of its customers and believes they deserve to have their personal data used only in ways described to them. Microsoft's privacy policy informs our customers of the ways in which they can control the collection, use and disclosure of their personal information. More information is available on Microsoft's privacy policy at: http://privacy.microsoft.com/en-us/default.aspx.

Q: Does your service keep server-based logs of the content of communications, meaning what a particular user sent and received?
Windows Live Messenger does not maintain server-based logs of the content of messages that our customers send or receive. Microsoft is committed to protecting the privacy of its customers and believes they deserve to have their personal data used only in ways described to them. Microsoft's privacy policy informs our customers of the ways in which they can control the collection, use and disclosure of their personal information. More information is available on Microsoft's privacy policy at: http://privacy.microsoft.com/en-us/default.aspx.

Q: If any connection or content logs are stored, how long is each type kept?
Not applicable.

Q: Have you ever received a subpoena, court order or other law enforcement request asking you to turn over information about a user's IM account?
We do not comment on specific requests from the government. Microsoft is committed to protecting the privacy of our customers and complies with all applicable privacy laws. In particular, the Electronic Communications Privacy Act ("ECPA") protects customer records and the communications of customers of online services. As set forth above, however, Microsoft does not maintain records about our customers' use of the IM service and would have no information to provide in response to a request from law enforcement.

Q: If so, how many law enforcement requests have you received? We do not disclose how many government requests we receive; in certain circumstances, we are not permitted by law to disclose that we have received a government order. However, we follow ECPA in responding to all requests.

Q: Have you ever received a subpoena, court order or other law enforcement request asking you to perform a live interception or wiretap, meaning the contents of your users' communications would be instantly forwarded to law enforcement? We do not comment on specific requests from the government, but in general, we provide the government with the contents of communications intercepted in real-time only pursuant to a court order.”