Not only did Microsoft outsource the reviewing of Cortana and Skype audio recordings to contractors, but a fresh report now claims that the company did so in China with pitiful security measures in place.
This follows on from the revelation last August that Microsoft employees and third-party contractors were listening to Cortana and Skype interactions, analyzing recordings with the goal of improving the services.
- Microsoft in 2019: a year of Edge wins and Windows fails
- 6 ways to protect your family’s online privacy
- Which is the best smart speaker?
This raised predictably big question marks over privacy and security – particularly because the audio data sometimes involved quite personal details and information, by all accounts, being sent for processing outside of Microsoft.
But at the time, the report from Vice’s Motherboard noted that Microsoft insisted the audio data analyzed was only available to these external contractors via a secure online portal, but the new report in The Guardian claims otherwise, having spoken to a former contractor.
That contractor says that this program ran for years with literally “no security measures”, and over in China, he reviewed thousands of such Cortana and Skype audio recordings on his personal laptop in his home in Beijing – for two years. (Initially, he did work from an office, but apparently was soon allowed to work from home).
The worker claims that contractors could access the recordings simply using a web app in Google Chrome, and they all had a Microsoft account freshly set up using the same password, no less. Login details (just a simple username and password) were emailed to contractors in plain text.
The contractor further claims that there was practically no vetting of the staff doing these recording evaluations, and the whole setup sounds like a security nightmare, frankly.
If all these details of the lax security are on the money, the fact that the operation was based in China also raises the prospect of the Chinese government having had access to these Cortana and Skype recordings. That’s particularly worrying in terms of Skype, of course, where full conversations were carried out.
Since then, The Guardian report notes, Microsoft has ceased such grading programs for Skype and Cortana for Xbox, and the rest of its human evaluation of recordings is now done in “secure facilities”. These are located in a small number of countries, and not China.
As we pointed out last year, Microsoft does also have a tool for deleting your voice recordings from its servers.
- These are the best laptops of 2020