According to ZDNet
, only HTTP HEAD
requests are sent (i.e., the page itself isn't actually fetched, only meta-information is returned) - and you'd have to be dealing with a REALLY
retarded site to trigger any actions (but OK, there's plenty of sites retarded enough to trigger non-idempotent actions even on GET).
There's also this piece in the article:
Update: And contrary to heise Security's assertion, I found many examples of plain HTTP links that had been scanned by SmartScreen.
So, that leads me to another quote:
You can put that tinfoil hat away, at least for now.
Anyway, you obviously aren't discussing anything sensitive using a proprietary IM protocol, just like you don't discuss those things over facebook, plaintext email, and anything non-HTTPS... right? Oh, and this whole thing is pretty much a non-issue anyway, considering you've agreed to the TOS which means your messages are stored for some random period of time on Skype's servers. Not that even the TOS would matter, patriot act and all.