Microsoft censors your messages
From time to time, a user emails our feedback address reporting that he tried to send a message and got this error:
Could not send; a connection error occurred.
And I never had an answer for those users, because it’s quite an empty error message (“a connection error”? What kind of connection error?) and I never heard anything from the other developers about it. So I always wondered what caused that error message.
Now I’ve found out.
A user on the IRC channel mentioned that he had received that error message. Specifically, he started out asking whether there was a way to “fix sending of URLs through MSN”. I asked for more info, and he revealed that he got the same error message when attempting to send a URL that had a .info domain. I tried a couple such URLs myself, with David‘s help, and confirmed his report—even http://growl.info/ doesn’t work.
The reason MSN gives for this censorship is that it’s to protect users from exploits that use certain URLs. The problem with this reason is that any URL could be an exploit URL; filtering by keyword just isn’t enough, because the attackers can always invent new filenames. The correct solution is simply to fix the exploits.
There’s nothing we can do about this because it’s done on the server. This also means that all clients are affected, not just Adium.
We now have a page on our wiki titled MSN Censorship which contains a (probably incomplete) list of strings that are known to get a message blocked. If you include one of these strings in your message, the message will not arrive and you’ll get the “connection error occurred” error message in your chat window.
If you’d like to not have these problems anymore, we suggest switching to Google Talk or Jabber. If you’re using Gmail/Google Mail, you already have a GTalk account; you need only set it up in Adium and get all your friends to switch. (And yes, as a couple of comments point out, you also have the option of using OTR encryption—but that only works if the contact you’re talking to is also capable of OTR. If they’re running Adium or Pidgin, then they are, but not if they’re using some other client, such as the official MSN client.)
(Sources include Arve Bersvendsen’s blog post and Joost de Valk’s blog post. Joost de Valk is the user I mentioned above. If you use Digg, please digg his post.)
August 4th, 2007 at 5:47 PM
is there no encryption plugin? i use gaim-encryption which is ridiculously easy to setup (apt-get install gaim-encryption and it pretty much works). the only thing that you really need out of an IM network is the directory service. the transit is a nicety, especially to get around firewalls, but they don’t need to deal with content and therefore you don’t need to let them :p
August 4th, 2007 at 6:11 PM
And Google reads your messages. Best thig is to operate your own Jabber server and use encryption.
August 4th, 2007 at 6:35 PM
There is always OTR encryption, built into Adium, which does indeed prevent MSN from censoring.
Google doesn’t read your messages – please provide a proof for that claim.
August 4th, 2007 at 7:45 PM
“Google reads your posts”
Indeed i’m sure they pay thousands of employees to read the conversations of every person chatting
Alright it’s no secret that whatever you send through chat isn’t exactly protected against being read but the idea that they systematically read it is just stupid.
Secret services probably have some keyword filtering applied on chats to try and detect terrorists and stuff like that though
August 4th, 2007 at 7:47 PM
It’s amazing though that they rather censor URLs than fix security holes
August 4th, 2007 at 10:04 PM
“It’s amazing though that they rather censor URLs than fix security holes”
Amazing? For Microsoft, No. I would say this is par for the course.
August 4th, 2007 at 10:44 PM
Why do you want to send a .info URL to anyone? All the quality sites have a .com URL.
msn.com
yahoo.com
cnet.com
Learn the internet.
August 5th, 2007 at 10:39 AM
“Why do you want to send a .info URL to anyone? All the quality sites have a .com URL.
msn.com
yahoo.com
cnet.com
Learn the internet.”
No fud plz.
There is no quality site in this list.
But there are many quality sites in the .info TLD. e.g.: http://kuruc.info (news site)
August 5th, 2007 at 11:53 AM
And the joke goes whoosh over Jason’s head.
August 5th, 2007 at 12:59 PM
Any URL containing *.script is also censored… For example: http://wiki.script.aculo.us/
or http://www.google.com/foobar.script
August 5th, 2007 at 3:47 PM
Actually, it’s worse.
I started to see this thing after those annoying phising ads “learn who blocks you etc.” that started appear. A lot of my company workers became infected with that thing.
Afterwards, it started filtering almost every url (including .org url’s that happen to own one myself). It’s frustrating for me a lot lately, since I use it primarily for intercommunication with my colleagues and other members of my work place.
We are now starting to switch to gtalk though. At least until the spam starts to appear there.
August 6th, 2007 at 10:04 AM
This has been around for some time, although I wasn’t aware that they’d expanded it past the common virus file name extensions.
It was worse too, the censorship was implemented wrongly at one time, and you could break up a group conversation by typing .scr , which was very useful
August 6th, 2007 at 11:12 AM
Actually I posted the following explanation of this move on July 28th at http://www.mess.be:
Block checker phishing on the rise, Microsoft blocks .info completely
Every year I alert Messers to the dangers of self-proclaimed “block checkers”, but still many and even advanced computerists fall victim to phishing efforts disguised as fairytales. Really, a block checker is as trustworthy as a bedridden grandmother with hairy ears and pointy teeth.
A lot of these deceptive sites appear to be hosted on the once-free, now low-priced .info top-level domain using names such as newmsnlive, msnforyou, messengerweb, msnblog, etc. And because these URLs are unknowingly being spread by victims as instant messages to their online contacts (eg. “Snif, get surprise at http://www.***.info/ Unbelievable!”), Microsoft has made the drastic decision to block all messages containing “.info”. Filtering messages containing “.pif” or “.scr” is one thing, but this overprotective move prevents us from sharing links to perfectly safe sites (and I know a lot of you have registered .info domains for personal use). I agree that phishing should be fought back as much as possible, but this is just absurd! And they could at least make the server return an alert that the sent message has been blocked and hasn’t reached its destination.
August 6th, 2007 at 12:28 PM
And so the bad guy just uses something like tinyurl or snipurl.
August 7th, 2007 at 3:54 AM
I’ve seen this URL censorship problem before, however as I’m also one of the people that have reported this “could not send; a connection error occurred” error, I would like to point out that while this maybe one of the reasons, there is also another problem with the same error message.
Extreemely consistently I get this problem with people using the webmessenger. If I idle the conversation for a while, messages stop moving between me and the other person (on the web messenger). Immediately restarting the Adium will fix this problem, and also sometimes if I relogin, I will get the messages that the other person has sent to me previously from the msn server.
However as stated in the bug description, this problem evidently seems to be located in the libpurple(?)/gaim library and not in Adium, as I’ve also tested with GAIM with similar results (altough it crashes when this happens).
August 7th, 2007 at 9:52 AM
You know, I’ve been getting that message a lot recently. Mind you, I’ve been plotting with my comrades over MSN the take over of the CCCE. If they can censor based on key words, what else can they do?
In the meantime, just move to Jabber w/ OTR!
August 7th, 2007 at 10:07 AM
I learned about this URL blocking from Evands in the forum last year
August 7th, 2007 at 3:50 PM
Kakaroto (from aMSN-Project)
has built in a function in aMSN to get the list of censored regexp’s:
the list can be found here:
http://www.amsn-project.net/forums/viewtopic.php?t=157&start=30
also an explanation on how he got it.
August 8th, 2007 at 2:37 AM
It is even worse… if you use any of the filtered words when you are transfering a file using Messenger, it will reset the connection/transfer.
nice…very nice (not!).
August 8th, 2007 at 4:15 PM
I get this message about 1/3 of the time I send messages using my MSN account and it’s DEFINITELY not because of the censorship thing…
Any ideas? Do you reckon downloading an older version could help?
August 10th, 2007 at 12:04 AM
I am getting that exact same error when I am chatting normally to people that are using web based versions of MSN Messenger, is this the same issue???
August 10th, 2007 at 2:48 AM
Looks like they’ve changed their minds (or list of naughty words), ’cause they don’t block any of mine anymore.
August 21st, 2007 at 1:05 AM
I get the same error when chatting via MSN — not sending URLs, etc. It seems to happen more often with new contacts, but will happen occasionally with existing contacts.
August 21st, 2007 at 5:13 AM
Since the last update that I applied to Adium I get the error every time I try to send someone a message via MSN. No URL’s, nothing out of the ordinary. I can’t so much as send the word “Hello”. No problems with contacts on other providers.
The suggestion to use other providers such as Jabber or Google is a bit pointless if the people you are trying to communicate with don’t use them I’m afraid. Like it or not, the vast majority of people we talk to use MSN.
So, what’s going on ? Clearly more than just URL censorship (which I’ve never had any problem with – I’ve never had this connection error in response to trying to send someone a URL).
August 21st, 2007 at 5:23 AM
… and sure enough, roll back from version 1.1.1 to version 1.0.6 and once again, all is well.
August 21st, 2007 at 12:48 PM
I have this problem and it is definitely exacerbated by Adium 1.1.1. It used to happen far less frequently with Adium 1.0.6. Now it happens all the time.
August 23rd, 2007 at 2:21 AM
i cannot MSN at all – every message yields the “could not send” error, also anyone else trying to MSN me gets the same error. gtalk works fine!
i tried to roll back to 1.0.6 but even that didn’t help.
August 23rd, 2007 at 3:54 AM
Same as hussein kanji and pikemon, I can’t send any message to anyone on MSN, nor can I receive messages from anyone on MSN because of this “connection error”. It happened with 1.0.6 rarely, but now it ALWAYS happens. I have yet to send a successful message on MSN through Adium since upgrading. I have used different connections as well. I also tried rolling back to 1.0.6, but that didn’t help either. Any help would be appreciated, as I like using Adium for MSN. As for now I will have to use aMSN or some other client for MSN.
August 24th, 2007 at 9:10 AM
Me too. For some reason my MSN account can’t send or receive messages using Adium, but when using the MSN client, over the same network, that works fine. What a bummer ay. If only Trillian had a Mac version…
August 24th, 2007 at 9:37 AM
Me Three! Man I really love Adium and it was working just fine for months but now out of the blue I get these “connection error” msgs ALL THE TIME. Same as everyone else no matter what I send as a msg.
I’ve tried 3 different versions of adium and even used a prog called AppZapper to kill ALL adium files and do a complete new install…STILL no luck.
I REALLY don’t want to have to use MAC MSN messenger instead.
SOMEONE! PLEASE HELP!
My OS = 10.4.10
August 24th, 2007 at 10:03 PM
I am having this same problem. No Msn at all, but my other jabber, and gmail work fine. Help!
August 27th, 2007 at 10:41 AM
I found out that the problem occurs only when I connect via HTTP. I use adium both at work and at home. At work the direct connection to MSN port is blocked by the network people and I can only logon via HTTP. And as everybody else said, no messages can go through at all. But when I go home, with the same version of adium 1.1.1, there is absolutely no problem.
I hope this give a hint to where the problem lies. Please help us, Adium team… we are doomed…
Thanks!
September 7th, 2007 at 5:38 AM
I can indeed confirm that the error only occurs if you connect via HTTP. Also, I just installed Adium 1.1.2 and the error is still there.
September 9th, 2007 at 3:51 PM
Otros que censuran son los de la web de Restaurantes de Madrid Cucharete:
http://foro.loquo.com/viewtopic.php?t=80584
September 17th, 2007 at 4:40 PM
Hi,,,
Really when i read that ,i became worry so if i tried to sent some pictures (mine my family)then i got that message (failure) does that mean they took my pics?
need an answer please!
thnx