Microsoft’s Skype: deeply Catholic?

The title of this post should really be do not;trust your data to Skype. I was so naive when I started my little journey into support hell as I actually thought my issue would be resolved. I thought my data was marginally protected and maintained. Oh how wrong I was.

To back up tiny bit before I inundate you with the gory details, Skype is a service that allows people to make phone and video calls no matter what sort of device they use: be it a traditional phone on the PSTN networks, a personal computer or their cell phone. Skype maintains a database with some pretty personal information and they charge for many of their premium services so they have financial information on their users as well. We know they’ve been in bed with the NSA for years thanks to the documents released by Snowden, and Skype, as of 2011, is owned by Microsoft.

On with the saga: a few weeks back I wanted to get Skype running on a new machine, but because Skype doesn’t use a normal username/password framework that allows storing said information in OS X’s Keychain management system, I can’t just retrieve my password from said app and be done with it.

I went to the Skype site to try to reset my passwd: now because ONE computer I own can actually login to the Skype App, I can actually login to my Skype profile, but I cannot change the password without knowing the password. I tried to do the “put in your email address here and we’ll send you the steps to reset your password” step.

This is what I got.


skype@ is a simple alias that routes to one of my email accounts which is then listed as my second acct with Skype. It too has the same issue.


Did you know in order to contact Skype for support about an issue like this you have to fill out this form on the left with questions like: “When were you born?“ “Give us some of the numbers on the CC you used when you created your account,” and “Provide five people on your contacts list.” Needless to say the first time I had to fill out the form I was angered by the process. I just wanted my password reset.

March 19th, I got a response from “Albert C” telling me the standard Tier 1 support line of “uninstall and reinstall” the software. I was so irked by the demonstrated incompetence I didn’t pick up the thread again until April 4th (after investigating possible third party hacks.) I responded with the screen shot shown earlier of their system refusing to send me email.

I got another response from “Albert C” on April 5th:

We appreciate your effort in sending us a screenshot however we will not be able to see and check for it as it is not in attachment form.

Please be advised to send it as an attachment so we can check on it.

Once we send the screenshot, expect us to do the necessary action to your concern.

To which I responded:

I’m sorry, so you’re saying your CRM cannot handle incoming email messages that conform to standards set out by IETF RFCs? If this is the case you should REFRAIN from sending emails that are not in Plain Text form as this signals the receiving MUA that replying via a non-plain text message is permissible–MIME attachments can be formatted a tiny bit differently accordingly.

The screen shot clearly showed that your system refused to acknowledge my email addr in order to send out a password reminder/change token.

To quote:

(Red Exclamation Mark) Sorry, we were unable to send an email to this address. Please update your primary email by contacting <customer supper>.

Enter the email or phone number you registered with Skype and we’ll send instructions to get you back on your feet.

Email or phone number
|———————————————————|
| |
| |
|———————————————————|
/end quote

I have tried both skype@purgatory.org and stega@purgatory.org but the system spits out the same message. Now apparently you all can use both addresses just fine as I’ve gotten email from you via your CRM.

A day later I got a response telling me they were going “to transfer you to our Specialized Team, we will ask you to fill out our verification form properly as you need to pass verification process before transferring you to them.”

I was irked by this as it shows just how awful off-shore support processes can be. Thus my response was not very nice:

I’ve gone through and already answered all the questions at that url.

Please escalate this ticket to a manager or someone who can actually assist.


Eventually on April 7th I was escalated to someone named Jan who told me:

As we have reviewed the information you have provided from the form you have submitted (SR 1332079698) and compared it to the information we have on file and the ones you saved on the account, the entries did not match the records and because of that, we are not able to gain access to your service.

So here is what I can offer you as a resolution in order to help you with your case. I will have to ask you to fill out and submit our online verification form once again but this time, please make sure to fill out everything in the form along with the current details of your Skype account in order for us to properly verify it and further help you.

This time it was clear the person I was dealing with had more than a basic understanding of English and might actually be willing to help, so I filled out the long, intrusive and annoying form again.

Then I responded with this and the ticket number:

When I login to Skype from the one machine I have that still has the ability because it is magically tokenized, I get this:

• We could not deliver a notification to skype@purgatory.org. We sometimes send important messages about your account.

Why can’t you just email to an address that has been associated with the account for almost ten years? Why is your system so broken? Is it Catholic? Does it feel guilt?


But then the next day I was now in the care of someone named Anabella who told me:

I understand that you need to reset your password and you don’t have access to the email address associated with your account. Don’t worry we’ll have this resolved for you in no time!

Please send us the new email address you want to use and I’ll be happy to update your account for you.

So I replied, trying to find some humor in the situation:

No.

I have access to the email address: your system just refuses to send the token to my address.

I’m told: “ We could not deliver a notification to skype@purgatory.org. We sometimes send important messages about your account.”
and: “Sorry, we were unable to send an email to this address. Please update your primary email by contacting customer support.”

Yet your support people have NO PROBLEM sending email to that acct/alias.

Either your system is offended that I own purgatory or it’s just broken. Perhaps its secretly catholic.


The next day I awoke to find this in my inbox, once again from Anabella:

Please be advised that the current primary email of the account is already invalid and therefore, it will not receive the token email you have requested in order to reset your password. In order for us to resolve the issue, kindly send us another active email address that you can use to reactivate the account.

To which I responded

HELLOOOOOO

The primary address isSKYPE@

Please check your CRM: as
YOU JUST SENT EMAIL TO THAT ADDRESS.

Thus it IS VALID.

The second address on the account STEGA@ is treated the same way by your system.
SOMETHING IS WRONG with your apparently paranoid catholic system. Please fix it.
Full email headers of the message YOU SENT ME:


Another day went by and on 4/10 someone named Jessica now took over:

We understand that you can still access the email address on your Skype account however our system is not accepting the domain you have therefore you are having an issue receiving our password token. Please send us a new email address you want to use with a different domain and I’ll be happy to update your account for you.

I was annoyed by this answer obviously:

NO.

I own purgatory.org, it is my primary domain and the primary way in which I have sent and received email for the last nineteen years. Any address I give you will be from this domain.

% whoispurgatory.org
Domain Name:PURGATORY.ORG
Domain ID: D4269154-LROR
Updated Date: 2015-09-07T17:10:31Z
Creation Date: 1997-08-25T04:00:00Z

Now, please fix your very broken system.


The next day (4/11) I got this back from someone named Donald:

Thank you for contacting us back.

First of all, I am sorry if your concern is not yet resolved until now. Please be informed that we can only sort this out if you will give us an alternative email address you want to use on your Skype account. In this way, you can reset your password successfully.

I look forward to your reply!

I’m pretty certain my this point they were not looking forward to my reply which was restating the obvious yet again:

I do not understand why I have to give you a new email address.

The problem is with your system.  Your password reset/user profile database system refuses to send email to a perfectly normal domain, yet your customer support management system is able to reach me at that domain just fine.
There is obviously something wrong with your primary user database and backend system. You should fix this. You chose not to.
Any address I give you will be from this domain. Thus you need to find out why the problem exists.
Donald responded with

Thank you for your reply.

To be honest with you we can’t sort this out and help you recover your Skype account if you will not provide a new email address for us to update it on your Skype account. The problem lies on the email address on file and there is no problem with our system.

Thank you for your cooperation on this matter. I look forward to hearing from you!

I responded one last time

You JUST sent email to the address you claim your system won’t send email to.
Seriously.
Skype@andstega@are both valid addresses as evidence by the fact that all correspondences for this issue have been delivered successfully to me.
There is no problem with said addresses or said domains.
There is a problem with you system. Fix it.
How fricking hard is it to send this ticket on to a sys admin or dba that can look at whatever exception rules are causing the issue.
And then I received this:

I just want to inform you again that we can’t help you further if you will not provide the information we are asking you. Please do not worry, once you are able to access back your account, you have the option to change the register email address on it.

Your response is very important for us to resolve this concern. Thank you in advance for your reply.


I could give them a random email address, reset my password and then change the account’s primary email address back to what it was and things would then be broken again: any notifications about changes to the EULA or security issues just would never be sent to me because they won’t fix the bug.

Who wants to trust their more sensitive data and bank account information to an organization that is unwilling to maintain it?
Going forward–I’ll be using FaceTime.