Warning: New Outlook sends passwords, mails and other data to Microsoft | mailbox.org(mailbox.org)

posted 1 year ago

bbbhltz@beehaw.org

technology@beehaw.org

64 commentshide report

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

kbal@fedia.io

11 points

1 year ago

It is very easy to find other sources making the same claim, such as this one which includes an image of allegedly posted json including passwords.

permalink

report

parent

[ - ]

nem@sopuli.xyz

4 points

1 year ago

Which I already posted before your reply.

permalink

report

parent

[ - ]

kbal@fedia.io

10 points

1 year ago

Nice timing. I don’t see how warning you that your email passwords will be kept remotely by Microsoft would be “redundant.” Many people will assume from that message that it would only send them all your mail, and the even more carelessly optimistic among us might guess that it would be end-to-end encrypted as it obviously should be.

permalink

report

parent

[ - ]

nem@sopuli.xyz

1 point

1 year ago

It is end to end encrypted as the data is sent through a tls tunnel. And well, they could spell it out sure. But if that was the only thing the article was complaining about then there wouldn’t be many clicks ;)

permalink

report

parent

[ - ]

kbal@fedia.io

4 points

1 year ago

That is not what “end-to-end” means in this context. In fact, finding out yesterday that Outlook sync is not end-to-end encypted prompted me to look up OneDrive to see if it at least has that feature. It does not, and someone who doesn’t know a thing or two about how cryptography works would have a hard time finding out that it does not, because the search results are polluted with people misunderstanding the concept exactly as you do.

Microsoft’s own web site goes to great lengths to explain how all your data is encrypted in transit, and encrypted at rest. Their internal security and access control systems are elaborated on in impressive style. You’d think that if they’re going to go to all that trouble, and want people to trust them, they would indeed provide end-to-end encryption where it’s appropriate. But no, they carefully avoid mentioning the concept. They are unwilling to acknowledge that it might be a thing people expect these days, but they do not go out of their way to correct people who imagine that they already have it.

permalink

report

parent

[ - ]

nem@sopuli.xyz

1 point

1 year ago

Could you elaborate on what I misunderstood so I can learn please? They claim tls encrypted tunnel, which is an end-to-end encryption isnt it? Do you mean that the data itself is not encrypted? What is the significance of this compared to a tls tunnel? If it somehow got mitm attacked they could snoop the unencrypted data?

I seriously curious so please explain.

permalink

report

parent

Show more comments

Technology

!technology@beehaw.org

Create post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

Community stats

2.8K
Monthly active users
3K
Posts
54K
Comments

Community stats

Community moderators