• nem@sopuli.xyz
    link
    fedilink
    arrow-up
    55
    ·
    1 year ago

    What a clickbaity article. I’m all for exposing bad stuff but this article presents zero proof of it transferring passwords. It also fails to highlight the manner of how data voluntarily synced to MS is handled. All in all it doesn’t do anything but trying to steer users to it’s own services.

    • DeltaTangoLima@reddrefuge.com
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      I know, right? Jesus I hate bullshit tech “reporting” like this. This particular comment just smacks of outrage “journalism”:

      Microsoft gets full access to mails, calendars and contacts!

      • jcarax@beehaw.org
        link
        fedilink
        arrow-up
        26
        ·
        1 year ago

        To be fair, they aren’t journalists. They’re a privacy-centric mail provider that is warning their customers.

    • kbal@fedia.io
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      It is very easy to find other sources making the same claim, such as this one which includes an image of allegedly posted json including passwords.

        • kbal@fedia.io
          link
          fedilink
          arrow-up
          10
          ·
          1 year ago

          Nice timing. I don’t see how warning you that your email passwords will be kept remotely by Microsoft would be “redundant.” Many people will assume from that message that it would only send them all your mail, and the even more carelessly optimistic among us might guess that it would be end-to-end encrypted as it obviously should be.

          • nem@sopuli.xyz
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            It is end to end encrypted as the data is sent through a tls tunnel. And well, they could spell it out sure. But if that was the only thing the article was complaining about then there wouldn’t be many clicks ;)

            • kbal@fedia.io
              link
              fedilink
              arrow-up
              4
              ·
              edit-2
              1 year ago

              That is not what “end-to-end” means in this context. In fact, finding out yesterday that Outlook sync is not end-to-end encypted prompted me to look up OneDrive to see if it at least has that feature. It does not, and someone who doesn’t know a thing or two about how cryptography works would have a hard time finding out that it does not, because the search results are polluted with people misunderstanding the concept exactly as you do.

              Microsoft’s own web site goes to great lengths to explain how all your data is encrypted in transit, and encrypted at rest. Their internal security and access control systems are elaborated on in impressive style. You’d think that if they’re going to go to all that trouble, and want people to trust them, they would indeed provide end-to-end encryption where it’s appropriate. But no, they carefully avoid mentioning the concept. They are unwilling to acknowledge that it might be a thing people expect these days, but they do not go out of their way to correct people who imagine that they already have it.

              • nem@sopuli.xyz
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Could you elaborate on what I misunderstood so I can learn please? They claim tls encrypted tunnel, which is an end-to-end encryption isnt it? Do you mean that the data itself is not encrypted? What is the significance of this compared to a tls tunnel? If it somehow got mitm attacked they could snoop the unencrypted data?

                I seriously curious so please explain.

    • 𝒎𝒂𝒏𝒊𝒆𝒍@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      As for third party accounts you can only select IMAP, no pop3, sand it warns you’d be logged in thorough Microsoft servers, they don’t even try to hide it