Comment by Fischgericht
2 years ago
Spot on.
I am a bit puzzled that I have not been reading about this in any big US media, not even IT ones. How did you first learn about it?
This IS a big deal and should be a scandal people are educated about, and Microsoft should be forced to stop this immediately. It's interesting that Microsoft appears to have managed to stay under the radar with these deceptive tactics...
We first discovered this while troubleshooting why we were receiving logins with an old password.. after updating the settings in Outlook. They had no other email clients, but the 'New Outlook' didn't actually send the updated password to the Microsoft cloud due to a bug :P
Imagine my surprise discovering that this little banner in their Outlook settings that said "Using Microsoft sync technology" actually means "This is no longer really a local IMAP client".
> I am a bit puzzled that I have not been reading about this in any big US media, not even IT ones. How did you first learn about it?
If Microsoft has the power to pay the EU for laws in its favour, i presume (i am actually sure see "die Welt") that paying some newspapers poses no big logistical problems.
The big logistical problem is: How do you select which newspapers to pay?
All of them? Now you've announced that you've got something to hide and are trying to to pay off newspapers to hide it. One of them is going to decide that this story is too juicy not to publish.
Only those that find out some other way and ask for comment? Well, in this case Microsoft didn't reply to c't Magazin's request for comment before publication...
Just one or two probably. One right and one left wing publication.
One side writes a piece, something like: "How the new Outlook saved my {insert protected class}", another one on the other side something like "New Microsoft Outlook uses your mail credentials to steal your DNA via nanosites because Bill Gates wants access to your children."
And then the rest of the media pick it up from there, spin it in their respective direction, receiving their generous donations from one of the numerous MS foundations that funnel money into these places, based on how damaging their puff pieces were.
Now nobody cares about the problem anymore because they are too busy fighting each other.
1 reply →
MS (and other enterprise big tech) gets laws in their favor in the EU because the EU has no solid alternative to MS. There is no EU based big cloud provider with similar capabilities, software ecosystem, integration, nobody offering a comparable office suite, familiar operating system with legacy compatibility, collaboration platform, etc.
Even when you have solid competitors for individual components, the whole package is hard to resist. So they're stuck with MS for the moment, and slowly get absorbed in that ecosystem making it even more entrenched. But MS doesn't need to pay to get the law, they just have to let EU companies try out alternatives until they go back to being slowly boiled with MS. The EU is looking for excuses to excuse MS because everyone decided the price we all know now is worth paying to get access to a full ecosystem that fills all other needs.
Effectively the EU is "paying" MS to stay, not the other way around.
Um, Google Business and Google Workspace isn't in the EU? They're great alternatives to Microsoft cloud in the US.
1 reply →
It is even worse.
MS doesn't need to do anything. They don't need to pay anyone off. EU bureaucracy is extremely strongly wedded to MS products like Windows, Office, Teams, Outlook etc. As are all EU national bureaucracies and public institutions.
There are firm opinions by e.g. the BSI (German IT security office, comparable to something between NSA, mostly NIST, DHS and ANSI) and other equivalent European national offices that it is practically impossible to operate modern MS products securely. E.g. there are guidelines from BSI like "we know that in that exact version (which is years old, because the guideline took ages to write) you need to set the following registry keys to prevent data exfiltration. Btw. this won't help you, because you also HAVE to upgrade within a few weeks of each available update". There are firm opinions by multiple European data protection offices that basically say the same about GDPR compliance in MS products. Practically impossible to achieve, there might have been that one configuration, "Once upon a time of writing the report, with that specific version of Windows and Office, when firewalling off half of azure, setting those 300 registry keys, manually deleting the following files, illegal telemetry could no longer be observed. Also, you are obliged by GDPR to follow good practice and update regularly, so good luck with that...".
Basically it is illegal to process any personal data using MS products in the EU if the processing system has any kind of outgoing internet connection. All the bureaucracies ignore this systematically, citing the "impossibility" of working without said MS products. Migration plans away from those illegal processes are regularly cancelled, ignored or never completed. MS is free to do whatever it wants, they are never really investigated, fined or held to any laws.
Meanwhile, other big IT firms like Meta, Google, Twitter/X and lots of others are held to far higher standards. Where tons of your local government's data about you like tax report, criminal records, school records and similar things are subject to being exported to the US via Azure, MS telemetry and what not. With FAANG there is complaining about comparably laughable stuff like "well, that IP address that Google Fonts could observe...".
The problem, why this doesn't change, is that the local government institution is responsible for their data processing (according to GDPR and other laws), MS being only their contractor. And those government institutions are usually (in almost all EU states) free from GDPR and other penalties, and those penalties would be left-pocket-to-right-pocket anyways.
This is why MS gets a free pass on everything. Imho this must end.
1 reply →
Why even pay newspapers, when most do not understand the problem anyway, so do not want to read about it?
Microsoft is already taking so much data, I would have trouble to explain to the layperson, why this incident is worse, than all of the other shit they are doing.
The parent's remark was about US media. Hardly "some newspapers" to pay, and how does the EU come into play here?
Calling "Die Welt" a newspaper is the problem at hand. It should be labeled as yellow press, but yeah...
They have been doing this for years. The mobile outlook app has had microsoft servers check for mail on the user's behalf since forever.