Comment by vasdae
2 years ago
It is not stealing anything because you get a dialog asking you for permission to do it. If you give someone permission to take something, they are not stealing it.
https://heise.cloudimg.io/v7/_www-heise-de_/imgs/18/4/3/3/1/...
> It is not stealing anything because you get a dialog asking you for permission to do it
That dialog talks about sync but notably does not mention credentials at all.
Surely this is instance where informed consent is needed, with full disclosure of what's going to happen.
Something along the lines of: "this means your IMAP username and password will be passed to Microsoft where we will store it indefinitely so we can regularly log into your IMAP server to sync your messages".
Of course, users are less likely to consent if you explain exactly what's going to happen...
[flagged]
I genuinely don't understand how you can come to this conclusion.
If I open the door to someone and allow them to take picture inside my house, there is no legal understanding that they are now allowed to make and keep a copy of my keys.
The understanding is that I allowed to take the picture (make the sync), through the access that I gave (door opened / imap connection made). And the underlying understanding is actually that I remain in control of access later on, meaning they can't do it again without me opening the door / connecting again.
Microsoft knows that, because they buried that information inside the webpage that the consent dialog links to, except the dialog doesn't say "important detail there" but "for more information see there" aka pretend the dialog's summary is correct.
If anything, coupled with the awkward Outlook (but not Outlook) naming this is one more of their modern move that will piss off entreprise IT admins. Your employee opens the "wrong" outlook, type his office credentials and then Microsoft now has outside of your corp account a copy of all data of that employee AND its credentials. If there was any actual real competitor in their field they would never be able to pull such crap.
1 reply →
It is not informed consent if people don't understand what is happening, though.
3 replies →
I am not so sure about that. Are they allowed to simply assume "expert" knowledge?
4 replies →
The dialog talks about needing to synchronize your email account. It then goes on to tell that contacts and events are not synchronized. No one will reasonably suspect your authentication credentials are send to Microsoft. Such reasoning of this dialog will never fly in a German court.
When I saw that I immediately cancled my the "new outlook" tryout and wrote in the feedback form I don't want my mails in the microsoft cloud.
At least in the EU it is.
Explained in detail, here.
https://gdpr.eu/gdpr-consent-requirements/
Consent must be specific, informed, freely given and unambiguous. The user must be able to revoke consent at any time, as easy as it was providing the consent before.
Very clearly the Microsoft "consent" info does not tick any single one of those items.
Illegal.
Or, in other words:
There is much to criticize about the EU. But where the US has brought the world "By farting during installation of this software you consent to us stopping by and taking your first born child" kind of EULAs / "choices", EU's GDPR is forcing big tech to treat humans as humans again (instead of just data).
I don't know why political entities are brought into these conversations other than for some sense of high-horsedness or a figurative pissing contest.
GPDR is good. So is CCPA, COPRA, etc. Meanwhile, both the EU and the US have plenty of predatory legislation that allows companies to do all kinds of fucked up things.
3 replies →
https://www.law.cornell.edu/wex/informed_consent
Is it asking for informed consent for a change when the ui encourages and defaults to not keeping the system quo
> It is not stealing anything because you get a dialog asking you for permission to do it
Also, at least according to several comments on nearly any story about movie piracy, it is not stealing because all they have done is made a copy.
I disagree. I think that you can’t consent to something you don’t know about and certainly not something you don’t understand. This includes every single eula that everyone agrees to without reading. In my opinion that is not an agreement, as an agreement requires informed consent.
Unfortunately our legal system strongly disagrees with me but that’s my two cents