Comment by bradley13
2 years ago
This is the horrifying core issue: "When creating an IMAP account, c't was able to record that the target server, login name and password were being transferred to Microsoft's server. Although TLS protected, the data in the tunnel runs to Microsoft in plain text. Without informing or asking, Microsoft grants itself full access to the IMAP and SMTP access data of users of the new Outlook."
To be clear: this is for accounts not hosted on Microsoft servers. They likely copy all of your existing mails to their servers, and any future mails sent or received also run through their servers.
How is that not a $1 billion fine under European law?
This shouldn't be just a fine. They exfiltrate a users credentials for another service without explicit consent and intercept a confidential communication channel between the user and their mail provider. This is straight up criminal behavior and should lead to jail time for the responsible person.
Because Europe heavily depends on the US for its defense and because most of MS is by now an extension of the US establishment from a strategic pov (the dividends and the profits still go to MS’s private investors, many of them Americans, but that’s not what the US establishment is really after)
No. Because it's still early.
It quite probably will turn out to be fined.
Let's wait (for months or years).
1 reply →