Comment by hellojesus
2 years ago
Wouldn't it just use the credential from client to directly connect to the service instead of going client->msft->server?
You need a token to authenticate, but the client software (Microsoft here) doesn't ever need to send that data to themselves to successfully auth.
Sending themselves the auth credentials does allow them to then use it on their servers in ways that your client device may not want to (e.g., excessive battery drain) or can do (loss of network). But it then also allows them full access anytime they want and complete control of your data for whatever they want.
> But it then also allows them full access anytime they want and complete control of your data for whatever they want.
95% of people use webmails from Google, Microsoft or Yahoo. They already have complete control.
Sure, Microsoft should make it much more clear what is going on with the passwords and cloud email, but all things considered, nothing really changed for 95% of people.
And if you don't trust Microsoft with your email, but are using this Microsoft mail app on Microsoft Windows, well, that's again weird.