Comment by brulx126
1 month ago
Not just that, the new outlook app makes Microsoft a complete man-in-the-middle for your email account.
https://www.xda-developers.com/privacy-implications-new-micr...
1 month ago
Not just that, the new outlook app makes Microsoft a complete man-in-the-middle for your email account.
https://www.xda-developers.com/privacy-implications-new-micr...
I am so glad people are finally noticing and complaining about this. It's the same reason I won't use Spark or Superhuman. Those are neat services, but I can't abide storing the creds to perhaps the most security-sensitive service I use to a cloud provider. If they get hacked, then the attacker can access my email account, send phishing emails to my contacts, read and respond to password reset requests they make to other online services, etc. It would be disastrous.
No, I'll keep my credentials stored and used locally, thanks.
They store passwords and proxy everything at the same time they’re pushing OAuth, authenticators, passkeys, etc. for their own services. Everyone should have revolted when they bought Acompli and started doing this kind of thing.
This seems like it would completely break any attempt to track access from unauthorized users or devices — any IT department using a backend other than Microsoft’s would need to pretend that all access from MS’s servers is safe.
In response to discovering this any competent IT department would immediately move to ban the use of any offending apps and blacklist the MS servers from the relevant backends. Also I guess rather than drop the connections ideally you would want to accept the initial request, record the provided credentials, and then lock said account because the credentials have clearly been compromised and the user is now known to be making use of a banned app.
It’s also the case that, of the major cloud providers, one of them is quite notably poor at securing its own systems. If I were a company that cared about security, I would not want Microsoft holding credentials to my system.
So like Cloudflare for email.
And? Do you think Gmail is end to end encrypted?
My bank isn't end to end encrypted either, but that doesn't mean it's suddenly ok for Microsoft (or any other company) to suddenly start MITMing my online banking connections.
I am talking about the fact that the new default email client on Windows will hand over all your email credentials to Microsoft. This has nothing to do with Gmail.
Oh you mean even if you don't use Microsoft's email? Now I get it.
I think the concern is that it copies the emails of your non-Microsoft accounts that you added to the Outlook app, over to Microsoft servers
Adding a bunch of middlemen that also see the data increases the risk.