WingNews logo WingNews
top | item 46733078

(no title)

brulx126 | 1 month ago

Not just that, the new outlook app makes Microsoft a complete man-in-the-middle for your email account.

https://www.xda-developers.com/privacy-implications-new-micr...

discuss

order

kstrauser|1 month ago

I am so glad people are finally noticing and complaining about this. It's the same reason I won't use Spark or Superhuman. Those are neat services, but I can't abide storing the creds to perhaps the most security-sensitive service I use to a cloud provider. If they get hacked, then the attacker can access my email account, send phishing emails to my contacts, read and respond to password reset requests they make to other online services, etc. It would be disastrous.

No, I'll keep my credentials stored and used locally, thanks.

donmcronald|1 month ago

They store passwords and proxy everything at the same time they’re pushing OAuth, authenticators, passkeys, etc. for their own services. Everyone should have revolted when they bought Acompli and started doing this kind of thing.

amluto|1 month ago

This seems like it would completely break any attempt to track access from unauthorized users or devices — any IT department using a backend other than Microsoft’s would need to pretend that all access from MS’s servers is safe.

fc417fc802|1 month ago

In response to discovering this any competent IT department would immediately move to ban the use of any offending apps and blacklist the MS servers from the relevant backends. Also I guess rather than drop the connections ideally you would want to accept the initial request, record the provided credentials, and then lock said account because the credentials have clearly been compromised and the user is now known to be making use of a banned app.

encom|1 month ago

So like Cloudflare for email.

koakuma-chan|1 month ago

And? Do you think Gmail is end to end encrypted?

gruez|1 month ago

My bank isn't end to end encrypted either, but that doesn't mean it's suddenly ok for Microsoft (or any other company) to suddenly start MITMing my online banking connections.

brulx126|1 month ago

I am talking about the fact that the new default email client on Windows will hand over all your email credentials to Microsoft. This has nothing to do with Gmail.

delfinom|1 month ago

I think the concern is that it copies the emails of your non-Microsoft accounts that you added to the Outlook app, over to Microsoft servers

AlexandrB|1 month ago

Adding a bunch of middlemen that also see the data increases the risk.