this post was submitted on 12 Nov 2023
274 points (97.2% liked)

Privacy

32173 readers
539 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Microsoft is singing the praises of the new Outlook and wants to persuade users to switch. But beware: if you try out the new Outlook, you risk transferring your IMAP and SMTP credentials of mail accounts and all your emails to Microsoft servers. Although Microsoft explains that it is possible to switch back to the previous apps at any time, the data will already be stored by the company. This allows Microsoft to read the emails. Start menu shows new Outlook as recommended app

The new Outlook now appears as a recommended app in the Windows Start menu of Windows 11 devices with the 2023 update. The Outlook client itself also offers to test the new Outlook version with a "The new Outlook" switch. This is still under development, but is set to replace the mail program and the calendar included in Windows in 2024. In a recent tech community article, Microsoft employee Caitlin Hart also explains that it will also replace the classic Outlook. However, unlike the Windows Mail and Calendar apps, the timetable for this has not yet been set.

When adding a mail account in the new Outlook that is not hosted by Microsoft but is located on company mail servers, for example, the program displays a message. It links to a support article that simply states that non-Microsoft accounts are synchronized with the Microsoft cloud, whereby Gmail, Yahoo, iCloud and IMAP accounts are currently supported. The new Outlook also does this in the versions for Android, iOS and Mac. This means that copies "of your email, calendar, and contacts will be synchronized between your email provider and Microsoft data center". This gives the company full access to all emails and allows it to read and analyze them. Microsoft wants to provide functions that way that Gmail and IMAP do not offer. Warning message of the new Outlook version when adding a non-Microsoft account

The note makes you wonder: What does Microsoft transfer where? When creating an IMAP account, c't was able to sniff the traffic between new Outlook and the Microsoft servers. It contained the target server, log-in name and password which were sent to those Servers of Microsoft. Although TLS-protected, the data is sent to Microsoft in plain text within the tunnel. Without informing or inquiring about this, Microsoft grants itself access to the IMAP and SMTP login data of users of the new Outlook.

When switching from the old Outlook to the new one, it is installed the new software in parallel. Previously set up IMAP accounts are not automatically transferred, but the account stored in Windows is. During the test with Google accounts, authentication with OAuth2 was used. Users receive an authentication request and Microsoft does not receive any specific access data, but only an access token that users can revoke again.

An answer to our request for a statement from Microsoft is still pending. At this point in time, however, we must warn against trying out the new Outlook without thinking. In addition to all the emails, some credentials may even end up with Microsoft.

Microsoft already attracted attention with such data redirections at the beginning of the year. After Office updates were applied on Mac computers, Outlook redirected the data to Microsoft's cloud servers without any user notification. At that time, the remedy was to delete IMAP accounts and set them up again. However, this is obviously no longer helpful with the new Outlook.

The Federal Commissioner for Data Protection and Freedom of Information of Germany, Professor Ulrich Kelber, is alarmed by the data detour in Microsoft's new Outlook. He posted on Mastodon that he wants to ask for a report from the Irish Data Protection Commissioner, who is responsible for companies like Microsoft, during a meeting of the European data protection supervisory authorities on Tuesday of the coming week.

top 17 comments
sorted by: hot top controversial new old
[–] [email protected] 45 points 1 year ago (1 children)

Honestly the thing that annoys me the most about this isn’t the privacy aspect. It’s the fact that they called it “new outlook”. Which means now at work I have to explain that no, this isn’t real outlook it’s just MS being useless wankers and not being able to come up with a new name for a new product. See also, teams vs teams for work and school. They did the same thing with Skype and Skype for business back in the day and still pisses me off.

[–] [email protected] 4 points 1 year ago

I fucking hate Microsoft so goddamn much for their bullshit naming process.

I also hate everyone for the stupid process of separating work and personal accounts. It's caused me nothing but grief.

[–] TCB13 26 points 1 year ago* (last edited 1 year ago) (1 children)

Damn this was unexpected. So it seems they'll just proxying / serving all email to Outlook apps through their servers.

I can already "feel the pain" of alternative email providers getting calls/tickets from their users saying they've their email setup in Outlook and that when someone send them an email it takes hours for it to arrive. Then the customer will simply blame the smaller email provider and eventually leave them instead of pointing the finger at Microsoft's "free" Outlook.

Damn Microsoft that's really fucking anti-competitive.

[–] [email protected] 5 points 1 year ago

Oh, I fully put the blame on Microsoft for all of my emails issues that I've been having.

Microsoft is balls.

[–] [email protected] 13 points 1 year ago

Don't use Outlook for non-Outlook email services. Problem solved. I am required to use Outlook for my work email, but I keep all of my personal email separate, accessed with FOSS email clients.

[–] mriormro 10 points 1 year ago

This keeps popping up. Isn't this mostly because 'new' Outlook is basically just a wrapper for owa?

[–] [email protected] 4 points 1 year ago (1 children)

And people though Thunderbird was bad

[–] [email protected] 0 points 1 year ago (1 children)

Thunderbird is still bad. Except for privacy.

[–] [email protected] 9 points 1 year ago (1 children)

Have you tried it in the last two months? It got a big rewrite

[–] [email protected] 1 points 1 year ago

Yes, I did. And then promptly uninstalled.

May be, instead of trying to be on all platforms team can make it the best one platform.

On Mac, thunderbird doesn't match the UX or stability of default Mail app which hasn’t seem much changes in recent years.

On Linux, there is no good alternative.

[–] [email protected] 1 points 1 year ago (1 children)

It's such a stupid fucking name too.

I tried it, and then it wouldn't load any previous history or emails so I contacted support to try and see if I did something wrong during setup.

Labelled it as trouble with "outlook" because it's.... The "new" outlook, no?

They went through and tried to diagnose my issue for awhile before telling me they couldn't do anything because the Outlook (new) isn't actually outlook it's relabeled windows mail and I setup my ticket wrong.

So how are you supposed to differentiate outlook vs outlook (new) when they are supposedly completely separate programs?

[–] Evotech 2 points 1 year ago

That seems like supports issue