1 yr. ago • 100%

Warning: New Outlook sends passwords, mails and other data to Microsoft | mailbox.org

mailbox.org Warning: New Outlook sends passwords, mails and other data to Microsoft | mailbox.org

The IT news portal Heise Online warns against using the new free Microsoft Outlook. There is a risk of losing access data to e-mail accounts.

Security @lemmy.ml Warning: New Outlook sends passwords, mails and other data to Microsoft

Hacker News @derp.foo New Outlook sends passwords, mails and other data to Microsoft

65 comments

Friendly reminder that Thunderbird is a great way to handle multiple email accounts on the desktop.

102
- There are no perfect desktop email clients, but Thunderbird is pretty great.
  
  It's a little too powerful for my needs, so I stick to Claws.
  
  27
  
  I moved away from a desktop client for several years because of Thunderbird staying stuck in the 2010s, but the redesign brought me back into the fold. It's certainly overkill for scanning through subject lines, but compared to having five tabs open ...
  
  11
  
  Bluemail is decent. But im still always looking for better.
  
  5
  
  Ain't that the truth.
  
  Geary is so close to perfect but they depend on Gnome Online accounts which doesn't support O365 so I can use it for everything but my university email.
  
  2
- But Thunderbird still doesn't support outlook calendar etc right?
  
  5
  
  It does support any good calendar using CalDav standard.
  
  3
- I must say I'm quite pleased with it too. The previous time I tried it was in 2005 and it was just ok. I also recently found out about the Owl add-on. Really makes it a good alternative
  
  3
- I hate how they use quotes around the name Thunderbird...
  
  3
- It can even look great with the Monterail Dark 2 Add-On.
  
  (For some reason I had to download it and then install it from the downloaded file, but it DOES work!)
  
  Also available in a Full Dark mode version
  
  2
What a clickbaity article. I'm all for exposing bad stuff but this article presents zero proof of it transferring passwords. It also fails to highlight the manner of how data voluntarily synced to MS is handled. All in all it doesn't do anything but trying to steer users to it's own services.

56
- So reading another article (https://www.heise.de/news/Microsoft-lays-hands-on-login-data-Beware-of-the-new-Outlook-9358925.html )makes it more clear. If you consent to syncing IMAP account to outlook then it will transfer IMAP username password and mailserver config to Outlook.
  
  I mean, they could have specified that your IMAP credentials would be synced, but it's redundant considering you're telling it to sync.
  
  46
- I know, right? Jesus I hate bullshit tech "reporting" like this. This particular comment just smacks of outrage "journalism":
  
  Microsoft gets full access to mails, calendars and contacts!
  
  18
  
  To be fair, they aren't journalists. They're a privacy-centric mail provider that is warning their customers.
  
  25
- It is very easy to find other sources making the same claim, such as this one which includes an image of allegedly posted json including passwords.
  
  11
  
  Which I already posted before your reply.
  
  4
- As for third party accounts you can only select IMAP, no pop3, sand it warns you'd be logged in thorough Microsoft servers, they don't even try to hide it
  
  2
I am so grateful I left Windows and move to Linux.

36
- Best decision pfbmy life... After initial set up, it works better than microshit holr
  
  9
  
  What an analogy! Summarises my experience with Win vs linux. Still on "early dates" with linux, but it does get better and better, while MS seemingly deliberately tries to alienate me with every new update. Won't be a returning customer!
  
  1
- Here here, best 6 years ever. Never looked back.
  
  5
- Outlook has nothing to do with the OS though? You can get the same Outlook app on MacOS too.
  
  2
  
  What its your point buddy ? I didn't get it.
  
  2
It's ok Microsoft are very sorry you found out

33
PSA: mailbox.org has a great, privacy focused email service.

21
- I went on a trawl on email security and privacy.
  
  It doesn't fucking exist.
  
  Regular mails w/e sure
  
  But I'm never talking to someone via email again.
  
  2
- Privacy-focused email doesn't truly exist, since it's likely 90%+ of people you email are probably using Gmail, Hotmail/Outlook, or Yahoo. Companies like Gmail/Google could still build a profile of you if they wanted to, by collecting all the threads you're a participant in.
  
  The best you can do is self-host your mailbox (e.g. Using Mailcow) with an encrypted file system (e.g. using LUKS), but you'd still need to use an SMTP gateway to ensure deliverability, so it's going to be relayed through, and ultimately end up at, some third-party you have no control over. Some third-parties don't even have TLS enabled for their email servers.
  
  You shouldn't think of email as a private or secure communication mechanism unless you're encrypting your emails.
  
  1
- Agreed, but unfortunately, unless they implement VJOURNAL in their caldav implementation, I'll probably switch to Fastmail when my prepay is up.
  
  1
  
  Fastmail is a great provider, very happy customers, but with them being in a five eyes country, I don't trust them. But it's only email which is a nightmare protocol regarding privacy anyways so I don't really care.
  
  4
I don't know about sharing passwords, but I know that if you have an Exchange server on premises (meaning you have mailserver on your own infrastructure maybe somewhere in the building) because you don't want to have your data in the cloud - Outlook for mobile (both iOS and Android versions) has been sending all your data through M$ servers anyway, don't know for how long - quick search returned a 3 year old reference - imo much longer. There are "benefits" that I may be too dumb to understand:

On iOS you can go around and use the default "Mail.app". On Android I haven't found a good app that would work with EWS - I'm using K-9 over IMAP which isn't great.

17
- Have you tried Nine mail? https://www.9folders.com/en/index.html
  
  It costs some money to continue using it/unlock all features, but that's a one time fee (assuming that it hasn't changed).
  
  I can't use it anymore as IT has disabled all support for 3rd party mail apps. Was the best exchange mail app I ever found (it actually supports the categories using which I've organised my mail).
  
  I (and my colleagues on iOS) have no choice but to use outlook mobile as the Apple mail app and everything else is blocked due to GDPR.
  
  4
  
  Thank you for this. I've been testing the Nine app for a week now and I am sold 👍 Some users do complain that the app "isn't as good as it used to be" - but luckily for me I don't know - and it's the best one I've seen anyway.
  
  2
- On Android I haven't found a good app that would work with EWS - I'm using K-9 over IMAP which isn't great.
  
  On Android, I use FairEmail which is a fantastic open-source app. However, it doesn't support any proprietary Microsoft stuff. For my work email, I use Nine, which works well.
  
  3
The old outlook was just perfect, the new one is positively abhorrent. I swear if they force one more app to me I'm going to purposefully stop using it altogether

10
- Why wait?
  
  5
I don't see how this is any different from adding another e-mail account on gmail.

6
- The program it replaced didn't do this, hence the surprise. You could be using the old program, and one day windows update it with this new program, and suddenly your passwords are uploaded to Microsoft cloud service when you launched it. People would similarly surprised if K-9 mail upcoming replacement, Thunderbird mobile, suddenly store your password in the cloud.
  
  13
  
  Why is someone using Outlook to sync a different email address?
  
  Why not keep the apps separate? Or use the Mail app built into Windows?
  
  Seriously, someone explain the use case here because I don't understand. If you're using an outlook account, MS already has all that stuff. And if you don't have an Outlook account, why are you using Outlook?
  
  1
- Configuring local software vs delegating to a web service
  
  11
Aw fuck. I accidentally opened it and it automatically upgraded to the new one. I barely ever use it though

4
Mailbox.org doesn't allow you to sign up at this time. Is this.. getting teary eyes lemmy.. having impact on the webs?

4
- Why can't you sign up?
  
  2
  
  They block countries that originate a lot of spam from signup, which includes the US @smokedclover@feddit.de. You can use a VPN to signup, though I did have to reach out to support at one point very early on to finalize some provisioning. I don't know if it was related to the geo-blocking, it's been awhile. But I've had no problems since.
  
  3
  
  "We apologize, but for maintenance work the registration of new accounts is currently blocked. Please check back later." But it still says that so there probably is some maintenance going (wr)on(g).
  
  1
Permanently Deleted

4
- Using the Outlook client with a none-Outlook email shares the data with Microsoft. So, a bit surprising.
  
  16
- Service providers aren't actually supposed to know your password. Passwords should always be sent after hashing on client side. Only the hashes are matched on server side.
  
  Edit: Not accurate, read replies.
  
  8
  
  nope hashing is usually done server-side.
  also counter-intuitively server-side hashing is considered more secure than client side (in case of client side hashing hash becomes the password)
  
  8
school requires outlook account ._.

3
- Use a different mail app, and use the outlook account.
  
  4
  
  How does that help?
  
  1
Should left once they start upload nudes into cloud 10 years ago

2

You've viewed 65 comments.