Microsoft Takes a Refreshing Plunge in the Scroogle Pool

When you sync third-party email accounts from services like Yahoo or Gmail with the new Outlook, you risk granting Microsoft access to the IMAP and SMTP credentials, emails, contacts, and events associated with those accounts

I find this mildly amusing because Google has been doing this for years i.e. you can sync a random email account to your gmail account by handing over the login credentials for that other email account to Google. So now, apparently, the boot is on the other foot.


I wonder to what extent this applies if you use outlook.com for email. Where I work has done that (therefore I have no choice). Hence I avoid the worst of it, by not running any Microsoft software at all, but I still don’t completely avoid exploitation by Microsoft. :frowning:

Kinda sells itself though. If you aren’t paying for the product then you are the product.

In some respects Microsoft is even double dipping, since users did pay for Microsoft Windows.

5 Likes

This is becoming a trend with all kinds of (dis)services lately.

Yep.

2 Likes

People have their reasons for using it, or for thinking they have to. (Or Google/Meta/etc. products, for that matter.) And then there are those who use Microsoft simply because it’s already installed. (Microsoft made sure of that a long time ago.)

2 Likes

Discussion on Hacker News: Outlook is Microsoft's new data collection service | Hacker News.

6 Likes

My ironic remark here was entirely meant for this particular forum and the people resolutely wanting to regain privacy and control - this is after all our common interest: resisting what is imposed on us and trying (as much as possible) to ban proprietary hardware/software/services.
But of course the reality is that some very specialized software will only run on Windows, that most likely your desktop at work will be proprietary hardware running M$ software and services, that you are forced to have Whatsapp on your mobile because you are “part of a group” (and who really wants to be a social outcast?) and that if you don’t have a Facebook account, you will never even get a job because HR “wants to know you very intimately” before they make the decision to hire you.
And the sad truth is that most people just don’t know and/or don’t care, don’t have an opinion and just go along with what they are told to do.

2 Likes

Right, related:

I have been encountering more people with jobs who do not have a Facebook account, although the rest of your broad argument still applies.

1 Like

Really? But in the USA or outside? This is not yet common practice in EU countries and some privacy is still respected. But Whatsapp has become a real plague all over the world.

3 Likes

Canada, specifically British Columbia. While there is an increasing trend of workers not using Facebook accounts here, there is plenty of Instagram and other social media platforms still being used; workers use LinkedIn instead.

I’ve got no WhasApp, no Telegram, no Facebook, no Instagram. I run my own email server from my living room. And I found a new job. 7th employee of a small startup starting in Sep 2022.

I also have not lost a single friend, still get a few post cards every year and when I know I won’t need my Librem 5 when I go out, I leave it home. A few of my former workmates, with whom I’ve worked for 13 years, still send me emails and SMS and we meet often.

A few days ago, I went to the bank with my elderly aunt and they wanted her to sign a document using some public eSignature certification thing app. She is old, hates mobile phones. She pushed back, asked the branch manager to show the law that forces her to have a mobile phone to have access to banking services. After 30 minutes of struggle, she protested, threatened moving her money to another bank. A printed copy of the document she had to sign appeared and she signed it.

Change begins with us.

7 Likes

Right, I cannot deploy my own email server without breaching the telecommunication provider’s service agreements and port forwarding, but I can make a sustained effort to become unbanked.

1 Like

Maybe, but on the other hand, permitting every transaction to go through would go against the current anti-terrorism and anti-fraud narrative being propagated in financial institutions. This is why there is a very strong incentive for societies to go cashless to have every transaction verified, at the cost of privacy and anonymity.

Ooops! Maybe they should go back to Facebook…LinkedIn is about the worst when it comes to security and privacy: so many breaches, incidents, glitches - very bad reputation!

2 Likes

Feel free to argue against people’s digital practices, whether in-person or online. My concerns are refining my own practices at this point, not wasting time with people who prioritize differently.

1 Like

Hey - no-ip has a service specially for folks who have the providers blocking ports. I’ve been working with them for 20 years already. Great service and amazing support. Mailcow has a very nice Docker solution that works in an active-standby setup and my downtime last year was 10 minutes, including the day I changed my rack (I moved everything to AWS for a bit)

I am lucky where I live. There’s actual competition between carriers, so I have 2 lines at home. For each one of them I pay ~10 USD equivalent for a fixed V4 and they set reverse DNS for no extra charge, no questions asked.

One of the providers set me 2 V6 blocks (one for each one of my VLANs) for free and the other one would charge me extra ~10 USD for it, but I can live with only one of the VLANs being on V6.

2 Likes

The thing is… technology could benefit both customers and merchants, making it easier and safer for both.

At least in my home country, technology is being used ONLY for fraud prevention and making life pure misery for the population.

So… well, I am ok living cash-only but the state won’t allow me to go without a bank account. And I MUST have a mobile phone to use the banking system (the sole reason I keep waydroid There’s no law making phones mandatory. If I must have a phone to use the bank, feel free to buy me one.

In our particular case, we were at the branch where my aunt had the account, with two witnesses. So hey… check the IDs and call the police if you have troubles.

I will even question the security narrative. When you go to the bank, no one can come in with a gun and make you sign a document while pointing a gun to your head. In our case, the bank said that the transaction could be authorized in up to 24 hours via phone, meaning that someone could indeed point that gun to your head and make you confirm the transaction.

xkcd mandatory: xkcd: Security

3 Likes

I appreciate the points you have made, but ultimately I cannot trust another provider with my own security needs, or wait for anti-trust regulators to take actions towards benefiting consumers at their leisurely convenience. It is my responsibility to sever relationships that abuse my given trust. Replacing it with another third-party will solve nothing.

Well, you would still be hosting your own email. They just help you get around the port block. I find it waaaaay preferable to using any external provider. Email remains the only universally accepted federated option.

At the end of the day, we must trust somebody. We are choosing to trust Purism. We trust that most of us here debate in good faith.

Honest question here - how do you handle the fact that enshittification is on and almost no large entity is trustworthy? - from a technological perspective.

2 Likes
  • Minimise my touchpoints with companies like Microsoft and Google. Don’t use their products or services, as far as is practical. (As far as Microsoft goes, I think I may be at zero. I even “left” LinkedIn when they bought it.)
  • Use browser extensions and also DNS poisoning to attack tracking that is embedded in web sites.
  • I’ve set some of my web sites to attempt to disable crawling.
  • Mail client blocks external images by default (e.g. tracking pixels).
  • Run my own incoming and outgoing mail server.

I certainly haven’t reached full disengagement from Big Tech. For example, I still buy from Amazon when an item can’t be obtained from a local supplier.

So I am moving to a position where neither “trust” nor “verify” is relevant - since I have no way to verify and since it is either known that trust should not be given or it is doubtful that trust should be given.

2 Likes

Never heard of this technique. What is it exactly?

I know Proton does this for tracking pixels.
Which Mail client are you using (especially for identifying/blocking tracking pixels)? Can this be done on ThunderBird via config or else some extension?

1 Like

I just meant like e.g. Pi Hole. So domains that you never want to visit (such as most domains that contain “google”) resolve, via DNS, to something invalid. I think Pi Hole uses a publicly available block list with thousands of privacy-invasive domains.

The result is that things that are phoning home and using a domain name to do so will fail to phone home.

Thunderbird. I doubt that TB can identify tracking pixels. I just meant: disable all external images by default. That is standard TB functionality.

2 Likes