Outlook is Microsoft's new data collection service

...it appears the company has transformed its email app into a surveillance tool for targeted advertising.

It's not just Microsoft's email, it's all of Windows too. I tried Windows 11 for the first time not too long ago and it's an abomination of an ad delivery vehicle that makes ChromeOS look magnificent.

After too many years of Windows, I finally bit the bullet and installed Linux on my desktop. Within a few weeks I was more productive than I was on Windows and my OS is no longer trying to sell me something constantly, and I should have done it sooner.

Windows is dead the day I can play all modern PC games with anticheat in Linux using Proton or similar, without also getting my account banned for 'hacking'.

If we look at Bethesda, Activision, and Xbox game studio, given the hundreds of titles combined with some of if not the largest franchises in video games, I would be doubtful that day is coming. Something drastic would need to occur. A part of me thinks think we're further away today then we were 10 years ago.

Once proton works on everything, the companies that make the software than bans you will fix their stuff to work in those confines as well. Valve makes the biggest, VAC (edit: I was told EAC was bigger below, but that it supports Linux), and they also make proton, and they own steam, so they’ll be able to force other companies to submit in any case. I’m more worried about peripherals myself, since there are some gaming peripherals that were made with windows in mind only. AAA game developers only have the power if people choose to load their launchers (EA's for example) but most people I know avoid those and use Steam or Epic stores or GOG or whatever for non AAA games.

Edit: I am "posting too fast" it seems (a few messages per hour, I guess?), so here's a response to a comment below here about the mixed-OS household:

I wouldn't mind using macOS or Linux, and I actually would pay if I could install macOS on my PC tower. I might be the idiot here, jumping out of the MS frying pan into the Apple fire, but I find macOS to be just fine for my use, and not too locked down overall when it comes to running the software I need on it and it's very well integrated with some of my other tech stuff. Sure, I can't tweak every aspect of the OS, but I don't mind how it works out of the box so I am cool with that. It would also be nice if I could use some of the macOS features on other platforms, like iCloud, Messages (whatever the blue-bubble messages are called), and iPhone integrations.

I'm saying that the companies that make these games, many have been swallowed up by MSFT, so it would fantasy to believe they're going to change their position or hire people to make changes to a game that is a decade old.

Kernel level cheat engines (not VAC) will catch you on a different OS 100% of the time. EAC is vastly more popular for detecting in game cheating, versus VAC which scans the users computer for possible cheats and typically doesn't work well when it comes to preventing cheating if at all.

Many companies invest heavily in kernel level anti-cheat and having to support multiple OS's when the other two big OS's account for less 0.5% of the profit, I just don't see business folk lining up to ensure non-windows users can play video games given the fact it's probably Microsoft making or publishing the game in some capacity.

Even EAC has Linux support though, and enabling Linux support basically amounts to a config change for devs.

It does, but they're not kernel modules and run in userspace so no game studio that values their game or protecting players from cheaters uses it, and it is not just a config change.

There isn't any reason it can't be a kernel module, it could even be dynamically loaded if you wanted to.

Anyways, from what I am seeing from tech trends, the future is multi-platform, and it's only becoming easier to code for everything all at once. Smart people are taking time and energy to research things like WASM and APE (which supports Cosmopolitan Libc), not to mention long-running initiatives such as containerization, the various JS engines and other languages which run anywhere, etc. Even with ARM vs x86 happening, software runs cross-platform more and more.

There are a few Microsoft games that have received patches to enhance Linux (Steam Deck) support, like the Halo game collection.

Could change if Linux numbers on Steam hit double digits, though.

I'm guessing dual boot will be the transition step. I don't game so I just got a used dell without an os installed and went with Linux, printing and scanning are my only difficulties so far. So I'm totally a mixed household, Wife and our TV are macs, Teen son is windows, and I'm Linux, using boot-camp on a Macbook for the occasional scanning.

A part of me thinks think we're further away today then we were 10 years ago.

I don't see how that can be true. Valve has made huge strides in pushing Linux gaming forward, and thousands of Windows-only games are playable on Linux, sometimes even with better than native performance.

The small percentage of games that have anti-cheat mechanisms or intrusive DRM (Steam notwithstanding) that are problematic on Linux are likely games that don't deserve my money or attention anyway.

Disclaimer: I do still game primarily on Windows, but mostly because I find dealing with Linux issues (whether that's related to games or otherwise) much more annoying than dealing with Windows' spyware. I can reasonably handle the latter, but nothing is more frustrating than having non-working software when I just want to unwind for a while. I think these are not unsurmountable issues and am pretty hopeful the state of Linux gaming can only improve.

I agree. Gabe Newell doesn't forget. It's a long march, but it could happen. Interesting that the Switch supports Vulkan, as well.

He doesn't get younger either. So one day the direction may quickly change.

This is why I just hypervisor all the things. Passing through GPU, sound, and USB devices is easy.

This is the way for sure. I use my main OS as a hypervisor and pass through to various VMs as needed.

I'm against DRM and to an extent, anti-cheat.

If we are talking about games whose compatibility will increase Linux adoption though, most of those have anti-cheat and DRM.

A part of me thinks think we're further away today then we were 10 years ago.

I am more optimist than this, mainly because of Valve. They contributed a lot to Linux gaming and are now in a position where they can pounce and steal Microsoft's cake.

Microsoft simply cannot allow themselves to slip up on this anymore and I feel like we are at a point where one more major blunder or a scandal from Microsoft could irreversibly sway the tide towards Valve and Linux gaming in general.

I think we're DRAMATICALLY closer than we were 10 years ago, especially given Android has become such a common development target for games.

Not sure I share this opinion, I game on a combination of Linux w/ a Windows 11 VM every day. I'm only really aware of two titles that are actively user-hostile with anti-cheat: Rainbow Six Siege and Valorant. Thankfully I'm not interested in playing either of those. I definitely will not run them, out of principle, unless they reverse their stance on considering a VM to be cheating.

The hoyoverse titles used to detect VMs, but it seems to have calmed down. (I was able to try Honkai Star Rail with no obfuscation effort on my part.) NVIDIA stopped caring about VMs in their GPU drivers a few years ago. FatShark almost made the anti-VM mistake with the new Warhammer 40K Darktide anti-cheat; I refunded the title during early-access and told them why. They reversed course before launch and that also works in a VM. - I've played many Blizzard properties (but not WoW) in a VM as well, though they tend to hate networked storage, for reasons I don't yet understand. (Had to setup iSCSI because my CIFS share over 10Gbit/s paravirtualized NIC was "not good enough", I guess.)

Windows runs in a Hyper-V VM by default now, anyways, so "running in a VM" as a heuristic is of questionable utility to me. (It's how the "Core Isolation" feature is provided.) The real irony is I can't even use the VM to cheat, anyways. The guest's memory is encrypted by default. Modifying it, or even reading it, from the host-side would be prohibitively painful. I guess a VM would perhaps obfuscate emulated/scripted inputs, but I use real devices, and a real USB hub on the guest anyways, because the latency and functionality of the emulated HIDs is awful.

Thankfully Steam is very pro-consumer: if a title I purchase does not run in the VM, or on Linux via Proton, it gets instantly refunded. The nice thing is it is actually in Valve's interest financially to push back on these devs: both to prop up the value of the SteamDeck, and to stop people like me from getting refunds.

I hear about this all the time and it's yet to happen to me. Granted I don't play many triple A online multiplayer games, but those seems to have fallen off the cliff anyways.

The other problem is video streaming. Last I checked, some of the popular platforms wouldn't serve even Full HD content to Linux clients (this despite having Widevine etc enabled).

there are dozens of us. dozens!

The big question is how are they going to do it without giving the vultures root access

an operating system capable of doing basically anything from physics simulations to movie editing is dead once people can play videogames elsewhere

isn't that something

Windows is dead.

Most games can run on Linux fine ( https://www.protondb.com/ ), some even run better.

After some problems with pop-ups I nuked my parent's Windows install and put Linux on the machine. They had no problems using it.

Between those two use cases, why use Windows at all?

A strong warning, the direction Microsoft is going with Windows, Apple is heading in now. I'll put down money that by 2026 iOS and MacOS will no longer be usable. It's good that desktop Linux is now ready for prime time. We can win on mobile too.

why use Windows at all?

I wish I had the same optimism. I have a Fedora partition that gets wiped and reinstalled every release and there's always some showstopper or things are slightly worse that make me unable to commit. I'm not settling for 'slightly worse'. The display server situation on Linux is depressing.

I don't like were Microsoft is heading, but it's way too early to claim Windows is dead.

Why do you keep reinstalling Fedora? It might be worth trying a different distribution, although whatever it is thats forcing you to reinstall every release might affect all distributions. Its not something I've experienced with Mandrake, Suse, Mint or Endeavour.

I agree with your point though - Windows is not dead; for me its a lot of the photo editing applications that I want to use don't run well on Linux.

Why do you keep reinstalling Fedora

Because it's a partition I use to test Linux and rather than upgrade I'd rather start over from scratch.

As for the distro choice, Fedora is ahead of Ubuntu but not as bleeding edge as Arch.

I'm sure there's plenty arguments for using x distro over y. Fedora is just what I landed on.

Mandrake - my third or fourth distro. Rather old school these days 8)

Windows is not dead

I think that's exactly the problem. It's too alive, so they can bastardize the experience in any way.

Why do feel Apple is going in the same direction as Microsoft? Do you think in 2026 Apple will be selling users data to advertisers and have spam search results show up in the Finder?

Ironically the longer and more trusted a company becomes, the more data it gathers, the more potential money it can make by going to the dark side. It only takes one bad CEO thinking of short term profit to see the $$$ and cash in that data and goodwill. Similar to MS it will take 5-10 years for people to realise what's happening and spread the word. By then that person may have cashed out. Is every CEO of Apple or any company for 100 years going to have a long term privacy mindset. I think the only viable way is for the company not to have the data or for them to only service highly knowledgeable users that would move quick if things went to change. But that means the majority must always lose their privacy. It feels similar to the trade off for adblocking.

Sure, I think most people would agree with you but why the strong warning about macos being unusable by 2026? They're making plenty of cash and seem pretty privacy focused under Tim Cook.

Emphatically yes.

OMG I switched to Qubes OS and haven't looked back! I value privacy and operational security over gaming and smooth 4K playback. Snowden showed that, yes, we do live in that kind of world today...

What device are you running Qubes on? Its unfortunately a little hard to find a powerful laptop that can run qubes due to Xen.

Lenovo 20tk- Thinkpad line. It is an i7 6 core with 64GB RAM 2TB SSD RAID1 Intel primary gpu + nVidia GTX 1650 Ti secondary (which I have passed to Windows Server 2022 for Siemens NX 10 when I fancy playing with a toy which costs as much as my house to fully all-the-things license).

previous $JOB needed to support Autodesk products. Said products only run in MS windows. Sad pikachu face ensues.

VR is still very very difficult on Linux though. I still run Windows on my gaming pc for that reason.

Windows is dead.

Yes, with WSL to keep it afloat just long enough to steal your private data before it sinks.

It use to be the case that your private data would be sold to advertisers but that model is changing with the privacy laws, user starting to not tolerate it (e.g. see poor Google search results), and moats that are starting to fall apart (e.g. Apples app store).

Just in time for the next frontier. This time, the goal is to to feed GPT models with your private data. Windows and Outlook seem like excellent funnels to do just that. The best GPT model will require the most intimate data and at the lowest price possible. MSFT is positioned to do just that.

Multiplayer and games requiring anticheat are still troublesome, some don't work at all.

When the games run however, I agree they typically run better.

I’m curious to know where your productivity boosts came from, as those are always a good motivating factor for me to try something new.

EDIT: (For being downvoted about steam and now the ease of install games on linux - read my whole post. Also, I dont put steam on my linux machines specifically to have my own walled mental garden from my distraction proclivity ADHD game mind - Games are what built my career - and as much as I have loved them - as I get older, I can only play less and less)

For me; Its harder to fall into the "Oh - Ill just intall a bunch of these old games" distractions... or "what new games can this bitch run (slaps laptop's lid)"

Also, since Linux has evolved to effectively run an F-ton % of the internet - thousands and thousands of devs, techs, ops, indies, etc have just made the experience so much better.

When I first started with Linux in the mid-90s - I had to hire four promising consultants to help me transition a ETF process by FTP from SUN Microsystems to my company where I was head of IT, to build scripts to create manifests from SUN to us, via FTP - watch the directory, and parse the new-fangled XML that SUN was trying to establish.

Ill never forget the first call with SUN and our execs (we physically manufactured all Software Box Sets of SUN's software, manuals etc - then packaged them and shipped it - so if you bought SUNos/Checkpoint or any Intuit or certain games' companies physical products - we manufactured and shipped it)

So we were using flat files for the transfer or order information for SUN and had some wonky scripts on these four linux FTP servers.

I was not to familiar with Linux at this time - but hired Dave Sifry, Chris DiBona and some others to re-do our FTP flat file ETF process to access SUNs new XML requirement.

We didnt know what XML was at the time - and I infamously said on a call with SUN "OK let me understand. You have your current crappy etl process and you want us to rebuild our pipeline to support your new XML standard.

(The sales people were jumping up and down at me on the call because I called SUNs current practice "crappy" while I was on the phone with a bunch of execs...)

Anyway - I went to our Linux Consultants and I talked to Sifry and I said "If I were you, I'd take your team and start a Linux Support Company."

A few weeks later Sifry and I have a sit-down, and he told me that him and team had created a new company - called "LinuxCare" to offer some of the first enterprise support....

We talked about me joining, but we never came to an agreement, and I believe Dave was one of the first 100-millionaires in the linux space on paper after LinuxCare took off a bit....

(they used to be in the Macromedia building's basement level in SF after that...).

So back then, productivity came from the server side for workflows...

Now - you can achieve exceptional productivity because you're not at the Childs Table when it comes to the UI-first (windows) vs UX-first (linux) utility platform that became a desktop.

But that took decades and millions of people contributing to how Linux can be empowering.

---

But if you just look at the productivity in technological evolution Linux has contributed to computing, I personally feel its a Tier-1 level contribution, and now you can just rely on FN awesome tools, for free, written by millions of smarter people than an induvidual, to make speed to deployment of anything (even if its to gaming) faster, easier and you arent spinning mental cycles on "what the fuck is /usr/sbin?" "Where the heck do I grab these dependencies from? What the FUCK is a make file?

--- Neither of the people replying to me read my whole post.

For me; Its harder to fall into the "Oh - Ill just intall a bunch of these old games" distractions... or "what new games can this bitch run (slaps laptop's lid)"

Not to ruin your productivity but it's actually insanely easy to install a bunch of old games on Linux these days. And plenty of new games run just fine thanks to the advances Valve has been making with Proton.

I know - but its just another step of effort...

top 100 games on some torrent sites tell the story of where games are landing

https://i.imgur.com/1rT2wCL.png

EDIT: YOU REPLIERS ARE KILLING MY PREMISE! MAKING HARD TO NOT INSTALL GAMES ON MY LINUX DISTRO! So by making it "insanely easy" you are promoting why I dont want to install them!!! xo :-)

Thanks for keeping the DNA of my comment alive!!!

You can just open it straight into steam with proton and that's it, there's no effort nowadays. And being old games, the compatibility might even be better than Windows 11...

if you've bought it on steam it's exactly the same effort as windows

double click to install, wait a few minutes for the download, press play and it launches

as someone who grew up compiling different forks of wine with various patches to try to play half-life in the 2000s the improvement is quite incredible

But that took decades and millions of people contributing to how Linux can be empowering.

But then someone created systemd, the end.

For me, i3wm makes me a lot more productive. Instead of mashing alt tab, I have dedicated hotkeys for every virtual desktop, which is dedicated to specific apps/workflows. With one hotkey I always go to the program I’m looking for. In windows I have to just mash alt+tab. But also if the window was in split screen it gets separated from whatever it was paired with, so I have to scramble to bring both windows into focus briefly so they are in front. It’s such a mess of window management.

In Linux. If I had something setup on desktop 3, win+3 takes me to it every time. No matter if that’s one window or multiple. It’s always one hot key away. And then one to get back. I never get lost in a sea of applications that look identical in the alt+tab thumbnail.

I haven’t found a way to replicate this in windows. The closest is “never group things on taskbar” so I can at least click specific firefox windows directly. But that no longer exists in windows 11, so I guess I won’t use 11.

I've always described i3 as like being efficient in vim. Once you've learned the hotkeys and settled on where things live it just gets out the way and muscle memory takes over.

I tried virtual desktops for a while and I'm pretty sure I was using this app for hotkeys to each desktop. https://github.com/hwtnb/SylphyHornPlusWin11

(I don't use virtual desktops anymore so I don't remember that well)

I feel my productivity boost comes from KDE/Plasma, a surprisingly good desktop environment (DE) that's almost too configurable. The ability to tweak almost every element of the DE, especially as it relates to shortcuts, has already allowed me to move around the environment faster and more readily. Also, *nix has always had the ability to do "Focus follows mouse," and I used something similar in Windows, but it just works better in not Windows. Combine this with a superior file manager in Dolphin and an extremely configurable launcher in KRunner and I'm flying around the desktop in ways that Windows just can't. There's more too, but these are probably the biggest.

Watching this "fall of Gnome" with KDE's recent popularity makes me feel strangely vindicated about liking a configurable OS.

I've been using kubuntu for ~2 years now at work and I feel like I need to watch some KDE tutorial videos so that I can learn these tips and tricks too, because I love KDE and what you describe sounds wonderful

At a previous job, we used Macs to do Java and Ruby development, and I thought that was an OK compromise to not having to maintain a bunch of Linux workstations, but still a compromise.

One time the shop took a subcontract for a bigger local shop. They were all Windows. Whenever we had to work with their devs, it seemed we fought Windows as a platform on which to run development tools as much as we did actual application problems. I know there's massive shops that live like that, but I know neither why nor how.

(n.b. this was around 2014, I don't know how Windows has changed since then)

I did a contract gig for a Windows shop recently, and I was pleasantly surprised by how well everything worked. WSL2 made a lot of things soooo much easier.

I love hearing that from people :P

Ran a small software dev shop (~100 staff) inheriting windows. My god, never again... The amount of lost productivity was insane. Soon as went out to start my SaaS company, back to Mac, without a shadow of a doubt. I might actually reboot once every few months on Mac whereas my IT manager at the windows shop suggested as a solution to some problems shutting down everytime people were finished for the day !

The windows shop was non stop hardware, software issues. Laptops (whichever brand) are absolute junk with very short lifespans. Blue screens...

Yeah, the inefficiency was incredible -- and not just on the actual development side. We exceeded their throughput goals by double on the first try, before even attempting to optimize anything. The dataset we were running on was actual production data from their historical busiest day. We managed this on three 2011 iMacs running as the "servers." Their stated throughput goal was 50% higher than the actual busiest day when their architects came up with the design spec. They were just barely able to keep up with their busiest day on a cluster of 100 Windows servers.

Microsoft is betraying user trust with their Windows strategy. A lot of people trust Microsoft, but I wonder if there's a critical mass where the narrative switches to one where the default for most people is to distrust them.

Their products behave too similar to those of bad actors. Recently I had a relative over and was helping them with some computer stuff. They had an odd PDF viewer on their laptop and, when I asked them about it, they called it Adobe. It was not Adobe Reader.

I assumed it was the result of clicking through a paid search result and installing something from the internet, but they insisted they got it from Microsoft. I was confused for a while because it wasn't an app from the Microsoft Store.

Then they explained to me how they got it. They clicked on start, searched for "PDF", and "installed Adobe Reader from Microsoft". The icon for the app they had was obviously made to look similar to Adobe Reader and they had no idea the start menu search is a free for all of Bing results.

They're not stupid and I can't really blame them for misunderstanding. When they showed me, I could see how it would be reasonable to mistake the search result (or ad?) for an app recommendation. The result had an icon and everything. The weird thing is that I can't reproduce it on my PC. I don't get the same results that look too much like recommendations, so either I'm on a different release cadence for Windows or I've disabled some of those unwanted features.

The user should be able to trust everything in the OS. A built-in search feature that exposes users to bad actors is extremely frustrating to see.

To be fair, I've had similar things happen to my relatives with the iOS and Android app stores as well. Installed some random 3rd party app instead of what they wanted because it looked convincing.

App stores are literally where you go to install third party apps. Meanwhile, people don't expect crucial system UI to push ads. It's not even comparable in terms of user hostility. Even more so when dark patterns are used to effectively conceal that it's an ad.

This is worse because the user in question had the "recommendation" pop up in the Start Menu - i.e.one of the most fundamental pieces of Windows UX - not even in the app store.

very frustrating, gonna have to be on the lookout for this with family. Thanks for the tip.

Which distro are you using?

Currently running Debian (Trixie to handle new hardware), as it was the first distribution I played with many many years ago, but I don't know if it's my final destination (though I don't care to "distro hop" either so).

After Ubuntu began to use all those snaps I tried Debian in 2020. Switched to Debian Buster (10) and soon back to Ubuntu because it was not usable for me. In 2023 I tried again with Debian Bookworm (12) and I'm not missing anything. It's a great distro.

In my experience with desktop Linux for a family set of users, only some of which are computer-savvy, LinuxMint was a really good option that provides a familiar UI/UX for Windows users, and generally "just works". I preferred mucking about with KDE and was also generally happy with Kubuntu.

It just seems like a stupid move this late in the ad game when people are starting to figure out they hate it a lot. I've never heard more techno-laymen talking about privacy and advertising than now and MS is just hopping on the train.

It's like they're drug dealers adding fentanyl as if it's a sales perk after everyone's learned about it killing the users.

You know what people hate even more though? Paying for Windows.

Very few people have ever paid for Windows in a way that was visible to them. The majority of Windows users have always just used the Windows that was pre-installed on a computer that they bought.

The cost of the Windows license was part of the overall laptop cost. So buying a new laptop with Windows installed means Microsoft gets some profit from that.

It’s for state surveillance too

:%s/state/MIC/g

After too many years of Windows, I finally bit the bullet and installed Linux on my desktop.

Use Linux at home since 2020, and have recently switched to a Mac for work. Windows is gone from my life, relegated to doing maintenance-work from a VM for the poor saps still stuck on it.

There's no separation of concerns at Microsoft: the allure of recurring revenue from ad-tech and online-services is polluting Windows and Office in a really bad way. I need my operating system and productivity software to (a) work, (b) function reliably offline (Office doesn't), and (c) work in perpetuity for as long as the hardware lives. (Windows hasn't since 10, arguably 8.)

Apple seems to understand that the core stuff needs to be free, and the free stuff can't compromise on their privacy & security core-values to be free. They also come with apps that are reasonably worth using, and they use iCloud to sync and integrate that stuff seamlessly across their device-family.

What Apple charges money for is actual value-added service. You want Music? They've got that, streaming or purchased. You want TV? Same deal. You like books? Yep, got that too. Want some curated news? They'll sell you that. - Signed up for all this stuff and have run out of storage? Predictably they'll sell you more of that, too.

What's more is Apple understands _the meaning of no._ - I can turn that stuff off easily, and permanently, right when & where the nag occurred. No resorting to things like registry edits, group policy hacks, hacking the installer, etc. No gamification of the fucking Settings screen. No ads in my fucking Start menu. I can hide or remove their apps just like any other app. (As a concrete example: for ages I have had to hack Explorer to get rid of personal-OneDrive, which I don't/can't use since I am not even logged into a MSFT account. The equivalent to disable iCloud is a very clearly visible setting in Finder's settings.)

I won't lie, it hasn't been perfect, but the amount of UI polish, the ease of cross-device integrations, and the feeling of Apple actually valuing the customer-relationship, are miles ahead of whatever the fuck Microsoft is doing. Modern Microsoft feels like a Facebook or a Google, and that's really not meant as a compliment.

If Microsoft wants recurring revenue, they need to start providing real services. Windows isn't a service. Office isn't a service. I highly suggest they start emulating Apple, or they're going to get left behind.

Redmond, start your photocopiers.

Windows 11 looks like how IE6 would get after installing too many “toolbars”.

As someone having to write .NET Framework for his day job, I made the switch back to 10 when I started noticing the small things that affect my experience. Edge was aggressive when I would try to download Chrome, Windows 11 updates prompting you to reset your browser settings, lack of taskbar customization options from 10 (I like my system tray minimal).

Everything shows a company too complacent and focused on their own business needs. C# and .NET are the exception because they fought hard to antagonize Java in the corporate world, and while they missed the "billion devices" train for being too forceful with pushing Windows Server instead of going multiplatform, they still won over a decent market share.

It's crazy to think about the amount on insight outlook's data collection must provide on the inner workings of so many companies across so many different industries, even their own competitors. There's no way Microsoft isn't at least trying to use that data for their own benefit, yet somehow the company is still such a mess.

Companies just blindly trust MS with their data and even force their employees to hand their personal data over in the process. I've pushed for my company to stop leaking so much company/employee/customer data to MS, but as long as the corporation doesn't personally experience how that data is being used/abused and they aren't being fined or hauled into court over it I doubt much will change.

We don't have access to that data internally. We can't access customer data outside performance metrics about the service. At least for the normal dev there is no real way to get access to what the customer does.

They can access your whole tenant and everything in it. Have had some pretty wild support calls where MSFT has had to crawl through a tenants data specifically the schedule system. It was ultra broken. They can literally just give themselves permission and roll in. If you can't your just not high enough up in a support team.

Their use of 3rd party and external tools for adjusting registry during licensing problems is wild.

You can get access with customer permission for a limited time window which is audited. In the normal course of business no.

The reality here is that no one will trust a pinky promise. Especially not from Microsoft. You’re fighting a good fight but it’s a losing battle no matter how locked down it feels from your POV.

“Can we have access to X, but don’t worry, we don’t let anyone look at X unless Y happens” is a bit suspicious when “grant X permission when Y happens” isn’t an option.

Even worse when the access to X is only disclosed to users living in a jurisdiction requiring it.

Microsoft’s many brand and marketing folks have a big uphill battle if they want to convince me otherwise. Or they can just stop collecting data.

Like telemetry? We have to collect customer data that's what we get paid for. As for pinky promises we are SOC compliant and externlly audited. https://learn.microsoft.com/en-us/compliance/regulatory/offe...

Welcome to my local bakery! We have to collect your credit card number before you enter. No one can access your credit card number though. I write it on a piece of paper and put it in a safe. Here, look at this list of people that have seen me put credit card numbers into a safe!

I’m sure you understand, we need to collect your credit card number because that’s how we make money at this bakery. No I will not explicitly explain how. Don’t you feel like I’ve improved your experience?

The document I linked explains how why and when. It also explains how we verify that and who does the verification. Also O365 customers have access to audit logs and the rest. At some level everything is about trust there is no way you can verify any large organizations activities.

>At some level everything is about trust there is no way you can verify any large organizations activities.

This is a major problem, actually, and exactly why people can't and won't trust you.

but its true for all organizations and people.

Which is why you should only trust things with E2E encryption.

How do you know they really run end to end encryption and are not lying.

Because that’s auditable on the client end. No need for trust.

You can trust open source, because it is transparent. You can verify, so you can trust. Perhaps it's time to start rolling back the layers of secrecy. Sunshine is and always will be the best disinfectant.

Unless you run it yourself you don't know. They could run a modified version ect. You can't know and at some level you have to trust that they do what they say.

That’s a big document with lots of acronyms and references to specific standards for compliance that law professionals might be familiar with, but is otherwise completely meaningless.

You also mentioned that collecting user data is how Microsoft is paid in the GP comment. That’s pretty clear to me. I thought when I paid Microsoft, that was the main revenue stream.

The document provided in theory communicates what you said so succinctly before, but with more legal and confusing language.

If it says the opposite, then just asking me to assume that this document that’s extremely difficult to read explains why outlook should ingest information I wasn’t told about, since I live in a jurisdiction where Microsoft doesn’t need to, and why that’s actually a neutral or possibly “good” thing for me, is a bit silly.

—

Edit: if I’m misunderstanding what you said earlier by:

We have to collect customer data that's what we get paid for.

Then I’m sorry. I don’t mean to frame you as saying something you don’t mean to.

I should have been more specific. We have lots a data classifications we maintain and we have different rules for different classifications. Customer content we can't access without customer consent. We are paid to store customer content. Customer content is like your work doc stored in one drive. Some classification are only accessed in aggregate. Some are easier to access but cleared after a short period ect. We all have to go though a large training every year about the different classifications and that's not easy to communicate in a short comment.

We store data everywhere to meet european GDPR standards regardless of where you live. We have logs but they can only contain sanitized information.

Any document which attempts to describe how a large origination handles data is going to large and complex. As sometimes different standards conflict. For example we have to keep records of anyone who changes the system for some period of but we also have to delete data that has end user identifiers. When stuff like that happens we have to go to lawyers and have language that describes how we handle thoes conflicts. That doesn't lead to a small doc.

We have to collect customer data that's what we get paid for.

Which is one of the many reasons why I will not allow Microsoft products on my machines.

If you write a document and store it in sharepoint online we have to keep that data as does any online offering.

Is that what you were referring to? The phrase "we have to collect customer data" implies a different thing entirely, so I misunderstood.

My objection to Microsoft's methods in this regard isn't the data that customers voluntarily and knowingly store on Microsoft servers, it's the collection of data about customers, their machines, and the use of their machines that happens behind the scenes.

We collect telemetry about user actions and the successes of our service. All the data we collect is about how the service runs and we only look at it via aggregation. Internally we have training every year about what you can and can't collect and under which scenarios. It gets stricter every year.

I would imagine it gets stricter every year due to this generally common opinion of Microsoft among these circles.

Wish you all the best though, a Microsoft people trust would do good for the world.

What are you using instead? Open source offerings generally work for me, it's when I have to share the results with others that formatting etc problems appear.

Are these external audits just SOC checklists where they're basically just looking at policies and processes for employees or are teams of auditors routinely coming into each office and data center to physically examine servers and trace network cables while taking an independent inventory of all the hardware that sensitive data touches and the software running on that hardware?

SOC compliance and external audits can help keep things reasonably secure and prevent the totally careless/incompetent handling of data, but I'm skeptical that they would typically be robust enough to detect Microsoft's own equivalent of Room 641A let alone the actual hardware installed by the feds which MS itself isn't allowed to touch.

I don't know if I can say what we have to turn over to the auditors that isn't in the public document. As to verifying the hardware we buy our hardware from other companies who have their own controls. If you dig far enough down everything ultimately comes to trust as no one can verify everything.

All the more reason to only ever trust a corporation to do what is in the interest of their bottom line, including lie to your face, collect and sell your data, and violate the law whenever the financial disincentive is less than the profit potential.

The reality here is that no one will trust a pinky promise. Especially not from Microsoft.

I'll just chime in to say that, while I appreciate the sentiment the user is conveying, I certainly don't trust a Microsoft pinky promise.

You can get access with customer permission for a limited time window which is audited. In the normal course of business no.

Right but no one is saying your department is violating our privacy. I'm not sure why you feel a need to defend it.

I think we can safely say that MS's methods of violating our privacy are all automated and that you + coworkers aren't eyeballing our personal data. So we can move on from that.

If you'd like to speak to the privacy violations that are referenced in the article, we're all ears. Education guesses about methods or who some of the 3rd parties are would be terrific.

They can literally just give themselves permission and roll in. If you can't your just not high enough up in a support team.

That is what a support team is for.

And those access elevations will be tracked and audited, just like at any other organization that handles sensitive data.

This isn't some super duper secret, when shit breaks there needs to be a, well secured, escape hatch for the people who fix things to crawl in and make repairs.

Prior to cloud hosting, Microsoft could get permissions to remote in to your servers, or prior to those days, send someone physically out with a laptop and a debugger.

And those access elevations will be tracked and audited, just like at any other organization that handles sensitive data.

But surely you can see that saying this is still the same as just saying "trust us". It's very, very hard to trust Microsoft.

Not having those protections in place would be a company ending event for Microsoft. The legal system would crush them, and customers would leave in droves.

And the number of markets Microsoft completes in now is tiny. This isn't the 90s where Microsoft competed in slews of consumer and business markets. The potential upside from the Cloud team slurping up secrets from competitors in literally ANY other business segment, is dwarfed by the losses that would hit MS.

Now of course that doesn't mean some corrupt fool in sales won't risk destroying the company so he can make his yearly bonus (that very thing has brought down companies before!), but Microsoft internally has a lot of motivations to ensure that doesn't happen.

So, don't trust Microsoft saying "trust us". Trust Microsoft being greedy and wanting to keep growing the cash cow that is Azure Cloud.

I wasn't talking about Azure. I was talking about Microsoft's software products such as Outlook, Windows, etc.

Rergardless, my point is that Microsoft saying that they have audits and controls in place is exactly the same as them saying "trust us". They're just saying "trust that we have effective controls in place".

What exactly can an org do. We hire outside verifiers and then meet their standards.

Sure, I understand. The thing is that a company has to already have a measure of trust in order for the verification to be of reassurance to people. Hiring outside verifiers is absolutely better than nothing, but it's not a thing that inherently instills a high degree of confidence.

What an organization can (and should) do is to behave in a way that earns people's trust over time. Microsoft actually had a window of opportunity to do this. They even made a very public campaign proclaiming how they weren't like the Microsoft of old and were more trustworthy than they used to be. And for a while, I even thought that perhaps a real culture change really did happen. But their behavior (especially around Windows and Office) is uncannily similar to that of other companies of questionable trustworthiness.

Suppose I'm using services provided by JohnFen's employer. What does it do better than Microsoft that I can trust it with my data? What should Microsoft do to be a trusted partner?

You don't have to take their word for it. See the SOC audit reports for yourself:

https://servicetrust.microsoft.com/DocumentPage/6ee23fc7-20d...

That document doesn't seem to want to load for me, so I can't really comment on it one way or another.

https://learn.microsoft.com/en-us/compliance/regulatory/offe...

https://servicetrust.microsoft.com/ViewPage/AllDocuments

I got to the PDF download link, but I have to have a Microsoft account to actually download it, so that's a bit of a showstopper.

In any case, it doesn't much matter. The threads I'm in here are pretty much just me saying I don't trust Microsoft and others saying that I should, so I'll just bow out and leave it at that: we have different opinions.

It's very, very hard to trust Microsoft.

The utterly massive enterprise market that values security and privacy and also pays Microsoft oodles of money says otherwise.

Enterprises have more leverage and different agreements, often custom agreements, with vendors. Small businesses and consumers get click-wrap agreements - nobody reads them; nobody has time and Microsoft wouldn't change them regardless.

If you don't know that millions of people spending money can't be fools, you're probably one of them

And frankly given the monopolistic nature of the business, there are a lot of enterprises that pay for microsoft's services because they don't have the power to make the decision not to

Well, I think most enterprises are more concerned with liability than anything, and as long as they can blame any breaches/security issues on Microsoft, that addresses most of their concern.

Also, people aren't enterprises. Microsoft doesn't treat people like they treat enterprises.

Oh I don't treat it like a secret. It's more that it's not known or understood by many users in how it actually affects the security posture of your organization.

It's one of those commonly overlooked things.

MSFT employee here.

Cannot say for the entire Microsoft, but in Azure the only way to access customer data is through support flow for cases where customer explicitly gave permissions. Otherwise support portal will not allow access. And there is no other way of accessing customer data. Access is revoked after a case is closed.

The incentive for customers to give this access is simple - with this my team can answer questions right away without very lengthy back and forth (especially if customer is in different time zone). Which results in (way) faster support and problem resolution.

What about executives and other higher-ups? If they want to know about my internal business operations - for example, if we are competitors, they are looking to invest, etc.

Is there technical protection? Is it encrypted in a way that's only accessible to me?

MSFT employee here.

Cannot say for the entire Microsoft, but in Azure the only way to access customer data is through support flow for cases where customer explicitly gave permissions.

That article notes that Microsoft says Microsoft accesses our data and make it available to 7xx 3rd parties. It is safe to assume that Microsoft has automated process to violate our privacy and not eyeballs and fingers.

So you don't really need to defend Azure tech support because no one is accusing Azure tech support.

I use an older version of "Windows Firewall Control". Regarding Outlook, I block ALL, except the server(s) that Outlook needs to contact in order to collect emails (i.e. you may have a couple of gmail accounts, etc.)

The pros: Outlook doesn't get to speak to MS The cons: When an email has linked images, they don't load, which for the past 20+ years hasn't been a problem.

On one hand we have:

sabarn01> We don't have access to that data internally. We can't access customer data outside performance metrics about the service. At least for the normal dev there is no real way to get access to what the customer does.

On the other hand we have:

Microsoft> We and 7xx Third Parties access Outlook data on user devices.

Taking both you and Microsoft at face value, we seem to have two fairly different assertions.

Customer concerns could be allayed if their shared data was fully auditable at any time by the customer. This would include what buyers of this data can see.

Outlook (the app) is not the same as outlook.com (the email service) or Exchange Online (what most companies use). Data from one product/service could be used in different ways than others.

Of course. Microsoft has different email products and services that they skim customer data from.

Fortunately, Microsoft has infrastructure so robust they can share a customer's data with 733 3rd parties.

I think we can safely send one more copy to the customer (who's data it is) without overtaxing anything.

Companies structure their relationships with Microsoft in detailed contracts, which specify what data Microsoft’s corporate staff can access, and why, and what the penalties are for violating the contract.

These contracts are extremely lucrative and extremely detailed. Microsoft applies a business analysis to each one of them. If they determine it’s more financially beneficial to abide by the contract, they will.

There is zero “blind trust” involved, on either side. Where there is trust, it has been earned. And it can be burned.

Contracts are great, and may even provide for some type of compensation or remedy if you know and you could prove that Microsoft was using the data they collect against their own customers, but good luck knowing/proving that.

If Microsoft uses the data they have to come up with competing products, or to time the release of their competing products, or to decide which stocks to buy or short, or to decide which companies to partner with or avoid, or which of your employees they should try to attract, or even to sell or leak privileged information to your competitors you'd never know about any of that without a whistleblower at Microsoft saying something, and that person's income and very comfortable lifestyle depends on them keeping their mouth shut. A whistleblower may also risk legal consequences themself if they ever come forward. Risking themselves, their future, and their family is asking a lot which is why whistleblowers are extremely rare.

That's part of the problem with surveillance capitalism. All the spying being done is to collect massive amounts of extremely valuable data, but very little of that data is used transparently. You simply can never know how the data being collected about you will be used against you, you can just be sure that it will be.

The reason companies are investing huge amounts of resources into collecting, storing, and analyzing every single scrap of data they can get their hands on is because doing so is making them money hand over fist. I doesn't matter if it's your data, or your company's data, they'll be using it in any and every way possible if they even suspect that doing so will give them an advantage or make them more money and their gains will almost always be at your expense.

Let's say Boeing is a Microsoft customer. What is Microsoft going to do, read all of Boeing's emails and then start manufacturing airliners and spacecraft? I think for most companies it would not be that hard to tell if Microsoft stole their data and set up a directly competing line of business.

If you can see Boeing's emails to Slack / Salesforce / AWS / ..., you know exactly what new features to build into Teams / Azure / etc., and exactly when they might be most receptive to a sales pitch. MS may not be in the aeroplane business but they're in a lot of businesses.

So the idea is that MS would violate all their largest existing contracts, potentially committing criminal fraud along the way, in order to gain some marginal advantage in securing a few additional contracts later on? Does that sound like a sustainable business strategy?

Companies routinely break laws when they think they'll increase their profits. Companies will even knowingly and willingly kill people, commit mass poisonings, pollute the Earth, work with terrorists, or exploit children. Microsoft isn't any different when it comes to having a willingness to break the law whenever they think they will profit from it.

Just last year Microsoft was fined for illegally collecting children's personal data. Microsoft has also broken the law to sell software in violation of US sanctions. They've illegally bribed government officials. They've committed a number of anti-trust violations. In these cases breaking the law was probably still worth it for them even after the fines they were forced to pay and other slaps on the wrist they received. We have no idea how many other laws they've been breaking without being caught.

For a company willing to break laws in the US and around the globe, violating a contract with Boeing is nothing, especially when the risk that Microsoft would be discovered taking advantage of the data Boeing gave them is basically zero.

You could even argue that Microsoft owes it to their shareholders to exploit every possible advantage they have at their disposal to maximize profits, laws and contracts be damned. That seems to be the position many corporations take at least, and even the companies that have been caught committing the worst kinds of acts like Purdue Pharma, DuPont, or Philip Morris still exist today and seem to have no problems with sustainability. MS could even use the data they collect to help ensure that they maintain their relationship with Boeing for as long as it benefits them to.

You’re writing down things that everyone already knows. But you’re seeming to not take the next mental step, which is:

Given that I understand all the bad things that a business can do, how do I structure a relationship with a service provider such that I get the benefit of their service, and avoid the bad stuff? What tools can I use to ensure our interests remain aligned?

You’re writing like it’s not possible to do that. Even though we live in a highly specialized society that is chock full of examples.

Right, if they have the chance to utilize information they've already collected to their benefit in any way, it would be seen as a "dumb move" by many to not capitalize on it

I'm not suggesting it's a way to go but there might have been some reasons companies hosted their own infrastructure (even at the cost).

They controlled the upgrades, and Microsoft for a long time couldn't even count how many copies of office, etc were being used because the software didn't phone home. That software is probably still running until it's updated to have telemetry added.

What they can exploit depends on what's in Boeing's emails, and their existing relationship with MS. They might have seen internal communications about the problems Boeing had recently and used that information to guide investment decisions.

Maybe Microsoft used the information found in outlook to tailor their product offering and craft their sales pitch when convincing Boeing to buy into their cloud services and AI tech (https://news.microsoft.com/2022/04/06/boeing-and-microsoft-d...). Perhaps Microsoft found and leveraged detailed information on Boeing's finances and IT budget which allowed them to set a price much higher than they would have for those services. The more you know about a company and their situation the more leverage you'll have in a negotiation.

Just because MS isn't making airlines doesn't mean that they aren't able to abuse the data they collect for their own profit at Boeing's expense.

Companies structure their relationships with Microsoft in detailed contracts

That might be so for big companies. Most smaller shops more likely just accept the (still extremely detailed) T&C's outright. That certainly structures the relationship, but I doubt there's much balancing involved.

I'm thinking of e.g. the medical lab next door, the girlfriend's gynecologist, most smaller businesses really, of which there are a ton which deal with relatively sensitive customer data.

Yeah, Microsoft seems to have all the power when it comes to small customers.

And yet their standard contracts don't say "if you give us all your data, we'll do whatever we want with it, tough shit." In fact they say pretty much the opposite of that. Isn't that interesting?

Big companies like MS will apply the same business analysis to their small customer contracts as they do their big contracts--but at scale. If they decide they'll make more money by honoring all the little contracts, they will honor them.

So even small customers need to understand the incentives that help that analysis come out in their favor. They tend to rely more on external incentives like criminal penalties under statutes governing fraud, personal data, medical data, etc., and the potential for negative press coverage.

I would imagine you have to be large enough for Microsoft to even entertain neogotiating with you.

If the majority of businesses (and employment, and communications) are small businesses.. where does that land?

Companies that use GMail/Google Workspace also weak a ton of private employee information to Google, without giving said employees much choice.

I mean, I don't think that's unreasonable. You are being paid by your employer after all, and part of the deal is that you agree, to a large extent, to do things the way your employer wants.

If you think it is a big issue you can of course talk to your employer about it and see if they will change, but they're also free to disagree with you.

> blindly trust MS

We were sold on (in my mid biz) Microsoft being all-the-things compliant: HIPAA, GDPR, etc.. and this is why we put all our data there. As long as they keep touting this, businesses will keep on feeding them data.

We have to certify every O365 service for all of these. We also have to certify all of our dependencies.

Wouldn't surprise me. After all, Microsoft has always been built on a process of reimplementing/porting/integrating what others have made/invented before them, then doing a bunch of shady/clever business moves to corner the market.

yet somehow the company is still such a mess

https://www.reuters.com/technology/microsoft-overtakes-apple...

Some mess.

I do some tech support on the side. No one, and I mean no one wants to pay for email. So here we are.

The cool part about Proton is they bundle a lot of their services. You aren't just paying for email—you're paying for VPN, encrypted cloud storage and more.

Why is it cool to pay for stuff you may not use?

You're missing the point, however, I'll entertain it.

Most services just offer a paid email. Proton offers all of its services for an extremely low monthly price. Not to mention their security protocols are among the best.

Everyone uses email. Most use a VPN (everyone should) and almost everyone utilizes some form of cloud storage.

I started off purchasing to use their VPN and now actively use all 3.

Why should everyone use a VPN?

It’s a false sense of security and a waste of resources. The ones making the money are datacenters and middle-men.

Using the internet in general is a false sense of security. If you want total security crush all of your technology and go live in the woods.

The point of cyber security tools like VPNs is to limit tracking, data sharing and reduce the potential for malicious actions to be taken against you.

You can't honestly say not using a VPN is better than using one. What's the alternative? Unencrypted web traffic? Your ISP harvesting your web data and selling it? Exposure on public networks?

Is it limiting tracking, or potentially exposing a untrusted middleman with knowledge of all your traffic, and who it belongs to?

What is the difference between the ISP knowing this and being a problem, but the VPN sitting with the exact same information, also knowing it?

ISPs knowingly collect it and sell it. Proton (at least according to them) do not collect it. You must choose your VPN carefully.

That’s a pretty strong statement to make about all ISPs in the world.

https://arstechnica.com/tech-policy/2017/03/senate-votes-to-...

It's true. In fact, in the US they even lobbied congress to do so: https://techcrunch.com/2017/03/28/house-vote-sj-34-isp-regul...

I mean, sure, it really depends on who is providing the VPN. With Proton, you're already using them for your email, so if they were a bad actor, you're basically fucked already. If you have ProtonMail, then the choices are 1/ No VPN, so your ISP will collect this data, 2/ a popular VPN provide who will collect this data, or 3/ Proton who say they won't and they've already got you email too if they are liars. Option 3 is the lowest risk of event if they are good actor, but also the potential damage of an event, if they are bad actor, is much higher since they have more data including email based 2FA.

Like I said above, the best option is to not use technology at all. If you want to use it, you play the odds and attempt to limit nefarious activity against you.

Unencrypted web traffic?

I don't know if you're aware, but basically all sites on the internet use something called SSL these days. However, SSL is useless if you use a VPN that also provide DNS servers (which most do) - because the provider could listen in on all of your traffic by hijacking the handshake, DNS and traffic to and from any target server - making it much easier to create a user profile, because you're authenticated to the VPN.

Also, third party cookies are blocked in the mainline browsers by default, making VPNs even more useless.

Most if not all of the ISPs also use dynamic IPs, making it unlikely to be cross-site-tracked based on IP sources.

Control over a clients DNS doesn’t let the VPN provider view the contents of TLS encrypted traffic. However they can view unencrypted data from connections like SNI headers, DNS queries etc.

The point here is that if you use someone else’s dns, they can redirect any domain to their server and sign the cert too since they also control the traffic.

You can’t serve a valid certificate chain to the client even if you control their traffic, because your malicious certificate isn’t signed by a trusted CA. And you can’t get a CA signature without demonstrating control of the domain to a CA.

What does that have to do with your ISP having access to this information and selling it? In addition to using public networks?

Additionally, 3rd party cookies may be blocked but cross-site are not.

You realize 3rd party cookies and cross-site cookies are the same thing?

Am my own isp.... I rarely use a VPN. Fixed ip and all.

Your VPN doesn't protect against squat when it comes to the agencies that might be watching. Hell it doesn't even protect much against marketers fingerprinting your movement around the internet. You leave a plenty big breadcrumb trail that isn't just IPV4.

Honestly VPNs have been a great marketing example of the last 5 years. You all buy something without needing it or knowing why t f you have it. Yes using internet without one is better. Why? It's cheaper for starters.Auth. faster! No relay slowing down your connection!

VPN best use isn't on consumer end. It's on orchestration end as another tool to guarantee you are who you say you are via another layer of auth.

There is one specific case in which using a VPN is faster: if your ISP has bad peering in general, but good peering with your VPN provider.

It's like Apple offering a default "privacy vpn", and lately now google too, it's really just a way for them to slurp your data as well what you're visiting, dns resolving, basically everything you do over the network. Even worse is apple enables it by default for all their devices, so all day long firewall logs for customers fill with "proxy avoidance" drops for apple proxy service as that's what a firewall should do in a corporate environment, treating this as data exfiltration.

What does Apple really do with that information? I at least know what Google or Microsoft is doing, by example of this article.

I just laugh as Apple users misplace their trust and think they're somehow secure for it buying an iphone, at least Microsoft users know the insecure mess they're stuck with.

https://support.apple.com/en-us/102602#:~:text=iCloud%20Priv....

Lots of people have this strong psychological need to feel like they’re Doing Something™. VPNs sell them that peace of mind.

Why should everyone use a VPN?

It’s their emotional support software.

Not to mention their security protocols are among the best.

What does this even mean?

They also have offers where you only pay for email || vpn || cloud-storage. Their payment structure is somewhat confusing, but very flexible.

You mean the VPN? Because we all use cloud storage these days.

This is an email client. Not email server.

your IMAP and SMTP username and password are transmitted to Microsoft in plain text.

What the heck?

Their concern is valid, but it's weird that they call it "in plain text". "Plain text" has a specific meaning of "unencrypted", whereas this is encrypted in a TLS connection. Yes, both TFA and the original heise.de article say (paraphrased) "Although it's in a TLS connection, it's in plain text." but it's just confusing to phrase it this way, especially since it becomes easy to remove the "Although it's in a TLS connection" clause, as you did in your quote.

Their objection is that the credentials are being transmitted to and stored by Microsoft at all, instead of Microsoft generating and storing an automation token / app password. That is a valid concern. But tacking on "in plain text" to it just creates confusion.

I would say that plaintext is correct.

if password "secret123" is sent to you, it doesn't matter if it was sent via carrier pigeon, locked up in a secure briefcase and delivered by someone driving an aston martin, or via a TLS channel. It's still plaintext, because the receiver now has the actual password, and not a hash of the password.

It does matter. Transmiting it in plain text, ie unencrypted, is much worse, because it means eavesdroppers also have access to it.

But tacking on "in plain text" to it just creates confusion.

Today, when the context is service provider and customers, "plain text" is used to say that service provider has the data unencrypted.

That’s not what transmitted in plain text means. Transmitted in plain text means unencrypted on the wire, which is not the case here. Proton definitely knows that, and deliberately worded it this way for maximum scare factor. If they’ll be deceptive here, where else will they be?

> your IMAP and SMTP username and password are transmitted to Microsoft in plain text.

I think that is not true. I think that is a lie on Proton's behalf.

When I set up the email client, it connects via OAUTH2 to the other services. It's connected as an app and not via credentials. If it connected via bare credentials, then it'd be a "legacy app" and you'd need to generate an "app password" for it, but you don't.

> your IMAP and SMTP username and password are transmitted to Microsoft in plain text.

I think that is not true. I think that is a lie on Proton's behalf.

Sadly, it is all too true:

Microsoft lays hands on login data: Beware of the new Outlook https://www.heise.de/news/Microsoft-lays-hands-on-login-data...

Warning: New Outlook sends passwords, mails and other data to Microsoft https://mailbox.org/en/post/warning-new-outlook-sends-passwo...

No one, and I mean no one wants to pay for email.

I and several people I know are happy to pay for email. Every report like the one linked here makes me an even happier paying customer.

Perhaps you have a different definition of "no one".

A charitable interpretation of "No one, and I mean no one" would be an incredibly small fraction of a percentage of people to the point of being insignificant and irrelevant to the conversation.

There's enough people paying for email that there is not one, but several farly large providers of such services - Proton Mail among them, but also e.g. Fastmail.

How does this jive with the fact that people using Outlook are almost surely paying for email because it's their work's Exchange server?

In this case Outlook isn't actually Outlook, it's the replacement for Windows Mail which they're now calling Outlook, not what you and I think of as Microsoft Outlook.

This is a new version of the Mail for Windows app. Outlook for Windows is free. Outlook that comes with the Office Suite is not, it costs money.

So you could have two different Outlooks on your Windows 11 computer now. Just like there could be 3(!) versions of Teams installed (Teams for Home with Friends and Family, Teams for Work or School, and New Teams for Work and School).

I pay for Migadu and very happy with it

Me too. Another vote for them.

I pay for ProtonMail but understand that most wouldn't. AFAIK they still offer a decent free tier, which I'm happy to help support.

I'm happy to pay and I do.

The problem is, even when email is paid for, like an O365 account, the clients are still forced into being the product.

You're writing this comment in response to an article by a company that only exists because people want to pay for email.

I pay for Amazon WorkMail (through AWS) and couldn't be happier. $4 per user (50GB mailbox) per month. Gets the job done. Integrates like a charm with mail clients, lets me use multiple domains!

Why say no one?

Do you pay for your personal emails? I do (Fastmail) and I'm very happy. Same with search (Kagi) and many other services.

You're wrong. I don't need more than one data point to make that conclusion.

I pay for protonmail, and I'm very happy with what I get. I can even use it as a client for receiving and sending email from my own domain. So, if ever I were to want to get away from it, my accounts won't be tied to the email provider.

This is talking about the paid outlook desktop app, not the free email service. There are many issues with the new version of the paid app, the main one being its really just a webview for wrapper for the website. You could just as easily pin the tab and have the exact same experience.

I happily pay for email.

I pay for Fastmail (for now), iCloud Mail, and have paid for 15 years. I know I'm the outlier, but it's not no one or services like Hey wouldn't exist at all.

I pay for proton mail and am quite happy to do so. In fact I pay for everything I use on the internet if I can. Kagi, proton, etc, unless there’s an open source option. I even buy the family versions and share with my parents.

Enough people to make protonmail profitable it seems

"No one wants to pay for email" because they haven't thought they needed to in a very long time. For over 2 decades, the leading email providers have all provided email for free. Before that, consumers (at least in the US, as that's what I'm familiar with) received email service from their ISP, which wasn't "free", but still provided as a part of your service fee. I honestly don't think it's all that alien that folks would balk at the concept of paying for email service.

If folks ask "why would you pay for email", I think the right first answer to that question is that it's a better service than the free service providers. Then, you can talk about the why's (when you pay for email, you're the customer, not the product, the privacy aspect of not having their email being farmed to enhance a company's advertising profile about you, or being used for AI/ML research if that's important to you, or any of the other reasons that might be important to folks).

So yeah, paid email is a premium service, and if we're being honest, it's been a premium service for regular folk for decades. I happily pay for email myself, but my parents sure don't, my wife doesn't, and most of my friends don't.

No one, and I mean no one wants to pay for email. So here we are.

This Outlook risk hangs over my client's head because they opted to pay. Last year they moved from self-hosed Exchange to hosted-Exchange + Office 365 + all the recurring fees (and support costs).

Paying rent to reside in MS's surveillance hydra isn't a terrific bargain.

I pay for a mailbox.org account.

Paying for Proton's services is a no brainer to me. $11 a month for access to VPN, encrypted email, encrypted cloud storage and more.

Will gladly pay to not have my data shared with 772 3rd parties.

Nextdns.io is a great (free) addition to this.

NextDNS Pro is also €25/year. Super reasonable and ridiculously good product.

Agreed. I don't make enough queries a month to need a pro account but would gladly pay if needed.

My network makes 3,401,347 queries in a month, that's more than 11x the limit, but regardless, the price is so reasonable that even if I didn't exceed it I couldn't really motivate not paying when the service is as good as it is.

With that many queries, do you utilize the business tier or just the pro? Asking because I'd like to get this service on my company's computers.

Just the Pro, but this is my home network, it's just that I'm a Pro user hehe.

I'd rather pay hundreds of dollars for software upfront than a monthly subscription. But I'm still considering paying for the cheapest Proton option.

You can also pay for Proton's services yearly and bi-annually: https://proton.me/mail/pricing

By monthly subscription I mean any subscription. An annual subscription is still a subscription. I want to pay for a perpetual license and never pay again. Unfortunately that would be difficult for an ongoing live service such as email.

I agree. I utilize the annual plan so it's a bit cheaper.

Let me start by saying that I don't think Proton is a bad company in any way, and I have no evidence of any kind of malfeasance, but I still must ask...

Do you have an exit strategy if Proton goes the way of Microsoft or Google? Those two only had apathy and inertia keeping people in their ecosystem, but Proton kind of has you locked in, because you can only use their proprietary apps to access encrypted emails. Yes, I know you can use IMAP, but my understanding is that any email sent via IMAP isn't encrypted, and any encrypted mail can't be downloaded via IMAP. Either way, just because they have IMAP turned on today, doesn't mean they won't turn it off tomorrow in the name of security.

We'd like to point out that you can connect a custom domain to a Proton Mail account, which would make you eventual migration easier. Additionally, we also offer a free email export tool: https://proton.me/support/proton-mail-export-tool. Finally, Proton was created in order to make online privacy available to anyone, so we will always try to maintain interoperability as much as we can.

I'm not very tied to any of my emails. I recently did a painstaking digital purge so, switching everything over would be very easy for me.

Agreed. I just switched my personal email over to Proton after already using them for my business email for a year or so.

The webmail is slick (and refreshingly simple) and I'm really liking their iOS Mail app which is a huge improvement from the old version from a year or two ago.

Hope they continue to invest in Calendar and Drive (encrypted storage) - both need a bit more work, but are usable enough for now.

We definitely will! Happy to hear that you are relying on our services for your business.

I concur. I also enjoy the ability to create alias emails. I do use a mail forwarding service but it's nice to be able to split things up.

They recently added automatic mail forwarding, so I pulled the trigger as well.

This only applies to free accounts, i.e., accounts that have M365 Personal or Family don't have the Advertising section

This only applies to free accounts,

This is not true.

My business clients on hosted Exchange are paying for O365 Biz. Their local Outlook app has a Try The New Outlook switch in the upper right corner. That's all it says.

The one employee who clicked it (before I could warn them) found the local paid-for, Outlook app transformed into web-based Outlook running in Edge.

All of the same issues mentioned in the article were first discovered in this New Outlook by German researchers.

This client made a point of purchasing local-run Office apps. Web based Office is a non-starter. In this case, MS is using a deceptive method to hijack my client into running software - they they explicitly paid to not have to use.

Microsoft's behavior in this is clearly unethical.

New Outlook described in article is not PWA Outlook you have with "New Outlook for O365". PWA Outlook for 365 is different from this.

Part of Microsoft Problem here is they have 4 things they call "Outlook". Outlook the Consumer Desktop Application which is privacy nightmare referenced in this article. Outlook the personal free email hosting service (old Hotmail), Outlook the Business Desktop Application most people know. New New 365 Outlook which is just WebView2 Outlook.

New Outlook described in article is not PWA Outlook you have with "New Outlook for O365". PWA Outlook for 365 is different from this.

Okay. And?

As I mentioned in my post, the same behaviors discussed by the Proton researchers were also discovered by German researchers in the "New Outlook". Does the purchase channel matter here?

Yes. This is consumer grade Outlook hooked up to Consumer free mail hosting. Outlook (Desktop/Web App) in 365 is COMPLETELY outside of proton article.

This is consumer grade Outlook hooked up to Consumer free mail hosting.

That is indeed what Proton showed.

And for the 3rd time, I am saying that German researchers showed that the same bad behavior happens in the New Outlook client that is part of Microsoft's office business suites.

Outlook (Desktop/Web App) in 365 is COMPLETELY outside of proton article.

Again, so what?

Very specifically, please explain why it matters that the bad Business Outlook behavior was reported in a different article.

Yeah, this just follows the rule of if its free, you are the product, not the customer. You're going to get ads and relinquish your data in exchange for the service.

For proton, I assume they have a free tier (I don't know I pay for it). So I guess they let people know to push adoption or get people to make the jump, but the assumption is they have some conversion rate to paying customers. For those that never want to pay for email as their usage scales, they're better off staying.

Although I understand your point, Shoshanna Zuboff would say otherwise. We are the resource; not the product, neither the consumer.

According to her, "their" product used to be information. Then it became prediction. And now it's behavior modification, which they achieve by constantly mining us (the data we provide them).

At least IMHO, this is a more accurate depiction of the current state of affairs. Although in the end, it may be quite a similar metaphor, either way.

This is a good addendum to my post, it expands upon it. I don't even take it as a correction, and I learned a bit. Thanks for this.

I don't know who Shoshanna Zuboff is (I'll 'kagi' them), but I agree with the points made. It's been an evolving strategy of how to exploit users as a resource for financial gain or at least cover the costs of the free tier service.

But you paid for the OS (or the computer it came on), so it wasn’t free.

But even then, they still collect data or am I wrong? You won’t have ads but they still have access to your data etc.

I’m doing a heavy amount of assumption, but I’d be surprised if MS would so thoroughly piss off their enterprise users.

Microsoft is absolutely doing this to business customers. One of my corp clients who uses O365 Business + Enterprise Exchange got hijacked by the method in the below article.

https://www.heise.de/news/Microsoft-lays-hands-on-login-data...

“accounts that have M365 Personal or Family” (per GGP) clearly aren’t enterprise users.

Until it doesn't. On-demand streaming services anyone?

I get absolutely positively outraged when a paid for product such as Operating System or MS Office starts bombarding me with ads.

I get that this was entirely predictable (see XKCD exhibit 1), and that once we allowed it in websites and webapps there were no real barriers left to downloaded installed native local apps, and my outrage is too little too late.

And I get that saying "I'm now installing Linux on my laptop" is... nice but irrelevant. 0.01% of userbase doing that will make laughably no dent.

But it's really really getting too much. Grumble Grubmle everybody get off my lawn! :-/

Relevant XKCD: https://xkcd.com/743/

That XKCD sums up why I *WONT* pirate programs.

That's how Adobe got to where they are. People pirated their stuff (and bought legitimately), got their stuff trapped in their formats. Then they turned the screws and locked people out of their own content. Autodesk did the same exact thing too, with Inventor and Eagle.

Your personal data is too important to be used as some ransomware (read: proprietary programs). Cause then, it's not just the finding an alternate program, but figuring out how to export.... if they even let you.

Then they turned the screws and locked people out of their own content

How did Adobe do this?

Probably referring to the SaaS turn?

But you still have the current software and your current files. Who's locked out?

That last, non-rented version might not run on the current hardware.

Like CS2, which ran on PowerPC Macs. Intel and ARM macs need not apply.

That's not locking you out of your content, though. If Adobe vanished then we wouldn't say that they locked us out of our files when a new chipset came along. I don't think they have a mandate to deliver future changes to their software for nothing that maintain chipset support for anything we might buy.

Didn't they go well beyond CS2 though? Why did you pick such an old version? We ran Adobe on Intel Macs well before SaaS. In fact, we were running Adobe Premiere before Final Cut was released.

* Adobe switched to subscription model.

* Locked-in (for various reasons) userbase moved in to subscription model en masse, begrudgingly and complainingly

* Now, as soon as you stop subscription, your software stops working, and your catalogue will not work with pre-subscription files

We can debate semantics of "turned on the screws" and "screwed over", but take it on my word that most of us are feeling thus :). Yes we were hoisted by own petard and choices.

I'm not criticising that. I'm saying if you have a copy of the version you bought (or pirated!) then you aren't locked out of your content back in the day.

Don't GIMP, Paint.net, and Photopea all open Photoshop files? Lock-in sucks, but Photoshop is much easier to give up than something like Salesforce.

They do, but compatibility isn't perfect and fixing anything requires huge reverse engineering knowledge or prior knowledge.

See:

"... PSD is not a good format. PSD is not even a bad format. Calling it such would be an insult to other bad formats...

If there are two different ways of doing something, PSD will do both, in different places. It will then make up three more ways no sane human would think of, and do those. PSD makes inconsistency an art form...

Earlier, I tried to get a hold of the latest specs for the PSD file format. To do this, I had to apply to them for permission to apply to them to have them consider sending me this sacred tome. This would have involved faxing them a copy of some document or other, probably signed in blood. I can only imagine that they make this process so difficult because they are intensely ashamed of having created this abomination..."

https://news.ycombinator.com/item?id=575122

https://layervault.tumblr.com/post/56891876898/psdrb

https://news.ycombinator.com/item?id=6129237

I can only imagine that they make this process so difficult because they are intensely ashamed of having created this abomination...

There is no shame in that game.

I do both. If I get legitimate use out of an app, I purchase it, but I also pirate a copy and store it on the NAS. I bought it and I will own a copy forever. They can just get over it. They were paid.

After 20+ years on Outlook, I recently switched to Thunderbird. Not quite as full featured and a little slow at times, but it’s finally a viable replacement for Outlook.

I wish I could use Thunberdird. It grinds to a halt far too often for me. We have very large inboxes, so maybe that's a factor.

If you are on Windows, the antivirus might have something to do. It used to be slow for me too but I added an exception and now it's really fast, or at least fast enough so I don't perceive any significant lag.

That's a good idea. It tends to lag when downloading messages.

It handles 150k messages in a folder without a sweat for me. Do you have more?

My Thunderbird profile folder is 22GB in size. I have hundreds of thousands of emails in it. The fact that it can handle all my large mailboxes is why I still use it.

I'm curious, you used the outlook desktop client for personal email? I feel like that use case is very unusual. My biggest issue is that we use O365 so are kinda forced into using outlook to get all the benefits, of the tight integration, but outlook is becoming less and less usable, I just don't see how thunderbird is a better alternative for O365...

yes, I used Outlook desktop for both work (2 O365 accounts with different organizations) and personal email (multiple gmail accounts). With a job change, I am no longer on O365 (new company uses hosted gmail), but I understand there is a plugin for Thunderbird to work with O365. I much prefer having the same client for all my email accounts, and Outlook worked for that purpose. It was better for O365 calendaring within the office, but it did not play well with google calendar. Thunderbird plays well with both (with a plugin for O365).

Welcome to the fold! I've used Thunderbird since it was released. It's always been a great product imo. The whole time I've had outlook provided by whatever office or institution I was associated with for comparison. Given the choice, even almost 20 years ago I'd have taken t-bird head to head.

I am often confused by people who have loads of money, live in big houses, and drive nice cars who are not willing to pay a few bucks a month for a private email inbox and other services. I assume they are trapped or too lazy to buy a domain and make the necessary changes. What other reasons could they have?

Simple: invent some magical way to take all my accounts that I have ever registered with my 15 years old email account and change the address to a new one

Look in your email settings for "Forwarding rules"

How does that solve Microsoft selling my emails?

It doesn't but can help you quickly start using a new single inbox. Over time, you can change the addresses with the senders to go direct to your private box.

Those can be migrated piecemeal over time (and possibly never for those that you don't care about). Most webmail providers these days let you operate another mail account via their interface, so it is all completely integrated in a single app with no need to switch back and forth.

Most people still have no idea how a website works, they don't understand what a domain is, how to attach email to it or what the difference is between gmail and email. for 80% of people gmail is effectively personal email and the desktop outlook app is work email, there is no further thoughts on this subject.

I think that's the largest factor. You started with Hotmail, Gmail, or iCloud depending on when you made your first account, or what phone you chose, and then... why change?

The UX is typically better, and that was especially true back when Gmail was taking over the market and introduced everyone to the concept of never needing to delete old mail. Good looking apps are available for every device, with minimal setup. Deliverability is so good most people have no concept of ending up in their contact's spam folder. It's what your friends and family are using, and its free.

Concerns like privacy or being able to change provider without losing your address are abstract and out of sight.

I have almost 20 years of emails on Gmail, migrating is incredibly difficult and time consuming. So, I just have a forwarder to Gmail and use Mailgun to transform my Gmail into a white labelled email and pay pennies.

Although this transfer is secured with Transport Layer Security (TLS), according to Heise Online, your IMAP and SMTP username and password are transmitted to Microsoft in plain text

So like every login form in the world, which sends the username and password in plain text over SSL. This is pure FUD.

But it isn't a password for Microsoft's services that's being sent. It's your username and password for another service you probably didn't intend Microsoft to have your credentials for. And it's intended.

No, it's not. It's an OAUTH2 connection like a sane app. Proton is ostensibly lying about this credential setup. No app does that anymore.

Either way, Microsoft servers get access to your email accounts so that you can view them locally. Why should Microsoft get access to my Gmail or Protonmail? Their servers don’t need access to my email.

Old outlook didn’t do that. Thunderbird doesn’t do that. This is completely unnecessary for a mail app. My computer can check my email. No reason for Microsoft servers to do it on my behalf.

Proton is ostensibly lying about this credential setup.

Not sure what your evidence is for lying. Because they're not.

    When creating an IMAP account, c't was able to sniff the traffic between new Outlook and the Microsoft servers. It contained the target server, log-in name and password which were sent to those Servers of Microsoft. Although TLS-protected, the data is sent to Microsoft in plain text within the tunnel. Without informing or inquiring about this, Microsoft grants itself access to the IMAP and SMTP login data of users of the new Outlook.

ref: https://www.heise.de/news/Microsoft-lays-hands-on-login-data...

you probably didn't intend Microsoft to have your credentials for

But you just gave Microsoft your credentials! How could you not intend that?

They're pretty clear about this: if you set up a 3rd party IMAP account, then yeah, credentials get used. If you set up an OAUTH2-capable account, then it uses that instead. That's why it's a lie, because of course if c't has some custom bespoke IMAP server, it's going to need credentials, and the user is going to intentionally hand them over so it can retrieve the mail.

It's one thing to give the locally installed instance of the Outlook client your password, it's another for Outlook to send it in plain text to Microsoft's servers.

I don't think it's clear at all if you're using the "New Outlook" app as opposed to web client. Traditionally, desktop email clients would handle credentials by directly using them to log in, not by sending them to a web service that logs in on their behalf.

If they mean usernames and passwords for third party mail servers, then it is notable, since a traditional email client doesn't do that. They only send the credentials to the server they're authenticating against, not also to the email client vendor.

That it's happening as plain text (notwithstanding TLS on the transfer) distinguishes this from some kind of credentials-sync system (think: LastPass or Keychain) which wouldn't necessarily need to have the credentials in plaintext to function.

This post is pretty horrifying. If you're in the Apple ecosystem, Apple Mail and iCloud Mail (standards-based, supports custom domains) has been as reliable as any mail provider and client I've ever used.

As a newsletter provider, I can say that iCloud is problematic. People who actively want our newsletters often have trouble getting them. iCloud will bounce their emails back for no good reason.

Eventually our subscribers will get in touch with us asking why our emails are no longer getting sent to them. This is with very low spam rates, DKIM, and DMARC set up. There's also no good way to contact the iCloud postmaster, which is an option for every other major email service.

Well that’s… problematic. There’s no business tier support with icloud?

System admin can get direct support from Apple's iCloud Mail postmaster team at icloudadmin@apple.com. https://support.apple.com/en-us/102322 has a list of the information they want in order to diagnose and address delivery issues.

That's new contact info! Thank you for the note. :)

In case it's helpful, https://support.apple.com/en-us/102322 has a handy bulk mail deliverability checklist and the direct email of the iCloud Mail postmaster team.

How is Apple Mail and Apple any better than Outlook and Microsoft?

I had been happy with Apple for many years but encountered some really terrible experiences lately. There was a systematic problem on Apple’s side (related to the recent increase in iCloud subscription fees) and they cancelled my extra iCloud storage. To be fair they did give me a refund for the extra storage prior but I thought it was related to the pricing changes and didn’t think much of it. Other than that there were no warnings until the extra storage expired and they sent me an email saying the storage is full. I resubscribed immediately but iCloud mail could not send or receive anything for several hours afterwards, except for receiving emails from Apple.

I also have had several instances where iCloud Drive would take forever to sync. The most recent time got so bad (100% cpu usage that persists after killing the process when I added 5KB worth of files) that I stopped using it completely. Tried Microsoft OneDrive instead and it synced at good speeds and gave me no problems.

It's supposed to be. They offer a competing service, after all.

Im not disregarding that there are some dubious data uses here in the consumer version of the new outlook client. But I would be careful to not conflate this to all enterprise versions of the outlook client in office 365 paid plans.

Protonmail is using this to drive demand gen for their services. doesn't make them wrong but understand the motivation and how they are pitching the narrative.

My paid for version of Outlook on MacOS tried to get me to route all my email, Google workspace, through Microsoft’s servers to “improve my experience”. So, yeah Microsoft is dead to me now. I moved to the Sparkmail (v2) client instead.

Proton mail may be trying to capitalize on this newish development but they are also not wrong.

Don't you need to provide your credentials to sparkmail in order for the app to able to sync across multiple devices? how is that any different from what Outlook tried to make you do?

Each Sparkmail client connects directly to my Google workspace account and emails are read in app and are not passed through their servers. I authenticate the application with OAuth nothing goes through their backend.

Which is also how old outlook works but new outlook wants to man in middle all my email.

Edit: https://sparkmailapp.com/help/general/email-storage-and-back...

I don’t use Teams or the Send later feature which does involve their servers.

I think you're wrong about this. Looking at their privacy policy they clearly state that they store credentials. https://sparkmailapp.com/legal/privacy-app

Summary of Retention Details: Email address, email content, mail server credentials, APNS device token, appToken assigned by us, device info - During the services provision period services + archive time If you delete Spark Account: 3 months after deletion of your Spark Account.

I will look into it but from my previous reading it was only storing that for the Teams functionality and if that wasn’t used it wasn’t stored.

Thanks though I will double check. If it is storing this I will need to move clients again lol.

EDIT: you are correct I misread the privacy policy. Deleting a spark account and moving clients again. I guess it’s back to the standard Apple Mail app for now.

Are you sure this is true? I used Spark a few years back and my work actually froze my account because Spark was accessing it from THEIR server so it showed up for our security team as a leaked password.

Thanks, I will double check. I was basing this off of this doc https://sparkmailapp.com/help/general/email-storage-and-back... . Also using the older v2 client and not using teams or send later.

EDIT: you are correct. Looks like I know what I am doing today. Ugh I just want a local only email client that supports archive/snooze

For those using Outlook only for email, thus not tied other services, I would strongly suggest taking a look at Claws Mail.

https://www.claws-mail.org/index.php

It's lightning fast compared to Outlook, and very stable/reliable. Also available on Windows.

Outlook .pst files (both mail and contacts) also can be easily ported to Mbox or other standard formats, then imported into Claws Mail, by using the readpst utility which is part of libpst utilities, available on various Linux distros. On Debian it's part of pst-utils.

https://www.five-ten-sg.com/libpst/

I'm used to claws-mail, so I'm using it daily. But I think it's quite terrible -- there are regular delays every minute for a couple of seconds and in that period, most buttons on the UI are disabled. I think that whenever it does something with IMAP most of the functionality is locked. Also I think it doesn't implement IMAP push and it has to poll for new mail every minute.

Also opening a mail that's 30 MiB in size (pictures) and has to be downloaded just freezes the entire UI.

I'd like to advise people to use other software, but I don't know of any perfect email clients:

* sylpheed/claws-mail has this locked UI problem

* mutt doesn't render images and has a steep learning curve

* thunderbird has software bloat, doesn't work on my low end hardware

And other recommendations?

Webmail is also mostly broken. I liked prayer, but it also doesn't render images IIRC and roundcube dropped the classic theme on new versions, and the new theme has less information density.

I like the classic HTML UI of GMail and OWA, though.

I use gnome evolution. It's not great but it gets the job done; much better than Claws.

I confirm the issue of delays/freezing of Claws-mail. I really liked the simple UI, but freezing too often, couldn't stand it. I had searched about it, I got some answers that's it's single threaded if I recall well.

Since you mentioned mutt and it's steep learning curve, I recommend you another TUI MTA/mail app. It's nmail (https://github.com/d99kris/nmail). Simple, Pine/Alpine like interface, has great features (for example, saving mails in sqlite - can be viewed offline). Also the developer is active and friendly, in case you find bugs or have any proposals for enhancements.

On Windows, Vivaldi (https://vivaldi.com/features/mail/) is a surprisingly good option. You can just ignore the browser part, and even set up all the toolbars so that only stuff that is relevant to mail is there.

SeaMonkey has a classic UI and is basically a modern Netscape Communicator. You can ignore the rest and just use the Mail part. It's a solid email program that has worked well for about a decade now.

https://www.seamonkey-project.org/

GTK apps on Windows always stand out, in a bad way.

Somewhat related:

https://workspace.google.com/intl/en/terms/subprocessors/

https://cloud.google.com/terms/subprocessors

Wow. Eye opening. Thank you.

What's eye opening here?

These are basically all tech support providers. I'm not saying Google is a privacy-centric company, but this effort to enumerate subprocessors is admirable.

The internet becomes a worse place when folks criticize the superficial number rather than the intent.

The sheer number of processors. I agree and appreciate this level of detail, but do you know this for all the companies that have access to your data? I don't, so I found this enlightening.

Where else do you think TVCs come from? Keep in mind that although these are subprocessors, the Accenture, et al employees handling Google user data are red-badged and employed under Google contract terms, which explicitly dictate controls around allowed and disallowed systems and user data access.

TBH, it's not that it would be impossible for either Google or a subprocessor to conduct themselves nefariously, but I don't think it's practical or reasonable for anyone to expect that they would. Google pays Accenture, for example, >$1b/yr for services. They absolutely would not want to put that cash cow at risk.

How is that in any way related? What do you think is being described on those pages?

People are hailing Linux, but there's one big elephant in the room -- app sandboxing. While Microsoft surely tracks the Windows user, any software may be tracking the Linux user.

I've been on Linux for more than a decade, and even with advancements like Flatpak, Linux is very far from the protections Android, iOS, Mac and Windows have.

App sandboxing is less of a concern when the software you use is built from source in your distro's package repository, and is maintained by distro maintainers whose interests align more closely to yours than the software manufacturer's. Ironically, Flatpaks are software from upstream and thus harder to trust.

Yet comments here mention Steam, gaming, photo editing software, and I myself do video editing -- all of those are not going to be packaged by Debian.

My comment is very clearly about open-source software, yes. Also for photo editing and video editing there is open-source software, and there's no reason for Debian to not package it.

In any case, "any software may be tracking the Linux user" is an exaggeration. The vast majority of software on the average Linux user's desktop is open-source software from their distro repo.

Qubes OS.

Might not be for gaming, but it's perfect for the daily drive!

Even with Qubes, you practically have a few big sandboxes holding several applications, rather than a tiny sandbox for each app

Spectrum OS is trying to do that, but is still has a long way to go

How does Proton mail make money?

The free Proton is very limited, so I do guess most real users pay Proton.

We have a freemium subscription model. Users upgrade to get additional storage, more custom domains, priority support, etc. Because our users pay us to protect their privacy, our financial incentives and interests are perfectly aligned with theirs.

They have paid tiers. Yes you can get basic email for free, but it has a limited inbox size and filtering options. I think their cheapest is $4/month (USD) which also includes some of their other products. They have higher tiers which expand storage even further, allow for custom domains, and provide access to beta features.

Proton also has a VPN, encrypted storage space, and password manager. They're slowly building a full suite of privacy-focused apps with paid tiers for all of them. Development stagnated for a while but it seems like they've made decent progress recently, although their products still don't match the features of Google's app suite.

Full disclosure, I have been paying for Proton services for several years now and use them as my primary email provider.

I really love Microsoft but I really also hate their data collection stuff because it comes at a cost of performance and user experience.

Why would you love Microsoft?

I can’t say I “love” any corporation.

I mean, I like some key tools they make: Visual Studio, and Visual Studio Code come to mind. MSN Messenger was also a huge part of my life, literally spent a lot of time with my wife over MSN in our early years of knowing each other. Microsoft is a massive company, there's loads to hate and appreciate all at once.

https://img.ifunny.co/images/cb3e3fdac1e137657a1728d9cbfc933...

I'm am sick to death of being forced into being targeted by Ads.

I already run Pi-hole and use Brave, now I have to avoid Outlook.

Thanks microsoft. We don't have enough attack vectors already, so it's nice for you to compile all of our information to make it much easier for bad actors to gain our information. I'm sure the pittance fine levied against them, not if, but FUCKING WHEN, they get breached will teach them a lesson.

/End -Rant

If you're upset about ads, why are you using Brave? It was developed by an adtech company to steal ad revenue from websites and direct it toward their CEO.

Because when I use Brave at work, where I don't have Pi-hole running, I don't have to look at the 100s of popups, moving ads, fly-out videos, etc.

I couldn't care less who the money goes to. What I care about is actually being able to read a webpage.

I'm wondering if someone can recommend a Windows email client for gmail and outlook. The official ones are so slow especially for Outlook that it dies for half a minute when opening up. I do have multiple accounts so that could be the reason, but there should never be 30 seconds of non-responding when opening up the app.

Thunderbird is great.

Thanks, would like to try it out

That's crazy that only because of GDPR they expose how nasty Microsoft is selling your data or allow an opt-out, and particularly NOT anyone else including the US. I do hope more mainstream media picks up on this.

This ought to be classified as adware itself now by malware detection. Obviously Windoze "Defender" won't have a problem with this I'm sure, no conflict of interests there.

And yet every time someone praises EU big tech regulations here, someone from the US inevitably complains it’s just the EU being anticompetitive and that they should also deregulate so they can have big tech of their own.

The things we learn thanks to these regulations keep proving why they’re necessary.

every time someone praises EU big tech regulations here, someone from the US inevitably complains it’s just the EU being anticompetitive ... The things we learn thanks to these regulations keep proving why they’re necessary.

The thing-to-learn from the EU rollout:

The public is a stakeholder and needs to be represented by 1) folks correctly knowledgeable to do so and 2) be invested with enough weight to not be overruled by govs & corps.

So I now get advertised to by windows:

1) On the login screen (if you let it do its OOBE login background thing)

2) On the post login screen every time I update asking me to sign in to cloud (which is actually asking me to pay for cloud)

3) On the OS notifications on login prompting me to sign in to cloud

4) On the badge of my non-cloud user in the start menu with an orange blip that looks like a notification but is really a prompt to sign in and pay for cloud

5) At the top of my start menu begging me to pay for xbox live

6) Looking at email

7) Any app with AI features that'll be horny to beg you to buy new AI credits. Like notepad.exe

Is there a reason I shouldn't continue showing people how to steal their software or /ideally/ invest in alternatives?

8. In the Defender notification, which looks scary, and tells you to setup OneDrive to keep your data safe. If you dare to click on it, it will nag you to change your login from a local account to a MS account.

Microsoft realized all of their power users already moved to Linux years ago and they might as well fuck whatever sheep that are left even more royally over?

As much as I hate to say it, that's probably the rational strategy. There's no saving Windows from a glacially paced decline.

I wonder what the University of California, which is totally in on Office 365. I would hope that the University would take a strong position...but feel less than confident..surely a business account with M$ will mean something right?

Doubt it. Microsoft offers sweet deals for academia.

I don't think it's "new" at all, but it is getting renewed focus, but also as it ties into the OS side of the house overall.

They want to basically make windows machines, telemetry kiosks for every bit of data they can extract.

Has someone tried the Tiny11 [1] it seems there are security issues involved but would love to hear. Last time I tried to remove all the malware/spyware (e.g. telemetry) it was time consuming.

[1] https://www.reddit.com/r/Windows11/comments/1443318/whats_up...

This is only if you don't have a paid account though. I have office 365 for business and I don't get these popups.

Not that it justifies the behaviour of course but it's not always the case.

"New" as if this has not been happening forever?

I don't know if it's all in my mind, but Microsoft's targeted advertising in its apps' come across as extremely tacky. Everyone else is probably collecting the same data but it feels less slimey on the surface.

It’s g. d. everything. I haven’t installed a light switch for the light on our landing yet, so I need the Hue app and every day it slaps an ad in my face. Some days ago my wife came to me: Sonos is blocked by an ad I can’t close! I looked at the screen and there’s a super small cross at the top right. She’s also been complaining her “email changed”, indeed it’s outlook now, and damn it I pay for email not to have this s*t. Maybe I’ll get her to use Linux now (her laptop is perfectly fine but can’t do win11) or at least Thunderbird. Damn it, I pay for email, paid for Hue, paid for Sonos speakers, paid for that laptop. F off with those ads!

Enshitification galore!

(I'm a proud customer of Proton but only for my business, for the whole family I find the cost just a tad to high to justify so I have a small local provider)

Microsoft Teams on my phone yesterday pushed a Power BI ad into my work chat timeline.

I couldn't find a way to turn off these ads.

Great way to destroy trust, Microsoft!

This doesn't seem apply to a paid corporate Office 365 subscription. My work outlook doesn't even have the Advertising Preferences item in settings.

Look just don't use it anymore.

This post recall me the Gmail man ad from Microsoft.

https://www.youtube.com/watch?v=eFCSp23xl40

In some way, unrelated to the topic, I became too concerned to have a consent pop-up without the "Reject All" being clearly the default CTA. Having both buttons marked as "primary" makes it easy to trick the user to choose "Accept" by mistake.

Another place where I encounter this behavior is the pop-ups shown by web browsers for sites asking for special, sometimes weird [1], permission like "location" which took me about five seconds to make sure I pick the "Block" button.

I hope this sort of behavior gets regulated by the corresponding authorities.

1. I once hear a youtuber say: Why on earth a wallpaper app needs to access my and manage my phone calls?!

German here. I think what we now see is what local nerds always warned about: US Big Tech is strategically making us dependent on them and when they play the end-game, we're fu*ed.

Sure, they will disable the data collection and gladly obey the rules we put in the contracts (how do we know?). But they'll make sure that we're paying extra money for it. They're sucking away our now even more valuable tax money[0] and our idiotic leadership of panic throws more money into this black hole.

[0] A "Kleine Anfrage" in the German parliament to the Bundesregierung in December 2023 made it public (but mostly ignored) that the German Bundesregierung will pay 6bn EUR to Microsoft and Oracle in the upcoming years. Source (in German): https://www.zdf.de/nachrichten/politik/deutschland/it-open-s...

“Microsoft changed” indeed.

This is why I'm paying for my email service, and use Linux with thunderbird.

Here's a tempting business model.

1/ Train AI models on corporate customer email

2/ Ask that AI questions about commercially interesting things

3/ Print money

In much the same way that models trained on GPL code write out code which is byte-for-byte identical to but otherwise completely distinct from the code it was trained on, said model will emit interesting emails that have only coincidental correspondence with the commercially sensitive information in the training data set.

Microsoft has absolutely everything they need to do this already in place. Obviously they'd never do something unethical like that so it's safe to continue giving them all your corporate email.