Microsoft just exposed email's ugliest secret

By techbeck
in Back Page News

 Share

Recommended Posts

Grand Master

techbeck

Posted
Posted

If you're hiding something from Microsoft, you'd better not put it on Hotmail.

 

It came out yesterday that the company had read through a user's inbox as part of an internal leak investigation. Microsoft has spent today in damage-control mode, changing its internal policies and rushing to point out that they could have gotten a warrant if they?d needed one. By all indications, the fallout is just beginning.

 

But while Microsoft is certainly having a bad week, the problem is much bigger than any single company. For the vast majority of people, our email system is based on third-party access, whether it's Microsoft, Google, Apple or whoever else you decide to trust. Our data is held on their servers, routed by their protocols, and they hold the keys to any encryption that protects it. The deal works because they're providing important services, paying our server bills, and for the most part, we trust them. But this week's Microsoft news has chipped away at that trust, and for many, it's made us realize just how frightening the system is without it.

 

We've known for a while that email providers could look into your inbox, but the assumption was that they wouldn't. Even a giant like Microsoft is likely to sustain lasting damage, simply because there are so many options for free web-based email. Why stick with Microsoft if you trust Apple or Google more? But while companies have created a real marketplace for privacy and trust, you'll find the same structural problems at every major service. Ad-supported email means companies have to scan your inbox for data, so they need access to every corner of your inbox. (That's been the basis of Microsoft's Google-bashing "Scroogled" campaign.) Free email also means someone else is hosting it; they own the servers, and there's no legal or technical safeguard to keep them from looking at what's inside.

 

A close look at company privacy policies only underlines the fact. As Microsoft pointed out its initial statement, "Microsoft?s terms of service make clear our permission for this type of review." Look at the company privacy policy, and you?ll see that's true: "We may access or disclose information about you, including the content of your communications, in order to ... protect the rights or property of Microsoft." That?s a straightforward description of what happened in the Hotmail case.

 

You?ll find similar language in the privacy policies from Yahoo and Google. Yahoo reserves the right to look through your emails to "protect the rights, property, or personal safety of Yahoo, its users and the public." Google?s language is nearly identical, saying it will access user data "if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to ? protect against harm to the rights, property or safety of Google." Apple is a little better, but not much, promising to disclose user content "if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate." What counts as public importance, exactly?

 

What?s worse, the current laws won?t do anything to stop them. For standard law enforcement, it takes a warrant to read a person's email ? but there's no such restriction on hosting providers. Peeking into your clients' inbox is bad form, but it's perfectly legal. Even if the rights weren't reserved in the terms of service, it's not clear there are even grounds for a lawsuit. Without stronger privacy laws, all companies have to worry about is bad PR.

 

Microsoft's mole hunt isn't unprecedented either. There have been LOVEINT-style abuses of sysadmin access, as when a Google engineer was fired for spying on friends' chat logs. Last year, Harvard searched its own professors' email accounts as part of a cheating investigation. (The dean behind the search stepped down a few months later.) But those are just the instances we're aware of. In all likelihood, there are dozens of similar incidents that were simply never made public, encouraged by the open nature of third-party hosting. As long as the access is legal and technically feasible, there's no reason to think it will stop.

 

Anyone living a modern and complicated life over email is left in an awkward place. The crypto crowd has an easy answer: use end-to-end encryption, locking up emails with GnuPG and online chats with programs like Cryptocat. You can hold your own keys, making sure no one can decrypt the message but the person you're sending it to, and count on open-source code reviews to expose anyone who tries to slip a backdoor into the code.

 

It's a good system and it works, but for most users, it's still a bunch of extra inconvenience for no obvious benefit. In the end, it's easier to blame Microsoft for violating our trust and move onto the next company, with the same data practices and the same terms of service. With Google, Apple, Yahoo, and countless other free webmail services waiting in the wings, there are plenty of options to choose from. They'd never do a thing like this... right?

 

 

http://www.theverge.com/2014/3/21/5533814/google-yahoo-apple-all-share-microsofts-troubling-email-privacy-policy

 

Want to keep your data private?  Dont post it online regardless of what service you use and as the article states, Yahoo, Google, MS....and others...can view  your info at any time.

Grand Master

techbeck

Posted
  • Author
Posted

Funny that Microsoft pushed the Scroogled campaign so far, only to be hit in the back!

 

Of course, MS are the good guys and anyone else is bad.  In reality, they are only the good guys when is suits them.  Like anyone else.  And I have been saying it for a while, if I have personal data that I want to keep secure and private, I wont post it online regardless of who is hosting it.

  • +Asmodai and T3X4S
  • Like 2
Grand Master

DConnell Member

Posted
  • Member
Posted

And there's no guarantee that ISPs are any safer in this regard. So if you want correspondence to be truly secure, I guess you need your own email server, probably for both parties.

 

Or snail mail with a wax seal, like in ye olden days.

Grand Master

Dot Matrix

Posted
Posted

Funny that Microsoft pushed the Scroogled campaign so far, only to be hit in the back!

Again, what does this have to do with that? Going into someone's inbox for a criminal investigation is not the same thing as data mining people's inboxes for advertising purposes.

 

Stop confusing the two.

Grand Master

Praetor

Posted
Posted

Again, what does this have to do with that? Going into someone's inbox for a criminal investigation is not the same thing as data mining people's inboxes for advertising purposes.

 

Stop confusing the two.

 

except that, according with the reports, there was no warranty, therefor it was illegal. Also there is a trust issue in this case.

Collaborator

Romero

Posted
Posted

I don't see what this has to do with Scroogled, but whatever...

Want to keep your data private?  Dont post it online regardless of what service you use and as the article states, Yahoo, Google, MS....and others...can view  your info at any time.

This I agree with. Any data outside your control should be assumed to be non-private, if not now then eventually. What I find amazing is how so many still become upset when embarrassing private information posted by them on social networks becomes public knowledge. If you're relying solely on some third party elastic privacy controls or someone's conscience to keep your secrets safe then prepare to be disappointed one day or another.

I don't know what can be done about email though. It was never built to be secure and as we've seen with Lavabit, Silent Cirlce and the rest even encrypted email services aren't the answer.

Grand Master

techbeck

Posted
  • Author
Posted

except that, according with the reports, there was no warranty, therefor it was illegal.

 

Technically, it wasnt illegal. MS had a clause n the TOS that was kinda hidden (who ever reads the whole TS?) an they used that.  Was it right for MS to do that?  That is another question

Veteran

rfirth

Posted
Posted

Again, what does this have to do with that? Going into someone's inbox for a criminal investigation is not the same thing as data mining people's inboxes for advertising purposes.

 

Stop confusing the two.

 

Exactly. At Microsoft, your case has to be escalated to the highest level before your inbox can be accessed.

 

You can be certain that if Google's proprietary search engine ranking algorithm was being stored on a gmail account, they'd nuke it.

 

 

Technically, it wasnt illegal. MS had a clause n the TOS that was kinda hidden (who ever reads the whole TS?) an they used that.  Was it right for MS to do that?  That is another question

Technically... the best kind of legal.

Microsoft isn't the government, and they already have your permission to access your account if you are using Microsoft services to facilitate illegal activity.

 

Grand Master

Dot Matrix

Posted
Posted

except that, according with the reports, there was no warranty, therefor it was illegal.

Their own internal investigations unit handled the whole thing. Specialized people trained to deal with these things are the ones that opened the inbox. Microsoft folks aren't idiots. They know what they are doing.

Collaborator

Romero

Posted
Posted

except that, according with the reports, there was no warranty, therefor it was illegal.

Warrant, not warranty.

 

Courts do not issue orders authorizing someone to search themselves, since obviously no such order is needed.

How was it illegal when no laws were broken? Now if you want it to be made illegal, petition for the laws to be changed so that companies will have to seek warrants/court orders before searching their own servers, even if those servers contain user data.

Grand Master

Praetor

Posted
Posted (edited)

Warrant, not warranty.

 

How was it illegal when no laws were broken? Now if you want it to be made illegal, petition for the laws to be changed so that companies will have to seek warrants/court orders before searching their own servers, even if those servers contain user data.

sorry, my bad (i'm writing in a hurry :D).

 

ok, so it *could* not be illegal, but definitely was unethical and distrustful.

Grand Master

techbeck

Posted
  • Author
Posted

Ignorance of rules/laws isn't a valid justification for breaking them.

 

Did you read what I was replying to?  A question was asked how it was a secret.  I wasnt justifying breaking or ignoring the rules.

 

MS could legally do what they did because the user gave permission when they agreed to the TOS.  Same way  and reason why people shouldn't be complaining about Google since they have to agree to certain things as well.  Same with Yahoo, Apple, and many other companies.  If you dont read the rules, then only person anyone should be upset at is themselves.

  • The Evil Overlord
  • Like 1
Collaborator

Romero

Posted
Posted

ok, so it *could* not be illegal, but definitely was unethical and distrustful.

Unethical? In ordinary course of events if they did this to anyone's data then definitely. In this particular case? Not at all. I am actually with you that making any kind of snooping illegal for all these companies would probably be a good thing (though of course they could still do it as long as no-one outside knows, since they control their own servers after all). Whether these sorts of legal changes will ever come about is doubtful though.

 

Did you read what I was replying to?  A question was asked how it was a secret.  I wasnt justifying anything here.

Ah ok, I was mixing up your response with Praetor's.

Grand Master

Praetor

Posted
Posted

Unethical? In ordinary course of events if they did this to anyone's data then definitely. In this particular case? Not at all. I am actually with you that making any kind of snooping illegal for all these companies would probably be a good thing (though of course they could still do it as long as no-one outside knows, since they control their own servers after all). Whether these sorts of legal changes will ever come about is doubtful though.

 

that's would be possible if auditories by independent entities were made; unfortunately once data is in their servers, no one knows how it's being treated and processed. i'm all for making this sort of thing illegal; not only gives the consumers reasons to distrust the company that does this kind of snooping but it's a legal privacy violation.

Time to host your own email server.

 

actually everyone is doing the inverse.

Rising Star

Auditor

Posted
Posted

I am sure same thing will be coming on so called cloud storage as well. Many people these days are buying in to the notion of saving all their digital life on someone else server.  There is no guarantee that these corporations or some rogue employee from these corporation won't snoop on your personal data. It kind of amazes me that so many people these days trust someone else to store their digital life than to themselves on the pretext of convenience and some less probable house burned down. I personally have NAS which enables me to keep my data with myself and also provide on demand access remotely if I need some of my data. But that's just me.

Collaborator

Romero

Posted
Posted

unfortunately once data is in their servers, no one knows how it's being treated and processed

And that is the main problem, isn't it? I doubt even independent audits will help, not to mention how many users will agree to pay for all the extra costs which these companies will likely not be willing to absorb. Ultimately it comes down to either trusting them, or storing your own data and cutting third parties out of the picture as far as possible.

Nope. Don't use mail. email is a poorly encrypted service to use, it is slightly better than facebook but it still is bad as far as privacy goes.

True, it was never built keeping privacy in mind. What do you suggest as an alternative though? Time for the world to come up with new communication protocols with end-to-end security as a focus?

Grand Master

Praetor

Posted
Posted

And that is the main problem, isn't it? I doubt even independent audits will help, not to mention how many users will agree to pay for all the extra costs which these companies will likely not be willing to absorb. Ultimately it comes down to either trusting them, or storing your own data and cutting third parties out of the picture as far as possible.

 

actually the company i work for hosts mailboxes for several organizations and it's our own internal policy NOT to snoop into peoples emails, even technicaly we could do it and no one would ever know; it's a matter of trust and business ethics.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • One of Logitech's best productivity mice is now available for just $79.99

      By TarasBuria · Posted

      One of Logitech's best productivity mice is now available for just $79.99 by Taras Buria The MX Master 3S, formerly Logitech's flagship productivity mouse, is now available at an all-time low price during Prime Day sale. Thanks to the latest discount, you can have this mouse for as little as $79.99. This large-sized mouse has many things to like. From its ergonomic shape to the iconic MagScroll wheel, the MX Master 3S is a great productivity-focused accessory. It has an 8K DPI sensor that tracks on various surfaces, including glass. Its main MagScroll has two modes: ratched and infinite, with the latter capable of scrolling up to 1,000 lines in just a second. Additionally, there is a secondary wheel for horizontal scrolling. The MX Master 3S has plenty of buttons, which can be remapped to gestures, keyboard shortcuts, or other actions in the Options+ app on Windows and macOS. You can connect the mouse to up to three devices (via Bluetooth or the Bolt connector) and switch between them with a dedicated button. You also get a USB Type-A to Type-C cable to recharge the built-in battery, which lasts up to 70 days on a full charge, and a quick one-minute charge gets you three hours of use. Logitech MX Master 3S - $79.99 | 20% off for Prime Members Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • AI is indeed eliminating jobs, and Oracle just proved it

      By leonsk29 · Posted

      Exactly, this is just the beginning. I hope that by that time, our inept politicians devise something like a Universal Basic Income, because unemployment and poverty rates will skyrocket otherwise. And believe me, robots that perform physical work aren't a matter of IF, but WHEN. No career is truly safe from AI/robots, it's just a matter of time.
    • Politically funny images of the World

      By +primortal · Posted

    • Subtitle Edit 5.0.0

      By Copernic · Posted

      Subtitle Edit 5.0.0 by Razvan Serea Subtitle Edit is a powerful, free, and user-friendly subtitle editing tool designed for creating, editing, and converting subtitles for videos. It supports a wide range of subtitle formats, including SRT, ****, and SUB, allowing users to easily modify and adjust subtitles for accurate timing and formatting. With its intuitive interface, Subtitle Edit provides a variety of features such as waveform audio display, spell-check, subtitle synchronization, and real-time video preview, making it an ideal choice for both beginners and professionals. The software also includes powerful tools for batch processing, translating subtitles, and converting between different subtitle formats. Subtitle Edit features: Create/adjust/sync/translate subtitle lines Convert between SubRib, MicroDVD, Advanced Sub Station Alpha, Sub Station Alpha, D-Cinema, SAMI, youtube sbv, and many more (300+ different formats!) Cool audio visualizer control - can display wave form and/or spectrogram Video player uses mpv, DirectShow, or VLC media player Visually sync/adjust a subtitle (start/end position and speed) Audio to text (speech recognition) via Whisper or Vosk/Kaldi Auto Translation via Google translate Rip subtitles from a (decrypted) dvd Import and OCR VobSub sub/idx binary subtitles Import and OCR Blu-ray .sup files - bd sup reading is based on Java code from BDSup2Sub Can open subtitles embedded inside Matroska files Can open subtitles (text, closed captions, VobSub) embedded inside mp4/mv4 files Can open/OCR XSub subtitles embedded inside divx/avi files Can open/OCR DVB and teletext subtitles embedded inside .ts/.m2ts (Transport Stream) files Can open/OCR Blu-ray subtitles embedded inside .m2ts (Transport Stream) files Merge/split subtitles Adjust display time Fix common errors wizard....and more. Subtitle Edit 5.0.0 changelog: Subtitle Edit 5 is a major new release and a big step for the project. For the first time, Subtitle Edit runs natively on Windows, macOS, and Linux from a single, modern, cross-platform codebase. The builds are self-contained, so no separate .NET installation is required, and on macOS and Linux the needed media components (mpv/ffmpeg) are bundled in. Please read before upgrading: Subtitle Edit 5 is a new application, not just an update of Subtitle Edit 4. It has been rebuilt from the ground up to be cross-platform, so: It is not 100% the same app. The look, layout, and some workflows have changed. Some things are in different places, and a few behave differently than in SE4. Not every SE4 feature exists in SE5 yet. SE5 covers all the core editing, conversion, sync, video playback, OCR, and online services, but some of the more specialized SE4 tools are not available yet. Features will continue to be added. If you rely on a specific SE4 feature that is missing, please keep SE4 installed alongside SE5. The easiest way to run both side by side is to use the Portable versions of SE4 and SE5, which keep their settings separate and do not interfere with each other. Which version should I use? Subtitle Edit 5: recommended for most users on Windows 10 (22H2) or newer, macOS 12+, and Linux. Subtitle Edit 4: please continue to use SE4 if you are on an older Windows version (Windows 7/8), or on older / slower computers where SE5 may not run well. SE4 remains available and is the right choice in those cases. To run SE4 and SE5 at the same time, use the Portable versions - you can try SE5 while keeping SE4 as a fallback. Download: Subtitle Edit 5.0.0 | ARM64 | ~60.0 MB (Open Source) Download: Subtitle Edit Portable | 103.0 MB View: Subtitle Edit Homepage | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Google Pixel 11 series: Here's what to expect

      By Hamid Ganji · Posted

      Google Pixel 11 series: Here's what to expect by Hamid Ganji Google Pixel 10 series In recent years, Google has successfully turned its Pixel devices into worthy contenders in the smartphone market. The search giant is now preparing to launch the Pixel 11 series in just a few months, and many Pixel fans are likely wondering what Google has in store for them this year. The next lineup of Google smartphones includes four devices: the Pixel 11, Pixel 11 Pro, Pixel 11 Pro XL, and Pixel 11 Pro Fold. This year, we don’t expect Google to bring revolutionary upgrades to its handsets, and the Pixel 11 series is likely to receive modest hardware improvements alongside a slew of AI-powered features. Here are the rumored specifications of the Google Pixel 11 series ahead of its official debut: When will the new Pixel phones be unveiled? The last two generations of Google Pixel phones (Pixel 9 series and Pixel 10 series) were launched in August, unlike the previous three generations that debuted in October. With that in mind, we expect Google to unveil the Pixel 11 series sometime in August 2026. The exact launch date has yet to be confirmed. Google Pixel 11 CAD renders - Image via AndroidHeadlines How much will the Pixel 11 series cost? Predicting the final price of upcoming smartphones has become increasingly difficult. As you may know, RAM and memory prices are rising sharply, leading to significant increases in the cost of consumer electronics. Recently, Apple CEO Tim Cook said that price increases for some future Apple products are unavoidable, suggesting that the iPhone 18 series could become more expensive. Google has remained tight-lipped about any potential price increases for the Pixel 11 series. If the company manages to maintain last year’s pricing structure, here’s what the lineup could cost: Pixel 11: $799 Pixel 11 Pro: $999 Pixel 11 Pro XL: $1,199 Pixel 11 Pro Fold: $1,799 Given current market conditions, it may be difficult for Google to avoid raising prices unless it adopts cost-saving measures, such as equipping the base model with 8GB of RAM. Google Pixel 11 series anticipated specs: We expect the Google Pixel 11 series to debut with a new Tensor G6 processor as well as an upgraded camera system. The overall design, however, is expected to remain largely unchanged across the lineup. Specifications Pixel 11 Pixel 11 Pro Pixel 11 Pro XL Pixel 11 Pro Fold Display 6.3-inch LTPO AMOLED / 120Hz refresh rate / up to 3100 nits of brightness 6.3-inch Super Actua LTPO OLED, 120Hz refresh rate, up to 3600 nits of brightness 6.8-inch Super Actua LTPO OLED, 120Hz refresh rate, up to 3600 nits of brightness 8-inch inner screen and 6.4-inch outer display, 120Hz refresh rate, up to 3600 nits of brightness RAM & Processor Tensor G6 / 8-12GB of RAM Tensor G6 / 12-16GB of RAM Tensor G6 / 12-16GB of RAM Tensor G6 / 16GB of RAM Storage options 128GB or 256GB 256GB, 512GB, 1TB 256GB, 512GB, 1TB 256GB, 512GB, 1TB Camera 50MP main sensor, 13MP ultra-wide, 10.8MP 5x telephoto, 10.5MP front camera 50MP main camera, 48MP ultra-wide, 48MP telephoto with 5x optical zoom, 42MP selfie camera 50MP main camera, 48MP ultra-wide, 48MP telephoto with 5x optical zoom, 42MP selfie camera 50MP main camera, 10.5MP ultra-wide camera, 10.8MP telephoto camera, 10MP front camera, 10MP inner camera Battery 4,840 mAh 4,707 mAh 5,000 mAh 4,658 mAh Software Android 17 Android 17 Android 17 Android 17 The Pixel 11 series won’t be a major departure from its predecessor, with Google instead focusing on subtle improvements and AI additions such as Gemini Intelligence. However, a patent filed by Google suggests the company is working on a removable battery for its smartphones, and we could see this feature make its way to the Pixel 11 Pro Fold. Given that nearly all smartphones today lack removable batteries, such a feature would be a welcome addition to future Pixel devices. That said, it may not arrive with this year’s lineup after all, and the final decision is yet to be made by Google. The Pixel 11 series could also face an uphill battle in the market. In the Android segment, Samsung is performing well with the Galaxy S26 series, while the Galaxy Z Fold 8 lineup is also expected to launch next month. On the other hand, Apple is preparing to unveil the iPhone 18 Pro and iPhone 18 Pro Max in September alongside its first foldable iPhone.

  • Recent Achievements

    • One Month Later
      timbobit earned a badge
      One Month Later
    • One Month Later
      nates earned a badge
      One Month Later
    • Week One Done
      Almohandis earned a badge
      Week One Done
    • Rookie
      dorf went up a rank
      Rookie
    • First Post
      mike_rumble earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      476
    2. 2
      +Edouard
      171
    3. 3
      PsYcHoKiLLa
      105
    4. 4
      Michael Scrip
      88
    5. 5
      Steven P.
      70
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!