The IT news portal Heise Online warns against using the new free Microsoft Outlook. There is a risk of losing access data to e-mail accounts.

I don’t see how this is any different from adding another e-mail account on gmail.

The program it replaced didn’t do this, hence the surprise. You could be using the old program, and one day windows update it with this new program, and suddenly your passwords are uploaded to Microsoft cloud service when you launched it. People would similarly surprised if K-9 mail upcoming replacement, Thunderbird mobile, suddenly store your password in the cloud.

Why is someone using Outlook to sync a different email address?

Why not keep the apps separate? Or use the Mail app built into Windows?

Seriously, someone explain the use case here because I don’t understand. If you’re using an outlook account, MS already has all that stuff. And if you don’t have an Outlook account, why are you using Outlook?

Or use the Mail app built into Windows?

So the gist is the default mail app is being “upgraded” by Microsoft to Outlook for Windows app, so your account credentials previously stored in the mail app now got uploaded into the cloud.

Oh gross. Yeah, that’s not okay.

Thanks for the clarification

Why is someone using Outlook to sync a different email address?

Outlook is an email client. It can work with any email provider. The fact that they started calling the server-side “Outlook” as well has made things super confusing.

Configuring local software vs delegating to a web service

Mailbox.org doesn’t allow you to sign up at this time. Is this… getting teary eyes lemmy… having impact on the webs?

bbbhltz
creator
link
fedilink
21Y

Why can’t you sign up?

They block countries that originate a lot of spam from signup, which includes the US @smokedclover@feddit.de. You can use a VPN to signup, though I did have to reach out to support at one point very early on to finalize some provisioning. I don’t know if it was related to the geo-blocking, it’s been awhile. But I’ve had no problems since.

“We apologize, but for maintenance work the registration of new accounts is currently blocked. Please check back later.” But it still says that so there probably is some maintenance going (wr)on(g).

I am so grateful I left Windows and move to Linux.

Here here, best 6 years ever. Never looked back.

sadreality
link
fedilink
9
edit-2
1Y

Best decision of my life… After initial set up, it works better than microshit whore OS. You pay but it does not love you.

What an analogy! Summarises my experience with Win vs linux. Still on “early dates” with linux, but it does get better and better, while MS seemingly deliberately tries to alienate me with every new update. Won’t be a returning customer!

Outlook has nothing to do with the OS though? You can get the same Outlook app on MacOS too.

What its your point buddy ? I didn’t get it.

PSA: mailbox.org has a great, privacy focused email service.

Privacy-focused email doesn’t truly exist, since it’s likely 90%+ of people you email are probably using Gmail, Hotmail/Outlook, or Yahoo. Companies like Gmail/Google could still build a profile of you if they wanted to, by collecting all the threads you’re a participant in.

The best you can do is self-host your mailbox (e.g. Using Mailcow) with an encrypted file system (e.g. using LUKS), but you’d still need to use an SMTP gateway to ensure deliverability, so it’s going to be relayed through, and ultimately end up at, some third-party you have no control over. Some third-parties don’t even have TLS enabled for their email servers.

You shouldn’t think of email as a private or secure communication mechanism unless you’re encrypting your emails.

@aes@lemm.ee
link
fedilink
English
21Y

I went on a trawl on email security and privacy.

It doesn’t fucking exist.

Regular mails w/e sure

But I’m never talking to someone via email again.

@jcarax@beehaw.org
link
fedilink
1
edit-2
1Y

Agreed, but unfortunately, unless they implement VJOURNAL in their caldav implementation, I’ll probably switch to Fastmail when my prepay is up.

Fastmail is a great provider, very happy customers, but with them being in a five eyes country, I don’t trust them. But it’s only email which is a nightmare protocol regarding privacy anyways so I don’t really care.

Encryption + POP should be part of every privacy conscious person’s repertoire.

Friendly reminder that Thunderbird is a great way to handle multiple email accounts on the desktop.

I hate how they use quotes around the name Thunderbird…

k_rol
link
fedilink
31Y

I must say I’m quite pleased with it too. The previous time I tried it was in 2005 and it was just ok. I also recently found out about the Owl add-on. Really makes it a good alternative

But Thunderbird still doesn’t support outlook calendar etc right?

It does support any good calendar using CalDav standard.

@4am@lemm.ee
link
fedilink
21Y

It can even look great with the Monterail Dark 2 Add-On.

(For some reason I had to download it and then install it from the downloaded file, but it DOES work!)

Also available in a Full Dark mode version

bbbhltz
creator
link
fedilink
271Y

There are no perfect desktop email clients, but Thunderbird is pretty great.

It’s a little too powerful for my needs, so I stick to Claws.

I moved away from a desktop client for several years because of Thunderbird staying stuck in the 2010s, but the redesign brought me back into the fold. It’s certainly overkill for scanning through subject lines, but compared to having five tabs open …

bitwolf
link
fedilink
21Y

Ain’t that the truth.

Geary is so close to perfect but they depend on Gnome Online accounts which doesn’t support O365 so I can use it for everything but my university email.

pbanj
link
fedilink
51Y

Bluemail is decent. But im still always looking for better.

Correct me if I’m wrong, I very well might be, but doesn’t Bluemail do the same thing as the new Outlook for their “instant push” feature? I don’t see how else they’d accomplish that.

Footnote2669
link
fedilink
41Y

Mailspring is pretty cool :)

Mailspring doesn’t handle folders well. When I was testing it, it synced my inbox fine, but none of the folders worked. I even set up a dev environment to try and fix it myself, but couldn’t get things working properly.

Cyborganism
link
fedilink
41Y

Aw fuck. I accidentally opened it and it automatically upgraded to the new one. I barely ever use it though

sadreality
link
fedilink
21Y

Should left once they start upload nudes into cloud 10 years ago

sour
link
fedilink
31Y

school requires outlook account ._.

bedrooms
link
fedilink
41Y

Use a different mail app, and use the outlook account.

Discotheque
link
fedilink
11Y

deleted by creator

@dan@upvote.au
link
fedilink
2
edit-2
1Y

Because this post is about the Outlook client. Using a different client avoids ‘features’ in the Outlook client.

Microsoft have made things super confusing by using “Outlook” to refer to both the client and the server, when they’re separate things. The client works with any email provider, and Hotmail / Outlook / Office 365 / whatever email accounts can be used with most clients.

@Meganium97@lemmy.blahaj.zone
link
fedilink
English
5
edit-2
1Y

| Creates account with service provider

| Surprised when megically, service provider has password

I don’t get it.

bbbhltz
creator
link
fedilink
161Y

Using the Outlook client with a none-Outlook email shares the data with Microsoft. So, a bit surprising.

Service providers aren’t actually supposed to know your password. Passwords should always be sent after hashing on client side. Only the hashes are matched on server side.

Edit: Not accurate, read replies.

voxel
link
fedilink
81Y

nope hashing is usually done server-side.
also counter-intuitively server-side hashing is considered more secure than client side (in case of client side hashing hash becomes the password)

I’m not an expert in this, and I did look around after reading your comment. Looks like the password is usually sent as-is, then hashed server side, and matched against hashes in the database. So, the hashes are what’s stored in their database. So, ideally, the server shouldn’t know your password. Also, it can be hashed from client side too, but that becomes redundant since everything is tls encrypted anyway.

What a clickbaity article. I’m all for exposing bad stuff but this article presents zero proof of it transferring passwords. It also fails to highlight the manner of how data voluntarily synced to MS is handled. All in all it doesn’t do anything but trying to steer users to it’s own services.

As for third party accounts you can only select IMAP, no pop3, sand it warns you’d be logged in thorough Microsoft servers, they don’t even try to hide it

kbal
link
fedilink
101Y

It is very easy to find other sources making the same claim, such as this one which includes an image of allegedly posted json including passwords.

Which I already posted before your reply.

kbal
link
fedilink
91Y

Nice timing. I don’t see how warning you that your email passwords will be kept remotely by Microsoft would be “redundant.” Many people will assume from that message that it would only send them all your mail, and the even more carelessly optimistic among us might guess that it would be end-to-end encrypted as it obviously should be.

It is end to end encrypted as the data is sent through a tls tunnel. And well, they could spell it out sure. But if that was the only thing the article was complaining about then there wouldn’t be many clicks ;)

kbal
link
fedilink
4
edit-2
1Y

That is not what “end-to-end” means in this context. In fact, finding out yesterday that Outlook sync is not end-to-end encypted prompted me to look up OneDrive to see if it at least has that feature. It does not, and someone who doesn’t know a thing or two about how cryptography works would have a hard time finding out that it does not, because the search results are polluted with people misunderstanding the concept exactly as you do.

Microsoft’s own web site goes to great lengths to explain how all your data is encrypted in transit, and encrypted at rest. Their internal security and access control systems are elaborated on in impressive style. You’d think that if they’re going to go to all that trouble, and want people to trust them, they would indeed provide end-to-end encryption where it’s appropriate. But no, they carefully avoid mentioning the concept. They are unwilling to acknowledge that it might be a thing people expect these days, but they do not go out of their way to correct people who imagine that they already have it.

Could you elaborate on what I misunderstood so I can learn please? They claim tls encrypted tunnel, which is an end-to-end encryption isnt it? Do you mean that the data itself is not encrypted? What is the significance of this compared to a tls tunnel? If it somehow got mitm attacked they could snoop the unencrypted data?

I seriously curious so please explain.

So reading another article (https://www.heise.de/news/Microsoft-lays-hands-on-login-data-Beware-of-the-new-Outlook-9358925.html )makes it more clear. If you consent to syncing IMAP account to outlook then it will transfer IMAP username password and mailserver config to Outlook.

I mean, they could have specified that your IMAP credentials would be synced, but it’s redundant considering you’re telling it to sync.

I know, right? Jesus I hate bullshit tech “reporting” like this. This particular comment just smacks of outrage “journalism”:

Microsoft gets full access to mails, calendars and contacts!

To be fair, they aren’t journalists. They’re a privacy-centric mail provider that is warning their customers.

utg
link
fedilink
91Y

The old outlook was just perfect, the new one is positively abhorrent. I swear if they force one more app to me I’m going to purposefully stop using it altogether

Why wait?

I don’t know about sharing passwords, but I know that if you have an Exchange server on premises (meaning you have mailserver on your own infrastructure maybe somewhere in the building) because you don’t want to have your data in the cloud - Outlook for mobile (both iOS and Android versions) has been sending all your data through M$ servers anyway, don’t know for how long - quick search returned a 3 year old reference - imo much longer. There are “benefits” that I may be too dumb to understand:

On iOS you can go around and use the default “Mail.app”. On Android I haven’t found a good app that would work with EWS - I’m using K-9 over IMAP which isn’t great.

On Android I haven’t found a good app that would work with EWS - I’m using K-9 over IMAP which isn’t great.

On Android, I use FairEmail which is a fantastic open-source app. However, it doesn’t support any proprietary Microsoft stuff. For my work email, I use Nine, which works well.

Have you tried Nine mail? https://www.9folders.com/en/index.html

It costs some money to continue using it/unlock all features, but that’s a one time fee (assuming that it hasn’t changed).

I can’t use it anymore as IT has disabled all support for 3rd party mail apps. Was the best exchange mail app I ever found (it actually supports the categories using which I’ve organised my mail).

I (and my colleagues on iOS) have no choice but to use outlook mobile as the Apple mail app and everything else is blocked due to GDPR.

Thank you for this. I’ve been testing the Nine app for a week now and I am sold 👍 Some users do complain that the app “isn’t as good as it used to be” - but luckily for me I don’t know - and it’s the best one I’ve seen anyway.

Even if it is worse than it used to be, it’s probably still far better than the Outlook mobile app! Glad I could help!

It’s ok Microsoft are very sorry you found out

Create a post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

  • 1 user online
  • 56 users / day
  • 167 users / week
  • 618 users / month
  • 2.31K users / 6 months
  • 1 subscriber
  • 3.28K Posts
  • 67K Comments
  • Modlog