Warning: New Outlook sends passwords, mails and other data to Microsoft | mailbox.org
Warning: New Outlook sends passwords, mails and other data to Microsoft | mailbox.org
The IT news portal Heise Online warns against using the new free Microsoft Outlook. There is a risk of losing access data to e-mail accounts.
Friendly reminder that Thunderbird is a great way to handle multiple email accounts on the desktop.
There are no perfect desktop email clients, but Thunderbird is pretty great.
It's a little too powerful for my needs, so I stick to Claws.
I moved away from a desktop client for several years because of Thunderbird staying stuck in the 2010s, but the redesign brought me back into the fold. It's certainly overkill for scanning through subject lines, but compared to having five tabs open ...
Ain't that the truth.
Geary is so close to perfect but they depend on Gnome Online accounts which doesn't support O365 so I can use it for everything but my university email.
But Thunderbird still doesn't support outlook calendar etc right?
It does support any good calendar using CalDav standard.
I hate how they use quotes around the name Thunderbird...
I must say I'm quite pleased with it too. The previous time I tried it was in 2005 and it was just ok. I also recently found out about the Owl add-on. Really makes it a good alternative
It can even look great with the Monterail Dark 2 Add-On.
(For some reason I had to download it and then install it from the downloaded file, but it DOES work!)
Also available in a Full Dark mode version
What a clickbaity article. I'm all for exposing bad stuff but this article presents zero proof of it transferring passwords. It also fails to highlight the manner of how data voluntarily synced to MS is handled. All in all it doesn't do anything but trying to steer users to it's own services.
So reading another article (https://www.heise.de/news/Microsoft-lays-hands-on-login-data-Beware-of-the-new-Outlook-9358925.html )makes it more clear. If you consent to syncing IMAP account to outlook then it will transfer IMAP username password and mailserver config to Outlook.
I mean, they could have specified that your IMAP credentials would be synced, but it's redundant considering you're telling it to sync.
I know, right? Jesus I hate bullshit tech "reporting" like this. This particular comment just smacks of outrage "journalism":
Microsoft gets full access to mails, calendars and contacts!
To be fair, they aren't journalists. They're a privacy-centric mail provider that is warning their customers.
It is very easy to find other sources making the same claim, such as this one which includes an image of allegedly posted json including passwords.
As for third party accounts you can only select IMAP, no pop3, sand it warns you'd be logged in thorough Microsoft servers, they don't even try to hide it
I am so grateful I left Windows and move to Linux.
Best decision of my life... After initial set up, it works better than microshit whore OS. You pay but it does not love you.
What an analogy! Summarises my experience with Win vs linux. Still on "early dates" with linux, but it does get better and better, while MS seemingly deliberately tries to alienate me with every new update. Won't be a returning customer!
Here here, best 6 years ever. Never looked back.
Outlook has nothing to do with the OS though? You can get the same Outlook app on MacOS too.
What its your point buddy ? I didn't get it.
It's ok Microsoft are very sorry you found out
PSA: mailbox.org has a great, privacy focused email service.
I went on a trawl on email security and privacy.
It doesn't fucking exist.
Regular mails w/e sure
But I'm never talking to someone via email again.
Privacy-focused email doesn't truly exist, since it's likely 90%+ of people you email are probably using Gmail, Hotmail/Outlook, or Yahoo. Companies like Gmail/Google could still build a profile of you if they wanted to, by collecting all the threads you're a participant in.
The best you can do is self-host your mailbox (e.g. Using Mailcow) with an encrypted file system (e.g. using LUKS), but you'd still need to use an SMTP gateway to ensure deliverability, so it's going to be relayed through, and ultimately end up at, some third-party you have no control over. Some third-parties don't even have TLS enabled for their email servers.
You shouldn't think of email as a private or secure communication mechanism unless you're encrypting your emails.
Agreed, but unfortunately, unless they implement VJOURNAL in their caldav implementation, I'll probably switch to Fastmail when my prepay is up.
I don't know about sharing passwords, but I know that if you have an Exchange server on premises (meaning you have mailserver on your own infrastructure maybe somewhere in the building) because you don't want to have your data in the cloud - Outlook for mobile (both iOS and Android versions) has been sending all your data through M$ servers anyway, don't know for how long - quick search returned a 3 year old reference - imo much longer. There are "benefits" that I may be too dumb to understand:
On iOS you can go around and use the default "Mail.app". On Android I haven't found a good app that would work with EWS - I'm using K-9 over IMAP which isn't great.
Have you tried Nine mail? https://www.9folders.com/en/index.html
It costs some money to continue using it/unlock all features, but that's a one time fee (assuming that it hasn't changed).
I can't use it anymore as IT has disabled all support for 3rd party mail apps. Was the best exchange mail app I ever found (it actually supports the categories using which I've organised my mail).
I (and my colleagues on iOS) have no choice but to use outlook mobile as the Apple mail app and everything else is blocked due to GDPR.
The old outlook was just perfect, the new one is positively abhorrent. I swear if they force one more app to me I'm going to purposefully stop using it altogether
Why wait?
I don't see how this is any different from adding another e-mail account on gmail.
The program it replaced didn't do this, hence the surprise. You could be using the old program, and one day windows update it with this new program, and suddenly your passwords are uploaded to Microsoft cloud service when you launched it. People would similarly surprised if K-9 mail upcoming replacement, Thunderbird mobile, suddenly store your password in the cloud.
Why is someone using Outlook to sync a different email address?
Why not keep the apps separate? Or use the Mail app built into Windows?
Seriously, someone explain the use case here because I don't understand. If you're using an outlook account, MS already has all that stuff. And if you don't have an Outlook account, why are you using Outlook?
Configuring local software vs delegating to a web service
Permanently Deleted
Using the Outlook client with a none-Outlook email shares the data with Microsoft. So, a bit surprising.
Service providers aren't actually supposed to know your password. Passwords should always be sent after hashing on client side. Only the hashes are matched on server side.
Edit: Not accurate, read replies.
Aw fuck. I accidentally opened it and it automatically upgraded to the new one. I barely ever use it though
Mailbox.org doesn't allow you to sign up at this time. Is this.. getting teary eyes lemmy.. having impact on the webs?
Why can't you sign up?
They block countries that originate a lot of spam from signup, which includes the US @smokedclover@feddit.de. You can use a VPN to signup, though I did have to reach out to support at one point very early on to finalize some provisioning. I don't know if it was related to the geo-blocking, it's been awhile. But I've had no problems since.
"We apologize, but for maintenance work the registration of new accounts is currently blocked. Please check back later." But it still says that so there probably is some maintenance going (wr)on(g).
Should left once they start upload nudes into cloud 10 years ago