Microsoft has spent a lot of effort over the last years to try and convince the tech audience that it is not, in fact, one of the worst tech companies ever in terms of respecting their security and privacy.
And Microsoft was doing what it does long before the Googles and Facebooks were ever around. Still, even if some have bought into the “caring” version of Microsoft that’s “open source friendly,” etc, policies and initiatives cropping up now and again show that Microsoft might easily be that leopard that just can’t change its spots.
The latest is the controversy around Outlook, Microsoft’s still, especially in corporate settings, omnipresent “personal information manager software system,” as it is marketed.
The problem is that security researchers have discovered that the newest version about to be released shares users’ unencrypted mailbox, contact lists, and calendar along with other highly sensitive information (such as passwords and email addresses) with Microsoft.
Alternative, encrypted email services are naturally keeping a close eye on all this, noting that not only has Outlook increased the amount and kind of data it harvests from its users, but is also, to put it mildly, not treating it well.
This already got German Federal Commissioner for Data Protection and Freedom of Information Ulrich Kelber concerned enough to decide to this week bring up the latest Outlook update before EU data protection groups (on GDPR violation grounds).
Why Microsoft is able to do any of this is the by now long-time general push to switch “everything to the cloud” – Outlook is not a local client it used to be, but is instead incorporated into Microsoft cloud. As things stand, already existing contacts and other data will likely not be “shared,” i.e., exposed to Microsoft, but any new one(s) created will.
And perhaps crucially, this process is not happening with full and reliable encryption in place. Instead, the Redmond dinosaur is using TLS-protected servers, but all that data is in plain text.
And, to make it even worse – remember, it is mostly businesses who use Outlook, and therefore stand to (monetarily) lose much more than individual users.
The German press is describing Microsoft’s responses so far to relevant queries as “cryptic.”
Well, at least something is. /s