• kbal@fedia.io
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    It is very easy to find other sources making the same claim, such as this one which includes an image of allegedly posted json including passwords.

      • kbal@fedia.io
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        Nice timing. I don’t see how warning you that your email passwords will be kept remotely by Microsoft would be “redundant.” Many people will assume from that message that it would only send them all your mail, and the even more carelessly optimistic among us might guess that it would be end-to-end encrypted as it obviously should be.

        • nem@sopuli.xyz
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          It is end to end encrypted as the data is sent through a tls tunnel. And well, they could spell it out sure. But if that was the only thing the article was complaining about then there wouldn’t be many clicks ;)

          • kbal@fedia.io
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            1 year ago

            That is not what “end-to-end” means in this context. In fact, finding out yesterday that Outlook sync is not end-to-end encypted prompted me to look up OneDrive to see if it at least has that feature. It does not, and someone who doesn’t know a thing or two about how cryptography works would have a hard time finding out that it does not, because the search results are polluted with people misunderstanding the concept exactly as you do.

            Microsoft’s own web site goes to great lengths to explain how all your data is encrypted in transit, and encrypted at rest. Their internal security and access control systems are elaborated on in impressive style. You’d think that if they’re going to go to all that trouble, and want people to trust them, they would indeed provide end-to-end encryption where it’s appropriate. But no, they carefully avoid mentioning the concept. They are unwilling to acknowledge that it might be a thing people expect these days, but they do not go out of their way to correct people who imagine that they already have it.

            • nem@sopuli.xyz
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Could you elaborate on what I misunderstood so I can learn please? They claim tls encrypted tunnel, which is an end-to-end encryption isnt it? Do you mean that the data itself is not encrypted? What is the significance of this compared to a tls tunnel? If it somehow got mitm attacked they could snoop the unencrypted data?

              I seriously curious so please explain.