- cross-posted to:
- wolnyinternet@szmer.info
- cross-posted to:
- wolnyinternet@szmer.info
You must log in or register to comment.
Agree this is bullshit, but at least there’s a Reject All button which is far more than we probably would have got prior to the introduction of GDPR.
reject() { accept(); } accept() { sendData(); }
If they did that, the EU would be on their heels.
You can bet they have been wary ever since the IE debacle.
Funny you say that. When I received this popup I noticed that hovering the mouse over one option, also highlights the other. Not suspicious at all!
I went on a site the other day, and a massive popup appeared before I could do anything.
“We Respect Your Privacy”
1200+ “data partners”.
Big blue “Accept” button.
Yeah, no you don’t.
Big brown ‘Eat 💩’ button
766 third parties
Facebook: look what they need to mimic a fraction of my power
Facebook: “All third parties”
“How many third parties?”
“Yes.”
You know any third parties? Could you give them this copy of your data, thanks.
Outlook also sends all your email, including those from other accounts, to their cloud. No questions asked. Oh, also your password, because why not?
https://cybernews.com/privacy/new-outlook-copies-user-emails-to-microsoft-cloud/
Mails, passwords, calendars and contacts. Basically everything. Here’s another blog article: https://mailbox.org/en/post/warning-new-outlook-sends-passwords-mails-and-other-data-to-microsoft
Sending the entire email content to their cloud isn’t that good.
However an advantage to doing so is to be able to use push notifications on the app without having to poll continuously the email address from the device. Which in return reduces the battery usage compared to constant polling.
However, they could have done something like spark mail, only get the email subject, sender and a little bit of the content to put into the noficiation then delete after the push notificdation has been sent.
The creator of FairEmail had a good solution for that, notifications are nearly instant, doesn’t use a thirdparty like Microsoft or Google, and very low battery usage. Don’t know how he solved it, though
Plot twist: he’s actually loading all your stuff into his cloud.
I’ll take a massive privacy breach for a bit more battery life any time. What could go wrong?
Can’t even turn autosave on for Word docs anymore without letting Microsoft save your shit to the cloud.
The clouds are hungry for your digital flesh and bones
See, Microsoft cares so much about you they’ll even make a backup of all of your emails, completely for free, without you even having to ask. And here you are complaining…
I hate with the intensity of a million suns that they always have this absolute fucking bullshit argument “For better experience”.
Or “for your security”
Privacy aside, not having your email offline on your device is objectively a poorer experience.
Also, it’s the language scam of the decade to have a [privacy] agreement or terms with a “third party” which is basically anonymous/anyone/indeterminate/changing/.
Literally who would knowingly accept that
I’ve been a software developer for nearly 25 years now, and I can tell you this.
No cunt reads anything.
Something pops up over the top of what they want, they’ll click OK.
With dark patterns you can “guide” the user to click a particular button, for example by having “accept” in a large, bright stand out colored button, and the “reject” button in a low contrast, small or disabled looking button.
This will not prevent people from clicking reject, but it shifts the percentage of people clicking accept vs reject in the websites favor.
As the spouse of an inpatient person who doesn’t like tech, you’re completely correct.
Or they call tech support and say their computer doesn’t work anymore
Users not reading shit I can understand but it makes my blood boil when it your own bloody colleagues.
Being as I’m forced to use outlook for work… At least it’s just my work persona they are tracking and selling? That guy is wild.
https://media.tenor.com/SQFmOCFd88gAAAAC/buttsmarnn.gif
Dat work persona though
deleted
Me. I legitimately don’t care and I haven’t yet had anyone explain to me over the last few decades what the big bad is that should make me care. Oh noes, some companies are going to analyze my data to scam each other for marketing dollars with generally worthless statistical data.
with generally worthless statistical data.
Did you even bother reading that, or were you just jumping on the chance to use the word “metadata” like you were actually making a point? The “metadata” in question was phone location info, which every carrier has and they don’t need access to your phone or your Outlook emails to do it. I’m also going to go out on a really sturdy limb and say that the CIA/NSA/whoever doesn’t care whether you clicked “Accept All” or “Reject All” when they’re hoovering up “metadata”.
deleted by creator
At least there’s a “Reject all” button.
God can you imagine.
768 collapsed areas for each one. You have to expand that area and click the small slider with a 3 second UI freeze each time you do.
Then at the end when you click apply, you get a spinning wheel with “Applying your choices” that seems like it has timed out.
deleted by creator
Or just refuse to install it.
Just block the popup they can’t do shit if you don’t accept it.
This is pretty much fandom
replace the fandom in the address bar with antifandom for a better viewing experience.
But half of them have a web link to go to another website’s main page, in order to manually find the overall 3rd party opt out, which it may or may not remember on the next site you visit that uses it, but you can’t tell so you better do it again anyway next time.
Even I get partway through and I wonder if I’m not getting too old for this internet shit. I guarantee most people are not bothering.
No, just make it a permanent cookie to reject so if the cookies get deleted (as they usually do) you’re back to being tracked
They’ll write “you’re welcome” on your bathroom mirror when they track that you’re in the shower.
Fun fact! If you have outlook on your phone with a work account added, chances are IT has admin access to your phone and can remotely wipe it at any time. Also means that your phone can be collected as evidence if you or the company is involved in a court case possibly related to emails
Ok I’ve tested this with some users that definitely do have their work emails on their private phones and I can’t see what this setting is. Are you sure about this, it seems super dodgy?
Modern way of doing it is via intune: https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe
You can force registration of the device before they can access the environment, and you can enforce all sorts of things.
This is device management and isn’t something that is the default, or comes with Outlook.
A less intrusive method is application management which gives the company control to wipe the account, not the device.
Well yeah, but the question was about wiping the device not the account.
Doesn’t that create an isolated admin environment I don’t think it gives me access to their personal stuff.
Also not part of Outlook, adding a work email to a private device doesn’t register it to the admin environment
If you set up intune correctly (and its a requirement) you can prevent access to the entire of m365 including outlook unless they register their device and you can use allow lists for users who are approved to use their own devices, or just block them full stop while allowing company phones access.
If yours isn’t requiring registration, then its not setup to do so, you can very much enforce it, this is usually done via conditional access requiring that the device is registered before it can get access.
Often admins also forget to block web access from mobile devices, but that’s also blockable via the conditional access settings (and other ways, but conditional is how I would do it). Its not perfect as its using the user agent, which can be spoofed. Personally if the client needs that level of protection then web access should just be blocked for non company devices.
You can enforce that the company is added as a device manager, that’s usually how the device wipe is enforced. Access to personal data isn’t really what you are granting here, it is the ability to remote wipe the entire device.
Its a proper device management system with a ton of options. You can for example force users to only use an approved list of applications on their own device for company data.
There are ways around this. I run Outlook inside of a sandbox, so you can remote wipe the sandbox, but the rest of the phone isn’t accessible to anything in the sandbox even with “device admin” permissions.
There are ways around most things, but you’ll have to define this sandbox on your mobile as a lot of these can be prevented with the right additional product, obviously Microsoft being Microsoft isn’t going to give this away.
Yeah I’m pretty sure that’s how our system sets it up, but it’s supposed to be set up like that not as a workaround, I feel super duper sketchy about wiping it uses personal device. When they leave the company that’s the only section of the device we wipe.
There’s only like a couple of dozen uses on the account that actually use their personal devices. Mostly just the have IT staff and a few managers who need to be emergency contactable.
Just put your work apps in your Work profile.
That’s exactly why Android has this function, so they can only remotely access/wipe that profile. Everything in that profile is kept segregated from the rest of the system.
My school required this. They forced me to grant the Outlook app admin access to my phone in order to be able to add my school email in the app.
To reset a password for work. Apparently eHub doesnt work on Firefox, it has to be edge or chrome. Called the Help Center and they asked if I was using chrome and I said no Firefox. “You don’t uh…have anything like chrome on your phone?” “no, I might be able to access a work computer with chrome but I’m not putting a chromium browser on my device” (it’s there because android, but all its permissions are cut off)
She just had to sit on hold while I logged on on a work computer to reset everything where if they just fucking made a webpage to work on Firefox we could have not had the conversation in the first place.
lol, glad i switched from outlook to protonmail
How did you switch? What about existing email senders like your bank, etc? Are you forwarding your mails?
In general, you just tell them to use your new address, change your online accounts, etc. and for the transition phase, you either forward or, like I did, just have both accounts in your mail app until you’ve reached everyone who needs the new address
I hate that it’s not possible to change your email address easily (or even at all) with some services. Tell me your website backend sucks without telling me your website backend sucks.
The crazy thing is it’s not even banking or finance websites that are ass backwards (as you would expect), it’s other random sites that just for whatever reason don’t have a proper account management.
When you use the email as the account id.
Tell me you outsourced your application without telling me you outsourced your application
This is why you should use your own domain. If you want to change who’s handling your email, you just change your DNS MX record to a new, different host and all your mail ends up there instead. The services don’t have to know a single thing about what’s going on - the next time they send an email out, DNS will simply resolve to the new mail server.
Here is an example of how you would do it with Proton
I do this now, but I’m still stuck with a few errant accounts that still use my gmail from high school / college.
I’ve been working on this for a month or two now, just steady as she goes. It’s a daunting task but worth it in the end IMO.
Also, you can use proton unlimited or SimpleLogin with your own domain and you get unlimited random email addresses for accounts/email lists. it’s a little more work but being able to know where the crap that ends up in my mailbox is from is priceless.
Same thing I’m doing
You can change your email on websites, and you can keep your outlook account while you’re doing it.
I’ve heard that you can’t easily search your entire email history with Proton mail. Have you found this to be an issue?
Coming from Gmail the proton search is a lot worse. Not unmanageable, but by far not as good.
You can always go back to basics and use Thunderbird.
Agreed. Like anything else though, I guess we choose between privacy and ease of use these days.
It’s clunky. Filters and tags make some of that easier, but it’s definitely still hard to find stuff.
deleted by creator
It’s a wonder how Outlook and Exchange Server are used by most companies, many of which have sensitive confidential and proprietary data. Choosing Microsoft is all about having someone to blame for your security problems, not achieving secure communications and storage.
Legal agreements protect how Microsoft can use business’s data.
That then is one third party, one fourth party, one fifth party, …, and one 768th party, amirite?
766 = 365 * 2 + 36
Is this the new Metric to Imperial Windows conversion?
Guess they should change their product name to office365 * 2 + 36
Oh well as long as it’s their legitimate interest, then by all means!
Admiral Ads: We value your privacy
Me: Reject All
Admiral Ads: Some parties cannot be rejected due to LeGiTiMaTe InTeReStS
Me: my legitimate interests are PiHole and uBO then 🙃FYI, tracking based on legitimate interest can be rejected, it just isn’t by default. If you click on “reject all” both tracking based on consent and tracking based on legitimate interests are rejected (at least if Microsoft wants to be in compliance with EU rules on tracking).
The only trackers that can be used even if you click on “reject all” are those that are used exclusively for technical purposes and some very light analytics
at least if Microsoft wants to be in compliance with EU rules on tracking
“if” doing a lot of work in that sentence. Even if the EU comes down on them for this, the fines usually end up being less than the cost of doing business. And it’s not easy to prove in a court in the first place.
I think companies know and understand this, so they just end up doing it anyway and pay the inevitable fine. And that assumes that the fine comes at all - even if they pay a fine for this practice, there are probably so many others that they’re not being punished for that it still makes sense for them to ignore it.
I really hope this is something that gets addressed though, as things are getting absurdly out of hand by this point.
The overriding legitimate interest you speak of is so vaguely defined as to make a simple ‘yeah fuck you, that’s why’ pass the filter
In their defence, that is the correct term for this kind of data processing. Legitimate Interest
Good link, thank you.
Still-- Given that “marketing” is an example of a valid legitimate interest, Ima give that a no thanks.
Same here
It really does shock me, even though it should not at this point, that nearly all governments, even more progressive ones in terms of privacy, are absolutely just watching from the sidelines as the fabric of their own society is deteriorating. Bravo leaders. Bravo. /s
