Slashdot Mirror
Microsoft Promises Not To Snoop Through Email
An anonymous reader writes "Microsoft took some much-deserved flack last week for admitting they examined the emails of a Hotmail user who received some leaked Windows 8 code. The company defended their actions at the time. Now, after hearing the backlash, Microsoft General Counsel Brad Smith says they will not do so in the future. Instead, they'll refer it to law enforcement. He wrote, 'It's always uncomfortable to listen to criticism. But if one can step back a bit, it's often thought-provoking and even helpful. That was definitely the case for us over the past week. Although our terms of service, like those of others in our industry, allowed us to access lawfully the account in this case, the circumstances raised legitimate questions about the privacy interests of our customers. ...As a company we've participated actively in the public discussions about the proper balance between the privacy rights of citizens and the powers of government. We've advocated that governments should rely on formal legal processes and the rule of law for surveillance activities. While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us.'"
Translation: "Sorry we got caught. We'll be more careful to not get caught next time."
Microsoft != Facebook
Ok...
A feeling of having made the same mistake before: Deja Foobar
I'm reassured.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Wasn't scaremongering about Google reading your email part of their stupid ad campaign?
If Microsoft could read, couldn't they also inject crafted evidence into his account? Might be a nice way to take down opposition...
"No, but understanding is not required, only obedience."
It's 'flak'
"Scroogled" sounds like something Jerry Seinfeld would come up with.
sorry for any bad MS - Seinfeld associations that brought up, complimentary mindbleach on the table by the door.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
While our own search was clearly within our legal rights
After all, we gave ourselves the right to read your emails.
...then I'll believe them. Until that point I'll anticipate them reading all my email.
Other than iOS which requires being spoon-fed by special enterprise software, virtually every desktop OS supports PGP, GPG, S/MIME, or a combination of the above.
Maybe it is time to stop bellyaching about who is doing "less /var/spool/mail/ihatemymommy2012" and start working on a PGP/gpg web of trust, or just pay the small fee from a CA to use an E-mail client cert, if one wanted to go the S/MIME route?
End to end encryption is the only thing that makes sense. Even back in the early 1990s, the cypherpunks were able to grasp this concept. Trusting the mail provider, no matter how secure they are is always going to fall short.
from Google? MS just admitted they lied so that would have made the Scrroogled ad campaign a straight face lie?
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
They said:
Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.
One narrow circumstance that probably won't happen again. In all other circumstances they can read the customer's private content?
T-800: "I swear I will not kill anyone."
Yeah, right!
I believe it was Thawte did/do free certs for email for non-commercial use. I would prefer php/gpg though.
Edit: did. Ah well.
(Just kidding, Slashdot has no edit function)
Cause if there was an edit function, that would read pgp, not php :)
I feel better already!!
Just to add a bit more, though some email clients do have encryption built in, their tools for handling the certificates and encryption and trust are woefully inadequate. If a client was built from the perspective of encryption first, some ground might be gained.
Though even then, you start running into corporate mail filters etc. My brother's company (West Sussex County Council) email filter would silently reject my emails that were just *signed* by me. When I contacted their mail administrator about it, I received a very shitty reply.
I believe it was Thawte did/do free certs for email for non-commercial use. I would prefer php/gpg though.
Edit: did. Ah well.
(Just kidding, Slashdot has no edit function)
CAcert.org and StartSSL offer free client certs.
While CAcert's root is not included in browsers and mail clients (thus people you communicate with will need to install and trust the CAcert root or they'll get scary warnings), the StartSSL root is widely included. StartSSL is totally free for "Class 1" certs (domain-validated server certs or email-validated client certs) for non-commercial purposes. Class 2 certs (identity-validated server and client certs, as well as organization-validated certs for organizations) only charge money for the validation, but you can issue as many certs as you want for yourself (or your organization, if you get the org certs) at no extra cost.
He wrote, 'It's always uncomfortable to listen to criticism. But if one can step back a bit, it's often thought-provoking and even helpful.
Which only means, We fucked up royally, violated trust, and broke the law. Every single one of our customers are 100% justified in no longer using msn, outlook.com or hotmail for email and moving to more trusted entities, because we are complete douche-bags and in the end, even though we are stating we will never do this again we will still do so again, on a daily basis, but we learned not to say anything.
No lawyer can be trusted, even more so when they are the talking head.
How about they build an encryption API right into their service? Encrypt the message locally before it ever goes to the network. Oh, they don't want to do that. I see. So Microsoft promises to not read your mail, while retaining the ability to easily do so whenever it's convenient for them. That makes me feel so much better.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Pinkie or cross-their-heart?
If you're going to steal IP from a company, uh... maybe... just maybe... you shouldn't use their cloud service to get and transfer the goods?
You think they'll get warrants?
Note they didn't say they'd update their ToS removing their right to do it. Are we supposed to rely on their good will and pinky promise not to do so?
Microsoft don't need no steenking warrants!
-- Tigger warning: This post may contain tiggers! --
Wait ... they're serious?
With all the braying about "scroogling", and the fact that we've all known Microsoft had both the capacity and intent to do the same damned thing ... can we simply start calling this Moogling?
Sorry, but when you run a campaign about how everything is an add and they're looking through your email ... and then everything you do is an ad and they look through your email, well, people might notice.
Lost at C:>. Found at C.
but seriously, do you think the other majors are much better? There is anecdotal evidence galore that most IT companies cooperated to a greater or lesser degree, with the NSA, law enforcement, and so forth. Also that they use/used their technical capabilities to investigate whenever and wherever they have had a concern.
Brad Smith at least sounds like a human being and not someone reading a prepared statement. And he's moving in the direction we all say we want. While I agree that we need to watch for implementation of these statements, I don't think we should reject the statements themselves. That's just cutting off our noses to spit our faces.
Reward good behaviour and punish the bad. That's just basic psychology. And for those who think that MS is simply evil, I believe they turn their backs on changing the behaviour of a major IT player. Not to mention degrading the meaning of the word evil.
I had similar happen back in 2010 when a would-be employer called back and started threatening me about legal ramifications about sending them malware, and send me a $7000 "cleaning" invoice from Geek Squad.
Further discussion found that the HR person thought the ribbon icon that shows a signed E-mail was malware that seized his machine, so the company called GS to have every computer in the business "fixed".
...great about this actually. I just need a cup of tea to enjoy's Microsoft's downwards spiral,
flak: anti-aircraft fire
flack: a public relations professional
... of fucking assholes. Seriously. How on earth can their PR department sleep at night? By ignoring the facts? By ignoring what they know? It should be a law, that people in those positions should be held liable for what they contribute to - privacy invasion.
This story was a good lesson for people. This is why you don't use third party services for your mail. Or for anything else important really. If its not on your own server don't use it. You can't trust someone giving you a free service, I won't trust anyone giving me a low cost solution either.
When an organization says this was terrible and will never happen again, the absolute minimum people should demand is the following: The person making the decision was fired. They were offered no special severance. Any severance given was publicly stated. The person was named publicly. A statement is issued that no consideration of any kind was offered to the employee either directly or indirectly.
This may seems rather involved, but is completely necessary in these political-like situations. Otherwise the designated fall guy gets to fall upward into a cushy job offered by ad associated company. And no real pain is felt by the people responsible.
Who's the braintrust that decided to use a Hotmail account to coordinate the stealing of Windows source code? Ignoring the expectation of privacy for a moment, that was just plain dumb.
Especially (or even?) in Slashdot.
1) encrypt it... on the client side? with which key? the sender? how whould then the recipient read it ?
2) good bye spam filters
I've never considered Microsoft 'evil.' Self-centered and only looking out for only it's own interests,ya but that's pretty much par for the course with most corps and people. I still hold corporations and people accountable. I always have. Just as with Yahoo giving the PRC the contents of an email account resulted in the closing of my accounts with them, so that is what has happened with Microsoft. These weren't the 7 GB freebies either. I'll wait and watch to see if their is an actual behavioral change, are corresponding change in the ToS/EULA. Promises don't mean a thing here. Change.
"[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
And Adolf Hitler promised Stalin he would not to go to war with Russia. We all know how that turned out.
And still is.....hypocritically...
When Hotmail-Boy invades your privacy, that should probably be called MicroScrewing. But unlike Google that want to hit you with all sorts of advertising, you can sleep more soundly knowing that Hotmail-Boy is just trying to build a criminal case against you.
By the way, when Microsoft called for Safari users to boycott Google for privacy violations and switch to Bing, they probably should have also noted that Bing's privacy statement required Bing users to also agree to the Google Analytics privacy policy. So, they want you to boycott Google by agreeing to yet another Google privacy policy.
Thank goodness Microsoft is working so hard to protect our privacy. With friends like them ... *sigh*
Wow, someone at Microsoft thinks they have some credibility left after all these years. Proof that newbie PR interns do have some value.
Everything in the Universe sucks: It's the law!
Why I don't use their stuff: If I have valuable private information, I want it to stay that way. How many back doors does their software have, straight to the NSA? How many back doors does their software have directly to a massive information retrieval and recovery system that they use to gain competitive advantage over any other company, and if not for their own corporate use, then to be able to sell to other companies who are competing against me! I cannot audit their code because I don't have access to it. Some people don't have the ability, so they have no interest. I can read and audit source code. But not when its compiled into binary (at least without a massive job of reverse engineering it). Quite frankly, this time they got caught. How many other times have they done it? Only an idiot would give another company the keys to the company safe like this. But there are so many idiot companies out there that do.
Don't you rather have you mail server serve you: - relevant, targeted ads - or warrants.
PlaysForSure: Cancelled and abandoned. Forced people to repurchase media they already paid for.
Windows Phone 7: Osbourned and abandoned.
Games for Windows: Cancelled and abandoned.
You see the reason they fessed up is because court documents revealed what they did.
Just when you think this pathetic company couldn't get any lower. To be a Microsoft employee is in essence to be a scumbag. And to think these pieces of garbage had the audacity to run a smear campaign against Google while they manually snooped through the documents and emails of a blogger.
This is nothing but PR bullshit trying to cover up their incompetence. This will never go away. Nor will any lip service make it any better. Get used to it Microsoft because you're never going to ever shake this, you're now the LCD.
Why is it so often that Microsoft figures something like this out only after "listening to criticism"? They really couldn't figure out that people didn't want them reading through emails, or treating those emails as Microsoft property? Or that people wouldn't want always-online DRM in xbone? Or that Windows users don't care about their start button? How little effort are they putting into thinking about what people want? Or do they think they can just keep doing what they want regardless?
Another fantastically insightful post without an author to attribute it to.
Suborbital [spaceflight] is the special olympics of spaceflight. - Rei
I realize in the modern world it's impossible to not do business with MS, but I can move in that direction. I will do so now because two recent events show the nature of the company.
As most of you know, Bill Gates (who now claims to be sort-of detached from his company) came out against Snowden. He used a fake argument, so the motive must be money - money from the government taking from the people.
And now, of course, we know MS thinks nothing of perusing private emails. Although this may be allowed in the fine print of the TOS, it's not the part of the advertised-image MS projects, and MS's repeated defense that doing so was within the law won't help it on the ethical front.
I know many of you have serious monetary disputes with MS, and that is where your MS-disdain springs from. I previously ignored those disputes because I was too lazy to learn the details. But I see your point now without going into the details. A monster company with no ethics is a true monster.
(||) Nehmo (||)
The difference is that, with the right key information, one can be decoded, the other cannot.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
oh ok. Its enough that i promise to repay my loans right? we don't need any paperwork....just a promise
Chris Christie has announced that he will not be closing any bridge lanes.
Another fantastically insightful post without an author to attribute it to. -- Why are all the good posts submitted as --AC?
Because they don't want to lose their jobs, etc., etc. ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Your word means nothing. We already had that promise and you broke it. No we don't want another empty promise. You promised Windows 98 would be faster, and the only thing it was faster at was crashing, using up all a computer's memory to encourage upgrades, and catching viruses. You been promising that for decades. Why should this promise be any different?
Sadly, a Libertarian cannot force his views on another, and freedom cannot spread as does the cancer known as religion.
Could you elaborate a little?
If you're working somewhere that you can get fired over posting an opinion Slashdot, you shouldn't be surfing slashdot @ work (Original Post @ 4:46PM).
Suborbital [spaceflight] is the special olympics of spaceflight. - Rei
Oh. Just got it ;)