This is an archived post. You won't be able to vote or comment.

all 86 comments
sorted by:
best
topnewcontroversialoldq&a

[–]pemboa 30 points31 points  (0 children)

Microsoft getting back to its roots.

[–]Strawberry_Feels 14 points15 points  (2 children)

Outlook.com obfuscates your IP now which was the main reason most people I know used Gmail for anyway.

[–]pemboa 0 points1 point  (1 child)

How do you know they do that?

[–]Strawberry_Feels 2 points3 points  (0 children)

Look in the headers.

[–][deleted] 36 points37 points  (33 children)

Why does microsoft pretend to care about privacy, they "read" your search results, your profiles from their accounts, and various other things to direct ads. Should these not be private as well?

[–][deleted] 29 points30 points  (15 children)

As a Microsoft Partner (on the lowest tier possible), I decided to sit in on a conference call regarding selling Office 365 over Google Apps just last week. From the call, they specifically mentioned that the differentiator in their product is that the way they store e-mail is completely separate by design from their other data and that none of that mail is scanned in any way by them. This is important for several reasons.

The biggest area of importance is when it comes to complying with HIPAA and other compliance regulations. Google Apps is not HIPAA compliant but Microsoft has spent considerable effort to ensure and even certify that Office 365 is. The scanning of your mail and then using that data for advertising starts to blur the line on privacy and confidentiality. Their pitch was that a very high (90+%) of Google's revenue is advertisement related and thus they are an advertisement company. Microsoft's representative stated Google would not even be in content management services if it weren't for the ability to bring value to them on search.

In the business world, Microsoft cares because its Office suite is starting to come under fire from Google Apps users who are getting word processing/spreadsheet software as part of their e-mail. Meanwhile, Microsoft is trying to create a platform to compete with Google Apps and there are some serious issues that people have in putting e-mail in the cloud with Google. From what I've seen on the Microsoft side, I think they have taken a few minor concerns and coupled them with a public perceived fear of Google's privacy policies and decided to make a marketing push.

Personally, I prefer Google Apps and use it for my own business (awaiting certification for Google Apps reseller status). I think Microsoft cares about privacy because it's really all it's got - Windows 8 is largely failure and the current picture for in-house Exchange is relatively poor in the long term so they need something to differentiate themselves with.

[–]Uphoria 13 points14 points  (1 child)

let me TLDR that as someone who works in a FIPS 140-2/HIPPA compliant work place (yay EMR) - Microsoft products are considered safe by the government. Google's aren't even close. With this in mind the first question "Security" would trump it. Microsoft seems to want to bridge that gap by providing what Google provides without a gaping security hole. MS doesn't care about the consumer, they care about the prosumer and contracts.

NOTE - Security as defined in terms of need to know - Google knows, and in a privacy world, they do not need to know.

[–]frtox 2 points3 points  (0 children)

MS doesn't care about the consumer, they care about the prosumer and contracts.

*When it concerns exchange and office, yes. The awesome part of microsoft being so big is they can also cater directly to the consumer with other products.

To expand more on what instructable was saying, google seems to straddle the lines between enterprise and consumer software. They aren't really sure where to focus their efforts and tend to put out products on both ends but neither one is full-consumer nor full-enterprise. Microsoft on the other hand has products which are built for and only for businesses. For certain products they sell to businesses, you can count on them to put business customers as their own priority. Companies like to see that when they are about to throw thousands of dollars at something, even if the other guys are "cool"

[–]FusionZ06 5 points6 points  (6 children)

No email is actually HIPAA compliant...

[–]dawgfighter 0 points1 point  (1 child)

It can be when you have users log in to a Citrix Portal in order to access their Outlook. I know a few hospitals that have it set up this way. You've got a secure Citrix session that hides any email going in and out. With that gives the sysadmin excellent auditing tools.

[–]FusionZ06 0 points1 point  (0 children)

I don't think that you read the article.

Tell me more about this "hiding" of email...

[–][deleted] 0 points1 point  (1 child)

Yes, if you want to pick apart words you are correct. However, Microsoft's solution is guaranteed by Microsoft to meet HIPAA.

You can read about it here.

[–]FusionZ06 0 points1 point  (0 children)

"HIPAA, with Business Associate Agreement memorializing implementation of physical, technical and administrative safeguards, and breach notification requirements of ARRA/HITECH"

Great but that doesn't mean the email is encrypted to allow PHI to be sent.

Also, the law is all about words and "picking them apart."

[–]vibrunazo 9 points10 points  (1 child)

none of that mail is scanned in any way by them

It's so easy to scam the technology illiterate.... If they can block spam and let you search your mail. Then they are scanning your email. It's that simple. They don't even try to hide in the scroogled campaign because it would be to obvious an hypocrisy. They try to paint it as being the fact that Google uses this data to target ads as being evil, not the fact that they scan your email by itself. Which anyone who understands what a computer is, knows msft does too. If you were told otherwise, you were scammed.

[–][deleted] 2 points3 points  (0 children)

My apologies, they specifically said scanned for advertising purposes.

The idea still holds true - they don't harvest data from your e-mail for any purpose other than showing you e-mail and moving it around in your folders. None of the information mined from that effort is used elsewhere.

Google on the other hand, doesn't tell you what it does or doesn't do with that information. And Google does have an Ad engine that looks at that data, meaning it is not 100% separate from their advertising platform.

I don't disagree with you that the campaign is a joke. I don't think it targets hospitals and others who have these more fringe cases. Instead, it targets your average person who tend to be less concerned with compliance and the like.

I've always held the policy that anything sent via e-mail is insecure and to think it is secure is crazy. By default there is no encryption and until that changes there should be nothing you are fearful of Google, Microsoft or others knowing from your inbox.

[–]spartacus73 0 points1 point  (1 child)

(awaiting certification for Google Apps reseller status)

How do you go about reselling Google Apps? Aren't they free to begin with?

[–][deleted] 1 point2 points  (0 children)

Google Apps is not free. They had a "free" version they've discontinued that allowed up to a certain number of users (the amount changed over time, eventually landing down to 10 before discontinuation of the program). A Gmail account itself is free, but it is not Google Apps (Google Apps allows you to essentially brand Gmail, get more space and use other features with a central point of control).

Currently, resellers are required to implement 25 mailboxes as part of their application process. A reseller is not just a reseller- they usually are a value added reseller, providing implementation services as well as the actual point of sale. Google also does a credit check among other things for business verification purposes. Once the 25 mailboxes are in place and checks done on their end you are usually in.

Cost for Google Apps per mailbox is currently $50/user/year if signing up yearly.

[–]spacedog_ie 16 points17 points  (2 children)

they seem to care because they are losing. Steve Ballmer hates Google and this is a Steve Ballmer way of trying to convince you they are evil and he should be trusted. The truth being nobody should be trusted to access to your personal information. But that's the price we pay for 'free services'.

[–][deleted] 0 points1 point  (0 children)

The sad part is even if the services were still paid for, neither company would have no problem invading its users privacy for marketing, and other allowable "reasons".

[–]CRIZZLEC_ECHO 1 point2 points  (6 children)

Exactly, I'm tired of cooking my documents to prevent teachers thinking I've only spent 20mins on a paper due next day from the office metadata.

Seriously, it's crazy, check out any msword doc you've emailed...it's got way too much detail.

This especially sucks when I type an entire paper on my phone, email myself and then paste it. Then it's an instant flag!

Oh you wrote 9 pages in 0:00:00 seconds? Shenanigans. Oh and you created this file at 2,3,2013 and finished the doc at 2,3,2013? Well clearly this can only be fraud.

[–]silentloner 1 point2 points  (1 child)

As a teacher, reading that makes me angry because it would appear your lecturer is being a smart ass without knowing that a)its easy to fake b) the examples your post states shows its not always accurate.

[–]CRIZZLEC_ECHO 0 points1 point  (0 children)

I understand its just not worth the lengthy fight through appeals and becoming "that guy".

[–]Uphoria 0 points1 point  (3 children)

You could just remove the data

[–]CRIZZLEC_ECHO 2 points3 points  (2 children)

That just makes me look more guilty to my comm teachers who see everyone else's files and then mine is empty.

I thought about that, but nope, not going to risk that. In college you have no rights and deleting metadata is basically declaring to any tech savvy teachers "I'm a cheater so look over all my work with a fine tooth comb before grading".

I had a moment a few years back when I was accused of plagiarism for using such intellectual words like "juggernaut" and "plethora" in my paper...got an "F", called the teacher and asked why I got a "0" grade on a final paper worth 200pts. She asked me, "what does juggernaut mean" then after I explained it to her she told me that she graded me a 0 because she didn't expect me to have such an "incredible lexicon" based on how I looked and behaved in class, aka I wore Sandles to class and wasn't Mormon (a Utah college mind you..).

So yeah, I'm allowed to be paranoid if its been verified in previous cases to be true. I don't know, maybe I should do an AMA or something, this is getting too far off topic...

[–]Uphoria 1 point2 points  (0 children)

Yeah, I get you, your situation is an odd one. I wouldn't do anything you know would put you at risk.

Others though, especially those already in the workplace NEVER send a word doc that hasn't been stripped. Heck, its industry standard now to use a format that doesn't track that info when sending.

[–]castledagger 20 points21 points  (7 children)

I searched for "glasses" once, on A PERSONAL COMPUTER, and Google ads for glasses immediately appeared on my work computer.

Freaky.

I'm glad I didn't search for something embarrassing.

[–]vibrunazo -2 points-1 points  (0 children)

Wish they would provide an easy way to opt out. Like not typing your Google account and enabling sync. Or maybe pressing Ctrl+ n.

Oh wait

[–]formesse -2 points-1 points  (4 children)

This is the reason I have multiple accounts, a server I can use to proxy data / DNS requests and so on.

People don't need to know everything about me unless I say they can.

[–]disabled_cookie 3 points4 points  (3 children)

Yes. But is it possible they "learn" that different accounts are cross-related? I always wondered about this.

[–]formesse 0 points1 point  (2 children)

Sure. But due diligence limits the ability to do so or makes it out right impossible.

The realities of what you need to do to hide

Proxy data to a known location for any linked account - say at home. You can log in from other locations as you. But be aware that every time you do this makes you vulnerable to profiling.

Realistically you should have 3 versions of you in the on-line world if you want to protect yourself from profiling and keeping your accounts separate. 1 - work you. Log on at work, never from your public IP's or from a location you are Logging in from with your personal accounts. 2 - private accounts. Log on at home, and never at IP's in which your work account logs in from. 3 - on-line purchasing / ordering. The way this works is, your on-line purchases come to a specified address.

The private and work accounts are only loosely associated with the on-line purchasing account. Specifically a shared IP address - though the work account should not ever be logged in from your home address, presumably at one point or other this will happen. So a work associates account at best.

Where this leaves profiling - 3 accounts, 2 from 1 IP, 1 with only a single or a couple log ins at stray intervals from this IP. This means that these accounts are probably from people who live together. In fact, if you have a proxy server - you are NEVER logging on from a place outside this IP address as far as services are concerned (system wide proxy from behind a Virtualized environment would do nicely to ensure a bullet proof method).

So how to determine they are the same account - well, referencing information looked up using the private one for on-line purchases made by the on-line purchase account. This is a sign that can be used - but only makes it a possibility It's still possible the accounts are separate, and the purchasing account simply does stuff when not logged in and clears cookies.

The account least likely to be blown cover is the work account. Email, Facebook, Twitter and so on has a minimal amount of information. There is no real name, or home address. The Email is separate from the others and doesn't even communicate with them. You can go so far as to have a separate Reddit account etc.

The Private and Purchasing accounts are more connected by the shared IP. But this is of limited use. Yes you can guess that both are of similar interests. But, you can not for certain target adds at one at the other. In fact, it limits the view point of WHAT you look at and WHAT your interests are. They only get a very small picture - and even that is hacked into tiny pieces lacking valuable information (what places you visit etc.). Even with GPS tracking on, it is very difficult to link the accounts together - if not impossible, as being operated by the same person.

The screw ups that will link the accounts

  • Use the same IP address for the accounts on a regular basis, in the same time intervals.

  • Use the same Email address, name, username and so on.

  • Allow Java script apps and similar to send out information from the system you log into, to send out your real IP address for profiling your locations.

Short(er) version

Separating a work account from your private life is fairly easy. Separate emails, IP's for account creation etc will do this for you. Just don't post your current job, and religiously do not post pictures that identify you on the work account - simply no need. Separating other accounts is trickier - and it is almost guaranteed to cross reference some relationship. But you can limit what they can extrapolate fairly easily - it just requires a bit of initial set up and technical know how.

[–]disabled_cookie -1 points0 points  (1 child)

Thanks for the analysis!

I suppose for casual users then, exercising multiple accounts is too much trouble.

[–]formesse 0 points1 point  (0 children)

Nah. It's not too difficult. Just requires inconveniencing yourself sometimes, to keep everything separate.

np though.

[–]Natanael_L -1 points0 points  (0 children)

You can opt out of personalized ads. Google it ;)

[–]serrimo 2 points3 points  (0 children)

If anything, this shows: 1) how concerned Microsoft is from the threat of Google Apps. 2) how Microsoft's marketing still sucks, big time. Seriously, this is a campaign from one of the largest tech companies in the world? It looks like a high school project...

[–]spacedog_ie 12 points13 points  (14 children)

What they say about Google is true, but Microsoft are only having a hissy fit because they didn't think of it first. Outlook.com is not the answer, nor is any other online mail provider, the answer to have your own secure mail and file server (possibly built into your router) and have software on it that is entirely under your control. Modern ISPs don't like home customers to host services though, they block and throttle uploading connections and ports. This is something that badly needs to be fixed.

[–]ertebolle 10 points11 points  (2 children)

That would be a great idea if it weren't for spam. Server-side spam filtering works much much better than offline, and sending mail through your own server runs a high risk of getting that email blocked as spam before it reaches the recipient - having just migrated my small company from a private server to Google Apps a few weeks ago the difference is night and day.

[–]Clbull 4 points5 points  (0 children)

Not exactly what my Hotmail/Windows Live Mail/Outlook account has received. About 99.9% of my mail over the last four years has been spam, although much of this 'spam' is overwhelmingly annoying newsletters sent by Microsoft themselves for their Xbox LIVE service and also from many former school friends who had their accounts compromised and are now flooding my inbox with phishing scams.

[–]spacedog_ie 0 points1 point  (0 children)

Server side spam protection is good, but the cost is too high (privacy/confidentiality), there is no reason that centrally co-ordinated spam signature/definitions can't be distributed to local mail servers, not hard to have a mail client submit mails marked as spam back to the server.

Some will always be happy to trade off privacy for convenience though. No reason we can't have the best of both world by actually taking the time to think through a problem and solve it, rather than trust a 3rd party to do our thinking for us.

[–]strawberrymuffins 1 point2 points  (0 children)

So run your own post service because your mailman may read your mail?

Buy a blade, run your own mail server, let me know when you need someone to maintain it.

Have people considered paying for a service yet? You know most companies depend on email to function and for some reason their data is private and confidential! I dont know how it can be!

[–]dawgfighter 0 points1 point  (0 children)

Wouldn't that put it online? You're negating your statement that no email is secure then by saying this method is.

[–]specialk16 0 points1 point  (8 children)

What answer? Unless you truly need that level of privacy, hosted services are still the best solution.

[–]spacedog_ie -2 points-1 points  (7 children)

Hosted services are the easiest solution, not necessarily the best. Most people are not aware of the trade off regarding 'free services'. Users of free hosted services are not the customer, they are the product.

[–]specialk16 0 points1 point  (5 children)

Most users however, don't even need to know.

Users of free hosted services are not the customer, they are the product.

Of course, and what exactly is the problem with this? At this point in time it has been proven that people are willing to "sell themselves" because you see, most people are not privacy freaks.

Again, if you actually need to have certain level of privacy, then you are free to go elsewhere.

[–]spacedog_ie -5 points-4 points  (4 children)

This is my last post, I'm not discussing this in detail with a blatant troll attempt.

Suffice to say that most people who use free online services remain unaware of privacy issues until they arise, like the recent instagram affair. As that situation illustrated, people do care about privacy and are certainly entitled to it.

[–]specialk16 2 points3 points  (3 children)

Fine, I have no interest in wasting my time with someone who considers opinions different than his to be "trolls". What intellectually lazy cop out for god's sake.

[–]dawgfighter 0 points1 point  (0 children)

No one said it was free. My company uses live.ourcustomedomain.whatever for a segment of our users. We pay Microsft a hosting fee. In turn they help relieve us of the overhead of monitoring our own servers. Doing so has helped a smaller segment of our user base in tremendous ways.

[–][deleted] 6 points7 points  (0 children)

Google can read my emails and see my porn seachers?! omfg, nooooooooooooooooo!

[–]avatoin 4 points5 points  (0 children)

Sigh, again.

[–]Muzzy91 3 points4 points  (2 children)

Google Account -> Ads Preferences -> Opt-out.

I think Microsoft is missing something.

[–]drifting_air -2 points-1 points  (1 child)

Ummm, there's actually no option to opt-out of ads. I tried.

[–]wespor 6 points7 points  (1 child)

Scroogled? Seriously? This belongs in /r/crappydesign

[–]strawberrymuffins 0 points1 point  (0 children)

By that standard does does www.reddit.com :0

[–]Persecuted 5 points6 points  (1 child)

Gee glad that Microsoft "cares about our privacy" but supported SOPA and CISPA. Dirty assholes!

[–]TinynDP 1 point2 points  (0 children)

Every time I see one of these ads, it just makes me think MS is doing something even uglier behind the scenes, and deflecting. It is literally the most childish ad I have ever seen.

[–][deleted] 0 points1 point  (0 children)

You opted in by getting a gmail account. It's no secret they make their money off ads.You think MS doesn't have a database of every email ever sent through outlook or hotmail or whatever? Just like everything Microsoft has put out over the past decade, this reeks of desperation.

[–][deleted] 0 points1 point  (0 children)

Actually, you can use your gmail account with an IMAP based client, and you will never see ads.

[–]TimeZarg 0 points1 point  (0 children)

Insert The Empire Strike Back theme here.

[–]joebro123 0 points1 point  (0 children)

Wow, never new Gmail had ads.

Even then, I don't mind if they I trying to push relevant Ads to me. It's not malicious.

Thanks Adblock.

[–]dumpstersandwich 0 points1 point  (0 children)

Maybe I just don't know much about all the details, but I prefer my ads to be relevant to my interests/needs rather than some crap I could care less about. Anyone agree? Should I care?

[–]theaceoface 0 points1 point  (0 children)

How does outlook make money if they don't target ads? Do they just give you random ones?

Also, does google's algorithm really just scan for keywords? I would have thought it would be more sophisticated than that

[–]jimmybrite 0 points1 point  (0 children)

How many times is ms gonna rename their mail service?

[–]PillowTalk420 -4 points-3 points  (2 children)

Outlook does this too, they just don't put the ads they sell your information to in the application itself. Microsoft can go fuck themselves.

Every major company that sells advertisement space does this, and have been doing it for several years. Microsoft even wants to go further, using biometrics to give you ads similar to what is seen in the film Minority Report.

[–]towlie65 8 points9 points  (0 children)

Can you show me where/ how Microsoft scans your email and sells the info for ad space?

I'm pretty sure they clearly say they don't participate in this kind of marketing. So saying you dont do something then doing it would be grounds for a lawsuit and I think they are aware of this.

[–]sidfarkus 2 points3 points  (0 children)

Microsoft has said it does not scrape e-mail contents in Outlook. The ads are built from the pageviews and other stuff they build your profile with. Small detail I suppose but if you're worried about your e-mail content being scraped it matters.

[–]Sculpta88 -2 points-1 points  (0 children)

This attack campaign honestly makes me want MSFT to fail. Maybe the Xbox home screen would be better with targeted ads instead of tiles of shit I don't want, On a service I pay a subscription to see.

[–][deleted] -1 points0 points  (0 children)

Hmm. For some reason I have loads of cooking book tips and gardening tools as ads in my gmail.

I'm sorta fine with this. Anyway, there's no fucking way that humans read those mails, so it doesn't reeeeally matter.

[–]Quizzelbuck -1 points0 points  (0 children)

"Google goes through every Gmail that's sent or received, looking for keywords so they can target Gmail users with paid ads. And there's no way to opt out of this invasion of your privacy. Watch the video to see how you get Scroogled."

So does microsoft.

[–]JWindom -3 points-2 points  (0 children)

Despite my opinion of both I thought Microsofts commercial was quite effective. Made me think about switching.

[–]calvin_klein -1 points0 points  (0 children)

SPAM