This disclosure explains that Microsoft and 772 of its partners are scanning the PC on which the new Outlook runs specifically to identify the user, storing and/or accessing information on that PC, delivering personalized ads and other content, and otherwise deriving “audience insights.” A separate “Choose your ads layout” window, also shown only in the EU, explains that Outlook will display dismissible ads in your mailbox by default, but that you can move the ads into a banner above the mailbox instead. Some ads from Microsoft and its partners literally appear as if they were new emails, confusing users. As Komenda notes in his post:
“Thanks to the EU’s General Data Protection Regulation, Europeans are at least informed that a small village of third parties will be able to look at their data. UK users can explore a ‘List of Advertising Partners,’ which shows the disturbing number of ad companies working with Microsoft.
Americans, thanks to their government’s refusal to pass privacy legislation, are never even informed this is happening.”
NOTE TO READERS: a big hap tip to Andy Jenkinson (one of our "go to" contacts for all-things-cybersecurity-and-all-things-surveillance), for bringing this story to our attention. We interviewed Andy about Microsoft and part of that interview can be found at the end of this post, plus a link to our longer video interview with him from late last year. As our regular watchers and blog readers know, Andy is a well-known and oft cited expert in cybersecurity and the complexity of our cyber infrastructures, and the mind-boggling demands of internet security.
Komenda goes on:
Everyone talks about the privacy-washing (new window) campaigns of Google and Apple as they mine your online data to generate advertising revenue. But now it looks like Outlook is no longer simply an email service(new window); it’s a data collection mechanism for Microsoft’s 772 external partners and an ad delivery system for Microsoft itself.
Surveillance is the key to making money from advertising or bulk data sales to commercial and possibly some other organizations. Komenda enumerates how these sucked-up data may be used:
- Store and/or access information on the user’s device
- Develop and improve products
- Personalize ads and content
- Measure ads and content
- Derive audience insights
- Obtain precise geolocation data
- Identify users through device scanning
The write up provides this list of information allegedly available to Microsoft:
- Name and contact data
- Passwords
- Demographic data
- Payment data
- Subscription and licensing data
- Search queries
- Device and usage data
- Error reports and performance data
- Voice data
- Text, inking, and typing data
- Images
- Location data
- Content
- Feedback and ratings
- Traffic data
Wow 😳
I particularly like the geolocation data. With Google trying to turn off the geofence functions, Microsoft definitely may be an option for some customers to test. Good, bad, or indifferent, millions of people use Microsoft Outlook. Imagine the contact lists, the entity names, and the other information extractable from messages, attachments, draft folders, and the deleted content.
NOTE TO READERS: the issue is so critical the New York State Bar Association added a pop-up session on the issue to its Annual Meeting this week in NYC. IT teams at law firms, accounting firms, etc. are doing full investigations.
For more information about Microsoft’s alleged data practices, please, refer to the Proton article linked above. To be clear, Microsoft does not use personal data in email to target ads. But Microsoft’s privacy statement explains why it doesn’t need to do that to build a profile of you, as it targets ads based on “your interests and favorites, your location, your transactions, how you use our products, your search queries, or the content you view.” It then sells that data to advertisers and other online entities, including service providers.
Microsoft’s expanded push into advertising was no doubt triggered by Google’s successes in this market, and the firm announced in 2021 that it wanted to double the size of that business to $20 billion. But Microsoft is now “addicted” to these revenues, Komenda charges, which is why it has expanded its customers exposure to advertising.
Yes, Komenda's firm Proton sells privacy (last year we wrote about the release of its native email client) and so you may view these charges as self-serving. That’s fine, but be sure to read the Proton blog post in full, including the many links it has to other examples. We've made this point about Microsoft Edge, and, in particular, Andy Jenkinson has made the same point: it’s pretty clear that Microsoft today is, in Komenda’s words, no different than the Googles and Metas of the world. And that is a problem.
We certainly became uncomfortable when we read the section about how MSFT steals your email password. Imagine. Theft of a password. We'd like some verification on that. I mean, gee: our "favorite" giant American software company would not do that to me, a loyal customer, would it? And you guys are so buddy-buddy with OpenAI. Golly, Aunt Bee!!
|