heise.de wrote about it more than half a year ago:

https://www.heise.de/en/news/Microsoft-lays-hands-on-login-data-Beware-of-the-new-Outlook-9608798.html

@nielsk Don't use Outlook (no matter whether old or new) I'd suggest to make the message more universal and understandable for people

@nielsk you can stop the sentence after "Outlook".

#Windows #mail

@nielsk The mobile Outlook app (on at least iOS) does this for many years.

@nielsk That is one of the grave faults of Outlook. One other critical one I've found is that people are still using it⸮

@nielsk If I remember correctly I saw a setting before asking if I want to sync third-party mail to their cloud… maybe they turned that ON by default

@nielsk i've seen this behavior in Outlook 2019 as well. With some new accounts (don't know what triggers this behavior) every traffic for external imap accounts goes through Microsoft. IT was luck to see that, as some clients couldnt establish a connection and others could. Completely random.

@nielsk Century Link requires ISP users to use their outgoing e-mail server so they can monitor your traffic and content. They allow other incoming e-email servers. AT&T is worse. They limit what domain names users can send or receive through their e-mail servers. I can't send or receive e-mail rom my own domain name and Website host. I have to wait for when wifi is available.

@nielsk Yep, spy-ware, and great fun when you only have locally accessible mail servers.

@nielsk

My rule of thumb is: if it's Microsoft, don't use it.

@nielsk @Maker_of_Things google and microsoft. Nothing good comes out of them .
When it comes to security, microsoft is just a joke atm

@nielsk don't use windows 11

@nielsk it’s by design - they sync all emails and contacts to the Microsoft Cloud, for non-Microsoft mailboxes: https://support.microsoft.com/en-gb/office/sync-your-account-in-outlook-to-the-microsoft-cloud-985f9e19-d308-4e85-9d1d-0c6f32f8e981

@nielsk you spelled “don’t use windows 11” wrong 🤣

@nielsk I just switched to Thunderbird for that reason...
Outlook (New) is a mess, it won't allow you to manually configure a mail server, so if it doesn't work automatically, you're out of luck

@nielsk then let's not talk about how it manages email images.

@nielsk and the 365 web client I'm forced to use for school keeps begging me to try adding external accounts

@nielsk Classic MITM attack (Microsoft In The Middle)

@nielsk do you mean that they tunnel imap connections through their servers?

edit: wow ok we didnt know.

@nielsk I call that email client "Micro$oft Lookout!" for good reason.

@nielsk
I would personally advise not to use Windows and other Microsoft Products at all if you can.

@nielsk The only email I use with outlook is my work exchange server. They already have access to whatever they want, and they are limited by contract, whatever that's worth. Everything else is a nah.

@nielsk This is also the case for the Outlook Android app (maybe iOS too). My organization blocks Microsoft servers from accessing our mail servers and automatically sends a mail to affected users that they must immediately change their password.

@nielsk Outlook Mobile has been doing this for at least half a decade now. It's why we banned it at $BigTechCompany where I used to work.

@nielsk this can be extended to don't use outlook (any), and don't use windows 11. I appreciate many folks have no choice.
I'm not some militants anti MS nutter though: Word v6 through to office XP was excellent, and i still like windows 10 when I have to run things that aren't available in other environments.
This redirecting your mail traffic is just nasty though, means your server creds have been exported (along with all your email, obvs).

@nielsk @pluralistic holy shit that is monstrous.

@nielsk Not being able to open .PST files is a sufficient reason to not use it.

@nielsk have not used outlook since they told me they lost my password,i wont be at the office today or the next or the ones after365

@nielsk What does this mean? Break it down for me, your friendly neighborhood layperson

@nielsk

Thanks for the warning.

I have been happily using #mozilla #Thunderbird for years.

@nielsk It's a web app wrapped in a browser shell. All privacy concerns aside (I use M365 for email and OneDrive), I tried using it for awhile and abandoned it due to a complete lack of offline functionality. They don't make it easy find the original Outlook either. Have to download a special O365 installer to get it.

@nielsk Or better yet, don't use ANY built-in Windows 11 app! Or even better still, don't use Windows 11! 😂

@nielsk I wouldn’t use Outlook as an email client for anything other than a Microsoft email service.

In fact, I wouldn’t use it *at all* if it weren’t for persistent bugs in the Exchange protocol that causes calendar issues with 3rd party clients.

@nielsk My wife had a go with it, and aside from the “MS read all your email” thing, it also had an amazing bug where her inbox didn’t show the most recent message. As in, you could could only see a message once there was a newer email. Was totally maddening, and really hard to spot.

@nielsk I use @thunderbird in Windows instead :blobcat:

@nielsk is it basically just a web client like maybe an electron based program? That would make sense if so. Not defending it, just trying to reason through the why.

@nielsk @pcy it straight up told me that it would mirror my mail on their server when it tried to push it to me the first time. I immediately rejected giving it my credentials and installed Thunderbird.

Fuck that shit

@nielsk wow, so Microsoft proprietary software on their proprietary OS can do whatever Microsoft wants without asking you? What a surprise, nobody could have anticipated that

@nielsk

Protip:

Don't use anything by Microsoft if you can avoid it.

@nielsk Um, yeah. Its total #spyware sh_t and the main beneficiary seems to be the Russian government.

“Although Microsoft explains that it is possible to switch back to the previous apps at any time, the data will already be stored by the company,” Heise reported. “This allows Microsoft to read the emails.”

You can’t use the new Outlook without syncing all this information with Microsoft Cloud
https://proton.me/blog/outlook-is-microsofts-new-data-collection-service

@nielsk
*don't use Windows.

@nielsk This would be expected based on how the New Outlook works. It's just the web version in a window. There are no PST files for local storage for IMAP or POP accounts; it is all stored on the web.

@nielsk I genuinely hope Microsoft gets investigated for, and ultimately stopped from doing this, and be forced to make a proper mail client app that isn’t just a glorified web app that does this.

Genuinely hate the new Outlook app, that piece of shit needs to die in a fire.

@nielsk does your imap server use SSL certs? That should prevent mitm attacks like this. Or at least warn of them.

@nielsk Don't use Microsoft. It's that simple.

@nielsk @jaybird110127 One more reason to hate outlook. Ugh!

@nielsk I would simplify this statement down to "Don't use Outlook. Don't use Windows 11." or perhaps simply "Don't use Windows."

@nielsk thanks

@nielsk Just bought a new laptop. It came with Windows 11. I am not very savvy on any of this. All these warnings about Microsoft scares the crap out of me. I basically just use it to borrow books from the library and then download them to my Kobo. Hopefully it won't cause me any problems. Why do these companies have to make everything so complicated?

@nielsk The new outlook is basically just a wrapper for the M365 web app. Do not use if you’re not comfy with your data being on M365.

@nielsk
@einfachnurmark it's a cloud service!

@nielsk Fortunately I never used Outlook on my private computer and never will. Currently I’ve thunderbird in use.

@nielsk Nokia did this too.

@nielsk do they validate certificates?

I reported similar stuff when I got my Nokia N97 probably around 2010. Was confusing that I didn't get a warning when setting up mail

This is a man in the middle, and should be treated as a vulnerability! Shame on them!

@nielsk
What a surprise, that Microsoft would decide to Man-in-the-Middle their user's email, to steal data, target advertising, train AI, and who knows what else.
Microsoft is doing their damnedest to drive users to alternatives to their products.

@nielsk So it's not only janky as hell, ugly and with a horrific ui - it also doesn't care about privacy? What a clusterfuck

@nielsk
Sounds about right.
https://infosec.exchange/@wdormann/112088318915419488

@nielsk@mastodon.social If you read the TOS (terms of service), you agree to use Microsoft as your email proxy server. As you have discovered, the app shares the details with Microsoft who then acts as a middle man between you and your email.

@nielsk For your amusement: I read Windows 3.11 and it took me a while.

@nielsk

MITM

(Microsoft In The Middle)

@nielsk Another great reason to not use Windows at all! There is no Microsoft product that is truly benign since MS-DOS.

@nielsk The Android version of Outlook has been doing that since at least 2017 (tested on my own mailserver), and maybe even earlier.

@nielsk When you install or switch, it clearly explains that all accounts are currently proxied through Microsoft.

I don't use it and am certainly not a Microsoft fan, but they don't hide "new" Outlook's limitations. It's also a beta product.

@nielsk
Better yet, don't use ANY Micro$haft product. There are two basic choices, Mac or Linux. Using Gatesware at all is a fundamental error.

@nielsk cc @da_667

@nielsk pc-pine should still work as MUA and newsreader.