@nielsk @condalmo To be nit-picky it's more likely they are storing an oauth2 token as most email providers aren't using raw passwords anymore as those aren't compatible with SSO or MFA. The "new" Outlook is basically a packaged PWA of the outlook.office.com webapp, in which it is maybe more obvious that the integration is server-side. I'm not sure they are trying to hide how it works, but they are probably looking to shove all that text into an LLM like every other asshole running a service.