Hotmail and privacy

Discussion in 'Windows 8' started by Shayne, Mar 21, 2014.

  1. Shayne

    Shayne MDL Addicted

    Jul 31, 2009
    744
    179
    30
  2. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,876
    2,035
    210
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Garbellano

    Garbellano MDL Addicted

    Aug 13, 2012
    948
    246
    30
    [h=1]Microsoft Says It Can, and Will, Read Your Emails Without a Court Order[/h]
    wow... Just WOW.
     
  4. eydee

    eydee Guest

    Just give fake info like everyone else.
     
  5. ian82

    ian82 MDL Expert

    Mar 7, 2012
    1,147
    302
    60
    that's why I switched to Zoho Mail

    0 ads, no spam, awesome interface, supports IMAP
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. ian82

    ian82 MDL Expert

    Mar 7, 2012
    1,147
    302
    60
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Myrrh

    Myrrh MDL Expert

    Nov 26, 2008
    1,450
    561
    60
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,730
    6,677
    270
    like I said, I am surprised he doesnt use it :biggrin: (was replying to Ian originally)
     
  9. Enigma256

    Enigma256 MDL Senior Member

    Jan 17, 2011
    354
    300
    10
    #11 Enigma256, Mar 21, 2014
    Last edited: Mar 21, 2014
    Um. It's impossible for Microsoft to get a court order. Why? Because court orders are for governments--law enforcement. Microsoft is not law enforcement, and it's accessing data it controls, so it doesn't need court approval, and a court won't issue approval because it's not within the court's jurisdiction to say so in the first place. Microsoft did do a legal review, however:

    If someone stole Google's secret search algorithm and used Gmail to share that information, you can bet your ass Google would be doing the exact same thing.

    At the end of the day, these people were idiots who knew diddly squat about operational security. Alex used his SkyDrive account to leak the files. The blogger used unencrypted Hotmail to communicate. If you're going to be stealing and leaking something as high profile as this, you should at the very least be using e-mail not controlled by the company you are stealing from. And you should be using encryption. PGP/GPG has been around for how long now? Clueless amateurs.
     
  10. Shayne

    Shayne MDL Addicted

    Jul 31, 2009
    744
    179
    30

    Nope not a chance this get absolutely no spam for years and is not my main account. Could not care if they read it as long as the ones delivering and receiving it have no ip back to me I don't care what they are reading. M$ wants a mobile or phone number now. That just an't gonna happen. They must think we all need appz or something.

    Regards
     
  11. Shayne

    Shayne MDL Addicted

    Jul 31, 2009
    744
    179
    30
  12. Shayne

    Shayne MDL Addicted

    Jul 31, 2009
    744
    179
    30
    #14 Shayne, Mar 22, 2014
    Last edited: Mar 22, 2014
    (OP)
    Why would M$ need a court order if I give them my phone number, just call first if they have a problem. We are not hacking the world and should not have to give them personal data.

    The US government has the right to collect and store your person data after the well done inside play, best since the walk on the moon, in the name of terrorism and they do not need a court order. As 100 told us all you are your own anonymity. All I am looking for is a redirect email with no logs so when someone wants to send me a confirmation/access email I have one. M$ spam filters are second to none but they are not the place for my garbage any more.

    Regards
     
  13. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,686
    10,145
    210
    Honestly it's just common sense if you are bothering with doing bad things with Microsoft stuff, you don't sign up with the MS email account or use it to send correspondence.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,686
    10,145
    210
    I'm not so sure this dude is actually arrested. The court doc states he is a Russian national living in Lebanon. How exactly would they arrest him?
    And the french blogger (whom I think we all know) is obviously in France, not the US.

    I'm not saying it's impossible. I'm just saying... Lebanon... how would you go arrest him?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Espionage724

    Espionage724 MDL Addicted

    Nov 7, 2009
    903
    255
    30
    #17 Espionage724, Mar 22, 2014
    Last edited: Mar 22, 2014
    Why would anyone be surprised by this? If I use an email address and storage provided by a company, I expect them to be able to snoop through my stuff for whatever reason they can think of, either announced, or unannounced. With that said though, I wouldn't really want others looking through my stuff.

    It's like storing private note cards with credit card numbers and coordinates to untold riches in a neighbor's safe. I'd have to be pretty naive to assume he wouldn't take a glance at those cards either out of curiosity, immediately hand them over to law enforcement if asked to, or have them "stolen" (leave his door open and have huge signs pointing at the safe and keys).

    Another example are lockers at school. Naturally, you don't want anyone going through your locker if they don't need to, but since the lockers are school-property, they can snoop through them as they wish whenever they please. Storing some illegal drugs for whatever reason? Better hope there isn't a random drug search with dogs :p

    You want email security? Go get an unattended computer that you can physically access, throw Pegasus Mail onto it (or preferably some open-source email server that you know for a fact won't snoop), get a dynamic IP name for yourself (either free via DynDNS or No-IP or pay for a custom one), set up an account with an email address matching your IP name (something like awesomeuser@dyndns.org), and secure it down. You now control who can and can't read your email, and can easily destroy all traces of any emails if you needed to. Can get even more fancy and have a RAID setup to make sure data corruption doesn't occur, maybe even throw in some encryption and a VPN for more security. It's your server, so you can do whatever you want :)

    If you can't gain access to a physical machine, another option may be to host it on Amazon's servers or something, but upon doing that, you're running into the same trust issues as you would with using an email provided from Google or Microsoft (or any other provider for that matter).

    I set up an email server for myself years ago (Mercury from XAMPP on some low-end computer) and it worked quite well. I don't have the resources to keep a stable machine around though, so I can't imagine using it primarily, but the short time I had it up, it worked great.

    TLDR: Your emails aren't "safe" anywhere unless you host your own email server on a computer you can physically touch.
     
  16. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,686
    10,145
    210
    Email can never and will never be safe as long as it relies on existing protocols.
    If you wanted to have a more secure email, you'd have to make like like a torrent system with everything encrypted and no ip addresses used.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. Garbellano

    Garbellano MDL Addicted

    Aug 13, 2012
    948
    246
    30
  18. Enigma256

    Enigma256 MDL Senior Member

    Jan 17, 2011
    354
    300
    10
    #20 Enigma256, Mar 23, 2014
    Last edited: Mar 23, 2014
    1) That won't protect you from a man-in-the-middle snoop.

    2) That won't protect you if the other person who you're communicating with gets investigate. It didn't matter one bit if Alex used his own personal e-mail service or if he used Hotmail because the blogger used Hotmail, and they could access the e-mails through that.

    3) This also fails if your physical security is broken. E.g., if someone steals your computer.


    Depending on how the sender and recipient's e-mails are set up, an e-mail could pass through several servers, controlled by multiple different entities. There's no way to control for that--the endpoint server on your end is the only thing you have control over, and you have absolutely no say in what happens on the other end or what happens in between.

    There is, however, one sure-fire way to secure your e-mail. It's called encryption. PGP/GPG and S/MIME have been around for ages. And it's pretty easy to use, too, if you use an e-mail client that supports it (e.g., Windows Live Mail and S/MIME). Best of all, it's completely agnostic to your e-mail provider, so you could use Hotmail or Gmail or whatever, and it wouldn't matter because you would be doing the encrypting (not the e-mail service) before the e-mail even leaves your computer, and the recipient does the decrypting only once the e-mail has reached their computer, beyond their e-mail provider (though the e-mail providers would still have metadata information like recipient and date, but no content). Running your own e-mail server is just stupid because it's unnecessary and doesn't actually solve the problem of e-mail privacy.


    Laziness. Complacency. Or just plain ignorance. You'd be surprised at the number of programmers who are totally ignorant of aspects of computing not related to what they do.