This shouldn’t be normalised

governorkeagan@lemdro.id to Mildly Infuriating@lemmy.world – 796 points –

Outlook got updated on my iPhone last night and now they want me to agree to having my data shared with 807 partners.

Important note: I don’t use outlook as my primary email provider. I use Proton with a custom domain but I keep outlook for some old emails.

117

Ridiculous. How can someone write "we value your privacy" and then share data with 807 partners. If I share anything with 8 people I pretty much consider it public information already, unless I have a very good reason to trust them. Sharing something with 807 companies is probably less private than taking all that data, putting it up on a billboard, and placing that billboard next to the busiest place in town.

And what exactly qualifies as "legitimate interest"?

I'm legitimately interested in getting the bank account & sort code details of Elon, Bezos, Arnault, Zuckerberg, Gates, Ballmer, Buffet, Ellison, Page, and Brin.

That ist something I ask myself, too. It's so irritating, having to decline all these greasy fingered little fuckers one-by-one. That is just a way for me, nowadays, to delete the app completely.

Just curious what you're up to, bud

Something utterly deranged, which is why I care about my privacy. I swear to god if Mozilla starts indexing my mail to train their crappy AI project, I will lose it.

"Legitimate interest" refers to that which lawmakers have considered to be the "legitimate interest" of private companies, that is, making money selling your data. "Illegitimate interest" would probably be using your private information to blackmail you.

I understand the legal meaning. It's all hogwash regardless. Nearly everything can be explained away as legitimate interests by claiming "marketing research" and "advertising".

I think this is so they can have it auto toggled on per some EU regulations, forcing you to go through and untoggle every single one with "legitimate interest".

It's what I assume, anyway

I was also curious about this and just had a chat with gpt 3.5 about it, and it gave an example of "a bank collecting data to detect and prevent fraud" as a valid legitimate interest and "a company collecting data to sell to advertisers" as an invalid legitimate interest.

It also said that legitimate interests must be explained, as on what interests they are, why they are considered legitimate, how the processing of that data accomplishes that interest and any potential impact it has on the user's privacy and freedom.

Based on this, I think "legitimate interest" is being used as a reason instead of a category that covers genetic legitimate reasons that should still be explained, not hand waved as "legitimate interest".

Though I believe this only applies in the context of the GPDR (because the bot specifically mentioned it), and might vary in other jurisdictions.

807 is too big for a typical auditorium.

Imagine an auditorium filled to capacity with people standing at the back and crouching in the rows. At the front of the auditorium a Microsoft spokesman is saying "Ok partners, here's the confidential data. Make sure nobody shares it beyond this room. Ok, so David wrote a letter to his mother Nancy on March 2nd, which included the keywords 'prostate', 'cancer' and 'diagnosis'. If you'd like to use those words to show David some ads, go right ahead -- but make sure nobody beyond this room knows this confidential information. Next up is Martha..."

There is a monetary value in what you want to keep private, so of course they value your privacy.

It's not that they now changed something with data collection and sharing within the update. They always did it, all services free of charge do it and most that cost money likely take the extra money as well.

It's now that they tell you in a short and informative way (1st sentence) and ask for your consent.

What's really infuriating, are websites and services that have an "Accept All" button but no "Reject All". Instead you have to manage individually and sometimes I have to flip 30 separate buttons to disable data sharing, where they even call advertisers a 'necessary 3rd party' requiring interaction on top.

That was a loophole to the original GDPR. That's now against the law in the EU, but bringing cases against all these sites is time consuming.

Now they need to make asking for ID to access or delete data illegal.

There is usually now a "reject all but essential" button. Well, it's an improvement.

I always flip the 30 buttons and then accidentally click Accept All because it’s in the place that I would expect the Confirm My Choices button to be and I am tired of looking at all the buttons and don’t read the most important one. I always tell myself I’ll slow down next time, but I’m just trying to get to the stupid website to read whatever stupid link I clicked on so I’m impatient every time.

There are extensions for that.

In Firefox Consent-o-matic and Ghostry both do a good job in android and Linux/Windows.

I have no idea if they have that on iOS though given Apple forces browser makers to reskin Webkit.

30? I've come across website that in this case would list out all 807 partners.

I did one once where it was like 400 toggles. Took me 10 minutes. I did it just to see how ridiculous it was. I don't remember what site it was but I definitely never went back.

chad europe union, to expose that shit

I love so many things that EU has done especially with GDPR But then they come up with this crap and you wonder what they were thinking

They were thinking that those caps were among the top items found littering beaches. So they put forward this measure to attempt to curb that issue.

Nobody should be buying single use bottles anyway if there are alternatives available. Maybe that's the quiet part - making them less attractive to consumers

Drinking from a can only works from one side, so I guess think of it that way.

Nobody should be buying single use bottles anyway if there are alternatives available. Maybe that's the quiet part - making them less attractive to consumers

Wow. I got played. I did finally switch to just drinking tap water and the number of single use plastic bottles I go through each weak is down by 90% or smth. Just like 2-3 bottles of coke left. I buy some local off-brand stuff cause screw big corporations.

But are they though? Personally i see many bottles littered and even more lids from cups. Actually why are straws replaced with paper but the lids are still plastic? And why not ban plastic bottles alltogether like they've done with so many other things?

I don't know, it's what they said. Maybe bottles are easier to clean up. They said "among" the most frequent items, so perhaps you're right that those other things are worse, but there haven't been reasonable alternatives suggested

it's a change expected to prevent 10% of the litter in european beaches, to be fair, the true fix could be ban plastic lol

Plastics legislation is often incredibly patchwork and politicised-feeling. It's a good idea, but I kind of think Extended Producer Responsibility would have gotten the job done better.

Nobody should be buying single use bottles anyway if there are alternatives available.

Are there alternatives available for carbonated beverages? I guess we could go back to glass bottles. But, they're effectively single-use too.

We've come a long way, so that it's normal to take a thermos to a coffee shop and have them put a tea or a coffee in it. I don't know of any similar scheme for carbonated beverages. I'd love it if it existed, especially if you could keep your soda-pop cold for hours.

Glass bottles are not always single use. Countries have systems to recollect them (empty bottles hold a face value), they get factory-cleaned and quality tested and each bottle can run for 20 or more cycles. The issue is more that it increases the transportation and handling costs and emissions because of weight. Bottles that don't pass the test anymore but did stay in the system can get near 100% recycled, tho the issues there are that it's usually downgrade (make dark bright again = hard) and very energy intensive (costs more energy to recycle than to make glass from scratch). Anyhow: not single use.

I think the intend here is pretty obvious? I also think the reaction over it is kinda overblown.

I totally understand the intention. It just doesn't work irl. Especially with youghurt and milk cartons. I assume they will do the same to detergents too?

I buy a pack of juice each week that has the same cap and it's absolutely no problem at all. I honestly don't know how it "doesn't work" for you.

Although exaggerated, this guy sums it up pretty well

https://youtu.be/twhYOMQ4MPw?si=r8Ri2RZOOUob5uez

Also i live in a country with a quite well functioning recycling system so loose caps or bottles or even cans is not really an issue.

So i guess the frustration is mostly at making a solution to a problem that was not there. And at best applying a solution across the whole eu to a problem that maybe is not there in all countries

Can't relate at all to that. The cap stays pretty much in a diagonal position when open. But if you're so paranoid you could also turn it sideways, or even down and have it push against the outside of your glass. Putting the cap back on is also absolutely not an issue at all. You just do the regular left turn first until it aligns with the thread and plops into place, same thing you'd do normally, because it's obviously long enough for that. Honestly, this whole video just seems like caveman / complete moron issues if I'm gonna be honest, like some apes trying to figure out simple tools. But I guess people nowadays have to cry about anything changing all the time, even when they're complete non issues.

I like it especially on the milk cartons. They really don't matter if you pour it into something to drink like my coffee.

I think milk is one of the few that do work. Youghurt and sodas are a lot more inconvenient and in the long run i can't see how much more they help compared to banning plastic bottles. I don't see that many loose caps in the wild

Do you actually wonder?

Those caps get lost way less and since the bottles themselves usually get recycled now the caps also stay in the cycle.

And it took me like 5 bottles to get used to it.
Even a slow learner should get it sooner or later.

You are right. How do they still allow plastic bottles ? That's a huge waste of ressources.

It actually is part of my point... i dont understand why they need to over complicate things

This looks great! I wish we had this in Australia.

I'm sure it will come. The first time I drank from one of these I was confused and thought my cap had a manufacturing defect so pulled it off. It was only afterwards that I saw on the packaging what it was.

I love how they just say "we value your privacy" and then list out half of their means of data collection. Microsoft ain't even trying anymore.

Cops say they're there to protect and serve.

And while we're on that subject, all C-suite execs are bastards too.

1 more...

By value they mean how much they salivate about selling it for profit.

807 partners sounds like the answer to what's the point of ad blockers

Some third parties may have a legitimate interest.

Some.

Off course they "value" your privacy. They sell and profit so much value out of your privacy

They want you to think that "to value it" in this context means "to have it in high steem". When it's more like "to put a price tag on it".

Wait.. is this real or parody? At this point I can no longer tell...

Oh it's very real. Microsoft is one of the absolute worst companies for amount of raw data they hoover up.

Don't believe it? Try logging into the Outlook Web client with uBlock or uMatrix turned on and look at the number of requests it stops.

I wonder how many people haven’t realised that the new Mail/Outlook client, the one they’re pushing everyone towards in Windows, actually syncs all your mail to MS servers.

Yeah, Microsoft is trying to normalise the idea that your own personal email client should be open to them to access and steal your data so they can advertise at you.

Fuck windows and fuck outlook.

Thunderbird is free and entirely private on all platforms (And K9 mail on Android is also maintained by the Thunderbird team)

I haven't. Mozilla Thunderbird FTW.

Also, I seem to recall my dad migrating to a new machine borking his email because of something like that. ( I didn't catch the details. he was grumbly and growly in ways only a unix admin could be.)

I'm so glad I don't have to rely on Microsoft products anymore. Windows completely went to shit after 7.

It used to be 797

800ish entities is not "partners".

"Partners" are people you could invite to site around a conference table with you. For it to be a partnership, you need to be able to have a meaningful discussion among all the different partners. 800ish is even too big for an auditorium where you're presenting to all your "partners". 800ish is a small arena.

Those aren't partners.

I get what you’re saying, but that’s what it’s called in business. They are usually called “affiliates” more formally, and they provide ancillary income to a business. The whole thing is a partnership - I give you traffic and you give me some money if they convert.

Source: am in marketing and that’s just how it works.

Yeah, but it's bullshit and I'm calling it out, and I'll continue to call it out, so stop it.

Reject All Button

At least there is one. Many apps don't offer that at all but make us go through hundreds of options and turn them off manually.

Until an update makes you do it again.

And again.

The worst. Usually an uninstall for me.

If you said to someone "can you keep a secret" and they said "I value your privacy, I'll only share your secret with 807 others", I doubt you'd be telling them many secrets.

Might as well just get your secret printed on a billboard and hang it up in town.

At least it doesn't say "Accept all" or "pay (monthly)".

That would actually be a preference. If it's a free product making money off of user data and advertising, having the choice to pay would be better for privacy concerns. If the app is worth it if course.

If they say they won't share any data if we pay, we can trust then...

The other alternative is "Accept All" or "Decline each one Individually by clicking three buttons to confirm your choice"

That would be great, as long as "pay monthly" was guaranteed surveillance-free.

They did that before. They just didn't tell you how many partners!

It's been normalised for years, maybe decade. The only difference is that now they have to bother with telling you and asking for permission (which some still ignore completely).

Also, since we're talking Outlook, some mail client send your credentials to their servers to improve your user experience by fetching mails on their end, meaning that not only data from your device are sent to whoever paid for them, but your actual mails are free for them to access without you ever knowing. The new outlook on desktop does that, but outlook is not the only one to do this.

We live in the greatest of times.

What happens if you reject?

Does outlook stop working?

Your ads aren’t creepily specific to you anymore

Great, I love getting all the "looking for single women in your area?" ads instead...

I find the non-personalized ads to be much more palatable, as they don't pull on the strings that would normally get my interest. YouTube once had a 6 second beer ad that only included the crack of a can opening (sound) and the view of some mountains. It was actually kind of refreshing, and I didn't gain interest whatsoever in the product! I don't drink! I'm all for ads like that, if I have to be abused by an ad.

Yeah well I'm not too keen on adult nigh-x-rated ads showing up for my kids to see, who are both younger than 5... I'm "okay" with it, myself, but I don't exactly like it. But I'm furious regarding my kids seeing it.

Definitely need to get me a pi-hole.

Yikes and a big hell no! Reject, uninstall, and review bomb that fucker into oblivion.

I was certain this was parody before I went and read your text. wtf

If i see this kind of shit, 90% of the time their domain would just go into my browsers' blocklist. It's likely either riddled with ads, or hosts incorrect/incompletely information too

For your old emails, use a more private app. iOS Mail is good enough although if you need push for Gmail support, Email by Edison is good as it gives you a single button to press to opt out of Edison Trends.

Their privacy label, in the App Store, is one of the better ones among email clients.

I’m using Proton Mail as my main email. They have an option for forwarding emails from Gmail/Outlook to Proton. I just haven’t done it yet because I almost never use Outlook

Do you pay for email? If so this is wrong. If not, it’s how you pay for email.

Fair enough, they sell access to your eyeballs to their real customers, the advertisers.

But, what isn't fair is that it's 807 "partners". This isn't 807 different brands who might want to advertise to you, it's far more than that. This is 807 different "partners" among whom are Google, Meta, ByteDance, Amazon, Alibaba, etc. who then each go on to sell access to their hundreds of thousands of advertisers.

You can't expect to have a meaningful privacy policy when you're sharing that data with 807 different entities.

The way I see it, they have us over a barrel. Unless there’s law on the books that says you can’t do that, your recourse is to pay for email or setup your own mail server. Good luck getting others to trust that though. I guess you could pay for a 3rd party cert.

I run my own mail server. It's a pain in the ass and I don't recommend it. But, trust isn't really the issue, and the only certs I use are from Let's Encrypt.

What about web hosting these days? Time was you’d get email as part of that deal, with your own custom domains. Have they farmed that out to services like Gmail etc?

I don't know of any company that just runs mail servers. If you're running your own mail server, you're likely doing it on a small virtual instance. Adding web to that is easy. If you want a web frontend for email, there are plenty of options, although personally I just use IMAP.

I pay for it - family plan. The screen after this is about where I want my ads shown in the app…a paying customer shouldn’t be seeing ads.

Clearly you don't pay ms enough so the poor megacorp have to sell your data to their 807 partners to scrape by.

You should know better than to resort to whores with 807 partners. you've gone past the red flag into the red zone territory.