Anyone else planning on bailing from office365?
http://m.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
::::: off topic rant :::::
Just assume no data you store and or traverses any public cloud
service is private or secure this is just silly.
I can't believe people are so naive to believe messages sent over the
public Internet isn't intercepted stored and analyzed by the same
government bodies who gave it to us in the first place.
I've always heard rumors as a kid that the NSA had systems long in
place that could record all voice calls based on certain key phrases
ever since the Nixon era so please tell me why are most people shocked
with all the spying by governments?
I 2nd Rodrick's statement of "so please tell me why are most people
shocked with
all the spying by governments?". All this leak does is confirm what most
people already suspected or assumed.
-Grant
Certainly NOT shocked. Just get more and more appalled as to how cooperative some of these companies have become just for the profit margin. At least there are some that try and take a stand for their customer and not just hand over the keys to the palace when the good ole boys ask.
Robert
It's not a shock. What is shocking, is the blatant disregard for general privacy. Because it exists on a medium other than something I own, it does not somehow become property of another. If this isn't a big deal, I imagine a search of your home isn't an issue either? The point is, these companies have the power (they, after all, pay for elections) to tell these people.. It's not your call. You cannot simply say we are collecting everything, to avert an attack. The Boston guys were both from out of the country, with foreign names, and foreign governments had warned us before. How effective is a machine that scans data for terrorist machines, if a FLAGGED person can still cause us harm?
This jihad against America has accomplished one thing, we are going broke trying to fend off an invisible enemy. A kid from Nigeria hopped on a plane with a bomb in his shorts and MADE IT TO AMERICAN SOIL. If I am giving up privacy, I expect a tangible return. A couple of bedroom bombers slipping through the cracks and killing people is not a tangible return, in my opinion. The NSA needs to be spying on OTHER people, we are apparently innocent until proven guilty.. Ymmv
Whos doing the spyiing, anyway?, sounds like a colaboration betwen
Microsoft and the NSA. Sounds to me like Microsoft, and the NSA,are
doing the spyiing. If some judge declare this actions illegal, a
crime, Microsoft will be co-perpetrators.
Even if no judge declare this a crime, what about the customer
position? a) Microsoft lied to you. b) Microsoft conspired with
others to break your privacy. c) They did more than the law forced
them, to break your privacy. d) You are the product that Microsoft
sells to the NSA.
Somebody, somewhere on the USA governement, trought that after the
9/11, normal laws not-apply, including the constitution. New laws
where made to give free reign, and people like Microsoft happyly
jumped to make some money out of it. This is wrong.
The US federal government may have funded some initial research into the
Internet, but they certainly didn't "[give] it to us in the first place."
I know it was probably not the intention, but the phrasing of that
statement implies that we are using a government provided communications
infrastructure, and as a result we should expect the government to
intercept, store, and analyze any information sent over "their" network.
Other than that, I completely agree with your statement; it should be a
shock to no one that the US federal government is attempting to intercept,
store, and analyze as much information from as many sources as possible.
As other stated, the somewhat shocking news is that companies have been
blatantly lying to the public as to their involvement in this activity.
If they are barred from discussing it publicly by applicable laws, which
may be unconstitutional and which they refuse the fight in court, then at
a minimum they could have said something to the effect of "no comment."
Again, this is only somewhat shocking, because I believe everyone expected
they were lying, but to see them try and cover up now is both somewhat
comical and disappointing.
Fred Reimer
Be careful what you wish for - bad things happen when there's an organizational
push to find somebody who's guilty of something, when there's not enough actual
somebodys to be found...
http://www.alternet.org/civil-liberties/fbis-terror-scam
I have to agree - if the FBI has to supply both the explosive device and
the idea for the target, there probably wasn't much actual threat there.
But they need to show some "results" to justify their $3B anti-terrorism
budget...
I'll shut up now...
Suspecting your spouse of cheating is much different than coming home and finding them in bed with someone.
Touché
We use Office 365 here at work, but I'd definitely be interested in looking
into alternate solutions --- at the very least I am going to be sure to
inform our staff that there is to be no expectation of privacy when using
your Office365 account. Gross.
There should probably never be that expectation with a cloud-based office platform.
GPG, TrueCrypt, and SSH are your friends.
jms
We are currently working on something right now where all connections
are doing over an encrypted vpn. We are bringing SIP, email, search,
and cloud to the tunnel.
You can contact me off list if you would like to know more.
Nick Khamis
While that would secure the connections from snooping if you're mailboxes
are on Office 365 and those mailbox stores do not exits on an encrypted LUN
then a service can easily read the Exchange database; anyone with server
access can read mail across all mailboxes. In fact, Microsoft supports this
type of setup with impersonation, e.g. a global user that can query any
mailbox it has permissions to within Exchange. This is how some EWS
integrated applications work. It wouldn't be that far fetched for the NSA
to incorporate the same type of query to monitor the mailboxes -- even
subscribing to change notifications so it only queries and collects when a
new mail item has arrived. Additionally, Office 365 can simply create a
journal rule and have all inbound / outbound mail journal to a location
that makes it easier for snoops to look through the messages, e.g. an
external SMTP endpoint, all without the end customers' knowledge.
If anyone has any questions on Exchange they, too, can contact me off list.
Just my 2-cents.
-matt
I should also note that even if the stores are on an encrypted LUN you are
still exposed to impersonation and journaling.
-matt
I should also note that even if the stores are on an encrypted LUN you are still exposed to >> impersonation and journaling.
-matt
I would hate to assume. Please do elaborate.
N.
Matt Baldwin wrote:
While that would secure the connections from snooping if you're mailboxes
are on Office 365 and those mailbox stores do not exits on an encrypted LUN
then a service can easily read the Exchange database; anyone with server
access can read mail across all mailboxes. In fact, Microsoft supports this
type of setup with impersonation, e.g. a global user that can query any
mailbox it has permissions to within Exchange. This is how some EWS
integrated applications work. It wouldn't be that far fetched for the NSA
to incorporate the same type of query to monitor the mailboxes -- even
subscribing to change notifications so it only queries and collects when a
new mail item has arrived. Additionally, Office 365 can simply create a
journal rule and have all inbound / outbound mail journal to a location
that makes it easier for snoops to look through the messages, e.g. an
external SMTP endpoint, all without the end customers' knowledge.If anyone has any questions on Exchange they, too, can contact me off list.
Just my 2-cents.
Any what's to say that email addresses at Office 365 aren't just mailing
lists where you get a copy and so does $FEDAGENCY. That's how my kids'
email addresses work at home 
- --
You spy on your kids? I thought not being able to put a lock on my door was
bad...
N.
That doesn't sound like it would be effective in this instance?
It wouldn't be. When the endpoint in question is compromised, there isn't any amount of tunneling or obscurity between point a and point b that will resolve it. Only thing you can do is change to a solution that you have more control over.
Sent on the TELUS Mobility network with BlackBerry