Microsoft bolsters Outlook.com, OneDrive encryption to hamper government spying

[Shawn Knight]

Late last year, Microsoft said they were taking steps to beef up encryption and security practices in light of the NSA's wide-reaching surveillance programs. They've since made good on that promise as Microsoft's webmail and cloud storage services are now a bit more secure.

The Redmond-based company on Tuesday revealed that Outlook.com now uses Transport Layer Security (TLS) for both outbound and inbound messages. This means that when you send an e-mail to someone, it'll be encrypted as it travels between Microsoft and the recipient's e-mail provider.

The recipient's provider will also need to support TLS for this to be effective. Fortunately, a number of larger services like Gmail already use TLS.

Additionally, Outlook.com has also been upgraded to use Perfect Forward Secrecy (PFS) encryption for sending and receiving mail between providers. PFS is a method that uses a different encryption key for every connection which makes it more difficult for eavesdroppers to decrypt connections. 

Microsoft has also enabled PFS encryption on OneDrive. Customers will automatically get forward secrecy when accessing the cloud storage service through onedrive.live.com, the mobile OneDrive application and sync clients.

Microsoft vice president of Trustworthy Computing Security Matt Thomlinson said in a blog post that they are in the midst of a comprehensive engineering effort to strengthen encryption across their networks and services. The goal, he added, is to provide greater protection for users and also help Microsoft reinforce the idea that governments should use appropriate legal processes instead of brute force if they want access to data. 

Permalink to story.

https://www.techspot.com/news/57286-microsoft-bolsters-outlookcom-onedrive-encryption-to-hamper-government-spying.html

 

[BlueDrake]

Brute force? More like backdoor access, that they just refuse to admit. Sure not everyone has the easy access, but if they want the info it's no surprise they'll have a free backdoor pass. Mostly saying this to ease customer fears, while they secretly work deals.

 

[misor]

I hope that this move by microsoft to bolster encryption on some services will not result in untraceable Microsoft 'internal' spying.

 

[VitalyT]

Anyone remotely concerned about privacy of his email will never trust Microsoft, and rightfully so.

 

[gamoniac]

Anyone remotely concerned about privacy of his email will never trust Microsoft, and rightfully so.

I'd give credits where it's due, MS has been a major privacy advocate against government eavesdropping since the Snowden revelation.

 

[Darth Shiv]

Anyone remotely concerned about privacy of his email will never trust Microsoft, and rightfully so.

I'd give credits where it's due, MS has been a major privacy advocate against government eavesdropping since the Snowden revelation.

Rather than give them credit, you should read into the implications of this announcement. Up till this point, mail communications to/from your MSFT email was sent unencrypted to other providers. HILARIOUS!

Sure their current status is now far more palatable but...they are a bit late to the party. Particularly after the Snowden revelations *months* ago!

 

[Guest]

So let me see the pimp = microsoft and hocker = NSA. And now the pimp is asking us to trust him with anything? Nice. Last time I check every security vulnerability hackers find was a backdoor microsoft built in the os for law enforcement and NSA. So let me guess now they came up with encryption that has your key encrypt and NSA key decrypt so everyone trust them with your data in the cloud. And remember this simple observation of my kid. He said. But dad the cloud disappears after the rain.

 

[Archean]

@darth
I believe everyone has been guilty in this including Google & lots of other service providers. And on privacy, I wouldn't trust Google since it sells 'our info' for the sake of advertisement they only major source of income for them, hence, the risk is far greater IMHO. Anyway, better late then never is still better.

 

[wastedkill]

@darth
I believe everyone has been guilty in this including Google & lots of other service providers. And on privacy, I wouldn't trust Google since it sells 'our info' for the sake of advertisement they only major source of income for them, hence, the risk is far greater IMHO. Anyway, better late then never is still better.

This move by microsoft is literally useless.... microsoft work with the NSA to put backdoors in their services for there lover the nsa which has been proved so ye microsoft is just trying to look all cool when in reality we all know they gave the government ways to access our data unencrypted....

 

[Guest]

Corporations,governments, banks and the legal fraternity are one and the same. If we sat down and ran through the terms and conditions of these organizations, I'm pretty sure we'd find some clause relating to privacy where they have to give up information for the pursuit of criminal investigation! A nice little clause to give anyone in so called 'authority' an excuse to trash all this rhetoric! The words 'privacy laws' and ' a mockery' spring to mind.

 

[Archean]

@Wasted
Do you believe others didn't 'cooperate' with NSA in putting backdoors? I do not, no matter what they say (including Google/MS), it is clear that if there wasn't Snowden gate, it would have been business as usual.

 

[Nobina]

No matter how much they encrypt their stuff, if NSA wants to take a look, MS has to give them information.