[loup-vaillant]

> This is the agreement that every user agreed to when they signed up for Hotmail or Outlook.

No they didn't. Over 99% of them clicked through without reading. Some of them suspected Microsoft might one day read their email, but somehow shrugged it off, then forgot about it.

If people were truly informed, most would not give consent. Make no mistake: using a hotmail or gmail account means giving away a good chunk of your private correspondence. It also affects whoever you're communicating with, even if they have their own private mail server.

We need those Freedom Boxes. Fast.

[DannyBee]

"If people were truly informed, most would not give consent. "

I strongly disagree. Most would bitch about it, then do it anyway, knowing it may be a shitty deal for them. That is consent.

[loup-vaillant]

In the current situation, sure. Because we don't have real alternatives. (I maintain my own web server, but that's impossible for most users.) But if people were informed, that would create a market for privacy.

[mpyne]

> But if people were informed, that would create a market for privacy.

If people really cared, then that market would exist today. "Get your $5/mo. much more private email from privateemail.com!!". This notional private email provider would be able to advertise Outlook.com, GMail, etc.'s privacy policies independently of those email providers to ensure that "click through" isn't the only reason people are unaware.

[Aoyagi]

That market does exist today, Fastmail.fm is only one example I can think of off the top of my head (I surely got the ofs and offs wrong). I talk about them so much that I sometimes feel like a marketing goon ...

[loup-vaillant]

They're not a viable privacy option. And it has little to do with their ethics: they are still vulnerable to subpoenas, many of their users don't even live in the same country…

The only viable privacy option is to host your mail at home. It doesn't have to be difficult. We "just" need a suitably tailored GNU/Linux distribution in a Sheeva Plug, or Raspberry Pi, that you just plug-in, then use as a web service. (Just one snag: your ISP must allow you to send and receive e-mail: many close off port 25, and some even ban home servers.)

Now to get your email, they need a search warrant and someone to knock on your door, which is inconvenient and costly.

[bentcorner]

Could you host your mail on a VPN instead? I wouldn't mind doing this except for the fact that I'm 100% certain I'd get something wrong.

[gkoz]

This makes you too vulnerable to various DOS attacks though.

[teacup50]

I care, but there's no way for me to state that I do not want my correspondence shared with Google/Microsoft ... so the people who don't care continue to drag the rest of us into the void.

[DannyBee]

I'm sorry, i've heard this argument for 15 years, and it's still as false now as it was then. It's really just staunch privacy advocates thinking that their position is really right, and everyone would see the light if only they could be educated. Everyone likes to think this about their position. It's not limited to privacy contexts.

Your problem is not education. Your problem is your position is just a marginal one. Sad in some ways, but true.

The truth is, people have bigger fish to fry than this, and like a lot of things, they like to talk about some stuff, but when push comes to shove, "privacy" is just nowhere on the list of priorities, educated about it or not. The market would already exist otherwise.

[anigbrowl]

A no-true-Scotsman argument. Not everyone shares your views about where the boundaries of consent should lie or what conditions they consider acceptable in exchange for free service.

[loup-vaillant]

I don't care if "not everyone agrees". Their boundary is incredibly low. It is literally a Dark UI Pattern. I bet your own boundary is higher than that.

No-true-Scotsman? I don't care, this one is valid: we're talking about someone who has some distant relatives in Scotland, but never set a foot there, hardly speaks English, and lives in China.

I do get that the proper threshold is not allays the same. The threshold of consent for having sex for instance, is very high (or ought to be). Still, some things I say over email are just as private as my dick.

[anigbrowl]

OK, but we're not talking about email here, we're talking about webmail in particular. I mean, it's rather foolish to think that you can trade MS's private IP over MS's free-as-in-beer webmail service when they explicitly tell you they're not willing to tolerate that in the TOS. Now if it were MS hacking into someone else's mailserver in pursuit of their stolen IP, I'd fully agree with you.

[loup-vaillant]

Yes, it is foolish, even if like everybody else, you haven't read the TOS. I know the analogy is unfair, but it is also very foolish for young women to dress lightly, then go walk out alone in dark streets. Yet sometimes, circumstances are such that people do it anyway, and it doesn't mean they're "asking for it". Drunk after a party? Used to using "your" webmail for all your communications?

People often do foolish things, it doesn't mean other people have a moral right to take advantage of them. (Alas, they sometimes have the legal right.)

By the way, in this case, it seems Microsoft spied on the blogger's account, to know where the leak came from. The leaker may not have used hotmail at all. While it's easy to notice cloud spying when sending from a webmail, it is a bit less easy when you send to a webmail: you're not even legally expected to have read the TOS. I mean, you still have to be careless to make that blunder, just less so.