Apps

OneDrive updated for Windows Phone with recycle bin access

Friday Poll!

Do you automatically save your photos to OneDrive?

OneDrive to rule them all

OneDrive for Windows Phone gets itself a little update

Exclusive Interview

Xbox Music and a new beginning on Windows Phone 8.1

Apps

OneDrive updated for Windows Phone with download location choice, progress page and more

Apps

OneDrive users with grandfathered 25GB of free space get to keep it

Apps

Microsoft officially increases free OneDrive space to 15GB for everyone

Apps

All Office 365 users now have 1TB of free OneDrive storage space

Windows Phones

Microsoft's latest video shows off the Nokia Lumia 1020 with OneDrive and Instagram

Apps

Microsoft boosts free OneDrive space to 15GB, 1TB for Office 365

General News

Cash in your Bing Rewards Points and go ad-free on Outlook.com

Xbox

Microsoft goes all in for Bonnaroo music festival, will stream live to Xbox

Microsoft News

Microsoft to finally remove custom domain management on Outlook.com

Microsoft News

Microsoft fighting order from U.S. prosecutors to disclose emails stored in Ireland

Apps

OneDrive app for Xbox One updated with improved photo support

Apps

OneDrive for Windows Phone updated to open files from other apps

Windows

Microsoft quietly does away with Groups in OneDrive

Tips

Windows Phone 8.1 will now backup your High Resolution Lumia photos to OneDrive

Apps

Microsoft updates OneDrive app for Windows Phone with some bug fixes

Microsoft News

Microsoft unleashes the cloud with OneDrive for Business upgrades and 1 TB of storage

< >
74

Microsoft adds new encryption support to OneDrive and Outlook.com

onedrive

Microsoft has announced it is adding new encryption support for its OneDrive cloud storage service and its Outlook.com email website, along with the opening of its first Transparency Center.

For OneDrive, Microsoft says it is adding Perfect Forward Secrecy (PFS) encryption support. The company stated that this system will be available via the OneDrive.com website, along with its mobile apps and sync clients. Microsoft said this added level of security for files will make it "more difficult for attackers to decrypt connections between their systems and OneDrive."

Outlook.com users will also get PFS support from now on, along with Transport Layer Security (TLS) encryption. Microsoft says, "This means that when you send an email to someone, your email is encrypted and thus better protected as it travels between Microsoft and other email providers."

Finally, the company announced that it has opened its first government Transparency Center in its Redmond, Washington campus. The center has been created to give government agencies a way to review the source code for many of Microsoft's software products in order to show them there are no security issues or "back doors" that might compromise their use. Microsoft plans to open other such Transparency Centers in other locations worldwide.

What do you think about this new move by Microsoft to add new encryption support for OneDrive and Outlook.com?

Source: Microsoft

83
loading...
231
loading...
111
loading...
0
loading...

Comments

There are 74 comments. Sign in to comment

Good news. Co-owner shared folders next please :D

x I'm tc says:

And then drop the arbitrary 2 GB file limit.

ScubaDog says:

What the heck are you sending that's 2GB?  Sheesh!

mrskycar says:

Uploading encrypted full mobile device backup files.

High Definition pR0n Mannnnnn :))

leokid says:

hahaha  nice 

And after the co-ownership is implemented and the 2GB file limit is lifted, OneDrive will be quite perfect for my personal and professional needs.

Glad to hear of more encryption and the transparency center. I hope Microsoft keeps on this path to really differentiate themselves in the online services market.

CrazyQwert says:

Oh yes! I'd really like to see that as well!

Good step forward towards building trust among customers ..

adrian1338 says:

Just if you believe in their will to please the customer rather than the government that pays millions and millions of dollars

SeraphX2 says:

I do seeing that they are better than Google and Facebook are not just handing out information when it is requested.

adrian1338 says:

And you do see that? Why? Do you work for Microsoft or do you read about the nice news that they said .. no no no to the NSA? THey even look themselves in Mailboxes without a legal warrant to find MS Leakers. but hey.. they are much better.. sure

SeraphX2 says:

Prove any of what you just said. Especially that last one.

SeraphX2 says:

I think that's much different. he's using a service. You have no rights to that info. The simple fact Google can legally scan your email attests to that. However, Microsoft wasn't actively looking at peoples email, they did it reactively when someone was obviously privy to something they shouldn't have, breaking copyright laws.

Tense says:

You think Google actively looks through users' emails? Please. They don't have a guy sitting at a desk scanning your inbox, thinking of what ads would be best to throw at you. This is an algorithm looking for simple trigger words to decide if they'll show you that ad for window replacement or a car dealership.

ymcpa says:

That means they are data mining your personal info and then using that info to sell targeted ads. It might be ok with you. It's not ok with me.

Tense says:

This. People here act like MS is there nice friendly buddy rather than a massive corporation. Don't get me wrong, I love their products, but anyone who things for a second that they're any better than Facebook or Google with regards to privacy is simply ignorant.

SeraphX2 says:

They've already sent an email to their nail users a few weeks ago saying they will never use your email information and searches for targeting you with ads or selling to third parties. Better than Google already.

Tense says:

Show me a source with an example of Google actually handing user data over to a third party. And I don't see what the big deal is regarding an algorithm scanning emails for the purpose of ad targeting. Personally I think MS going through the emails of bloggers purely on a hunch is even worse.

SeraphX2 says:

Pretty sure this want a hunch. The guy clearly had something he wasn't supposed to because he literally wrote Microsoft concerning it. He probably had enough detail to make them wonder how he knew what he knew.

Tense says:

But the fact that either company doesn't treat their services as true "mail" and can just rummage through your inbox for reasons like this is terrible. I'm not saying Google is the good guy here, but Microsoft is equally as bad.
And I'm still waiting on that source.

ymcpa says:

They didn't go through the email of a blogger. They went through the email of an employee they suspected of providing info. There is a difference since they do have a contract with that employee.

ymcpa says:

That MS Leaker was a MS employee. If you read an employee contract, most employers put a clause that they can look at any emails stored on their servers. Outlook.com is an MS server. They checked with their lawyers and hte lawyers said they have a right to look at his emails, probably based on his emloyee contract, without a warrant. You can start complaining if they start looking at regular customers account.

Google will scan your email for data mining purposes to target ads to you and be able to charge more money for those ads. As of now, Microsoft scans emails just for malware and for notifications, if you opt in. I personally will trust Microsoft more than Google as long as Microsoft makes its money from selling software and Google makes almost all its money from selling ads. 

Eric Arc says:

That's nice of Microsoft, I feel safer already.
Maybe they will make one of those transparency centers in China to show to the Chinese government of how misinformed their previous decisions were.

Eric Arc says:

Or maybe not, that's like giving them the knowledge to make suspicious software for future use.

pinkarton says:

NSA incidents has proved that no government including USA is beyond suspicion or scrutiny. Given the chance they would snoop at its own citizens. Which USA continues to do to this date.

So I do not understand why you assumed that USA govt is any better than Chinese govt. It's not.

As a Software maker its Microsoft's responsibility to assure its users that their code is not vulnerable or provides any back door to USA etc. It's a good move from Microsoft.

Eric Arc says:

Agree. What I said about china is my bad sense of humor. But in a more serious note, I hope what Microsoft does will make the industry follow their steps.

Schikitar says:

The very thought of this just made The Goog shudder with disgust! ;)

louisoneal says:

Seems securerer....

iyae says:

Nice. Now can they add file fetch again?

kinaton says:

All files on onedrive.com should be scrambled with encryption. But its a start.

Interesting to know how the receiving mail server decodes it.

palmujukka says:

I think the mail is still sent unencrypted.

rahul.sharma says:

Here Encryption means your files will be encrypted when stored in onedrive, not when you take them out.

Trust is a must.. I feel so safe with Microsoft services whereas Google is my spam

Aashish13 says:

Google's makes everyone a fool. And avg ppl becomes fool. Same goes for facebook

Tense says:

You're extremely mislead, then. If you don't think MS pulls the same crap as Google with regards to privacy then you've got another thing coming.

fga100 says:

Anyone know when will nokia fix the Here and Drive? 
After the last update still does not open and the phone restarts. 
Is happening to several people.

Jakez98 says:

I don't seem to have that issue and HERE Drive+ has been on my L1020 since day one. I'm on WP8.1 DP now.

mcheiron says:

I have a question: This seems to be just added encryption between clients and server, but do they also add encryption of the files on the server? If so, who has the keys?

Jan Volk says:

NSA approved :D

wps81 says:

where is PFS in this story? Thanks.

Kentcomp says:

To paraphrase Steven Wright, "I'm not naked. I work in Microsoft's Transparency Center and this is our uniform."

joe_s says:

+920. Best Steven Wright line ever: "The sign said Drive-thru Window.... so I did. Geez, were they pi$$ed."

It's a start... I think... Is there a file encryption program for WP?

bguy_1986 says:

Is this all turned on already?  Do I need to do anything to turn it on?  I'm assuming I don't need to do anything since their aren't any directions...

tractionx says:

https://www.ssllabs.com/ssltest/analyze.html?d=onedrive.com&s=23.6.111.144

No, its not.

Not all browsers support it, anyway. For most users this is not newsworthy.

sadiq.na says:

PFS makes decoding harder even if someone had access to encoded data while transit and store that .Stored data can only decrypted with the key ,with some huge resource and time it can be decrypted in future using specialazed super graphics hardware and computing machine .PFS make decrypting this type of decoding in future harder.As it was revealed NSA was tapping raw digital data between datacenters and backbone routers even it was encrypted while hoping they can break into data with their huge computing

teranceo says:

Has anyone received the previous outlook.com update with the in-line reply, undo, and advanced rules? This was announced nearly a month and a half ago and I still don't have it on my account.

wpguy says:

When Microsoft updates the W8.x email client, I hope they fix the IMAP delete bug I can replicate all day long. It is though Mail forgets to send the delete to my IMAP provider. The deleted mail goes away on screen, then comes back immediately on refresh.

Curiously, the WP8.x email client does not have this issue, so my trusty 925 is what I use to manage the mail in that account.

Yes now they only have to move servers for non US users outside the US and allow them some privacy instead of peeping into their data and it may even become usable to save something.

khonjeja says:

This is great news as I personally was worry with Microsoft insisting using one password for all its products like Google. It's a scare where e are forced to use one password for logging on pc, phone, outlook, and one drive as if one gas your login details out means they have your life. So this will be welcome move from Microsoft. Looking forward to this update.

palaudawg says:

Enable two-step verification

wpcautobot says:

Is the encryption automatic and always on, it's an option users configure?

williewillus says:

Anyone's OneNote having trouble syncing?

Nope, mine is working perfect. I mean, I use OneNote Online version from my browser to make some changes at my notes (I don't use OneNote from the MS Office 2013 Pro Suite), and right after that i open OneNote from my phone and changes are already synced. And vise versa, If i do change from my phone, changes are synced instantly on the OneNote Online version.

So you are saying that OneNote doesn't sync even if you press Sync manually?

Well step for building transparency.

Great deal says:

Just last week i was complaining about lack of encryption for Onedrive, im using Boxcrypter, how will this differ and can I use both at same time!

MrWhiteman says:

Does that mean our OneDrive files will be encrypted in storage?

greg2k says:

I don't think they are mentioning encryption at REST, which is what you are referring to. I believe they are enhancing the encryption of the transfer of information to and from these services.

Will have to tune in to Security Now to see what Steve Gibson has to say about it!

MrWhiteman says:

Shame really, it would be cool to have free encrypted storage. Wouldn't cost MS too much

tractionx says:

No. Seems none of the repliers in here understand what PFS is. Its just a slightly more sophisticated protocol on top of TLS/SSL. It has to do with reducing the risk that a bad guy gets in the middle of your "https" connection, basically.

It has nothing to do with file encryption, or (frankly) the SSL/TLS other than protecting against a class of vulnerabilities that could let someone (with a LOT of sophistication) access data in-transit.

Somerichs says:

Are these moves to get Microsoft to where other companies already are, or are they the frontrunners in this respect?

NokianWP says:

GGMicrosoft. Moar encryption and better security. No backdoors. (except where the NSA needs em).

BaritoneGuy says:

What about encryption when the data is at rest? While I like the idea of better encryption in transit, I want my data encrypted at rest with me controlling the private key and no I don't want a 3rd party solution for this.

+1. But maybe their idea is that data is safe enought when it's stored in theirs datacenters. Who knows why Google or MS does not implemented this obvious thing yet.

mayblast says:

Harder for others, just as easy for NSA...

MS should do some serious imago-boosting while it's still possible. But then again it has a reputation of being highly arrogant company (disclaimer: I like their products whenever they happen to work, but fuck with their attitude).

AskaLangly says:

I get unexpected shutdowns...