M365 PPT and Word contents leak to US servers
M365 PPT and Word contents leak to US servers
Lors dâanalyses techniques, Wavestone a constatĂ© que les versions #Microsoft365 "Apps for enterprise" de #PowerPoint et #Word transfĂ©raient le contenu textuelâŠ
This link is in French but as a summary: technical report shows that M365 Word and PPT contents leak to US servers (augloop.office.com) as soon as you open a document on a local installation of Powerpoint or Word, unbeknownst to users.
This is potentially huge!
I think this is working as expected.
M365 disaster recovery is the US. I anticipate anything opened locally syncs to OneDrive or other M365/services.
However, I don't speak French so please let me know if I'm missing something.
This is different : no sync to other Cloud services enabled. This is not disaster recovery or backup, file contents are sent thru json. You use your Word / PPT application locally, and without your knowledge file contents are sent to US servers at the augloop.office.com endpoint. This is a clear privacy and confidentiality risk. It is bundled with the "connected experience" services, and the only way to deactivate it today is thru a registry key in Windows. And it's the default behaviour, the user is not informed. This breaches several GDPR principles, not to speak about MS spying on your confidential contents when using a local install of their software on your PC.
i remember predicting this in "privacy" communities a long time ago and all i got was seething mouths and gnashing teeth from "privacy" advocates for some reason defending Microsoft?