Hacker News new | comments | ask | show | jobs | submit login

I wonder if Microsoft also send typed-in passwords to themselves.

We collect passwords, password hints, and similar security information used for authentication and account access.

Source: https://www.microsoft.com/en-us/privacystatement/default.asp...

(Click "Learn More" under "Personal Data We Collect")

This sounds like the reasonable interpretation is, they are reading the passwords for MS accounts like hotmail. But IANAL, perhaps one should use the most hostile interpretation possible.

When reading a privacy policy from a company like Microsoft, I think assuming the "most hostile interpretation possible" is a safe bet. If it was only for MS accounts, why wouldn't they say so?

They do by default: http://i.imgur.com/NSQs5Ux.png

This setting has nothing to do with the question the OP did

If passwords are synced between devices, they are presumably being stored on MS servers.

That's not what they were asking. They were asking about if TYPED passwords are sent (meaning keylogger style). You're talking about password manager syncing.

To just give one example, if typed passwords are sent them passwords typed into Chrome are sent, if only the password manager is synced then that only impacts IE or Edge users.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact