Hacker News new | past | comments | ask | show | jobs | submit login
Ad-free Outlook and Hotmail ($19.95) (microsoft.com)
42 points by captn3m0 on Feb 19, 2013 | hide | past | favorite | 55 comments

The claim made about outlook.com is

"Google goes through every Gmail that's sent or received, looking for keywords so they can target Gmail users with paid ads. And there's no way to opt out of this invasion of your privacy. Outlook.com is different—we don't go through your email to sell ads."

from http://www.scroogled.com

How is outlook.com selecting which ads to show? Is there any transparency in that process, or are they showing personalized ads but just going through the title (or some other technicality that isn't a 100% email scan)?

They've said they use demographic data based on what you provide at signup for targeting ads in email.

It's enough to be used fairly effectively (if not as topically), for instance by correlating voter registration data with name/location data for highly targeted political ads:

For instance, surfers may be shown a shoe ad if they recently visited a shoe site. Most of this sort of targeting doesn't require your name. Political targeting does. Campaigns may want to reach only reliable party members, or independents who might swing their way....

Finding voters online is difficult, since no public record connects voters to a particular Internet address. That's where Microsoft, Yahoo, AOL and other lesser-known companies come in. Their enormous stores of registration data can serve as the bridge between particular Internet users and their voter information....

Microsoft and Yahoo's targeting service combines two crucial factors: their knowledge of users' personal information and their ability to add cookies to browsers. Over the years, Internet users have given these companies their name when they signed up for free programs like the Microsoft suite of services known as Windows Live, which includes Hotmail. (Microsoft said it does not sell campaigns access to information users provide when they register for Office or other Microsoft products they've bought.)

Microsoft and Yahoo both said the cookies aren't connected directly to names or other personally identifying information. Instead, they use a complicated process to match coded voter information back to anonymous cookies on particular users' browsers.


I never understood why people were so against targeted ads. By definition, targeted ads have a higher chance of being something I'm interested in. Isn't that a good thing?

And yes, they scan your email... news flash - every online email service has access to your email by definition. Either send it encrypted from the client, or don't send things you don't want other people reading.

Every cloud-based email service "scans your email" and does it a lot. This is mandatory in order to:

- Junk filtering, fishing protection and other security protections; all impossible to implement without deep scanning, analysis and correlation (this last item is important: some information extracted from your email is combined to information from other people's emails, in big statistical models and fancy machine learning jobs). - Index content so you can search it (unless you want to only be able to search by subject and other headers... no, 1988 called, wants its Eudora back). Bing.com may not include results from email, but this is irrelevant, Outlook.com certainly has full-text search so there's indexing. - Implement all kinds of cool stuff, e.g. Google Now right now shows that my last Amazon order has shipped, a single click on that shows the USPS tracking, how cool is that. Or more modestly, integration with other services from the same provider or from others such as cloud storage, office apps etc., or even simpler features like Outlook.com's ability to automatically sort email into categories, I doubt very much they can do it only looking at headers. (Even if they do, in many cases there's enough private info in headers that just not looking at the email body shouldn't reduce your paranoia.)

In the big picture, the extra scanning for ad targeting is really a very minor part of the whole. So it all boils down to discussing whether you prefer targeted ads or untargeted ads, and whether you trust the cloud service to protect the private information used for this. Notice that this same potential issue exists for all functionality above, not just for ad targeting; so if you don't trust GMail as a matter of principle, then you shouldn't trust Outlook.com either.

I know! Totally agree -- that's why I hate Microsoft's anti-Gmail campaigns.

This is something I wish more companies would do with their free products.

I agree, but you need to be careful with the distinction between the paid and the ad-free versions.

Is it just removing ads? Or is it a premium product?

e.g. Gmail has no ads when you buy a Google apps account, but you pay $50 for it because they give you a load of other features as well (Which you may or may not need).

I still think it's good to give the option, but your selling points could get diluted pretty quickly once you start adding more little things to justify your paid memberships.

Until then you can just hide your ads in Gmail: http://lifehacker.com/5879757/how-to-hide-ads-in-gmail

The problem has never been about seeing the ad was it? It's mostly about what ad and what Google sees to show the ad.

Yes, that is also a problem. Judging from the ads that are shown to me they don't understand much of what they see, though ;-)

Of course that is likely an issue with the advertisers that choose wrong keywords that their ads show up for.

And if you pay, do they swear they won't look at your e-mail and use it to build your profile ? After all, they sell ad space outside gmail ...

is it a given in any email system that they see this though, i.e. would it even be possible to make it so that they couldn't see it?

You could use gpg and a non-browser email client to encrypt your email. But then you can do that with gmail too.

Is there something sneaky in the wording of 'no graphical ads' ? Makes you wonder if they will display text only ads.

I had the same thought, Microsoft seems to keep saying deliberately, "No graphical adds".... why not no adds period?

Maybe they will pull a "Popova" and have affiliate ads only.

I thought we established in a previous discussion that Amazon affiliate links are ads. If that's the case, then contextual links are out.

That said, I subscribed to Office 365 (or whatever it's called) and I dig it. It has a modern flat design (eschewing the tacky skeuomorphic look). Also, SkyDrive is a great alternative to Dropbox and the Office suite blows away everything else I've tried.

For those with custom domain names... $20/year vs $60/year for Google Apps. Ads or not, thats a compelling savings for my many pet projects where I only need 1 or 2 @projectname.com mailboxes.

It's a shame that Google Apps got rid of the free tier. I've started 2 businesses on the free tier (< 10 accounts) and now pay around $200/month for each company as they have grown.

Now Microsoft will gain some ground in the email arena.

You can still sign up for Google Apps' free tier, Google is just hiding it deeper and deeper in the interface. Last time I did it was two weeks or so ago, and I had to sign up via the Google App Engine control panel, as detailed here: http://www.hongkiat.com/blog/google-app-mail-for-free/

Definitely good enough for one time @projectname.com mailboxes.

Yikes. If you're paying around $200/month (Not sure if this it total, or for each service, making it $400/month), would it not be feasible to invest in a VPS at linode and run your own mail server? You could even hire a decent system admin to look after it, and still save a few hundred dollars a month.

I've run a mail server for 5 years for a NGO. Running your own mail server is not as easy as running your own LAMP stack. The is SPAM, IMAP, bounces, ... and many more issues with running your own system. My Postfix is only redirecting to gmail accounts. If that works - fine, but that's probably not what a small non-tech-savy business needs.

In my case, we're VC backed, heads down working on product. I love rolling my own for most infrastructure, but when you get into managing groups, aliases, password changes, SPF, DKIM, Webmail etc... for 30+ people, it quickly becomes a major time suck. I strongly believe in spending reasonable money to outsource anything like this.

This of course assumes you aren't worried about Google/M$ reading every email and stealing your trade secrets...

Puts on tinfoil hat

It always surprise me how willing people are to let other people read, use and handle ones private emails.

It commonly received as a surprise when I talk about it, but once you give away your email to be handled by someone else, the emails are no longer private. If you give it to google, google then owns it. If you give it to Microsoft, its Microsoft that’s own it. Why are people acting so strange to the idea that if you give something away, its not longer in your control?

Running a email server is not hard. if its a company, running a email server + webbmail is as hard as installing two extra packages in debian and doing a single dns change. If you don't have a server, buy a old laptop/media station. Its email, its not going to demand processing power beyond simple spam filtering.

On that note, wonder if my phone can get postfix installed...

99.9% uptime is nice ( where I'm at right now has had server outages more often than gmail has had).

Having a decent spam filter is nice (I've had loads of false positives in things I've tried elsewhere).

There is the idea that google/MS could just fall off the face of the earth, and then I look pretty stupid having loads of things connected to that account. That bothers me enough to where important things get thrown onto an email adress I'm pretty sure won't disappear for a while.

As to reading my mail... robots are reading my mail. This is a pretty valid "Chinese room" in my opinion. Nobody's actually understanding my mail, what do I care. The ads are usually pretty relevant to things I need though (I've clicked on more of the text ads than I would ilke to admit).

> 99.9% uptime is nice

Pick a random (not broken) piece of hardware. Install debian stable on it with base install + postfix + roundcube. Configure: grey listing, black listing, and auto-update (relative easy, and there is a bunch of tutorials if needed). Leave it alone until once every 2-3 year where it will need a aptitude update, aptitude upgrade. It will run as long it has power and network connectivity. If you are a company and either the power or network is down, email is unlikely to be high on the priority list.

Spam: ~0. Might get one every full moon or so. After 5-10 years it might get a bit worse, but adding SpamAssassin tend to get rid of it.

As for Chinese rooms, do they leak information? Do they give out mail if asked by someone with money/power? Sure, one can say "I got nothing to hide so what do I care", but then that's what all email then must be. You can never again say: "This email is private and mine. I and only I have control over it". If you are a doctor, lawyer or any person dealing with private information, then it mean that any email given to you are defacto public.

Roundcube is not gmail. The gmail interface is the killer feature that no one has been able to replicate, and it's the thing that pulled me back after 6 months of hosting my own email. I was in gmail withdrawal, and seriously considered not having an email account instead of dealing with roundcube, mutt and K9 anymore. Roundcube's interface is a great replica of Apple mail from 10 years ago, but it's seriously painful to use compared to the comfort and the features of the gmail interface.

>Running a email server is not hard.

That is true. However, Running an email server properly /is/ hard.

Security, maintenance, patching, journaling, litigation holds, bouncing, ssl/tls, dkim, etc.. It's not exactly as simple as apt-get install teh-emails

With a dedicated email-server, maintenance is as easy as configuring auto-updates and doing 2 commands once every 2-3 years.

SSL/TLS require two additional step. You go to CAcert and add a very simple setting in postfix. If you uses webmail, you can just plug this in and use it there and forget about ssl/tls in postfix.

DKIM is neither required or useful in most use cases. If your a bank with online accounts, then you should use it, but then you really MUST not outsource your email. They should have a sysadmin that can maintain a secure email infrastructure, in the same way that they got a professional installing a lock and alarm on the door. Get a consultant, ie a professional doing the installation if you don't have a sysadmin.

As for journaling (default from the file system) and bouncing emails (defaulting to the user who sent the email), both are given free without any configuration.

Litigation holds, ie concerns about how to comply with being legally forced to retain and hand over emails to the government. That is a bit out of scope for most companies and users, but if you are concerned about this see above statement about DKIM.

So ye, for users and 99% of companies in the world it is indeed as simple as doing an apt-get install postfix and follow some simple tutorial in configuring grey listing, black listing subscription and adding a dns entry.

>So ye, for users and 99% of companies in the world it is indeed as simple as doing an apt-get install postfix and follow some simple tutorial in configuring grey listing, black listing subscription and adding a dns entry.

Hopefully the tutorial mentions how to make sure relay is off. And it explains how to configure those magic auto-updates. And it covers amavisd and/or other anti-spam features. Also, I hope it at least mentions some basic security for the system.

My point is and stands: it is not easy to properly run an email server. Simply running apt-get install postfix does not a properly configured email server make - no matter how easy it is. This fact makes hosted solutions, run by people dedicated to running that type of stuff, compelling. Especially for those "99%".

relay is dealt with during install in debian, and default is only allow relay from localhost (ipv4 and ipv6). in the case of roundcube, localhost is then perfectly fine.

auto-update is as simple as apt-get install unattended-upgrades.

greylisting is: apt-get install postgrey

blacklisting is the only real "slightly" iffy area, because there aren't a obvious one guide to do it. It is however a very simple way of installing it once and not touching it again. (http://www.howtoforge.com/block_spam_at_mta_level_postfix) looks to be a old guide, through there might be more current methods out there.

As for system harderning... I have yet of hearing a single person having a stable debian installation getting hacked (if they update/autoupdate!). basic security for the system should be left to default, so long one do pick a decent password (or avoid installing ssh).

And yet there must be a reason Google Apps for Business does so well; it's cheaper and easier to have a dedicated company manage email (as well as other services, eg. docs, IM), especially if they are critical to your business infrastructure.

If a service is critical to your business infrastructure, you should not outsource it. By doing so, you end up in a complete one sided dependency. If they go down, you go down. If they refuse to continue serving you, you go down. If they have a outage, you go down. If they get trouble with the law, you go down.

Its like being a online shop with only paypall. Its an easy method to go bankrupt fast.

    No account expiration
Does that mean Outlook still has that absurd system from Hotmail?!

You mean the one where if you stop using an account, it gets deleted?

Google doesn't do that. You can create a Gmail account for a project or event and they'll never delete it. Maybe you want a Gmail address for a yearly event, which you'll only use for 2 months out of the year - Gmail can do that for you, and for free.

"No graphical ads"

Brace yourselves, text ads are coming.

Does anyone know how outlook.com handles expiration?

In the terms it says you must log in every 270 days. Sounds like plenty of time but I have old gmail account which I use once or twice a year. It would probably have been deleted if it was with hotmail/outlook.

The worrying thing would be the email address going back into circulation with someone else. Wouldn't they start to get your mail? Couldn't they retrieve you password on websites with the associated email?

This scenario isn't too unlikely as the old gmail account I mention above is associated with login details for 50-100 websites. I simply moved to a new email address and only check it when I need to login into an old site and have lost the password.

Hmm, but they still allow POP/IMAP for free? Most companies who want money for their premium mail service (e.g. mail.com/1&1) include that with removing ads, which seems a much bigger incentive.

I do kinda like the new outlook.com interface, but the way the conversation view works makes it basically unusable to me. Not that MS ever had big taste in that regard, as I still blame Outlook for basically establishing top quoting as standard.

I'll stick with free e-mail.

What happens if google stops providing gmail? Suppose that, for example, google has some losing quarters and is pressured into making cuts and they decide to axe gmail. What happens then?

I am an unabashed fan of google voice, but there I know that it would be possible to get the number out (thanks to legislation), see http://support.google.com/voice/bin/answer.py?hl=en&answ... . I don't have similar assurance with gmail.

what happens if Microsoft raises the outlook price per year to some level I'm unwilling to pay? At some point, it just comes down to a calculated risk.

That's why you pay for a domain. Then you can move your address wherever you want.

outlook could also be cut one day. Being a pay-service doesn't make you immune to disappearing (though it decreases the risk).

I find $19.95 a little too much, just for getting rid of ads.

How much do you think the ads are making them?

Not a lot when the second benefit they list is not needing to log in to keep your account active...

adblock-plus is free

Unfortunately the servers and employees to run the service is not.

And it explains one of the reason I don't like everything-driven-by-ads world. If I never click on ads having vs. not having adblock just changes whose money I am wasting: page owner's or ads buyer's. With adblock I at least am not wasting bandwidth.

I understand that very well, I constantly thinker about possible ways to make revenue without ads. If you are really honest about it to yourself you will realize it's not a very solid business model. People can easily circumvent ads and/or just ignore them.

You mean like charging $20 / year to access a service and not be displayed ads? That's the alternative revenue model and you want to circumvent that as well.

Ad block is only effective because not many people use it.

If it were even vaguely popular all major sites would have found a way to stop it working, they'd be a constant war going on.

I cannot imagine how could somebody prevent browser extensions injecting code to websites. As a happy user of ad-block I have seen some sites that force you to turn it off. Like iconmonstr.com But that can be easily circumvent.

For example, by making it difficult to tell what part of the website is an ad.

Since when does HN publish spam/ads?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact