Microsoft Purview: Additional classifiers for Communication Compliance (preview) (opens in new tab)

In most places where I worked, I signed an explicit consent form stating that all company-provided means of communication are for work purposes only, and may be audited. I suppose it's required by law.

So my rule of thumb for workplace is: expect no privacy.

If you want to use work-provided email, slack, etc to discuss things which you'd be very uncomfortable discussing in your office in the open, especially in the presence of your bosses, don't. Find a different venue.

Because you might be friendly with coworkers and not always switch platform as the topic transitions.

Right, I'm tired of this.

E2EE doesn't mean anything if you have the same entity controlling the server as is controlling the endpoints.

If you control both ends of an E2EE communication and they are closed then you gain nothing over normal TLS encryption, you still trust the authority. (Whatsapp is obviously closed and yes, signal can be considered effectively closed as their client is not reliably or reproducably built from public sources and has hidden their agendas before[0]; and even depends on binary blobs from Google..)

I know your favourite closed/walled messenger platform is basically religion at this point: but for heavens sake; please understand that unless you're auditing your clients or you can run trustable third-party clients; then end-to-end doesn't mean anything at all.

It's just marketing buzzwords.

[0]: https://www.youtube.com/watch?v=tJoO2uWrX1M&t=880s

This is a pretty classic example of “what’s your threat model”.

WhatsApp/Signal may not be perfectly private, but it’s plenty private enough to hide trivial things like job offers from your employer.

- I don't have enough disposable income and disposable time to self host and then keep up to date some flavour of messaging protocol server.

- Everyone's understanding of this issue is different. It's hard enough to convince technical people to use matrix/element vs signal, vs what ever they already have installed. Non-Technical people will either just ignore you or trust you entirely, I'm not sure which is worse.

- When something goes wrong I have to fix it myself. now I'm 24/7 on call.

- Even If I have knowledge enough to run the infrastructure myself, to compile clients and servers myself, to register domains etc.. I cant understand the source code to identify every possible un-trust worthy thing. even if I could, system security is not just about the code.. what is a trusted architecture to run it on?

It just isn't in any way, by any stretch of the imagination, feasible to self host any messaging service myself, that I want to use with the aim of talking to a wide range of people, from all parts of my life.. When I just want to chat with my work colleagues and arrange to go to drinks, or about their break up, or some other company or whatever..

Signal is open source. What's not trust worthy exactly?

Having employees is a big potential liability. Having a corporation is a big potential liability. Drinking water is a big potential liability. I guess just don't do anything at all and then recalculate your risk metric.

The conversations will happen elsewhere and so will the relationships. Management is locking themselves out from the team leaders and suddenly those off site 'adult kerfuffles' are exactly the conversation you needed to hear to prevent exodus.

This made me laugh. Back in the late 1970s, there was suspicion that the Soviet Union a had completely tapped the AT&T phone network on the East coast. I cannot remember the author of the article, but they stated that every American having any telephone call with anyone on the East coast should toss in a number of different key words to overwhelm the ability of the USSR to gather any useful intelligence, because they would be overwhelmed by data. Then they gave a list of keywords. I wish I had saved it. So my brother and I, when we called each other, would toss in the occasional 'enriched uranium' 'satellite imagery' 'battalion' 'missile test' 'weapons research' and other nonsense into our conversation.

I don't know what I found funnier, the idea that some poor fool at a Soviet embassy had to listen to our conversation because a key word hit caused the recording to be saved, or the idea that the author even proposed that the idea would work.

… And completely predictable and inevitable for 50 years, and written about endlessly since the mid 20th century. Short of a butlerian jihad level event, the only way to fight back is better countermeasures and better value.

The law won’t help (they want more surveillance). Democracy won’t help (most people want more surveillance on their neighbors). Exploit the system.

Was Microsoft employee. Did not worry one bit about talking to a recruiter on LinkedIn. Your immediate management is unable to see or even get that data. You would have to trip an alarm elsewhere, trigger a major investigation, get legal sign-off and then maybe Microsoft would ask LinkedIn to pull that data. Even though MS owns LinkedIn, they are treated as a separate business entity. LinkedIn has its own security team etc.

Even MS's own recruiters will use LinkedIn to contact current MS employees for internal positions.

Tech is a double sided coin. Things like this have the power to be abused, even easily at times, but that doesn't mean they always will be.

I’d have no problems with it. If they were going to fire me over that, it’s their loss. And it’s not generally in Microsoft’s culture these days to be that petty.

I don't think you need to work at Microsoft to be nervous about that. I've had recruiters offer to sell me information on who here is communicating with them on LinkedIn, without even being in a management or hiring position myself.

I remember during the Ashley Madison leaks there were so many work emails. I wouldn’t even use work email for buying a movie ticket much less organizing dates and affairs.

Some people are weird like that. There’s also old people who only have work emails. Lots of different people in the world.

Wait until you hear someone yelling at the helpdesk because their Ashley Madison email was caught by a corporate spam filter..

I think it's just another unfortunate manifestation of the phenomenon that Big Tech loves to exploit --- that people seem to care very little about privacy in general, or perhaps have been guided gently in the direction of doing so by those who stand to profit the most strongly from it.

In your specific example, there could be a slightly more positive reason --- proof that you do actually have a job at where you claim to be working.

I am so glad to be living in a country where shenanigans like this are deeply illegal and where violations would see employers/principals facing actual jail time, so nobody does it. Land of the free indeed.

I agree, but there's a big difference between such a title on /newest and the same title near the top of the front page. In the former case, it's a reason to skip over it; in the latter, it's a reason to dig further, and digging further is what HN is all about.

I'm not saying the current title is the perfect outcome—I'm just not sure what the perfect outcome is. I do think that in this case, the dystopian title adds to the quality of the post (but only once it's on the front page).

It's impossible to cover the general case with a simple rule. Even a paragraph of rules wouldn't be enough—people would discover corner case after corner case and you'd eventually need a book. I think HN's guideline covers the domain as well as any single sentence could; and then we can cover all the exceptions ad hoc, and talk about them in the comments.

It sounds 200% like newspeak and it’s pretty obvious what will be inside the egg.

> I know it's policy to use original titles, but the editorialization in this case hardly seems sensational.

It's interesting that the HackerNews guideline makes no statement about whether a custom headline is sensational or reasonable. It is: "Please use the original title, unless it is misleading or linkbait; don't editorialize." They probably have a slightly different reason for this rule than many people first imagine. And that reflects in the actual wording of the rule being slightly different than many people would first phrase it themselves.

If you want to make an overarching statement via the post title, the route is to write up your thoughts on the matter, title your post however you want, and then post that.

I think it's that you can be considered effectively guilty (there's grounds to fire you or take disciplinary action against you) for tripping an ML routine without further evidence or proof, and that it seems more important to have "clean" corporate communication rather than actually act in good faith (as long as bad stuff happens on off channels, no one cares).

Hopefully it doesn't make it outside of the corporate world though.

There is a difference between an investigation under subpoena for example and

An automated process that alerts whomever is chosen as overseers to all possible missteps and misdeeds.

One is a very targeted and conscious effort the other is automated and pervasive everywhere all the time.

Right, and this functionality is to punish you for nothingburgers as much as actual crimes. "Leaver" detection is something that is entirely sane for corporations to do but will be abused by the usual suspects in HR to instill fear and to retribute.

> Everything in corporate email has always been subject to read by others, there is no expectation of privacy.

Depends where you work? I expect my work emails to be private.

Even if it works out as you say, the chilling effect on who's left will be very real.

A few open source options (some with hosted plans)

- Zulip - https://zulip.com

- Mattermost - https://mattermost.com

- Rocket chat - https://rocket.chat

- Matrix - https://matrix.org

People in HR don't get fired for that kind of stuff. They have a thin <whatever their color is> line to protect them.

next they'll offer MS AI HR that'll do that for you

It's a classic assertion of power, pointedly ignoring any appeal to anything but more power.

News flash: there used to be entire departments of humans that did this (and in some companies there still are).

Your corporate comms are monitored and there is no privacy.

Evil is banal.

Ah, another happy Zscaler customer!

Yeah if they've got "zero trust" for their own teammates, they are in for learning some hard truths about team building.

That's two strikes against them now.

(I kid, VS Code is great for many, but it's not my cup of tea).

Those ones are a joke. Look at the purported "Roadmap ID" that poster used.

After social credit score, you'll have your corporate score too.

Not even. Transcription functionality already works for explicitly-recorded meetings in Teams. I'm sure their cloud resource costs to run it are negligible, too. A change in privacy stance is all that's required.

Pissing people off does incur a cost, though. Perhaps you're right.

Worked for WW2…

I’m sorry, what?

Have you never worked for a bank or financial company? Never had to take a drug test for your programming job?

US Federal law and the Hundreds of billions of dollars spent on audit, insider trading, cyber security, ex filtration tools STRONGLY point to a corporate culture that is obsessed with defending against internal threats, because that’s the highest source of risk.

I think this counter argument is used when people are against something without offering a reason.

For example I often hear "The riches 1% pay 80% of the taxes" (or whatever the correct values are). The person makes this argument against the idea of raising taxes, however they aren't explaining why it shouldn't be done

Since they don't offer an explanation the assumption is they are either already rich or think they'll be rich.

> Why do people assume that you have to think you'll be a billionaire to be against something that would affect billionaires negatively?

Because there is a group who struggles to reconcile what looks like a contradiction - another group who appears to advocate for policies which harm themselves. The quote and its derivatives attempt to explain this apparent contradiction.

Yeah it's not necessarily true. I think Innuendo Studios/Ian Danskin explains this mechanism very very well https://www.youtube.com/watch?v=agzNANfNlTs

Many people think Jeff Bezos should exist and have his wealth because he got there by playing the game better than everyone else, and that this game is just the way things are. He earned it. Attempts to change the game will just make everything worse and people won't get what they deserve, and thus these attempts are unethical. Equal societies are an absurd liberal fantasy.

My attempts to advocate that Jeff Bezos shouldn't have the money he does are actually just selfish attempts to cheat at the game and stuff my own pockets with money and get something I haven't earned. The real issue here is a lack of discipline.

Watch the rest of the videos. People who think like this largely can't be argued with.

My anecdata is that I've literally heard people say that. For example - 'I don't want the rich to be taxed because I might be rich someday.' They don't specifically even mean Jeff Bezos or even a billionaire but assume that 'when' they are rich they will want the tax advantages.

That’s a really good point. It highlights the hegemony of self-interest in contemporary culture. Collectivism has become frail, immobile, even dubious. We are demographics. We demonize one another. We struggle for causes that affect us and ours, and despise people for joining popular social movements. Fatigue turns out to be the limiting factor for compassion, and boy are we tired.

I don’t expect I would become a billionaire (…anymore). I imagine that I would be a benevolent one, but fear the gravity pull of such wealth would collapse any good intentions. Capital demands such rigor. I would think that if some some policy or popular uprising made wealth distribution flatter, the billionaires of the world could exhale. The burden to care becomes much lighter when borne by many hands.

A lot of people will quote John Steinbeck [1]:

> “John Steinbeck once said that socialism never took root in America because the poor see themselves not as an exploited proletariat but as temporarily embarrassed millionaires.”

There's plenty of circumstantial evidence to back this up. The 2000 election is a good example although I can't find a good quote for this. Gore famously daemonized the "top 1%". An illuminating poll in 2000 revealed that 19% of Americans thought they were the "top 1%" and another 20% thought they would be someday. So 39% of the population thought of themselves as the "top 1%".

Americans also love the slippery slope fallacy. The idea, that you allude to, is that people will defend Jeff Bezos's taxes being raised because the next step is apparently them coming for the working class.

This too is propaganda. B does not necessarily follow from A. But political leaders and plutocrats are happy to use this argument to their own benefit. It's the sort of argument people make when they have no argument.

It's a byproduct of American exceptionalism [2].

[1]: https://www.goodreads.com/quotes/328134-john-steinbeck-once-...

[2]: https://en.wikipedia.org/wiki/American_exceptionalism

> I see that phrase thrown around a lot. It's a variant of "you're never going to be a billionaire (so you shouldn't be against X)." Why do people assume that you have to think you'll be a billionaire to be against something that would affect billionaires negatively? Is something only wrong if you think you'll find yourself in that position one day?

Obviously cappies (meaning people who support capitalism, who are not necessarily actual capitalists--most aren't) don't walk around believing they personally have a greater than 50% chance of being billionaires. It's hyperbole. That said, they do overestimate their future earning potential while severely underestimating the number of ways in which preexisting social class will block them. This is evidently true; behavior and preferences reveal beliefs, and no one supports capitalism and its extreme inequities unless they harbor a belief--perhaps an underexamined and irrational one--that they'll one day be invited to join the capitalist class, since there's literally nothing to justify the system but "It's good if you're one of them."

Why are you saying this? It's what every single corporate pamphlet and forced talk says. No one is saying unions will bring everyone enlightenment and cure cancer.

What people are saying is workers need a say in how the workplace is run and companies spending millions convincing folk otherwise should be forced to stop.

Yes I wanted to say something very similar. The idea of having an organization that collectively represents my interests against things I oppose (like this) feels good.

Unfortunately unions will not represent my interests in a huge swath of other areas (meritocracy, politics, etc). So choosing a union just trades one set of shitty things for another. For all but unskilled workers, the benefits are basically an illusion imo

Emacs is open source and you can modify it, so even if it would spy on you, you can in theory remove the offending code yourself or wait for someone else to do it and publish the patch. Good luck doing that with Office 365.

M-x psychoanalyze-microsoft-pinheads

> Nobody treats corporations this way...

Oh yes they do. "All corporations are evil exploitive money-grubbing polluting anti-democratic anti-worker..." I've seen it, here on HN, on the regular. I don't recall if I've seen it today, but I see it a lot.

> ... even though (if you look at interlocking BoD membership) there's a more reasonable case to be made for collusion in some industries...

The AFL-CIO looks (or at least looked) like the same thing, but for unions.

In the same way that a completely controlling government and political system could stop literally anything, yes. The basis of collective bargaining does not inherently depend on government support and the proof is in it predating government support. It depends on governments not penning anti-unionisation legislation. There’s no need to be so snarky.

You realize that historically labor unions predated government laws about labor unions, right?

The government stops them through things like outlawing secondary strikes.

You shouldn't, nor should organizations push the limits of what people accept before they snap. But here we are.

LibreOffice is actually pretty great, it's not "run on a Pentium 100 MHz" fast but it's stable and works well for basic office spreadsheet/word processing/powerpoint tasks.

Older office didn't have the god awful ribbon.

Imagine a world with something markdown-like instead of Word...

Except for one: Ashton-Tate Framework. "Emacs for business" gets you within a stone's throw of how flexible and powerful Framework was back in the day. Of course its UI wouldn't fly in today's world, but back then (early 80s) it was a revelation.

Airtable?

true.

> ... I am the 365 admin.

For now. Remember MS can literally run these tools on your communications and if/when something gets flagged... raise it out-of-band to a senior business person at your company for follow up.

They likely have the contact details for senior business people at your company already. ;)

Lol depends what industry your in. Im a one man band msp so I literally set up these catch all employee tracking systems. Most folks don't realise they exist, even fewer use the data produced by the systems. Legit 90% of the time it's just kept in case of gov audit or something going pear shaped and we need proof it wasn't us.

Trust is all well and good, but trust ain't gonna pass an audit or get you out of trouble if shit hits the fan.

Normal operation of AI often involves exhilaration of data to the vendor, so I take the privacy qualifiers with a grain of salt. This most likely is turning your email inbox into something roughly as (non)private as a search engine query. It's the ultimate dark pattern, goodness knows what MS intends to do with this access.