This is a text automatically translated from Italian. If you appreciate our work and if you like reading it in your language, consider a donation to allow us to continue doing it and improving it.
Content index
A very disturbing piece of news is suggested to us and, after a long time (perhaps the last piece of news we commented on dates back to What happened to ProtonMail?), we decide to talk to you about what happened in Germany. Lose your Microsoft account to an automatic scan it is in fact an article that will try to explain to you why it is dangerous, risky and insecure to leave our entire online identity to a single company, especially if this is Google or Microsoft.
If you have been following us for a long time you will certainly already be aware of it but it is better to reiterate the concept for those reading us for the first time. Big providers like Google and Microsoft automatically search your documents, files and photos for criminal content. This means that the written contents within a document are analyzed and the various photographs scanned from artificial intelligences who try to understand if you are a new Al Capone or not.
And since artificial intelligences are created by humans (no they're not really intelligent), they have gods bias 1 (prejudices) and obviously also margins of error, it could happen that some innocent people get into very serious trouble because of this.
Lose your Microsoft account to an automatic scan
This is in fact the case with Malik, a fictitious name, of whom he speaks heise online and which we resume because it seems of undoubted interest to us. Suddenly, from one day to the next, Malik's Microsoft account is blocked by Microsoft and Malik can no longer access it. Not bad, some will say. However, when you decide to totally delegate your online identity to one of these large companies, being cut off from your account can become a real nightmare: no more emails, contacts, calendar. Not even them OTP keys they work more because they are generated with Microsoft Authenticator. Finally, to restore his laptop, encrypted with BitLocker, he needs the recovery key which however has been placed in the cloud (on Microsoft's advice) and therefore currently unreachable.
The data appears to still all be on OneDrive, it hasn't been deleted (yet). However, his account has been deactivated and nothing can be reached anymore (not even Xbox games or the Office 365 license).
But what happened?
On heise online it is explained that in some particularly serious cases accounts can be closed without warning.
Malik found out that his account had been blocked because suspected of uploading child pornography to OneDrive: it will turn out, however, that the photos in question were of Malik's nephew playing and bathing naked on the beach. His sister had taken vacation photos with Malik's smartphone, and the photos had been automatically uploaded as a backup to OneDrive (without Malik being totally aware).
Microsoft's automatic scan classified the content as suspicious, alerting the authorities and closing the account for this reason. Microsoft support never explained to him what had really happened but only standard answers like: “Microsoft has closed your account due to a serious violation of the Microsoft Services Agreement” without adding anything else.
Losing your Microsoft account to an automatic scan: Innocent but no longer an account
The child pornography charge was dropped because Malik was innocent but there was no way to reactivate the Microsoft account. All your purchased games, your email, and everything within your cloud still appears to be blocked.
If you feel like you've heard this story before, it's because it happens more often than you might think. It had recently happened with Google and with a father who had taken photos of his son's private parts for health reasons and then sent them to his doctor 2. Even in that case, Google's automatic backup had uploaded them to Google Drive and the artificial intelligence had caused his online identity to disappear due to an error.
Conclusions
The message we hope to get across is that we are no longer talking (only) about privacy but about the risk of having a very comfortable account for everything and to whom delegate your digital identity.
Don't do it.
Always diversify the services and products you use most often and when possible use products that use the Zero-knowledge encryption.
Some alternatives and practical examples:
- if you want to have an automatic backup of your photos use a server your (Nextcloud or similar) or rely on products they offer Zero-knowledge encryption as Body or Stingle Photos. Alternatively, otherwise, in our opinion it is the case of do not use automatic backup of photos but upload only those you really want to upload.
- Do not use OTP generators that require login and do not allow you to save a backup copy locally. In the our dedicated article you will find many useful applications to avoid the risk of being locked out.
- Don't leave sensitive and important documents in the cloud. If you really have to have them and modify them online, use a service with Zero-knowledge encryption For example CryptPad, Proton Drive or Cryptee.
- The same goes for files. If they are sensitive and important, try not to leave them online. If you really have to do it for convenience or any other reason then use a secure and encrypted cloud for these files as CryptPad, Proton Drive, Filen, Cryptee or Tresorit. Even better if you learn how to use it Cryptomator.
- Exchange most messages with free and compatible messaging applications End-to-end encryption by default such as Matrix or Signal.
- As already mentioned, more general advice is to learn to hold separate things: emails on one side, photos on another. And the documents elsewhere.
- Last tip: keep, as far as possible, a local backup copy of everything. If the backup is too complex to manage due to its weight or for any other reason, keep the things you consider most important locally in multiple copies.
- Fight against artificial intelligence biases: social media is trying to reverse the trend[↩]
- Google labels the photos taken by a father of his son for health reasons as child pornography and has him investigated[↩]
Join communities
If you have found errors in the article you can report them by clicking here, Thank you!