Yeah I thought the same thing. This has nothing to do with MCP really, the same flaw is there in all software: you have to trust the author and the distributor. Nothing stops Microsoft from copying all your Outlook mail. Nothing stops Google from copying all your gmail. Nothing stops the Mutt project from copying all your email. Open source users like to think that "many eyes" keep the code clean and they probably do help, especially on popular projects where all commits get reviewed in detail, but the chance is still there. And the rest of us just trust the developers. This problem is as old as software.
> Nothing stops Microsoft.... Nothing stops Google...
Not really true. They have skin in the game. They have legitimate revenue at stake. If they betray trust on such a scale, and we find out, they'll be out of business.
Idk, I think Microsoft could get away with a lot. Not selling your emails to the highest bidder, that might be a bridge too far, but training an LLM on Outlook emails? Probably. Just have an LLM scan every email to see if its contents are mundane or secret first, and only use the mundane ones. There might be a scandal of some sort, then Microsoft would say sorry (but keep the model), and then everyone would move on because the switching costs are too high.
Why would selling your emails to the highest bidder be a bridge too far? Your ISP already could sell all the data they have on you that way…
Sounds like Ramp ha
> If they betray trust on such a scale, and we find out, they'll be out of business.
Provably false. Google has been found to lie about data collection for years and they still have more money than ever.
"Not really true"?! TRUE AS HELL! "Outlook New" LITERALLY DOES THAT! It's an infostealer. Microsoft gets your login info and downloads your mails, contacts and calenders to its own servers!
How this app is legal and not marked as malware is beyond me! It's the biggest information heists in history!
https://www.heise.de/en/news/Microsoft-lays-hands-on-login-d... https://cybernews.com/privacy/new-outlook-copies-user-emails...
> If they betray trust on such a scale, and we find out, they'll be out of business.
The decision makers don't care. They could eat children and they still would buy from them.
https://www.wiz.io/blog/storm-0558-compromised-microsoft-key...
Do people actually choose to use Outlook if they're not already forced to use Exchange/Office365, usually for work?
In my experience, it's hands down the worst e-mail client I've ever used. I only have it on my work PC because my employer uses Office 365. It never even crossed my mind to try to use it for my personal e-mailing needs.
I do agree, however, that companies that decide to trust MS don't care one bit about their scandalous practices. I don't even think it's as much of an actual choice as a cop-out, as in "everybody uses microsoft", so they rarely actually ponder the decision.
Outlook New gets installed by default on Windows 11. Of course people gonna use it. Even if they just trial it, their data is gone. A Anti-Virus should stop the software from running. But that will never happen.
> "everybody uses microsoft", so they rarely actually ponder the decision.
Exactly. That is my main argument against PantaloonFlames's claim "They have legitimate revenue at stake. If they betray trust on such a scale, and we find out, they'll be out of business."
At a certain scale nothing matters anymore! You can Bluescreen half the planet and still be in business.
What do you recommend businesses use instead?
Of course. I should have added “if they wanted to” and there is almost no rational reason that they would.
> This problem is as old as software.
Sure, I agree, and the problem is absolutely magnified by AI. If a back door gets into Thunderbird, or Google decides to start scanning and sharing all of your email, that’s one point of failure.
An MCP may connect to any number of systems that require a level of trust, and if any one thing abuses that trust it puts the entire system at risk. Now you’re potentially leaking email, server keys, recovery codes, private documents, personal photos, encrypted chats - whatever you give your AI access to becomes available to a single rogue actor.
Giving AI agents permission to do things on your behalf in your computer is obviously dangerous. Installing a compromised MCP server is really the same as installing any compromised software. The fact that this software is triggered by the user or an agent doesn't really change anything. I don't think that humans are more able to decide not to use a tool that could potentially be compromised, but that they have chosen to install already.
> Open source users like to think that "many eyes" keep the code clean and they probably do help, especially on popular projects where all commits get reviewed in detail, but the chance is still there.
The https://en.wikipedia.org/wiki/XZ_Utils_backdoor bears mentioning here.