> How do you define “malicious”?

Malicious to me is intent. Microsoft does not store my emails to snoop or to potentially steal my assets. It Is a side effect of the systems they have created to ease user friction.

Some might argue that they want my data or behaviour (which is snooping) but exactly what has been said, my subscription fee is the value they extract from me and their enterprise value is the stickiness and the experience they provide.

To be clear, I am not a Microsoft fan, but I think it is safe to assume that Microsoft would not scrape my crypto wallets or bank account information to steal the entirety of my liquid assets. I can’t say the same for actors that plunk in a rogue email address to BCC themselves.

I have no idea how far the crew at Microsoft or any other large tech giant is willing to go into the grey area, but I can tell you they won’t attempt to drain my bank account without providing SOME kind of value to me in return.