Last night we needed to update a computer in the family to Windows 10. So we read the fine print in the agreements, which took quite a while to do. Not only is it a mile long, but it is also written in typical “lawyer language”, so that no one can understand it and if you ever were to get into a legal argument, you would need to have assistance to understand. But that was not the point, this is:
Taken from http://www.microsoft.com/en-us/privacystatement/default.aspx, in the section of “Personal Data We Collect”:
“We collect passwords, password hints, and similar security information used for authentication and account access. “
It does not mention if it is only for accounts that are on Microsoft servers or just all passwords that they can get their hands on. Software that snoops and tries to steal passwords are normally considered to be malware.
There are also a bunch of paragraphs where you must agree to specific terms on where and how you can raise any legal dispute.
But collecting passwords? Where is the limit? I will not even go into the rights that they apply to anything stored on OneDrive…