Microsoft PowerPoint Phones Home

In a world where cross-site scripting and third-party cookies are known security risks, I boggles the mind how Balkanized the infrastructure of Microsoft is. By using a favorite program on the Mac called Little Snitch by Objective Development, you can see when your software is phoning home to connecting to other computers on the net. In most software, they are content with a connection to a single domain, typically of the author to check licensing, look for updates and send telemetry. This is normal in today’s environment. Using a program like Little Snitch you can trust that domain and move on.

That’s why it was boggling to see how many different domain connections it takes just to start up Microsoft PowerPoint. I counted seven different domains: live.com, skype.com, msedge.net, microsoft.com, office.com, office.net, and windows.net. My computer was making connections to San Antonio, Boston, San Jose, Boydton (Virginia), Chicago, Redmond, Dublin (Ireland). I did not count all the subdomain variations. In Microsoft’s defense, all the connections were over TCP port 443 so we can presume them to have been encrypted. Still you’d think that they could consolidate under a single brand domain.

This was all just to launch a single program. The real problem occurs when you try to use Microsoft’s software in a web browser. You may be making a first party connection to a web page and get bounced around through multiple domains until you are throughly logged into your Microsoft account. Good luck trying to log out. Because when you hit the logout button, it becomes a third-party connection that does not have access to delete the cookie. There’s no way to log out short of manually deleting cookies in your browser.