"Microsoft sites expose visitors’ profile info in plain text"
arstechnica.com/security/2015/10/microsoft-sites-expose-visitors-profile-info-in-plain-text/
If you think using secure HTTP would be enough to protect your privacy when checking webmail, think again. When users connect to their Microsoft user account page, Outlook.com, or OneDrive.com even when using HTTPS, the connection leaks a unique identifier that can be used to retrieve their name and profile photo in plaintext.
... it can also be used as a unique tracker for individuals—a "strong identifier" in National Security Agency parlance—to spot their network traffic as it flows across the Internet. This data can then be used to correlate someone's identity with other traffic from the same IP address. While using an anonymizing network such as Tor would conceal the origin point of the traffic, CID data would be exposed once traffic left a Tor exit node.