• Due to ongoing issues caused by Search, it has been temporarily disabled
  • Please excuse the mess, we're moving the furniture and restructuring the forum categories
  • You may need to edit your signatures.

    When we moved to Xenfora some of the signature options didn't come over. In the old software signatures were limited by a character limit, on Xenfora there are more options and there is a character number and number of lines limit. I've set maximum number of lines to 4 and unlimited characters.

Microsoft CoPilot and recall concerns

Wudang

BOFH
Joined
Jun 30, 2003
Messages
17,603
Location
People's Republic of South Yorkshire
https://www.computing.co.uk/news/42...rity-concerns-about-microsofts-recall-feature

More technical article by a security guy
https://doublepulsar.com/recall-ste...r-own-windows-pc-is-now-possible-da3e12e9465e

Article by Stross
https://www.antipope.org/charlie/blog-static/2024/06/is-microsoft-trying-to-commit-.html

tl;dr - it takes periodic screenshots and stores them unencrypted on your PC. I know the NHS would scream at this and I assume many other places that require security of data. And it doesn't just take screenshots - it OCRs them then stores that as plain text.

@mishamouse@hachyderm.io said:
my company uses secure channels to send highly confidential documents (which include, for example, clients’ financial information and unredacted social security numbers) to third-party attorneys. what if those attorneys have recall-enabled machines? i can tell you from experience that many of them are not tech-savvy enough to even realize they have it… what if they have a data breach?

so yeah, this is very scary, even if the company disables it on our local devices.
And of course someone has created a tool to help exploit this: https://www.wired.com/story/total-recall-windows-recall-ai/

There's links to a lot more articles on Charles Stross's mastodon account. https://wandering.shop/@cstross
 
Surprised it only relies on your disc level encryption, would have thought adding another wrapper wouldn't be particularly resource hitting for the new devices.
 
Surprised it only relies on your disc level encryption, would have thought adding another wrapper wouldn't be particularly resource hitting for the new devices.
CoPilot was rushed to market, there are flaws waiting to be seen.
 
Account solarwinds on Mastodon says they’re an ex Microsoft employee and
“I have worked through a third party _actual person_ who has _actual contact_ with the _actual people_ on the _actual team_...

...to make sure they are _aware of this_.

(As well as other liabilities it creates.)

You see, I'm ex-MSFT, and a Seattleite. I think Microsoft need to be broken up, along with several other tech companies. I think antitrust needs to step in, and under Biden, they're finally starting to do so again.

But I _do not_ want them to be _sued out of existence_, because I do not want my city to be economically _******_.

This is a _sued into the ground_ feature, and over the last month, I have described to them how, in several ways.

I'm praying that they listen.”
 
Rather unsurprisingly - changes are to be made:

https://www.zdnet.com/article/after...get-these-major-privacy-and-security-changes/

...snip...


According to the blog post, the following changes will be implemented in the released version of the feature:

The setup experience of Copilot+ PCs will offer "a clearer choice to opt-in to saving snapshots using Recall." The feature will be off by default and will only be enabled if the user chooses to enable it. (In my earlier post, I had suggested this as a crucial change.)
Enabling the feature will require Windows Hello enrollment, with secure proof of the user's identity, typically via biometrics. In addition, Microsoft says, "proof of presence" will also be required to view the Recall timeline and search its contents.
As for the database itself, it will get an extra layer of data protection, including "just in time" decryption, which Microsoft says will be protected by Windows Hello Enhanced Sign-in Security (ESS). The search index database will be encrypted as well.


...snip...
 
Back
Top Bottom