Wudang
BOFH
https://www.computing.co.uk/news/42...rity-concerns-about-microsofts-recall-feature
More technical article by a security guy
https://doublepulsar.com/recall-ste...r-own-windows-pc-is-now-possible-da3e12e9465e
Article by Stross
https://www.antipope.org/charlie/blog-static/2024/06/is-microsoft-trying-to-commit-.html
tl;dr - it takes periodic screenshots and stores them unencrypted on your PC. I know the NHS would scream at this and I assume many other places that require security of data. And it doesn't just take screenshots - it OCRs them then stores that as plain text.
There's links to a lot more articles on Charles Stross's mastodon account. https://wandering.shop/@cstross
More technical article by a security guy
https://doublepulsar.com/recall-ste...r-own-windows-pc-is-now-possible-da3e12e9465e
Article by Stross
https://www.antipope.org/charlie/blog-static/2024/06/is-microsoft-trying-to-commit-.html
tl;dr - it takes periodic screenshots and stores them unencrypted on your PC. I know the NHS would scream at this and I assume many other places that require security of data. And it doesn't just take screenshots - it OCRs them then stores that as plain text.
And of course someone has created a tool to help exploit this: https://www.wired.com/story/total-recall-windows-recall-ai/@mishamouse@hachyderm.io said:my company uses secure channels to send highly confidential documents (which include, for example, clients’ financial information and unredacted social security numbers) to third-party attorneys. what if those attorneys have recall-enabled machines? i can tell you from experience that many of them are not tech-savvy enough to even realize they have it… what if they have a data breach?
so yeah, this is very scary, even if the company disables it on our local devices.
There's links to a lot more articles on Charles Stross's mastodon account. https://wandering.shop/@cstross