this post was submitted on 05 Jun 2024
475 points (99.2% liked)

Technology

59298 readers
4608 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 112 points 5 months ago* (last edited 5 months ago) (2 children)

It’s entirely a nonstarter for entire fucking industries. That’s not hyperbole. I work in one of them.

Edit: scratch that - If any infosec team, anywhere, in any industry, at any corporation or organization, doesn’t categorically refuse to certify for use any system that is running MS Recall, they should be summarily fired and blackballed from the industry. It’s that bad. For real: this is how secrets (as in, cryptographic) get leaked. The exposure and liability inherent to this service is comical in the extreme. This may actually kill the product.

E2: to the title’s implication that such trust can be earned: it kinda can’t. That’s basically the point of really good passwords and secrets (private keys, basically): nobody else knows them. To try to dance around that is fundamentally futile. Also: who am I kidding, this shit will sell like hotcakes. Everyone’s on fucking Facebook, and look how horrifically they exploit everyone’s data for goddamn everything. This isn’t much worse than that to the average mostly-tech-illiterate consumer.

[–] [email protected] 58 points 5 months ago (2 children)

Accounting details, sensitive credentials for sys admin use, HIPAA data, PII etc. there's just so much crap understood to be temporarily unlocked, viewed, and then immediately deleted or locked again. Even home users shouldn't turn this thing on, check your bank? Balance and account details now always available. Use a password manager? Whatever you looked at is likely captured.

[–] [email protected] 31 points 5 months ago* (last edited 5 months ago)

Using it may not be legal for videoconferencing in states and countries where recording without notification is illegal.

Also, legalities aside, if there is any application that might be displaying the contents of one's laptop webcam onscreen, that turns it into something that logs a series of snapshots of that and then OCRs any text that the camera can see.

[–] [email protected] 14 points 5 months ago (1 children)

Microsoft's solution will be to remove the feature from Enterprise versions of Windows while keeping it around for the plebs using Pro and Home

[–] [email protected] 9 points 5 months ago

Their solution is to let users filter out websites in compatible browsers. This lets them blame the user for not marking sensitive websites as such. I don't know if native applications can also be filtered.

Of course they also filter out precious DRM protected content. You wouldn't steal a series of JPEGs.

[–] [email protected] 1 points 5 months ago

to the title’s implication that such trust can be earned: it kinda can’t. That’s basically the point of really good passwords and secrets

Most people use and recommend encrypted password managers on remote servers. Which is fine, so long as the encryption is open source and audited and the company has a good and long positive reputation.

MS has none of these things.