- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
You must log in or register to comment.
I’m super interested to see how companies handle this when employees work with confidential data all the time.
What this opens the door to is MICROSOFT will be able to get your database and be able to ask it questions as if it was talking to you. An AI agent of you that they can do what they like with. This is insanely dangerous.
Particularly since they’re requiring everyone to log in using credentials via their infrastructure.
They absolutely have a way in.
Anything that takes data off the computer is a no fly zone.
It doesn’t transmit the data; it supposedly stores it locally. The issue is it’s a huge convenient plaintext trove of information if the system is compromised.
Anything that copies, or persist data to a new location should also be a no-fly zone
For all the invasive problems this feature causes, what the fuck does it actually do? The ability to ask an ai what website you were on last Thursday? Who needs this garbage
I have my search history for that. Useless “feature”.
I mean that can be super useful. Doesn’t mean it’s worth the risk.
It’s entirely a nonstarter for entire fucking industries. That’s not hyperbole. I work in one of them.
Edit: scratch that - If any infosec team, anywhere, in any industry, at any corporation or organization, doesn’t categorically refuse to certify for use any system that is running MS Recall, they should be summarily fired and blackballed from the industry. It’s that bad. For real: this is how secrets (as in, cryptographic) get leaked. The exposure and liability inherent to this service is comical in the extreme. This may actually kill the product.
E2: to the title’s implication that such trust can be earned: it kinda can’t. That’s basically the point of really good passwords and secrets (private keys, basically): nobody else knows them. To try to dance around that is fundamentally futile. Also: who am I kidding, this shit will sell like hotcakes. Everyone’s on fucking Facebook, and look how horrifically they exploit everyone’s data for goddamn everything. This isn’t much worse than that to the average mostly-tech-illiterate consumer.
Accounting details, sensitive credentials for sys admin use, HIPAA data, PII etc. there’s just so much crap understood to be temporarily unlocked, viewed, and then immediately deleted or locked again. Even home users shouldn’t turn this thing on, check your bank? Balance and account details now always available. Use a password manager? Whatever you looked at is likely captured.
Using it may not be legal for videoconferencing in states and countries where recording without notification is illegal.
Also, legalities aside, if there is any application that might be displaying the contents of one’s laptop webcam onscreen, that turns it into something that logs a series of snapshots of that (and then OCRs any text that the camera can see). I can see potential problems there.
Microsoft’s solution will be to remove the feature from Enterprise versions of Windows while keeping it around for the plebs using Pro and Home
to the title’s implication that such trust can be earned: it kinda can’t. That’s basically the point of really good passwords and secrets
Most people use and recommend encrypted password managers on remote servers. Which is fine, so long as the encryption is open source and audited and the company has a good and long positive reputation.
MS has none of these things.
