Fi 🏳️⚧️Hey so,
This windows recall thing?
Enables domestic abuse.
Like, flat-out.
This 'feature' means that someone in an abusive relationship now has a canonized part of the OS monitoring their activities that can be then invoked and studied by the abuser.
Ain't no amount of -group policy- bullshit gonna fix this,
because Microsoft -doesn't allow- the granularity of administration required to defuse this for non-corporate users.
infosec zathras@munin Corporate legal will shit themselves^W^Whave a field day with this.
I'm genuinely curious to hear from corp lawyers, tbh. I have an -idea- about what they'd say, but I would genuinely value that point of view for this.
@munin Yeah, I don't have any that deal in corporate law to refer to, unfortunately.
But given the corp infosuck policy training I have to go through every year, I'm pretty certain my people would be screaming holy hell about discovery. Hell, I'm surprised they haven't disabled the Spotlight feature on my Mac, or whatever the Windows equivalent is.
Oh hells, I hadn't even gotten to considering the 'discovery' threat surface to this. Yowza, that's gonna be spicy as fuck.
@munin Ya think, DiNozzo? 🤣
Discovery was the third thing that came to mind, after "advertising" and "AI training for *redacted* purposes".
In fairness, my situation's a lot more compliance and malware research flavored, and the DV implications have me -extremely- shook given some past context.
But that's what friends are for, to give different points of view.
@munin Like you not thinking discovery, I hadn't thought of DV implications. Sweet Tester.
Maybe I should take every computing device newer than my 40-year-old pocket calculator out into the driveway and set it on fire now.
Just to be on the safe side.
Problem is, can't really participate in society -without- modern information processing devices - try getting your tax info from the IRS, for example.
@munin Dude, we both hang in the same circles of people.
Remind me again how participating in society any more is a good idea? 🤣
To be fair, I did opt out of the normative social structure a while back with the whole 'trans' thing.
Hanging out with the queer folks is a lot more chill.
@munin Not the point I was making, but you're not necessarily wrong.
Unfortunately, I'm not certain I fit in either circle well, or at all any more.
lol, I mean, hell, I more or less vanished from -everywhere- for a couple years while I was reworking my head around this whole "wait I'm a -girl-?!" thing. Been slowly rebuilding things since and....the world changed a lot.
@munin The world didn't change as much as your perception of it did.
My perception has changed a lot, too. Maybe for different reasons.
pmbAustinI'm curious how easy this "feature" will be to turn off. Or filter/limit. Or in any way control. We haven't seen that yet. But there has to be some way to exclude or disable the feature. And if not out-of-the-box, I assume some PowerToys or other 3rd party utility will soon be available to do just that.
Does not matter.
If the code is on the box, the box is systemically unsafe.
Fi, infosec-aspected (@[email protected])
How -do- you fix this? You do not put the capability to automate screen-scraping into the OS as a canonized feature. Yes, this does not stop screen scraping from being possible - it's been around for years. Disallowing it from the canonical image -of- the OS, however, means that there is an increased barrier in the way of implementing this: an abuser will need to learn how to implement this, and will need to rely on third-party software not integrated into the OS as expected functionality. This in turn means that abuse victims are able to rely on tools already in-use to remove third-party software from the computer in order to have more assurance of private operation. Yes, no single measure is capable of ensuring safety. This is why it's a security -system- and not a security -item-; systemic effects require an understanding of the entire context in order to evaluate the safety or unsafety of the system.
@pmbAustin @munin Just like Microsoft is making the new advertising "features" in WIndows 11 easy to exclude or disable out of the box.
Just like they're making a lot of their other "features" easy to disable or exclude out of the box...
Just like being able to install without using a Microsoft account.