Kevin BeaumontMay 21, 2024

For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.

From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."

Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.

Show threadJon GreigMay 21, 2024
@GossiTheDog it’s like they got a focus group of cybercriminals together when making this
Show threadFi 🏳️‍⚧️May 21, 2024

@jgreig @GossiTheDog
@hacks4pancakes

Speaking from my compliance aspect, this comprehensively fails PCI and GDPR immediately and the SOC2 controls list ain't looking so good either.

Show threadLesley Carhart May 21, 2024
@munin @jgreig @GossiTheDog the outrage and disbelief are warranted.
Show threadFi 🏳️‍⚧️May 21, 2024

@hacks4pancakes @jgreig @GossiTheDog

This situation has me absolutely livid - https://infosec.exchange/@munin/112480357946214139

Fi, infosec-aspected (@[email protected])

Hey so, This windows recall thing? Enables domestic abuse.

Infosec Exchange
Show threadAsta [AMP]May 21, 2024
@munin @hacks4pancakes @jgreig @GossiTheDog I remember having to take security training at Microsoft and this literally fails every single piece of advice they give for their own fucking employees (because duh, of course it does).

Even if a company thinks they want this on their employee's PCs, no, they don't. Really? You want a searchable movie of everything your worker has done available to anyone with physical access to their machine? Huh.
Show threadtipjip
@aud I would say it’s probably illegal at least in Germany, too.
May 21, 2024 at 8:17pmWeb