Kevin BeaumontMay 21, 2024

For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.

From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."

Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.

Show threadJon GreigMay 21, 2024
@GossiTheDog it’s like they got a focus group of cybercriminals together when making this
Show threadFi 🏳️‍⚧️May 21, 2024

@jgreig @GossiTheDog
@hacks4pancakes

Speaking from my compliance aspect, this comprehensively fails PCI and GDPR immediately and the SOC2 controls list ain't looking so good either.

Show threadLesley Carhart May 21, 2024
@munin @jgreig @GossiTheDog the outrage and disbelief are warranted.
Show threadFi 🏳️‍⚧️May 21, 2024

@hacks4pancakes @jgreig @GossiTheDog

This situation has me absolutely livid - https://infosec.exchange/@munin/112480357946214139

Fi, infosec-aspected (@[email protected])

Hey so, This windows recall thing? Enables domestic abuse.

Infosec Exchange
Show threadLesley Carhart May 21, 2024
@munin @jgreig @GossiTheDog abused by spouses, abused by employers, by shitty AI developers, abused by criminals… not a single ethic was considered.
Show threadFi 🏳️‍⚧️May 21, 2024

@hacks4pancakes @jgreig @GossiTheDog

I want to know the name of the individual who shepherded this system for abuse into the OS, and I want to ask him some -very- fucking pointed questions about why he has chosen to create an unsafe, abusive environment.

Show threadMichael Hughes
@munin @hacks4pancakes @jgreig @GossiTheDog Found him
May 21, 2024 at 9:49pmIceCubesApp