evacide"...a would-be hacker would need to gain physical access to your device, unlock it and sign in before they could access saved screenshots."
I've got some news for Microsoft about how domestic abuse works.
wrosecrans... as opposed to all the would-be hackers who have never thought to try to unlock a device and sign into it, or access data without proper credentials.
It's like Microsoft is just sort of taunting hackers to try and get it broken as quickly as possible for some reason. Is this feature being implemented because somebody lost a bet, or the NSA has compromat on Nadella, or what?
@wrosecrans This feature is being implemented because there were zero survivors of domestic abuse involved the high-level decision-making.
@evacide I absolutely believe you there. But I still struggle to understand why it got implemented. There are a zillion other obvious reasons it's a bad feature that one would notice even if they weren't sensitive to that specific issue.
This is gonna have screenshots of HIPAA protected data. Trade secrets. API keys. Passwords. HR department PII. GDPR protected stuff. On and on and on.
Misuse Case@wrosecrans @evacide Nobody consulted a policy and compliance specialist about this. It’s shocking that Microsoft didn’t get input from at least one. This would violate a lot of data protection policies for many enterprise customers.
@MisuseCase If I had to guess, the feature is not compliant with Microsoft's own legal department's retention policy, and Microsoft's lawyers are about to scream about the fact that if MS gets sued, the blast radius for document discovery just exploded if they don't disable it internally.
Andrew Zonenberg@wrosecrans @MisuseCase I would be extremely surprised if this doesn't ship with a GPO to disable it.
(Also, MS not enabling group policy on consumer focused windows editions probably ranks alongside the Win8 start menu destruction as one of the worst design decisions they've ever made)
@azonenberg Sure, but the biggest risk is to people and orgs that aren't executing infosec perfectly. Ooops we had a bad password policy multiplied by ooops we left Recall's GPO default.
In a hypothetical perfect IT environment where all GPO's and such are perfectly managed, Recall probably poses little risk to start with. It's only dangerous in the real world.
@wrosecrans Yeah agreed. It's just one of 500 catastrophically horrible anti features that people will need to turn off to regain some semblance of a secure baseline.
d@nny disc@ mc²@wrosecrans @MisuseCase this was also the case for copilot which i'm pretty sure still has the CCPA violation extant among the claims in the class action suit for slurping up all code input including e.g. passwords and API keys but they thought they could get away with that via one-off modifications to hamper evidence collection so unclear why their lawyers would think this is any different
I continue to be fucking baffled by Copilot. I assume the engineers just fully lied to the lawyers in order to get legal to sign off on it.
I can't imagine a lawyer understanding the plan and being like, yup, let's just YOLO stealing at the courts and find out what happens. Could be neat.
@wrosecrans i believe openai is being used as a front company to derisk breaking the law and they are playing a much longer game than just copyright but instead surveillance and monopoly go hand in hand https://circumstances.run/@hipsterelectron/112476914914182012
d@nny "disc@" mcClanahan (@[email protected])
a lot of people saying "wow openai is so silly to steal from scarjo she just sued disney" like copilot didn't directly contravene established precedent in contract, copyright, and privacy law--openai is a front company for microsoft to break the law. these people are not playing games.
klausfiend has moved@hipsterelectron @wrosecrans It would be a massive boon to a central government to have a machine to harvest, collate, and analyze all citizen activity. Stasi would wet its pants at the thought of something like Replay.
@klausfiend @wrosecrans had someone else advance my thinking on this just a few moments ago actually and now i'm completely with you https://circumstances.run/@hipsterelectron/112482975521122360
d@nny "disc@" mcClanahan (@[email protected])
@[email protected] is wayyyy way ahead of me as usual https://monroelab.com/2024/05/21/all-roads-lead-to-surveillance-valley-on-windows-11-recall/
Olivier@wrosecrans see recent Slack policy change: you've been using our software for years. We own you now. Good luck migrating to anything else, suckers.
P Stewart@wrosecrans @evacide I'm pretty sure it's getting implemented because some credulously hype-tracking investors went "hey, AI makes the line go up, that means you *must* put more of that in right now, no other option exists."
JWcph, Radicalized By Decency