evacide"...a would-be hacker would need to gain physical access to your device, unlock it and sign in before they could access saved screenshots."
I've got some news for Microsoft about how domestic abuse works.
wrosecrans... as opposed to all the would-be hackers who have never thought to try to unlock a device and sign into it, or access data without proper credentials.
It's like Microsoft is just sort of taunting hackers to try and get it broken as quickly as possible for some reason. Is this feature being implemented because somebody lost a bet, or the NSA has compromat on Nadella, or what?
@wrosecrans This feature is being implemented because there were zero survivors of domestic abuse involved the high-level decision-making.
@evacide I absolutely believe you there. But I still struggle to understand why it got implemented. There are a zillion other obvious reasons it's a bad feature that one would notice even if they weren't sensitive to that specific issue.
This is gonna have screenshots of HIPAA protected data. Trade secrets. API keys. Passwords. HR department PII. GDPR protected stuff. On and on and on.
Misuse Case@wrosecrans @evacide Nobody consulted a policy and compliance specialist about this. It’s shocking that Microsoft didn’t get input from at least one. This would violate a lot of data protection policies for many enterprise customers.
@MisuseCase If I had to guess, the feature is not compliant with Microsoft's own legal department's retention policy, and Microsoft's lawyers are about to scream about the fact that if MS gets sued, the blast radius for document discovery just exploded if they don't disable it internally.
d@nny disc@ mc²@wrosecrans @MisuseCase this was also the case for copilot which i'm pretty sure still has the CCPA violation extant among the claims in the class action suit for slurping up all code input including e.g. passwords and API keys but they thought they could get away with that via one-off modifications to hamper evidence collection so unclear why their lawyers would think this is any different
I continue to be fucking baffled by Copilot. I assume the engineers just fully lied to the lawyers in order to get legal to sign off on it.
I can't imagine a lawyer understanding the plan and being like, yup, let's just YOLO stealing at the courts and find out what happens. Could be neat.
Olivier@wrosecrans see recent Slack policy change: you've been using our software for years. We own you now. Good luck migrating to anything else, suckers.