EgeeI haven't used or installed Windows as an OS is probably 5+ years. And I haven't even touched it in probably 2+ years.
Microsoft Recall feels like a fever dream from an alternate universe. I'm in denial; I refuse to believe it exists.
When Windows 10~ dropped, I read about Bitlocker. It gives Microsoft full unfettered access to your hard drive.
I said: "Hey this seems like kinda a bad idea, right? Microsoft has access to all your things..."
Forums and people said "Nah that's SO MUCH data, Microsoft couldn't possibly store it all, let alone parse it".
Imo Recall is proof they can and have been doing just that.
My question: Why don't more people care?
Might be flirting with conspiracy theorists with this one but it's exceptionally unsettling how close the US and other governments are to Microsoft.
If MS has access to literally every last ounce of your data, governments do too.
We all can agree THAT is a bad thing, right?...
This was the attitude about Bitlocker almost 10 years ago.
We need a lesson about hubris and how dangerous it can be.
shininghero@egeexyz
Wait, bitlocker? The full disk encryption program?
I think you have it mixed up with something else. If Bitlocker was uploading full image copies of your disk to Microsoft, I'm pretty sure the internet at my old job would have drowned in traffic when we rolled it out across all our laptops.
I could understand the encryption keys being snarfed for the sake of user convenience though. Key escrow was a concern during our research phase, but Microsoft had a business solution for that already.
@egeexyz
Recall can go die in a fire for sure. But bitlocker? That can stay. It fills out some required (or sometimes mandatory) boxes on a bunch of security/compliance checklists.
Recall can go die in a fire for sure. But bitlocker? That can stay. It fills out some required (or sometimes mandatory) boxes on a bunch of security/compliance checklists.
@shininghero It's baffling how big business and enterprise use Bitlocker when it gives MS direct access to the files.
I guess it's the same as storing confidential information in S3; technically AWS has access to it, especially if you use KMS.
@egeexyz Oh! Hang on, I think you've mixed up Bitlocker with OneDrive. That one makes way more sense for this sort of stuff.
Honestly, the simple answer is that it's cheap (the basic O365 E1 plan gives 1TB of storage for $8/month), and companies generally expect their employees to not be doing illegal stuff on their rented cloud infrastructure.
@shininghero But can't Microsoft decrypt your files remotely if you need them to? That would infer access to the hardware access, no?
@egeexyz
I've worked with MS support a couple of times at my old job. They don't have that level of access to the hardware in your building. In fact, I had to download and use LogMeIn QuickSupport to allow their agent to even see my screen, let alone run arbitrary commands.
And that was for their enterprise support that you have to pay money for.
I've worked with MS support a couple of times at my old job. They don't have that level of access to the hardware in your building. In fact, I had to download and use LogMeIn QuickSupport to allow their agent to even see my screen, let alone run arbitrary commands.
And that was for their enterprise support that you have to pay money for.
@shininghero I'm curious of your take on Recall?
@egeexyz Stupid, dangerous, incomplete, and shoved out the door once it reached Minimum Viable Product, solely to appease the shareholders buying into the AI hype.
Windows needs a lot of things, but Recall isn't one of them. Top on my list is a more granular version of Controlled Folder access, so I can restrict certain folders to specific programs, SELinux style.
@shininghero Let me ask you this - is there functionality in Windows that allows Microsoft to decrypt the files on a consumer's (non-business) PC remotely as a support service?
If not, I must be misunderstanding how Bitlocker's remote decryption works.
@egeexyz I have not seen any sort of native remote decryption capability for Bitlocker. Not that it would be needed. Bitlocker only protects data at rest, i.e. when a drive is unmounted or the computer is shut down.
@egeexyz
Also, Bitlocker is used extensively in federal infrastructure. So much so, that the lack of it is considered a security finding.
https://stigviewer.com/stig/windows_10/2021-08-18/finding/V-220702
If Microsoft was using Bitlocker to siphon data, the US Government would have banned it from being used internally.
Windows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.
Security Technical Implementation Guides (STIGs) that provides a methodology for standardized secure installation and maintenance of DOD IA and IA-enabled devices and systems.
@shininghero Fair but much like AWS KMS, clients can bring their own keys so daddy won't have access.
My point in all of this is that the "grey area" is too large for my comfort. On Linux, there is 0.0000% chance anyone has access to my system(s) but me.
My perspective hasn't changed in 10 years and Recall fuels my silly conspiracy leanings of Microsoft fueling their models with user data.
I know I'm crazy but I still refuse to believe Recall exists 😂
@shininghero For Bitlocker to have access for encrypting your files, they need access them. Their policy is worded in such a way that gives them legal access to all your stuff.
If they have access to your files AND their policy allows them, of course they will archive your data. Why wouldn't they?
mayday@egeexyz @shininghero I’m not sure I follow - what access does enabling FDE give them that using their OS wouldn’t already provide?