Mastodawn

SomeGadgetGuy Jun 4, 2024

It just clicked in my brain. What I haven't been able to articulate about why I'm so anxious about #Windows Recall. I'm sure others have already gotten to where I am.

It's worse than "a system that tracks everything you do" and stores that info in a basic database that could be easily compromised.
It's worse than a nanny surveillance tool for companies to spy on their employees.

It's inescapable.

It doesn't matter if I make a dozen "how to disable recall" tutorials. The second YOUR data shows up on someone ELSE'S screen, it's in THEIR recall database.

It won't matter if you're a master #security expert specialist. You can't account for EVERY other computer you've ever interacted with. If a family member looks up an old email with your personal data in it, your data is now at risk.

If THEIR system is compromised YOUR data is at risk.

I just went from "vague feeling of unease" to "actively writing templates to canvas elected officials, regulators, and attorneys general."

@SomeGadgetGuy As far as I understood it - it was explained to me by a Microsoft Official - the database is secured in a similar way as your face-id data or fingerprint data is secured. It's bound to your account and even the admin can't access it, because it's not a password and stored locally. That's why only devices with certain security hardware and maximum enabled security features can even activate that feature. Which doesn't mean that won't change in the future.

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy it is as secure as you, logged in user, can access it, and any program you run can access it. Which includes info stealing malware. Ohhhh

@gunstick @SomeGadgetGuy Thats the thing we need to see happening in the wild first, please. :-) I dont want to believe MS is building it like that. As what I was told was, that its in the same container as your fingerprint.

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy no. You cannot read out the fingeprint to make copies of. But you can read out recall data. So it cannot be the same container, else you would not be able to read the recall data.

@gunstick @SomeGadgetGuy Can't wait to see how they actually do it.

@droidboy @SomeGadgetGuy it's a simple mysql file on your disk. That's all.

@gunstick @SomeGadgetGuy I will repeat it until we see it in real life on June 16th: We don't know yet :-) You can tell me than that you already knew it. But wait until it actually gets released and somebody could look at it, please! :D

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy people already had a look at it, and it is horrifying.
He somehow managed to get the software. So here you go: https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e

Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of your PC constantly, and makes it into an…

DoublePulsar

@gunstick @SomeGadgetGuy I read that, and I assume he got a view on a MVP. I do not want to believe this is actually the final product.

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy how do you imagine the final product will be used?
To be secure it would need a public key which encrypts everything going into the database and a secret key stored on an external device you have to activate each time you want to interact with the database. Think yubikey.
If the currently logged in user can interact with recall data the same easy way as windows search, then it is acessible to every malware you may be running.

@gunstick @SomeGadgetGuy So what we know is that only Copilot needs access to that database. Is there no way to develop the access management in that way that only the software Microsoft controlls can access it? No public API needed in any way. Granted: What Copilot will show you might be accessable to the malware as this is what the user will see at the end.

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy malware will hide as a system uodate requesting elevated privileges, and the user will simply click OK as he does with all the other dozens of popups he sees per day.

@gunstick @SomeGadgetGuy There will be no way you can grant access as an admin to any other app. Only Copilot will have access. Is that possible in windows?

gunstick Jun 4, 2024

@droidboy @SomeGadgetGuy if copilot is running in another vm under the same hypervisor as windows. Oh windows is not running as a VM?
Well then: no.
If the recall database is encrypted and is on the same storag as the rest of the OS, then copilot has the password. And having admin privileges will open that up to inspection. Game over.

SomeGadgetGuy Jun 4, 2024

@gunstick @droidboy

That's what I want to see. Before you can interact with Recall you HAVE to plug in a security key. We just know MS won't do anything like that, because it'll then look scary (which it should), and they want it to be "frictionless".

The idea of it being more secure, Microsoft is doing bad infomercial acting about how inconvenient and complicated security is.

SomeGadgetGuy Jun 4, 2024

@gunstick @droidboy yup. Stored in the user App data folder.

gunstick Jun 4, 2024

@SomeGadgetGuy @droidboy ah, yes. That vaguely hidden folder, so it must be secure™
I wonder if they now store the fingerprints also there sonthey can still claim that it's stored at the same place.

SomeGadgetGuy Jun 4, 2024

@gunstick @droidboy
Security through obscurity!

synlogic Jun 4, 2024

@SomeGadgetGuy @gunstick @droidboy my ideal: security through not totally blatant forehead-slapping levels of idiocy & self-ownage

@synlogic @SomeGadgetGuy @gunstick I am so glad you got the opportunity to show how much better you are than the security guys from Microsoft.