SomeGadgetGuyJun 4, 2024

It just clicked in my brain. What I haven't been able to articulate about why I'm so anxious about #Windows Recall. I'm sure others have already gotten to where I am.

It's worse than "a system that tracks everything you do" and stores that info in a basic database that could be easily compromised.
It's worse than a nanny surveillance tool for companies to spy on their employees.

It's inescapable.

It doesn't matter if I make a dozen "how to disable recall" tutorials. The second YOUR data shows up on someone ELSE'S screen, it's in THEIR recall database.

It won't matter if you're a master #security expert specialist. You can't account for EVERY other computer you've ever interacted with. If a family member looks up an old email with your personal data in it, your data is now at risk.

If THEIR system is compromised YOUR data is at risk.

I just went from "vague feeling of unease" to "actively writing templates to canvas elected officials, regulators, and attorneys general."

Show threadDroid Boy Jun 4, 2024
@SomeGadgetGuy As far as I understood it - it was explained to me by a Microsoft Official - the database is secured in a similar way as your face-id data or fingerprint data is secured. It's bound to your account and even the admin can't access it, because it's not a password and stored locally. That's why only devices with certain security hardware and maximum enabled security features can even activate that feature. Which doesn't mean that won't change in the future.
Show threadgunstickJun 4, 2024
@droidboy @SomeGadgetGuy it is as secure as you, logged in user, can access it, and any program you run can access it. Which includes info stealing malware. Ohhhh
Show threadDroid Boy Jun 4, 2024
@gunstick @SomeGadgetGuy Thats the thing we need to see happening in the wild first, please. :-) I dont want to believe MS is building it like that. As what I was told was, that its in the same container as your fingerprint.
Show threadgunstickJun 4, 2024
@droidboy @SomeGadgetGuy no. You cannot read out the fingeprint to make copies of. But you can read out recall data. So it cannot be the same container, else you would not be able to read the recall data.
Show threadDroid Boy Jun 4, 2024
@gunstick @SomeGadgetGuy Can't wait to see how they actually do it.
Show threadgunstickJun 4, 2024
@droidboy @SomeGadgetGuy it's a simple mysql file on your disk. That's all.
Show threadSomeGadgetGuyJun 4, 2024
@gunstick @droidboy yup. Stored in the user App data folder.
Show threadgunstickJun 4, 2024
@SomeGadgetGuy @droidboy ah, yes. That vaguely hidden folder, so it must be secureā„¢
I wonder if they now store the fingerprints also there sonthey can still claim that it's stored at the same place.
Show threadSomeGadgetGuy
@gunstick @droidboy
Security through obscurity!
Jun 4, 2024 at 2:27pmWeb
Show threadsynlogicJun 4, 2024
@SomeGadgetGuy @gunstick @droidboy my ideal: security through not totally blatant forehead-slapping levels of idiocy & self-ownage
Show threadDroid Boy Jun 4, 2024
@synlogic @SomeGadgetGuy @gunstick I am so glad you got the opportunity to show how much better you are than the security guys from Microsoft.