Charlie StrossJun 4, 2024

Welp, I knew Microsoft's CoPilot+ Recall was going to be a privacy disaster but I didn't expect it to turn into an enterprise computing catastrophe for Microsoft *quite* this fast!

But this can't be a one-off. Any large enterprise that has to comply with a regulated privacy environment—HIPAA in the USA, GDPR in the EU, banking/insurance/finance globally—must be considering a ban on Microsoft installations on laptop/desktop computers right now or be breaking the law.

https://infosec.exchange/@SecurityWriter/112558224281615019

Security Writer :verified: :donor: (@[email protected])

If you’re wondering how the Microsoft Recall scandal is going, I’ve just had a client tell me they’ve replaced their order for 10k Microsoft Surfaces with new MacBook Airs, at nearly twice the cost, and that we need to start the ongoing 6 month endpoint security project over.

Infosec Exchange
Show threadSteveg58Jun 4, 2024
@cstross
I can see it being banned for high security defence contractors as well.
Show threadsimonbpJun 4, 2024

@Steveg58 @cstross Yes, anyone at an org that has anyone doing anything classified is going to be a risk.

Which is far more engineering firms and universities than you might expect.

Show threadCharlie StrossJun 4, 2024

@simonbp @Steveg58 Also anyone doing any kind of proprietary R&D lab work (pharma springs to mind), accounting, anyone at risk of stuff being stolen, anyone who looks at porn on their PC at home and doesn't want to be blackmailed, etc.

Who the hell *ever* thought Recall was a good idea? Did they do *no* devil's advocacy?

Show threadJo - pièce de résistance
@cstross @simonbp @Steveg58 yes. They are devils. They chose to please devils.
Jun 4, 2024 at 2:46pmWeb