Mastodawn

Charlie Stross Jun 4, 2024

Welp, I knew Microsoft's CoPilot+ Recall was going to be a privacy disaster but I didn't expect it to turn into an enterprise computing catastrophe for Microsoft *quite* this fast!

But this can't be a one-off. Any large enterprise that has to comply with a regulated privacy environment—HIPAA in the USA, GDPR in the EU, banking/insurance/finance globally—must be considering a ban on Microsoft installations on laptop/desktop computers right now or be breaking the law.

https://infosec.exchange/@SecurityWriter/112558224281615019

Security Writer :verified: :donor: (@[email protected])

If you’re wondering how the Microsoft Recall scandal is going, I’ve just had a client tell me they’ve replaced their order for 10k Microsoft Surfaces with new MacBook Airs, at nearly twice the cost, and that we need to start the ongoing 6 month endpoint security project over.

Infosec Exchange

Show thread

Rivetgeek (He/Him)Jun 4, 2024

@cstross The silver lining is that Recall is only on Surfaces with "NPUs". It's not all Windows 11 or all Microsoft laptops (yet). But still as much backlash as possible is needed, the concept of Recall needs to be burned out before it spreads. Myself I bounced from considering buying a Surface to looking at ThinkPad Yoga.

Show thread

Charlie Stross Jun 4, 2024

@rivetgeek Intel just now announced next-gen CPUs with an NPU suitable for running this crap ("Lunar Lake"). And there are rumours about them pushing Recall onto Win11 machines that *don't* have an NPU, because Line Must Go Up or something.

I'm just glad, as an Apple user, that Microsoft jumped on this particular landmine first: the probability of Apple announcing anything like this functionality at WWDC next week must now be approximately zero.

Show thread

soc Jun 4, 2024

@cstross @rivetgeek Apple has been quietly shipping similar stuff for quite a while already.

Or do you think "continuity features" are implemented with magic pixie dust?

Show thread

So‑Called Vaughn Jun 4, 2024

@soc @cstross @rivetgeek I see nothing in Continuity that requires anything intrusive or sinister: it’s just a zero conf PAN of devices, all must authenticate to a single user; proximity is enforced by BT. All the IP traffic is local, more likely tunneled peer-to-peer; your files, screen, clipboard contents and keystrokes aren’t flying across the public internet.

Someone correct me if I’m mistaken but there is no AI magick involved.

Show thread

Katherine Senzee Jun 4, 2024

@vaughnsc @soc @cstross @rivetgeek The problem with Recall is the data storage, not the AI processing it. Remove the AI from the equation entirely and Recall is still a disaster.

Show thread

Roland Wallin

@ksenzee @vaughnsc @soc @cstross @rivetgeek

I agree that it's still a disaster without the AI, but the AI makes it possible to be truthful when saying "we don't send the data back to Microsoft", while still making it very possible for Microsoft to query the data and have the AI respond. That way, data is stored on your computer, and the AI "chatbot" can be used to ask questions about that data, without sending the actual data back. Your computer just acts as cheap storage.