"...a would-be hacker would need to gain physical access to your device, unlock it and sign in before they could access saved screenshots."
I've got some news for Microsoft about how domestic abuse works.
"...a would-be hacker would need to gain physical access to your device, unlock it and sign in before they could access saved screenshots." I've got some news for Microsoft about how domestic abuse works. 80 comments
@GossiTheDog @evacide This sounds like employer surveillance ware that can also be abused by any family admin. I can’t think of any reason I would want such a thing, as a user. Also, if browser password managers are insecure, we should be shouting that from the rooftops. @skry they're not, and people do, but nobody cares. anyway to be clear: browsers' password managers are totally insecure. good options include bitwarden or keepassxc/keepassdx (the former is easier, and a good option if you dont want to invest energy on your password manager; latter is more tedious but is strictly offline which may be preferable) @xyhhx @GossiTheDog @evacide Thank you. I have never used browser password managers, but I rarely hear any advice to the public from infosec pros about not using them. (Same with antivirus.) I like Strongbox’s user experience for Keepassxc on macOS. @GossiTheDog @evacide I don’t understand why anyone would want this at all. Besides the issues you both have brought up, this doesn’t even really make sense as a product feature @deepthoughts10 @GossiTheDog @evacide It feels like the main demographic for all new features in tech are other tech giants and governments. I'm pretty sure the thinking here was, "okay the customer wants us to log user activity in screenshots... how can we PR that bullshit into a feature?" Next step, your company trains AI these images and uses that AI to replace you. Employee leaves company, manager uses this to fill knowledge gaps. Just wait for the corporate it tools that will be developed to "manage" " secure" and back up this data to the MS cloud. @GossiTheDog @evacide common it’s not like the average users computer is connected to the internet. And MSFT does have a great history of proactively protecting their users…
@evacide@hachyderm.io i like how they try and imply that "unlock" and "sign in" are two steps LMAO nah this is DEFINITELY gonna be used by parents and abusive partners ... as opposed to all the would-be hackers who have never thought to try to unlock a device and sign into it, or access data without proper credentials. It's like Microsoft is just sort of taunting hackers to try and get it broken as quickly as possible for some reason. Is this feature being implemented because somebody lost a bet, or the NSA has compromat on Nadella, or what? @wrosecrans This feature is being implemented because there were zero survivors of domestic abuse involved the high-level decision-making. @evacide I absolutely believe you there. But I still struggle to understand why it got implemented. There are a zillion other obvious reasons it's a bad feature that one would notice even if they weren't sensitive to that specific issue. This is gonna have screenshots of HIPAA protected data. Trade secrets. API keys. Passwords. HR department PII. GDPR protected stuff. On and on and on. @wrosecrans @evacide yes thank you for this, I don’t have a G.I. doctor now because I refused to use zoom to discuss my medical problems because they got busted giving everybody’s information to Facebook. I’m not giving up my medical privacy. And now people who are forced to use the portal to communicate with their doctor have this extra level of surveillance. @wrosecrans @evacide Also, what I really don't get is the actual use case. Why the hell risk everyone's security and privacy AND require far more space and processing power requirements (this is going to be a complete nightmare for gamers who run highest settings, even with the privacy issues aside - it will make these machines literally unusable for running high-demand anything)? I just don't get it. Like WHY @mybarkingdogs @evacide Yeah, so far the arguments I've seen for it are just "You are an idiot and I'm assuming it's not really dangerous." But, "We spent millions of dollars of R&D on making a perfectly spherical beryllium sphere for our new car model. It's not dangerous, it just takes up room in the trunk" would be a terrible sales pitch from a car company. That seems to be the strongest argument in favor I've seen so far, even if you accept the wrong claims about it not being dangerous. @wrosecrans @mybarkingdogs @evacide I have been using computers since the first crappy ones where you had to use arrow keys to move the cursor. Not once in all these years did I ever wish for this stupid feature. Tech companies are going off the rails @wrosecrans @mybarkingdogs @evacide Absolutely nobody: @wrosecrans @evacide (also, since gaming, graphic design, animation, film editing, and other high demand graphical applications are reasons people use Windows machines - e.g. because their favorite game or the program/app they need to use won't work/work well on Linux ... this is going to shoot them in the foot even outside of privacy issues, by making slow, buggy machines unsuited for those uses) @mybarkingdogs @wrosecrans @evacide because we're in the AI gold rush where we have solutions looking for a problem @mybarkingdogs @wrosecrans @evacide I think the actual use case is transparently obvious: surveillance data harvesting for further AI training. @datarama For right now, MS is insisting that it won't be used for training. So it seems to be some sort of long term plan to dishonestly insist that it's not what it is. So it's both something their users don't want, and something they are choosing to drag their reputation through the mud to lie about. Which makes me even less excited about the end state. @wrosecrans I think they, like basically every other large tech company right now, is salivating about the prospect of creating AI that they can sell to other businesses so that they can get rid of their human employees. If you have *that*, what do you need consumer trust for? Every enterprise in the world is dependent on you now, and you don't need consumers anymore. (If they can pull it off is another matter. But it's clear that this is the dream.) @wrosecrans @evacide Nobody consulted a policy and compliance specialist about this. It’s shocking that Microsoft didn’t get input from at least one. This would violate a lot of data protection policies for many enterprise customers. @MisuseCase If I had to guess, the feature is not compliant with Microsoft's own legal department's retention policy, and Microsoft's lawyers are about to scream about the fact that if MS gets sued, the blast radius for document discovery just exploded if they don't disable it internally. @wrosecrans @MisuseCase I would be extremely surprised if this doesn't ship with a GPO to disable it. (Also, MS not enabling group policy on consumer focused windows editions probably ranks alongside the Win8 start menu destruction as one of the worst design decisions they've ever made) @azonenberg Sure, but the biggest risk is to people and orgs that aren't executing infosec perfectly. Ooops we had a bad password policy multiplied by ooops we left Recall's GPO default. In a hypothetical perfect IT environment where all GPO's and such are perfectly managed, Recall probably poses little risk to start with. It's only dangerous in the real world. @wrosecrans Yeah agreed. It's just one of 500 catastrophically horrible anti features that people will need to turn off to regain some semblance of a secure baseline. @wrosecrans @MisuseCase this was also the case for copilot which i'm pretty sure still has the CCPA violation extant among the claims in the class action suit for slurping up all code input including e.g. passwords and API keys but they thought they could get away with that via one-off modifications to hamper evidence collection so unclear why their lawyers would think this is any different I continue to be fucking baffled by Copilot. I assume the engineers just fully lied to the lawyers in order to get legal to sign off on it. I can't imagine a lawyer understanding the plan and being like, yup, let's just YOLO stealing at the courts and find out what happens. Could be neat. @wrosecrans i believe openai is being used as a front company to derisk breaking the law and they are playing a much longer game than just copyright but instead surveillance and monopoly go hand in hand https://circumstances.run/@hipsterelectron/112476914914182012 @hipsterelectron @wrosecrans It would be a massive boon to a central government to have a machine to harvest, collate, and analyze all citizen activity. Stasi would wet its pants at the thought of something like Replay. @klausfiend @wrosecrans had someone else advance my thinking on this just a few moments ago actually and now i'm completely with you https://circumstances.run/@hipsterelectron/112482975521122360 @wrosecrans see recent Slack policy change: you've been using our software for years. We own you now. Good luck migrating to anything else, suckers. @wrosecrans @evacide I'm pretty sure it's getting implemented because some credulously hype-tracking investors went "hey, AI makes the line go up, that means you *must* put more of that in right now, no other option exists." @maggiejk Maybe they were trying to come up with some way to constantly feed their Copilot LLM. I'm trying to think of the most banal-evil thing here. @evacide @wrosecrans @Nonya_Bidniss @maggiejk @evacide @wrosecrans Screen shot every few seconds, train AI and company can replace you with AI? Just wait for the 3rd party corporate it tool to manage ans leverage this data. @evacide @wrosecrans why does it not surprise me that us #domesticviolence #warriors weren’t heard or even asked about this. 😞🧘🏻♀️ @nobodypsyd @evacide Because you would have said the lives of human beings are more important than the product lifecycle, and that's not what they want to hear. @evacide @wrosecrans I have to believe that there were many, many developers at Microsoft the said this was a terrible idea - I also have to believe that they were simply ignored because this was somebody's pet project. @evacide @wrosecrans I have a strong reason to suspect that nobody thought about it because tech bros. @evacide I think we significantly underestimate the number of people who operate exclusively in their own self-interest (which is to say, making money first, then everything else.) @evacide Between Apple's AirTags being very good stalker tools and Microsoft releasing Recall, are they trying to one-up each other for who can enable domestic abuse the most? @evacide Also, parenting. Respect for young people’s privacy has always been extremely low. This will annihilate it completely. @enoch_exe_inc @evacide Just in time for all the anti trans laws and for putting students on terrorist watch lists for caring about the genocide. @evacide I guess they've also never travelled internationally and had a border security agent ask to inspect their laptop. That's usually an "unlock the device or have it confiscated" situation. @jamesh @evacide oh no I’m sure this is part of why they did this. #GenoicdeJoe needs to lock up all his critics before November. @evacide i wonder how many time it will need for stalkerware to do it remotely. and god this feature seem completely useless in my mind like even i that log many thing i never want it to exceed 3 day. And what about consensual intimate remote discussions i mean the AI will « see » and « recall » everything what if you forget to lock your device ? @ashteranic @evacide yeah there are many security topics where that's a sound principle. the domestic abuse threat model is not one of them. @ashteranic @evacide Yeah, that. "Attacker is already on the other side of the airtight hatch" a retort that makes sense in some situations, but I dare say not in this one. Simply that the data *exists* puts it at risk. Anyone who thinks that nation-state actors or domestic abuser wouldn't LOVE to have this ability is naïve. Same reason why I argue that in politics, just because a later government *could* do something bad (for some value of bad) doesn't mean that you should do it *for* them. @nonlinear @evacide There are people like that who are appalled at the idea of this, too. Because if nothing else, some people actually have empathy for others. But such people rarely seem to make it to high-level executive positions in multinational corporations; and thus rarely get to call the shots. Uh, "For example, users can opt out of capturing certain websites" = "please make an intentional document attesting to the complete list of websites you are most embarrassed by visiting. what could go wrong?" @evacide and unlike every other feature in the history of computers, their thteat model is 100% accurate and "hackers" will respect it. PS ofc we back this all up to onedrive You are right to point out domestic abuse. In addition to "the stalker inside the house" this now provides a mechanism for people with the ability to access activity data even with very limited physical access to the computer. Kind of like putting an air tag on someone's car. I genuinely wonder about the corporate strategist that looks at the data breaches and scrutiny that Microsoft has brought on itself and then thought 'This is a good time to announce a keylogging product!' @evacide I find it interesting that I have been reading about this on multiple pages, and there was literally no single comment (or article) that thought this "feature" was a good idea. What sort of plank managed to get this through internal approval at MS? @evacide@hachyderm.io thinking about that time I watched emails disappear in real time (and later learned this was how certain email addresses were scraped) |
@evacide also malware. Infostealers that access local password managers in browsers don’t need physical access, to unlock it or sign in - and they’re a huge problem.