Gregory's Server@KimSJ @mainframed767 @penguin42 @mjg59 hmm, I sort of agree there but as long as everyone's client makes them confirm it meets their threat model then there's no difference between that and the analogue hole, and there's no real way to enforce it beyond that. informing users when their recipient has Recall enabled seems possible but potentially iffy, and it may be better to take a user education approach ("other users may still capture your conversations with photos or screenshots")
|
5 comments
 @KimSJ @mainframed767 @penguin42 @mjg59 yeah which is why I think the educational approach is one of the stronger options - not only does it help resolve this issue directly, but it also better informs their threat model and risk analysis beyond the immediate problem of Recall. @gsuberland @mainframed767 @penguin42 @mjg59 Are we now in the era of “The Internet, can’t live with it, can’t live without it”? @KimSJ @mainframed767 @penguin42 @mjg59 been there for a while but it is getting more exhausting @KimSJ @mainframed767 @penguin42 @mjg59 there's obviously the unintentional automated vs. intentional manual difference here, and Recall is particularly egregious due to the retroactive access aspect, but really users should be made aware that automated capture is something that could happen for a range of reasons (compromise, malware, user leaves VNC/TeamViewer open, accidental inclusion of conversations via other screenshots / screen recordings / videos / photos, etc.) |
@gsuberland @mainframed767 @penguin42 @mjg59 True. The threat model is only slightly worse than the existing world, it just adds a layer making it easier to extract information from naive users’ computers.