Email or username:

Password:

Forgot your password?
✧✦✶✷Catherine✷✶✦✧

> It doesn't matter if I make a dozen "how to disable recall" tutorials. The second YOUR data shows up on someone ELSE'S screen, it's in THEIR recall database.

this has nothing to do with microsoft recall! anybody you send stuff to can have it compromised. you message your high school friend, she gets caught at a protest, now cops have all that data

you can never control the data you give to somebody else, recall or not

26 comments
✧✦✶✷Catherine✷✶✦✧

i get that recall is a wake-up call for many people about this, but please use your reasoning abilities?

half the queer people you talk to might have a secret receipts folder they put dirt on you in so they can complain about you later

this should be a part of your threat model already

nadja

@whitequark You have … interesting queer aquaintances, I do not envy your threat model.

✧✦✶✷Catherine✷✶✦✧

@dequbed
- i don't know who might be doing that or not
- i know some are doing it
- therefore i must assume everyone does, and anything i say may be used against me later

this isn't normal?

nadja

@whitequark No, that sounds horrifying. Even if you're a politician/person of public interest you should be safe from everything you say to anybody being used against you when kompromat is needed.

✧✦✶✷Catherine✷✶✦✧

@dequbed ... well, I guess I'll try to convince my stalkers of that

nadja

@whitequark I'm not here to dismiss your experiences, I'm just saying that no this should not be the norm for anybody, and I absolutely do not envy you.

Stardust-Y5459
@whitequark @dequbed no but having been a victim of similar things it's absolutely not an unheard of precaution imo
Peter Bindels

@whitequark The big difference is that for one it's a conscious choice to retain the data, and the one doing it is the person you interact with. For the other it's an automatic thing, and the data can likely be extracted by whoever manages to get access to the system.

There's a difference between how much I trust some people, and how much I trust their computer systems and how well they're adminned.

✧✦✶✷Catherine✷✶✦✧

this is a reasonable point mastodon.social/@Gaelan@cathod

I also guess I'm a little too used to being in awful situations in general

SnowFox

@whitequark It’s a bit like “Microsoft sharing your wifi password with everyone isn’t anything guests couldn’t already do” (“Wi-Fi Sense” which they turned off after ~10 months apparently) or “auto-deleting messages don’t prevent the company from spying on you or the other party from screenshotting”.

It would be nice to hand out single-device WPA2 PSKs, but I don’t have APs that support that. It would also be nice if the popular auto-deleting-messenger had E2EE, but it doesn’t so I don’t use it. It would be nice if people did not trust “auto-deletion” with people they wouldn’t normally trust (the number of pictures out there with a countdown timer in the top right is *way* too high).

@whitequark It’s a bit like “Microsoft sharing your wifi password with everyone isn’t anything guests couldn’t already do” (“Wi-Fi Sense” which they turned off after ~10 months apparently) or “auto-deleting messages don’t prevent the company from spying on you or the other party from screenshotting”.

Xandra Granade 🏳️‍⚧️

@whitequark Agreed, though that implicitly assumes people have reasoned and more-or-less explicit threat models at all. I'd be willing to bet that's not the case for a lot of people who are either privileged enough to not need to immediately care, or who do not have the technical expertise and/or community support to reasonably assess their infosec posture.

yavien

@whitequark what doesn't kill you gives you a threat model others may find "interesting"

niconiconi

@whitequark@mastodon.social "If you think, speak, write and sign, then don't be surprised."

Jason Petersen (he)

@whitequark thank you I thought I was going insane seeing this sentiment going around. I think Recall centralizes and standardizes a bunch of this kind of risk but “if someone else sees your data it could be compromised” is… not unique at all?

Gaelan Steele

@whitequark I do think "the average person's opsec" is a meaningful variable to measure, and this measurably reduces it

Jeremy Soller 🦀

@whitequark This is why I just have no friends. No friends, no threat vector

MarkAssPandi

@whitequark true but if you'd for example use signyal
With self destructing messages
It still would end up in the recall
(Ofc this assumes that somehow person that uses signyal does not care about recall and has it on, but I imagine this can happen)
You are correct but it does not rly make recall any better, it makes an already existing problem even worse

Brian Campbell

@whitequark This is true; but this opens up this kind of threat dramatically. Now even if you send something to someone you trust not to screenshot and keep receipts, their computer will do it for them, and their nosy partner, or boss, or parents, or roommate, or malware data scraper, could get in and extract that info.

✧✦✶✷Catherine✷✶✦✧

@unlambda ... but nosy partners installing malware is already a part of my threat model?

(i've had several people tell me that they installed malware on the computers of their parents/enemies/exes/etc. in most of the cases this instantly identified them as awful beings, but that still only underlines the need to have it in my threat model)

Dismal Manor Gang

@whitequark @soller
How about drag races for an hour? That big yellow dog is not me. I was clocked at 35+ by the gentleman with the radar gun.

Pavel Valach :unverified: :donor:

@whitequark You build connections with people which you trust that they can control the data, and you educate the rest so that you can trust them. That is the only real solution.

rfranr

@whitequark it's funny to think in my colleagues when they come to my computer, enter a password and I always choose to don't look to the keyboard. with "recall" I will not have more shame, thanks bug brother!!

Go Up