 > It doesn't matter if I make a dozen "how to disable recall" tutorials. The second YOUR data shows up on someone ELSE'S screen, it's in THEIR recall database. this has nothing to do with microsoft recall! anybody you send stuff to can have it compromised. you message your high school friend, she gets caught at a protest, now cops have all that data you can never control the data you give to somebody else, recall or not 26 comments
@dequbed this isn't normal? @whitequark No, that sounds horrifying. Even if you're a politician/person of public interest you should be safe from everything you say to anybody being used against you when kompromat is needed. @whitequark I'm not here to dismiss your experiences, I'm just saying that no this should not be the norm for anybody, and I absolutely do not envy you. @whitequark @dequbed no but having been a victim of similar things it's absolutely not an unheard of precaution imo
 @whitequark The big difference is that for one it's a conscious choice to retain the data, and the one doing it is the person you interact with. For the other it's an automatic thing, and the data can likely be extracted by whoever manages to get access to the system. There's a difference between how much I trust some people, and how much I trust their computer systems and how well they're adminned. this is a reasonable point https://mastodon.social/@Gaelan@cathode.church/112558808313017574 I also guess I'm a little too used to being in awful situations in general  @whitequark Agreed, though that implicitly assumes people have reasoned and more-or-less explicit threat models at all. I'd be willing to bet that's not the case for a lot of people who are either privileged enough to not need to immediately care, or who do not have the technical expertise and/or community support to reasonably assess their infosec posture.  @whitequark@mastodon.social "If you think, speak, write and sign, then don't be surprised." @whitequark thank you I thought I was going insane seeing this sentiment going around. I think Recall centralizes and standardizes a bunch of this kind of risk but “if someone else sees your data it could be compromised” is… not unique at all? @whitequark I do think "the average person's opsec" is a meaningful variable to measure, and this measurably reduces it  @whitequark true but if you'd for example use signyal  @whitequark This is true; but this opens up this kind of threat dramatically. Now even if you send something to someone you trust not to screenshot and keep receipts, their computer will do it for them, and their nosy partner, or boss, or parents, or roommate, or malware data scraper, could get in and extract that info. @unlambda ... but nosy partners installing malware is already a part of my threat model? (i've had several people tell me that they installed malware on the computers of their parents/enemies/exes/etc. in most of the cases this instantly identified them as awful beings, but that still only underlines the need to have it in my threat model)  @whitequark @soller @whitequark You build connections with people which you trust that they can control the data, and you educate the rest so that you can trust them. That is the only real solution. @whitequark it's funny to think in my colleagues when they come to my computer, enter a password and I always choose to don't look to the keyboard. with "recall" I will not have more shame, thanks bug brother!! |
Gregory's Server
i get that recall is a wake-up call for many people about this, but please use your reasoning abilities?
half the queer people you talk to might have a secret receipts folder they put dirt on you in so they can complain about you later
this should be a part of your threat model already