mastodon - Link zum Originalbeitrag

For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.

From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."

Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Simon B

about 20 years ago, Google introduced the option to press down arrow and match recent searches in the Google search box. I let a crafty colleague type into my browser momentarily and within a nanosecond, he tried to catch me out by typing the start of a smutty search query to see if there were any matches. I passed the test but learned a lesson about the speed at which someone could reveal something about you.
Als Antwort auf Fi 🏳️‍⚧️

sharkey - Link zum Originalbeitrag

Asta [AMP]

I remember having to take security training at Microsoft and this literally fails every single piece of advice they give for their own fucking employees (because duh, of course it does).

Even if a company thinks they want this on their employee's PCs, no, they don't. Really? You want a searchable movie of everything your worker has done available to anyone with physical access to their machine? Huh.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

I've written up my thoughts on the Copilot Recall feature in Microsoft Copilot+ PCs

I think it will enable fraud and endanger users, and is not the sign of a company who are committed to security first.

doublepulsar.com/how-the-new-m…


How the new Microsoft Recall feature fundamentally undermines Windows security

Yesterday, Microsoft CEO Satya Nadella sat down with the media to introduce a new feature called Recall, as part of their Copilot+ PCs. It takes screenshots of what you’re doing on constantly, by…
Kevin Beaumont (DoublePulsar)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

The UK’s ICO have opened an investigation into Copilot+ Recall. bbc.co.uk/news/articles/cpwwqp…

Microsoft Copilot+ Recall feature 'privacy nightmare'

The ICO wants to know the safeguards around Recall, which can take screengrabs of your screen every few seconds.
Imran Rahman-Jones (BBC News)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Copilot+ Recall has been enabled by default globally in Microsoft Intune managed users, for businesses.

You need to enable DisableAIDataAnalysis to switch it off. learn.microsoft.com/en-us/wind…

Manage Recall for Windows clients - Windows Client Management

Learn how to manage Recall for commercial environments using MDM and group policy. Learn about Recall features.
learn.microsoft.com
Dieser Beitrag wurde bearbeitet. (1 Jahr her)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Two quick updates -

A) if you disallow recording of a website in Control Panel or GPO, in Chrome it is still recorded - disallow recording only works in Edge browser

B) Firefox and Tor Browser is recorded always, including in private mode - the exception is Hollywood DRM’d videos

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

I got ahold of the Copilot+ software.

Recall uses a bunch of services themed CAP - Core AI Platform. Enabled by default.

It spits constant screenshots (the product brands then “snapshots”, but they’re hooked screenshots) into the current user’s AppData as part of image storage.

The NPU processes them and extracts text, into a database file.

The database is SQLite, and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

And if you didn’t believe me.. found this on TikTok.

There’s an MSFT employee in the background saying “I don’t know if the team is going to be very happy…”

They should probably be transparent about it, rather than telling BBC News you’d need to be physically at the PC to hack it (not true). Just a thought.

Dieser Beitrag wurde bearbeitet. (1 Jahr her)

teilten dies erneut

Als Antwort auf Thibault D.

mastodon - Link zum Originalbeitrag

Scott Hanselman 👸🏽🐝🌮

@ThibaultDu @Powareverb @gerowen I don’t work on the project but I find the NPU tech and the open SDKs behind it (and onyx runtime) interesting. My opinion is it should be not just opt-in but something you download explicitly and install if you want it. Similar to RescueTime and TimeSnapper and AugmenD and other apps that have done this stuff for years (using OCR). This should be as secure as your browser history, encrypted at rest, non roaming, etc.
@Marcus Adams @Gavin Jones @Thibault D.
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Ian Betteridge

Hmmm. But that’s true for *anything* on your file system. And AFAIK no one has yet invented a way to store info locally that isn't on your file system ;)

So yes, a compromised machine where someone has set up remote access to it without you knowing would allow them to spy on your activity. But that is true today, too, on any machine, on any platform.

Plus if someone has remote access, they would be WAY better off installing akeylogger than relying on a feature I can turn off.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

So the code underpinning Copilot+ Recall includes a whole bunch of Azure AI backend code, which has ended up in the Windows OS. It also has a ton of API hooks for user activity monitoring.

Apps themselves can also search and make themselves more searchable.

It opens a lot of attack surface.

The semantic search element is fun.

They really went all in with this and it will have profound negative implications for the safety of people who use Microsoft Windows.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

If you want to know where tech companies are with AI safety, know Microsoft Recall won’t record screenshots of DRM’d movies..

..but will record screenshots of your financial records and WhatsApp messages, as corporate interests were prioritised over user safety.

And it’s enabled by default.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

docht

Interested layperson here:

From what you've seen so far, can you draw a conclusion that a computer with recall running sends more data than usual to Microsoft, maybe "disguised" as part of diagnostics data for example.

I wonder if recall is a fishing expedition in task mining and if so, how Microsoft, despite having promised that recall does not run in the cloud, could get the data nevertheless.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Copilot+ Recall feature pop quiz:

You deal with a sensitive matter on my Windows PC. E.g. an email you delete. Does Copilot Recall still store the deleted email?

Answer: yes. There's no feature to delete screenshots of things you delete while using your PC. You would have to remember to go and purge screenshots that Recall makes every few seconds.

If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

It comes up a lot as people are rightly confused, but if you wonder what problem Microsoft are trying to solve with Recall:

It isn't them being evil, it's business leaders who are middle aged and can't remember what they're doing driving decision making about which problems to solve.

A huge amount of business leaders are dudes who have no idea what the fuck is happening. This leads to the Recall feature.

Microsoft exists and is driven by that bubble.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Misuse Case

@Laird_Dave Sure, I can see that. But Microsoft has a lot of enterprise customers with CISOs, legal departments, regulatory requirements, etc. for whom Recall is worse than useless. That actually describes most of their largest enterprise customers!

Do they even pay attention to their own customers at all?

Sure enterprises can use GPO to turn it off but why make something that most of your biggest customers are going to have to turn off?

@Dave
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Some screenshots of Recall's SQLite database here: mastodon.social/@detective/112…

Just to clarify, I can access it without SYSTEM too. Microsoft are about to set cybersecurity back a decade by empowering cyber criminals via poor AI safety. Feature ships in a few weeks.

Albacore

2024-05-27 14:30:16

mastodon - Link to source

Can confirm that Recall data is indeed stored in a SQLite3 database. The folder it's in is fully accessible only by SYSTEM and the Administrators group. Attempting to access it as a normal user yields the usual "You don't currently have permission" error. Here's how the database is laid out for those curious, figured you might appreciate a few screenshots.
Screenshot of SQLite browser showing the structure of Recall's snapshot database
Screenshot of SQLite browser showing the Web table of Recall's snapshot database
Screenshot of SQLite browser showing the WindowCapture table of Recall's snapshot database
Screenshot of SQLite browser showing the WindowCaptureTextIndex_content table of Recall's snapshot database

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

The latest Risky Business episode on Recall is good, but one small correction - it doesn’t need SYSTEM rights.

Here’s a video of two MSFT employees gaining access to the Recall database folder - with SQLite database right there. Watch their hacking skills. (You don’t need to go this length as an attacker, either). Cc @riskybusiness

I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC.

@Patrick Gray
Dieser Beitrag wurde bearbeitet. (11 Monate her)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

My look at the feature, FAQs from the community etc

doublepulsar.com/recall-steali…


Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of your PC constantly, and makes it into an…
Kevin Beaumont (DoublePulsar)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

this is the out of box experience for Windows 11's new Recall feature on Copilot+ PCs. It's enabled by default during setup and you can't disable it directly here. There is an option to tick "open Settings after setup completes so I can manage my Recall preferences" instead.

HT @tomwarren

@Tom Warren

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

You allow BYOD so people can pick up webmail and such. It’s okay, because when they leave you revoke their access, and your MDM removes all business data from the machine ✅

What the employee does: opens Recall, searches their email, files etc and pastes the data elsewhere.

Nothing is removed from Recall, as it is a photographic memory of everything the former employee did.

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Security and privacy researchers - You can now install Copilot+ Recall on any ARM hardware (doesn’t need an NPU) or in Azure VMs.

Guide from @detective

The devices launch THIS MONTH to customers so I suggest people look at this.

github.com/thebookisclosed/Amp…


GitHub - thebookisclosed/AmperageKit: One stop shop for enabling Recall in Windows 11 version 24H2 on unsupported devices

One stop shop for enabling Recall in Windows 11 version 24H2 on unsupported devices - thebookisclosed/AmperageKit
GitHub
@Albacore

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Nvidia just announced that Copilot+ and Recall are coming to AMD systems. theverge.com/2024/6/2/24169568…

Nvidia and AMD are bringing Microsoft’s Copilot Plus AI features to gaming laptops

Asus and MSI are launching AMD- and Nvidia-powered gaming laptops that include Microsoft’s Copilot Plus AI features.
Tom Warren (The Verge)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Somebody made a tool called Total Recall to dump Recall database and screenshots. x.com/xaitax/status/1797349055…
Dieser Beitrag wurde bearbeitet. (11 Monate her)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Uwe Küchler

@MostlyBlindGamer #ALT4you
Screenshot of the output of the script "totalrecall.py" that shows a detected "Windows Recall", and an extraction folder created for extracted Recall contents.
Two lists of captured content follow, one containing the captured windows (one with an open Gmail account) and the other one shows all extracted screenshots.
#ALT4you @MostlyBlindGamer
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Recent DHS published report handed to the US President which said it had "identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management"

Microsoft: let’s use AI to screenshot everything users do every 5 seconds, OCR the screenshots, make it searchable and store it in AppData!

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

If anybody is wondering if you can enable Recall on a machine remotely without Copilot+ hardware support - yep.

I’ve also found a way to disable the tray icon.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

I went and looked at YouTube for Recall to get out of the echo chamber and I can only find one positive video. Even the people at the event are slating it, including people with media provided Copilot+ PCs.

There’s some content creators who’ve realised it records their credit cards, so they’re making videos of their cards going walkies.

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

It’s going to be interesting to see how Microsoft get out of this one. They may have contractual commitments to ship Recall with external parties.

I thought they were risking crashing the Copilot brand with this one, but I was wrong looking at the videos and comments on them - I think they’re crashing the Windows consumer brand.

The reaction to photographic memory of what people do at home has - you’ll be surprised to know - not been seen as a reason to buy a device, but a reason why not to.

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Forgi

Actual clown show announcing it immediately after this blog post:
blogs.microsoft.com/blog/2024/…

But yeah, the direction 11 was going in has been great, then they abruptly veered right off the cliff.

Prioritizing security above all else - The Official Microsoft Blog

Microsoft runs on trust, and our success depends on earning and maintaining it. We have a unique opportunity and responsibility to build the most secure and trusted platform that the world innovates upon.
Microsoft Corporate Blogs (The Official Microsoft Blog)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Windows Central, about the only outlet giving Recall positive coverage and having articles tweeted by Microsoft staff - have updated their take after being hands on with a device. windowscentral.com/software-ap…

"Microsoft should recall Windows Recall" — Security researcher discovers Microsoft's new AI tool is woefully insecure

The security story around Windows Recall hits a brick wall as it's discovered the data it collects is unencrypted.
Zac Bowden (Windows Central)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft has been declining to comment on criticism of Recall for a week - but they have apparently told a journalist off the record at Future that changes will be made before Copilot+ devices drop in the coming days.

This may include an attempt to invalidate researcher criticism, we’ll see.

Dieser Beitrag wurde bearbeitet. (11 Monate her)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

WIRED has a piece about Total Recall, a now released tool which dumps keypresses, text and screenshots (they’re JPEGs) from Microsoft Recall

wired.com/story/total-recall-w…

Total Recall software by @xaitax github.com/xaitax/TotalRecall

Example search for ‘password’:

🪟 Captured Windows: 133
📸 Images Taken: 36
🔍 Search results for 'password': 22

📄 Summary of the extraction is available in the file:
C:\Users\alex\Downloads\TotalRecall\2024-06-04-13-49_Recall_Extraction\TotalRecall.txt


GitHub - xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots. - xaitax/TotalRecall
GitHub

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

I hadn’t been aware until today of the external reaction to Recall. Holy shit. Tim Apple must be pleased.

Everything from media coverage to YouTube to TikTok is largely negative. All the comments are negative.

These videos have tens of millions of views and hundreds of thousands of comments.

I knew it would be bad but.. it’s worse. I’ve spent hours looking at the sentiment and.. well, they probably would have got better coverage from launching an NFT of pregnant Clippy.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Killa Koala

@cstross I struggle to even understand the utility of the Recall feature, ignoring the privacy issues for a moment. I can't think of really any occasion when I would have found it useful. Given an incremental backup system like Apple's Time Machine, macOS's built-in document versioning feature, browser histories, etc. when would you even use Recall if you had it? It seems a lot of trouble, resources and AI bullshit for extremely niche use cases.
@Charlie Stross
Als Antwort auf Becca Cotton-Weinhold

mastodon - Link zum Originalbeitrag

Charlie Stross

@rlcw @dshan Tools for finding document X about subject Y that somebody sent you are ALREADY baked into your operating system, and have been for decades! (On macOS, it's Spotlight; Windows has an equivalent search facility. UNIX has had text searching via grep since the early 1970s.) This new thing isn't about search and retrieval, it’s a comprehensive log of everything you ever do on your computer. Which we normally call "spyware".
@Becca Cotton-Weinhold @Killa Koala
Als Antwort auf Charlie Stross

mastodon - Link zum Originalbeitrag

Becca Cotton-Weinhold

@cstross @dshan When people send us things they are not necessarily on the computer anymore, or in the browser, they can be in one of the 5 other tools used at work. This tool does get around this limitation - in a bad way. Don't get me wrong, we all agree it's not worth it, because it's a privacy nightmare, for you and people around you.
@Charlie Stross @Killa Koala
Als Antwort auf Kevin Beaumont

pleroma - Link zum Originalbeitrag

immibis

A whole lot of modern #capitalism is arguably like this. At least in the past, our murderous overlords had to actually do something vaguely useful at the end of the day in order to keep their positions as murderous overlords. Now they get to keep their positions for free, thanks to e.g. currency manipulation, and the decline of antitrust, and the most prominent ones literally have no idea what they're doing. They were just handed these positions by the good old boys club or by inheritance, and they can't fuck it up since social mobility is near zero, and whatever nonsense they decide, we just have to put up with because they're the overlords and we are not.
#capitalism
Als Antwort auf Ben Ramsey

mastodon - Link zum Originalbeitrag

Ben Ramsey

@jalcine What’s more damning is that many engineers are dues-paying members of the ACM or IEEE, which do have codes of ethics they encourage computing professionals to follow (even if not members).

ACM Code of Ethics, 4.2: “Each ACM member should encourage and support adherence by all computing professionals regardless of ACM membership.“

We should hold our profession accountable to these codes.

acm.org/code-of-ethics

computer.org/education/code-of…


Code of Ethics for Software Engineers

IEEE Computer Society and ACM have established a joint task force on software engineering ethics. Read through the best practices.
DX Editor (IEEE Computer Society)
@Neo-Rodneyite ✍🏿📖
Als Antwort auf trusty falxter 🧠

mastodon - Link zum Originalbeitrag

OCR Bot

OCR Output (chars: 1454)

Sensitiver Inhalt

@trusty falxter 🧠
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Jared White — Free Garcia Now!

“This is my computer”

Is it though?

"This is my Recall"

Is it though?

"This is all being done locally"

For now.

See, the problem is we can't trust these companies. So when they make claims that they've voluntarily decided to implement something in a manner which appears to be ethically-driven, we have zero recourse if they suddenly change their minds. (And most of the time, they do.)

Als Antwort auf eerlijkdigitaalonderwijs.nl

mastodon - Link zum Originalbeitrag

Dave Lane 🇳🇿

@CEDO fully agree with this. Similarly Google and Apple systems. Here in NZ, the situation's pretty dire (and I suspect it's the same in most of the rest of the world): davelane.nz/explainer-digitech…

Explainer: Digitech risks for School Boards

I'm a parent with two children in public schools in Christchurch, NZ. I'm also a software developer with an interest in education.
Dave Lane
@eerlijkdigitaalonderwijs.nl
Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

theOmegabit

@mkj agreed. Also, as bad as the Microsoft implantation and added layer of being default may be, there’s some level of trust that’s a tad higher than what I have for most if not all small third parties.
@mkj
Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

Nicole Parsons

Saudi Arabia had been flooding American tech companies with cash since 2018.

Twitter was just one example of anti-democracy oil oligarchs hijacking tech.

Kushner's $2 billion in Saudi sovereign funds isn't buying beach-front condos in Gaza, it's being spent on torpedoing tech brands like Microsoft.

Google, Apple, Oracle, Amazon, Microsoft, all had MBS visit in 2018. The investments continued after the Khassoghi murder & its accelerated in recent months.
vox.com/technology/2023/5/1/23…


How Saudi money returned to Silicon Valley

All the ways Saudi Arabia’s cash powers tech startups and venture capital
Jonathan Guyer (Vox)

Nicole Parsons hat dies geteilt.

Als Antwort auf Nicole Parsons

mastodon - Link zum Originalbeitrag

Nicole Parsons

The funding isn't restricted to tech companies. In 2018, anti-democracy donors suddenly decided AI was the next big thing. Recall's snapshots are a data-gathering tool for CoPilot AI.

Noted GOP megadonor to Trump, Stephen Schwarzman funded MIT's new AI faculty in 2018.

shass.mit.edu/news/news-2018-a…

qz.com/annual-corporate-invest…

statista.com/statistics/941137…

forbes.com/sites/jeanbaptiste/…

pymnts.com/news/artificial-int…

The flood of money is inducing the premature product launches of flakey AI.


AI Startups Culled $9.3B In 2018

Investment News: Venture capital funding of artificial intelligence (AI) companies jumped 72 percent last year, hitting a record $9.3 billion.
PYMNTS (PYMNTS.com)

Nicole Parsons hat dies geteilt.

Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

OvertonDoors

@Npars01

Sure, and it's an coincidence that the WaPo ousted it's editor in favor of someone who wants TuckerKarlson op-eds.

I suppose you believe it was pure incompetence that drove Musk's management of Twitter into the shitter.

Rupert Murdoch marries his ruZZian handler, nothing to see here.

But co-pilot's creation has nothing to do with the billions of autocratic petro-dollars being pumped into Microsoft. Your not trying nearly hard enough to stick your head in the sand.

@Nicole Parsons
Als Antwort auf das_menschy

mastodon - Link zum Originalbeitrag

Nicole Parsons

@das_menschy @OvertonDoors

A simple Google search for "Microsoft +Saudi" lists several hundred articles describing the scale of Saudi investment in AI.

Don't believe me? Check any reputable business news website.

The scale of the investment by the fossil fuel industry in such a short time is astonishing.

@OvertonDoors @das_menschy

Nicole Parsons hat dies geteilt.

Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Recall and Copilot+ is also coming to ASUS systems, including AMD, in a deal with Microsoft.

ASUS Announces Complete Portfolio of AI-Powered Copilot+ PCs asus.com/us/news/pnm9tg6qccql6…

Nvidia announced they are bringing Copilot+ and Recall to PCs, in a deal with Microsoft: theverge.com/2024/6/2/24169568…


Nvidia and AMD are bringing Microsoft’s Copilot Plus AI features to gaming laptops

Asus and MSI are launching AMD- and Nvidia-powered gaming laptops that include Microsoft’s Copilot Plus AI features.
Tom Warren (The Verge)

teilten dies erneut

Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

Becca Cotton-Weinhold

@weirdwriter will it? ecoevo.social/@rlcw/1125630235…

Becca Cotton-Weinhold

2024-06-05 08:17:12

mastodon - 来源链接

@cstross @dshan When people send us things they are not necessarily on the computer anymore, or in the browser, they can be in one of the 5 other tools used at work. This tool does get around this limitation - in a bad way. Don't get me wrong, we all agree it's not worth it, because it's a privacy nightmare, for you and people around you.

@Robert Kingett backup
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Three Copilot+ Recall questions that keep coming up.

Q. Can you alter the Recall history?

A. Yes. You can change the OCR database and change the screenshots as the logged in user or as software running as the local user. There is no audit log of changes.

Q. Are they snapshots, as Microsoft says, or screenshots?

A. They are just screenshots, jpegs.

Q. What is to stop apps on your machine accessing your Recall covertly?
A. Nothing. There is no audit log of access.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

If anybody is wondering what Microsoft's reaction to any of the Copilot+ Recall concerns are, they're continuing to decline comment to every media outlet.

I've seen comments MS staff have been given for enterprise customers, which are nonsense handwaving.

Product ships live on devices from Dell, Lenovo etc this month. x.com/zacbowden/status/1798221…

Dieser Beitrag wurde bearbeitet. (11 Monate her)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

TotalRecall has been updated to exfiltrate Recall database and screenshots without needing admin rights: github.com/xaitax/TotalRecall

GitHub - xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots. - xaitax/TotalRecall
GitHub
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

You can now remotely dump Recall data and screenshots over the internet from Linux etc. Changes in flight for parsing data too.

github.com/Pennyw0rth/NetExec/…

Add Recall module for dumping all users Microsoft Recall DBs & screenshots by Marshall-Hallenbeck · Pull Request #335 · Pennyw0rth/NetExec

Gets all users Recall folders and dumps them, then renames screenshots to include .jpg (unnecessary but helpful). I cherry-picked the download_folder functionality from #320 and then improved it du...
GitHub

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

DieMadColonizer

hey thanks for continuing to post on this.

I saw on bighard's website that they're rolling this Copilot out to Win10 as well but it's not clear if Recall will be on there? Have you been able to find anything on that aspects of this? Thanks again!

support.microsoft.com/en-us/wi…

Welcome to Copilot in Windows - Microsoft Support

Windows is the first PC platform to provide centralized AI assistance for customers. Together, with Microsoft Copilot, Copilot in Windows helps you bring your ideas to life.
support.microsoft.com
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Turns out speaking out works.

Microsoft are making significant changes to Recall, including making it specifically opt in, requiring Windows Hello face scanning to activate and use it, and actually encrypting the database.

There is obviously going to be devils in the details - potentially big ones.

Microsoft needs to commit to not trying to sneak users to enable it in the future, and it needs turning off by default in Group Policy and Intune for enterprise orgs.

theverge.com/2024/6/7/24173499…


Windows won’t take screenshots of everything you do after all — unless you opt in

Microsoft is making its controversial AI-powered Recall feature optional. The changes come after security experts warned the feature could be a disaster for cybersecurity.
Tom Warren (The Verge)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Obviously, I recommend you do not enable Recall, and you tell your family not to enable it too.

It’s still labelled Preview, and I’ll believe it is encrypted when I see it.

There are obviously serious governance and security failures at Microsoft around how this played out that need to be investigated, and suggests they are not serious about AI safety.

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft President Brad Smith is going to be grilled by US gov next week. therecord.media/microsoft-reve…

Microsoft reverses course, makes Recall feature opt-in only after security backlash

Recall allows the company’s new line of Windows 11 Copilot+ devices to screenshot every action a person takes on their PC.
therecord.media

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

sebastian büttrich

While that might be a nice partial interim success, #MicroSoft
will certainly not stop sneaking on users - it s their business concept, and you dont need graphical snapshots to track a user. There s telemetry you cant turn off. Try run a #Windows PC without net connection (or blocking connections to the overlords), and you will know.

There is one way to turn it off: install Linux.

#Total #Recall

#microsoft #windows #total #recall
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

A reminder that a few weeks ago at RSA, Microsoft signed CISA's Secure By Design pledge... and then shipped an enabled by design keylogger that OCRs your screen constantly into AppData.

Edit: I should say that's less a reflection on Microsoft and more a reflection on CISA's Secure By Design pledge.. it's a good idea, but the scope is extremely limited.

Dieser Beitrag wurde bearbeitet. (11 Monate her)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

I think MS are a way off extracting themselves from Recall situation they've got themselves into.

This is just one YouTube comments section on a video since the not-enabled-by-default change - 500k views - but there's loads more, similar on TikTok.

I imagine it's going to continue through week and into next week when the laptops ship.

I have heard rumblings MS are discussing trying to take action against me over the whole thing, which a) good luck and b) would be pouring petrol on the flames.

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Some backstory - it's being reported Microsoft developed Recall in secret to try to avoid scrutiny. windowscentral.com/software-ap…

I'm hearing that various MSFT people are furious about how this played out over the past few weeks, which IMHO represents a serious lack of introspection.


A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel's back

The world is up-in-arms over Windows Recall, but why? It stems from Microsoft's seeming lack of care for Windows and its users.
Zac Bowden (Windows Central)

teilten dies erneut

Als Antwort auf Kevin Beaumont

glitchsoc - Link zum Originalbeitrag

Ikon Hannunen

yeah, well all major customers of Microsoft should factor this along with MSOFT's milquetoast decision to have it as default off into their decision-making models.

Microsoft clearly want this to blow over and move forward and eventually perniciously be enacted spyware/surveillance ware.

All major customers should be moving away from Microsoft until resignations occur and Recall is completely scuttled. Full stop.

Dieser Beitrag wurde bearbeitet. (11 Monate her)
Als Antwort auf Ikon Hannunen

mastodon - Link zum Originalbeitrag

DieMadColonizer

@hannu_ikonen fwiw I won't be bacc permanently, just like I stopped using apple products more than a decade ago, when they didn't honor a warranty on my last iPod.

And I'll never shut up about how bad they are, and will convince people to use other shit and teach em how. I won't end msft but I'll do my part to dissuade bad actors in tech (just like im doing with google). They've fked their brand for a generation I think.

@Ikon Hannunen
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft have paused the rollout of Windows 11 24H2 in preview channel, it was the version containing Recall. Microsoft have not explained why.

x.com/brandonleblanc/status/17…

I don't know if it was publicly known but it was possible to use Recall on more hardware via Mach2, before this was pulled.

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft’s President Brad Smith appears before US House Committee on Homeland Security tomorrow.

His testimony: homeland.house.gov/wp-content/…

In this bit he talks about Recall (not named), where he pats himself and Microsoft on the back for “a feature change” and job well done.

Given it has been a complete cybersecurity and privacy car crash - and as of today the changes (plural) they’re referring to haven’t even been implemented - it seems like Microsoft fails to grasp customer needs: safety.

Dieser Beitrag wurde bearbeitet. (11 Monate her)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

One other thing - Microsoft's written testimony to the US House says, quoting, bolded by MS:

"Before I say anything else, I think it’s especially important for me to say that Microsoft accepts responsibility for each and every one of the issues cited in the CSRB’s report. Without equivocation or
hesitation. And without any sense of defensiveness."

Counterpoint: they publicly disputed the report in the media. theverge.com/2024/4/25/2413991…

Microsoft needs to win back trust

Microsoft has faced a series of security issues in recent years. Now, the company is trying to win back trust and focus on security as a top priority.
Tom Warren (The Verge)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

I should say that if Brad is asked about Recall tomorrow, the answers may raise some.. uh... eyebrows here.

I don't know what MS SLT have been told, but expect fun when the feature drops on consumer laptops in a few days.

As I mentioned in my blog, there is some more security hardening there on Copilot+ PCs (this was before MS put out their blog)... but it's still easily bypassable.

DieMadColonizer hat dies geteilt.

Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft’s Recall puts the Biden administration’s cyber credibility on the line

cyberscoop.com/microsoft-recal…

Interesting article. All through this, CISA and the DHS have declined to comment.


Microsoft’s Recall puts the Biden administration’s cyber credibility on the line

Why has the White House remained silent on the launch of a product that violates the spirit and letter of its flagship cybersecurity initiatives?
eliasgroll (CyberScoop)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

The Verge reports today that "Windows engineers are scrambling to get additional changes tested and ready for the release of Copilot+ PCs next week."

It also says "Recall was developed in secret at Microsoft, and it wasn’t even tested publicly with Windows Insiders."

I've also been told Microsoft security and privacy staff weren't provided Recall, as the feature wasn't made available broadly internally either.

theverge.com/2024/6/13/2417770…


Xbox delivered and Windows scrambles to secure Recall

Microsoft had one of its best Xbox showcases ever. There were new game reveals, a handheld tease afterward, and more.
Tom Warren (The Verge)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft President Brad Smith just testified to the US House that Recall is a good example of Secure By Design, and that they have the time to get it right (it’s supposed to launch in 3 working days).

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Brad Smith just said Recall was designed to be disabled by default. That is not true. Microsoft’s own documentation said it would be enabled by default - they only backtracked after outcry.

He has somehow got almost every detail about Recall wrong while testifying.

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

I’m being told Microsoft are prepping to fully recall Recall. Another announcement is being prepped for tomorrow afternoon saying the feature will not ship on Copilot+ devices at launch as it is not secure.

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Announcement is out. Good on Microsoft for finally reaching a sane conclusion.

- Recall won’t ship as a feature at launch on Copilot+ PCs any more.

- Won’t be available in Insider preview channel at launch, as it was pulled.

When it does appear in preview channels, privacy and security researchers need to keep a close eye on what Microsoft are doing with the feature.

Microsoft tried developing this feature in secret in a way which tried to avoid scrutiny. Thank you to everyone who stood up.

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

If anybody is wondering, Microsoft moved the announcement up as I scooped them 🤣

Thank you to everyone who helped out with this one, there was no way something that constantly OCR’d the screen being implemented so poorly was acceptable but Microsoft really, really dug their heels in.

Photographic memory of everything you’ve ever done on a computer has to be entirely optional, with risks explained and be done right.. or not at all. Accountability matters.

Microsoft, be better.

Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

Kevin Beaumont

If anybody wonders if Recall classifies what porn you watch, yes. Aside from OCRing text it also classifies images in videos.

9 minute 50 second mark in this, screen is blurred for obvious reasons.

youtu.be/2GTI00pFcLc?si=EiBEaJ…


Wir haben Windows Recall ausprobiert, damit ihr es nicht müsst

=== Anzeige / Sponsorenhinweis === Exklusiv! Schnapp dir den NordVPN-Deal: https://nordvpn.com/ct3003Sichere dir jetzt 4 Monate extra für ein 2-Jahres-Abo un...
YouTube

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Here’s the clip translated around adult content with Microsoft Recall.

They filter search terms in English like naked - but don’t filter it in other languages.

Everything you view - including in videos - is classified and stored in the database.

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

This is pretty good - detecting Microsoft Recall misuse for data exfil. youtu.be/SV9-dn-5uEY?si=jVz9sC…

I tested this against the latest release of Recall and both TotalRecall and these detections still work.

Obviously Recall may well alter before it hits Insider preview channel, nobody needs to rush out detections yet.

Btw all through this saga, Microsoft Defender never triggered Recall specific alerts for me. Sophos did.


Microsoft Recall: Detecting Abuse | Threat SnapShot

You've probably heard of Microsoft's new Recall feature by now. It's a info stealer's dream come true. There has been a lot of information release about how ...
YouTube

Florian Schmidt hat dies geteilt.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Windows 11 24H2 preview release has been rereleased (but only for Copilot+ devices). It doesn’t include Recall any more.

pcworld.com/article/2370043/wi…

Additionally the Copilot+ PCs now have an update which enables the other AI features. This wasn’t available until a few hours ago, hence the lack of unsupervised reviews of the devices. It means you will see those reviews drop after the devices launch tomorrow.

Windows 11's latest update is kind of insane, in a bad way

The Windows 11 24H2 update shows how Microsoft is splitting Windows 11 users into Copilot+ haves and have-nots.
Mark Hachman (PCWorld)
Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

Kevin Beaumont

.@JohnHammond’s video on Recall is great, and a lot of fun - should also stop history being rewritten on this one later.

youtu.be/JujkOmvbgGw


Windows Recall (was) a Security Nightmare

Learn Cybersecurity - Name Your Price Training with John Hammond: https://nameyourpricetraining.comWATCH MORE:Dark Web & Cybercrime Investigations: https://w...
YouTube
@John Hammond
Dieser Beitrag wurde bearbeitet. (11 Monate her)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

There’s a website which gives some insight into how the UI and marketing push for Copilot+ Recall came together. The actual video appears to have gone MIA.

iamp.at/work/introducing-recal…

Introducing Recall - Patrick Flaherty

I led the visualization for the Recall app launch, showcasing its capabilities on a 50-foot screen during the live public introduction by Yusuf. My UI team managed the project from start to finish, developing visuals in the final two weeks.
Patrick Flaherty
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

I got ahold of what I think is the latest Microsoft Recall (Copilot+ Recall? Nobody knows the branding) build and.. well.. Total Recall still works with the smallest of tweaks to export the database, it's still accessible as a plaintext database with marketing as the security layer.

Another observation, the Recall backlog must be very large as it's just becoming a truck load of features being dumped on.

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

One thing MS needs to fix in Recall, before the Insider canary build hits again, is the MSRC bug bounty.

As far as I can see, if you find a critical or high in Recall it qualifies for *drumroll* $1k bounty, unless I'm misinformed.

That probably needs clarifying as nobody is going to sell photographic memory access to Windows devices to MS for that value - it's way more valuable elsewhere.

Dieser Beitrag wurde bearbeitet. (10 Monate her)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Linus Tech Tips on Copilot+ and Recall, after their embargo lifted. youtu.be/w5h_1Buf54I

The Truth about Snapdragon X Laptops…

Get a free 14-day trial of Odoo’s all-in-one business solution and see how it can make your life easier! Check it out at https://www.odoo.com/r/5eLSQualcomm’...
YouTube
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Should Microsoft Recall ever reappear I plan to keep checking how secure it is, because the next evolution of security cannot be Microsoft pouring petrol onto the infostealer fire.

Infostealer malware is swiping millions of passwords, cookies, and search histories. It’s a gold mine for hackers—and a disaster for anyone who becomes a target.

wired.com/story/infostealer-ma…

Dieser Beitrag wurde bearbeitet. (10 Monate her)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

XDA Developers, who were a good source of behind the scenes info during the Microsoft Recall saga, are saying Microsoft have kicked Recall into the long grass and they think it may never launch. xda-developers.com/thread/micr…

It’s been almost two months since Microsoft said it would launch for Insiders in “weeks” instead.


Microsoft wants you to forget about Copilot+ Recall, it seems

Remember Recall? It was the hero feature of Copilot+, Microsoft's suite of features for AI PCs that was plagued by privacy and security concerns.
XDA

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft now say Recall will available for Insider testing in October on select Copilot+ PCs.

As a community we’ll need to test the security implications out extensively.

Due to hardware requirements this will obviously be a problem, unless we can hack it to install on non-NPU systems again - I don’t know if that has been ‘fixed’ or not.

theverge.com/2024/8/21/2422543…


Microsoft’s Recall AI feature won’t be available for Windows testers until October

Microsoft’s controversial Recall AI feature isn’t arriving until October at the earliest. After promising it was weeks away, Microsoft clearly needs more time.
Tom Warren (The Verge)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

The Microsoft Recall saga continues - Microsoft accidentally introduced the ability to uninstall it. They say this was an error and you won’t be able to uninstall it in the future. theverge.com/2024/9/2/24233992…

Microsoft says its Recall uninstall option in Windows 11 is just a bug

Microsoft won’t say whether it will let Windows users fully uninstall Recall. A new option that appeared recently was ‘incorrectly listed,’ says Microsoft.
Tom Warren (The Verge)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Recall is back.

Overall the planned changes here are much more robust.

Some of the things are boomerangs - eg they said it wasn’t uninstallable weeks ago, but it is now. Also they said it wasn’t developed under Secure Future Initiative a few months ago.. but now say it was originally under SFI.

The proof is in the pudding obviously so hands on tests will be required. They’ve locked it to Copilot+ PC systems now, which will limit research.

theverge.com/2024/9/27/2425572…


Microsoft’s more secure Windows Recall feature can also be uninstalled by users

Microsoft will allow Copilot Plus PC owners to uninstall its AI-powered Recall feature. It’s part of a big overhaul to Recall following security concerns.
Tom Warren (The Verge)
Dieser Beitrag wurde bearbeitet. (7 Monate her)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft need to go back and fix this if true, as Explorer shouldn’t be tied to Copilot and Recall. news.itsfoss.com/microsoft-win…

Typical Microsoft! Disabling Windows Recall is Breaking File Explorer

This is what some users have spotted and I am not surprised.
Sourav Rudra (It's FOSS News)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft have recalled Recall again.

It still hasn't even made it to Insider preview yet, that's been delayed too, now in December.

Good, by the way. They should take the time to get it right. I still don't know what they were thinking when they had the CEO stand on stage and say it was launching on devices 6 months ago and would be fully secure, when they hadn't even done a basic security review of it.

theverge.com/2024/10/31/242845…


Microsoft just delayed Recall again

Microsoft is once again delaying its plans to roll out its Recall feature for Copilot Plus PCs. Windows Insiders will now get access to the feature in December.
Tom Warren (The Verge)

teilten dies erneut

Unbekannter Ursprungsbeitrag

gotosocial - Link zum Originalbeitrag

Irenes (many)

corporate PR promises are worth absolutely nothing, so even if they were to say "and we definitely will never do it again" we would definitely be seeing a closely related thing with a slightly different name get launched in a year or two
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

I'd be surprised if it is released in December btw, as Redmond is a ghost town in the office from basically now until mid January.

I guess a cynical version is they're trying to rush out the Insider preview during Christmas so nobody actually reviews it.. but, well, I don't think that would happen as it'd be another own goal. It probably needs 6 months in Insider release with a bug bounty, to avoid exploits dropping like Joker 2 at the box office on release.

Dieser Beitrag wurde bearbeitet. (6 Monate her)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

In a newly released blog entitled "Windows: AI-powered, cloud-enabled, and secure", Microsoft say the business versions of Windows will ship with Recall disabled by default - IT departments will have to enable the feature before it is available.

This is a smart move and frankly it was incredible that the original idea was to ship this enabled by default in business - it was never, ever going to fly and hopefully Microsoft is rightly humbled by the experience.

techcommunity.microsoft.com/bl…

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft are getting positive press for calling Recall “one of the most secure experiences it has built”.

I’d point out - they haven’t provided a Preview build to Insiders still, and there’s been no externally provided build (outside of NDA), so nobody has been able to assess the security and talk about it. There’s no specific bug bounty for it either.

When they first announced Recall, they called it totally secure - which was laughably inaccurate. It feels like a lot of premature high fiving

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft Recall is now available for testing.

theregister.com/2024/11/22/mic…

It’s only available on Qualcomm Snapdragon-powered Copilot+ PCs. My feeling is we’re probably going to want to hook one up to the internet and hack RDP for unlimited sessions, to allow research - I’ll look into it.

I’ve been told Recall is eligible for bug bounty as part of the Insider programme. I think the process is supposed to be sandboxed so in theory (my reading) the payout limit should be $20k.


Now’s your chance to try Microsoft’s controversial Windows Recall ... maybe

Like its AI, this automated screenshotter and logger is a feature not exactly everyone wanted
Iain Thomson (The Register)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft are rolling out Recall to users in Windows Insider (testing) before a wider rollout to all compatible systems.

It's definitely one to watch (and yes, I am) from a security point of view.

bbc.co.uk/news/articles/cj3xjr…


Copilot Recall: Microsoft rolls out AI screenshot tool

Recall had been dubbed a "privacy nightmare" but has made changes since its original launch was pulled.
Imran Rahman-Jones (BBC News)

teilten dies erneut

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

I've took a look at the past year of work Microsoft has done on Recall, which is due to roll out to compatible Windows devices soon

tl;dr it's much better from a security and privacy point of view. My partner managed to hack my Recall memory in 5 minutes to browse prior Signal discussions, by guessing my Windows Hello PIN.

There's a bunch of risks people who enable it need to understand.

doublepulsar.com/microsoft-rec…


Microsoft Recall on Copilot+ PC: testing the security and privacy implications

Last year, Microsoft announced Recall, a feature which screenshots your PC every few seconds, OCRs the screenshots and produces a searchable text database of everything you’ve ever viewed or written…
Kevin Beaumont (DoublePulsar)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Microsoft have announced, in a Friday night blog post, they are rolling out Copilot+ Recall to all compatible devices over the next month. blogs.windows.com/windowsexper…

Copilot+ PCs are the most performant Windows PCs ever built, now with more AI features that empower you every day

Windows has always been the place where computing innovation happens first. This was the case when we introduced Copilot+ PCs las
Windows Experience Blog
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Tabletop scenario for you:

Employee gets into a dispute with employer, leaves, had sensitive role. Employer revokes access, devices etc. Employee had logged in via BYOD to email, IM etc.

Due to Recall, employee walks away with 6 months of screenshots of everything she's ever worked on in a text indexed form - every email, chat, document, Teams call with video snapshots, transcripts of verbal calls etc - even if they set M365 to not store documents locally.

What does the employer do now?

Dieser Beitrag wurde bearbeitet. (4 Wochen her)
Als Antwort auf Simon Zerafa

mastodon - Link zum Originalbeitrag

James Wells

@simonzerafa
You need to emphasize `PHYSICAL DEVICE` here, even more than normal. With VDIs, they still need a device to access said VDI's, and will often use their personal devices, which will have Recall on and happily chugging away on the data that is being displayed from the VDI's graphical interface.

As for @GossiTheDog , you really really need to hope that your company is dealing with honorable / honest people or this won't end well.

@Simon Zerafa @Kevin Beaumont
Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

GunChleoc

They were quite surprised that I use a Linux host, so we had to figure out how to create the VPN & RDP connections. Well worth the effort methinks.
Dieser Beitrag wurde bearbeitet. (4 Wochen her)
Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

Marco Mastropaolo

@cR0w both have custom video drivers because otherwise you wouldn't be able to use Office through VDI, and grab through that if there's a protected window visible. If them behave well, they should also allow (potentially through a different setting, which might make things more complicated for IT admins) to protect their clients windows from grabbing.
@cR0w
Dieser Beitrag wurde bearbeitet. (4 Wochen her)
Als Antwort auf Adrian Sanabria

mastodon - Link zum Originalbeitrag

XenoPhage

@sawaba Sure, but not everyone does that as a regular habit, so it's usually not a big problem. But now, anyone with a Windows machine will be doing that without even knowing it.

I'm not sure what the security around it looks like, but this could be a massive way to leak a ton of data that wouldn't normally be local on a machine. Especially for stuff that's typically accessed via "secure” gateways. Sales folks will have screenshots of client lists, engineers could potentially have screenshots of passwords and configurations.

This feels like a really, really bad idea to me..

@Adrian Sanabria
Als Antwort auf Adrian Sanabria

mastodon - Link zum Originalbeitrag

James Wells

@sawaba
So the trick there is that from within your VDI, you can screenshot to your heart's content... It is just that some VM services have a feature that is supposed to be able to to block you from being able to take screenshots of your VDI's virtual display.

But yes, I live by the screenshot too much to want to disable that feature when I don't have to.

@Cyberoutsider @simonzerafa @GossiTheDog

@Simon Zerafa @Adrian Sanabria @Dave 🐶 @Kevin Beaumont
Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

Adrian Sanabria

if you’re on a box, can’t you just do the equivalent of Recall with malware? It definitely makes the job of an attacker easier and more streamlined, but not sure it adds up to a massive increase in risk.

Also, anyone that figures out how to eliminate that one hour every day the planet spends trying to find stuff on their computer could maybe add 10% to global GDP. How much risk is that worth?

(not that Recall is that solution, but it could be, right?)

Als Antwort auf Adrian Sanabria

mastodon - Link zum Originalbeitrag

Graham Sutherland / Polynomial

the malware can only access the things that were present or that occurred within the infection window. that's one of the reasons that establishing a breach timeline is so important during IR. Recall kinda breaks that by memorising all the stuff that came beforehand and giving the attackers access to all those historical actions through an abstraction layer.
Dieser Beitrag wurde bearbeitet. (4 Wochen her)
Als Antwort auf Adrian Sanabria

mastodon - Link zum Originalbeitrag

XenoPhage

@sawaba I may be, yes. But I guess my point is, folks screenshot specific things for the workflows they use. But they won't screenshot everything. Now they'll be screenshotting everything which makes the problem much worse.

Screenshotting has always been a way around DLP solutions. It makes me laugh when I deal with companies who think that locking developers into an AWS workspace with cut/paste to the host disabled will somehow keep their code secure. All they end up doing is frustrating the developers and losing good talent.

I'm just concerned that now the average user will suddenly have screenshots of all of their activity stored on their machines and may not even know it. That goes for home users too where it can be far more problematic since home users generally don't have encryption turned on, etc. Not to mention domestic situations where an abuser can now use this to spy on everything their partner is doing.

@Adrian Sanabria
Als Antwort auf Graham Sutherland / Polynomial

mastodon - Link zum Originalbeitrag

Adrian Sanabria

@gsuberland true, but infostealers often get access to most of the things that would be getting screenshotted. I need to think through the different scenarios where an adversary would find something like Recall data useful versus just grabbing tokens and creds…

Just trying to figure out where this lives on defenders’ neverending list of top priorities that will never get done

@Graham Sutherland / Polynomial
Als Antwort auf XenoPhage

mastodon - Link zum Originalbeitrag

Adrian Sanabria

@XenoPhage yeah, I’ve been thinking about how using recall would change how people use their computers. Regularly seeing screenshots of your own activity might prevent you from doing personal stuff on a work computer, ironically.

But if you don’t realize it is on, it’s just a liability.

Either way, in a corporate setting, I imagine this would be useful for HR to abuse employees. Tons of evidence to use against you if they wanted to.

It would have to massively solve the “find my shit” problem for all the downsides to be worth it.

@XenoPhage
Als Antwort auf Adrian Sanabria

mastodon - Link zum Originalbeitrag

Fi 🏳️‍⚧️

@sawaba @reijomancer
Excellent question.

Yes, all major operating systems do in fact allow screenshotting,

however!

Use of the snipping tool can be disabled for some or all users of a system with a registry entry; this control is made ineffective by Recall

Use of the snipping tool or a third-party application to make screen captures is an auditable action; Recall performs these captures automatically

User-controlled screen capturing is not inherently indexed nor processed in ways that make the contents machine-readable

User-controlled screen capturing does not necessarily have a consistent location on-disk where the records of such captures are stored, where an adversary would be able to script wholesale extraction of said records

There are other issues as well, but these are sufficient to make the point that recall's automated screenshotting, collation, and storage of captures without the specific agency or control of the user is sufficiently different from the prior model as to need a recontextualization and re-evaluation of extant controls to determine efficacy.

@Adrian Sanabria @Reijo Pitkänen
Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

Jason Haar

@sawaba it's the difference between a malicious insider (like the North Korean fake employee problem) - who will do you wrong no matter what - and an "innocent" insider who "goes bad" at the end, so will grab what they can on their way out. Recall massively changes the risk with the second scenario.
@Adrian Sanabria
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

John Keates

isn’t this the general issue with data access control anyway? As soon as you can see something with your eyeballs, so can a phone with a camera.

Putting a native infostealer in Windows is definitely another order of sillyness, but the idea that anyone can contain data while it’s visible to arbitrary eyeballs/cameras has not really held up for quite a while. I suppose DRM failed the same way, which recall also breaks.

A similar problem exists with a previous product that would have you carry around a camera so it could take pictures of your life for you; if you sat in front of your computer it would store that too. IIRC, Microsoft had one of those too. I guess history just keeps repeating.

Dieser Beitrag wurde bearbeitet. (4 Wochen her)
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

JustRosy 🇺🇦

Always assume you're either going to get fired, you're going to walk, or you're going to somehow, magically, take over the entire company. Always be prepared. Keep your own copies of your own work, when it's really yours. All your awards. All your peer employee contacts. All your supervisor contacts. Everything.
Dieser Beitrag wurde bearbeitet. (4 Wochen her)

JustRosy 🇺🇦 hat dies geteilt.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

JustRosy 🇺🇦

So. Much. BS in that blog ad. Lies everywhere. Everyone *hates* AI with a passion, and hates Microsoft almost as much. Literally, both are costing people their jobs and their ability to survive. F them both.

Here's how, too:

support.microsoft.com/en-us/wi…

Privacy and control over your Recall experience - Microsoft Support

support.microsoft.com
Dieser Beitrag wurde bearbeitet. (4 Wochen her)

JustRosy 🇺🇦 hat dies geteilt.

Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Kevin Beaumont

Signal have rolled out an update to all users that stops Microsoft Recall from capturing Signal conversations.

I’ve tested this and it works. Brilliant work by the @signalapp team. 💪

They call on Microsoft to build better, as there was no standardised way as an app developer to do this. Because Signal is open source, now app developers have a template to protect their users from Windows.

signal.org/blog/signal-doesnt-…


By Default, Signal Doesn't Recall

Signal Desktop now includes support for a new “Screen security” setting that is designed to help prevent your own computer from capturing screenshots of your Signal chats on Windows.
Signal Messenger
@Signal
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

Third spruce tree on the left

@signalapp And by using #Microsoft's own #DRM protections to do it too. THat's brilliant.

I have #Signal but don't use it (I don't know anyone else on it) - but I still pay a recurring donation monthly because THIS is the user(privacy, rights, security)-focused product management that I want to encourage. Way to go Meredith and team.

#microsoft #drm #Signal @Signal
Als Antwort auf Third spruce tree on the left

mastodon - Link zum Originalbeitrag

your auntifa liza 🇵🇷 🦛 🦦

“And by using #Microsoft's own #DRM protections to do it too. THat's brilliant.”

that’s exactly what caught my eye. they didn’t have to hack anything. it’s there in Microsoft’s own APIs. they’ve turned the monster of their own creation against them.

@tezoatlipoca @GossiTheDog @signalapp

#microsoft #drm @Signal @Kevin Beaumont @Third spruce tree on the left
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

RalfMaximus

@signalapp

Feel like this is the opening salvo in an escalating war, the same way youtube is fighting off uBlock Origin.

For example, that DRM attribute might soon be disabled for "non media containers" since it was devised to protect copyrighted works. Sure, that'd be petty. But it's Microsoft we're talking about here.

Then of course Signal posts a workaround, which Microsoft quickly--

@Signal
Als Antwort auf Third spruce tree on the left

mastodon - Link zum Originalbeitrag

tomas

@tezoatlipoca @signalapp It's a bit poetic but imma be 'that guy' and point out that using something for a purpose other than its intended one is never a reliable method in software. Sooner or later it will break. They know this, and are calling for better, dedicated privacy support, which is what is really important.
@Signal @Third spruce tree on the left
Unbekannter Ursprungsbeitrag

mastodon - Link zum Originalbeitrag

Third spruce tree on the left

@f4grx @tomas @signalapp So I don't know if its what #Signal app did (I don't have the spoons to go digging around their repo rn), but one way to invoke the #Windows #DRM protections on your app is to set the display affinity of your main window handle:

`SetWindowDisplayAffinity(hwnd, WDA_MONITOR)`
learn.microsoft.com/en-us/wind…

where `hwnd` is your main window handle and `WDA_MONITOR` sez only show on the monitor, all other purposes get no content.


SetWindowDisplayAffinity function (winuser.h) - Win32 apps

Stores the display affinity setting in kernel mode on the hWnd associated with the window.
learn.microsoft.com
#drm #windows #Signal @tomas @Signal @F4GRX Sébastien
Als Antwort auf Third spruce tree on the left

mastodon - Link zum Originalbeitrag

Third spruce tree on the left

@f4grx @tomas @signalapp

Sadly, only the application itself can set its own window display affinity; I know I just tried for an hour to write one - Windows User Interface Priviledge Isolation IUPI security prevents almost any attempt of one process to muck w/ the main window of another.
Otherwise that would be the coolest thing ever. run a little app that blacks out another app's window.

@tomas @Signal @F4GRX Sébastien
Als Antwort auf Kevin Beaumont

mastodon - Link zum Originalbeitrag

jablkoziemne

@signalapp Fun, I wander if something similar can be done on #linux with #wayland so I dont accidentally leak all my DMs because of missclick when using #obs and #xdg_desktop_portal, maybe not to the level of application always denying capture ( #drm applications), but it would be cool to have an rejectlist in your linux #desktop to add/remove applications you explicitly dont want to be able to capture (with default values pulled from their #flatpak manifest or something)

If current #xdg specification doesnt allow that, does any of the desktops like #gnome, #kde, #cosmic or #hyperland thought about that?

#Linux #kde #drm #desktop #Flatpak #wayland #gnome #obs #cosmic #Hyperland #xdg #xdg_desktop_portal @Signal