For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.
From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."
Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
reshared this
NosirrahSec 🏴☠️
in reply to Kevin Beaumont • • •Matt Hardy 3.11 for Workgroups
in reply to NosirrahSec 🏴☠️ • • •Kevin Beaumont
in reply to Kevin Beaumont • • •I've written up my thoughts on the Copilot Recall feature in Microsoft Copilot+ PCs
I think it will enable fraud and endanger users, and is not the sign of a company who are committed to security first.
doublepulsar.com/how-the-new-m…
Now at cwebber@social.coop ! reshared this.
Kevin Beaumont
in reply to Kevin Beaumont • • •Microsoft Copilot+ Recall feature 'privacy nightmare'
Imran Rahman-Jones (BBC News)Kevin Beaumont
in reply to Kevin Beaumont • • •Copilot+ Recall has been enabled by default globally in Microsoft Intune managed users, for businesses.
You need to enable DisableAIDataAnalysis to switch it off. learn.microsoft.com/en-us/wind…
Manage Recall for Windows clients - Windows Client Management
learn.microsoft.comreshared this
Mike [SEC=OFFICIAL] reshared this.
Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Two quick updates -
A) if you disallow recording of a website in Control Panel or GPO, in Chrome it is still recorded - disallow recording only works in Edge browser
B) Firefox and Tor Browser is recorded always, including in private mode - the exception is Hollywood DRM’d videos
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
Kevin Beaumont
in reply to Kevin Beaumont • • •I got ahold of the Copilot+ software.
Recall uses a bunch of services themed CAP - Core AI Platform. Enabled by default.
It spits constant screenshots (the product brands then “snapshots”, but they’re hooked screenshots) into the current user’s AppData as part of image storage.
The NPU processes them and extracts text, into a database file.
The database is SQLite, and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.
reshared this
Peter Van Eynde e Annalee reshared this.
Kevin Beaumont
in reply to Kevin Beaumont • • •And if you didn’t believe me.. found this on TikTok.
There’s an MSFT employee in the background saying “I don’t know if the team is going to be very happy…”
They should probably be transparent about it, rather than telling BBC News you’d need to be physically at the PC to hack it (not true). Just a thought.
Kevin Beaumont
in reply to Kevin Beaumont • • •Code Of Ethics
sqlite.orgKevin Beaumont
in reply to Kevin Beaumont • • •So the code underpinning Copilot+ Recall includes a whole bunch of Azure AI backend code, which has ended up in the Windows OS. It also has a ton of API hooks for user activity monitoring.
Apps themselves can also search and make themselves more searchable.
It opens a lot of attack surface.
The semantic search element is fun.
They really went all in with this and it will have profound negative implications for the safety of people who use Microsoft Windows.
Peter Van Eynde reshared this.
Kevin Beaumont
in reply to Kevin Beaumont • • •If you want to know where tech companies are with AI safety, know Microsoft Recall won’t record screenshots of DRM’d movies..
..but will record screenshots of your financial records and WhatsApp messages, as corporate interests were prioritised over user safety.
And it’s enabled by default.
reshared this
Blort™ 🐀Ⓥ🥋☣️, Lars Wirzenius, Now at cwebber@social.coop ! e Charlie Stross reshared this.
Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Copilot+ Recall feature pop quiz:
You deal with a sensitive matter on my Windows PC. E.g. an email you delete. Does Copilot Recall still store the deleted email?
Answer: yes. There's no feature to delete screenshots of things you delete while using your PC. You would have to remember to go and purge screenshots that Recall makes every few seconds.
If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.
Kevin Beaumont
in reply to Kevin Beaumont • • •It comes up a lot as people are rightly confused, but if you wonder what problem Microsoft are trying to solve with Recall:
It isn't them being evil, it's business leaders who are middle aged and can't remember what they're doing driving decision making about which problems to solve.
A huge amount of business leaders are dudes who have no idea what the fuck is happening. This leads to the Recall feature.
Microsoft exists in and is driven by that bubble.
Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Some screenshots of Recall's SQLite database here: mastodon.social/@detective/112…
Just to clarify, I can access it without SYSTEM too. Microsoft are about to set cybersecurity back a decade by empowering cyber criminals via poor AI safety. Feature ships in a few weeks.
Albacore (@detective@mastodon.social)
MastodonKevin Beaumont
in reply to Kevin Beaumont • • •The latest Risky Business episode on Recall is good, but one small correction - it doesn’t need SYSTEM rights.
Here’s a video of two MSFT employees gaining access to the Recall database folder - with SQLite database right there. Watch their hacking skills. (You don’t need to go this length as an attacker, either). Cc @riskybusiness
I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC.
Kevin Beaumont
in reply to Kevin Beaumont • • •Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.
My look at the feature, FAQs from the community etc
doublepulsar.com/recall-steali…
reshared this
rag. Gustavino Bevilacqua reshared this.
Kevin Beaumont
in reply to Kevin Beaumont • • •this is the out of box experience for Windows 11's new Recall feature on Copilot+ PCs. It's enabled by default during setup and you can't disable it directly here. There is an option to tick "open Settings after setup completes so I can manage my Recall preferences" instead.
HT @tomwarren
Kevin Beaumont
in reply to Kevin Beaumont • • •You allow BYOD so people can pick up webmail and such. It’s okay, because when they leave you revoke their access, and your MDM removes all business data from the machine ✅
What the employee does: opens Recall, searches their email, files etc and pastes the data elsewhere.
Nothing is removed from Recall, as it is a photographic memory of everything the former employee did.
Kevin Beaumont
in reply to Kevin Beaumont • • •Now at cwebber@social.coop ! reshared this.
Kevin Beaumont
in reply to Kevin Beaumont • • •Security and privacy researchers - You can now install Copilot+ Recall on any ARM hardware (doesn’t need an NPU) or in Azure VMs.
Guide from @detective
The devices launch THIS MONTH to customers so I suggest people look at this.
github.com/thebookisclosed/Amp…
GitHub - thebookisclosed/AmperageKit: One stop shop for enabling Recall in Windows 11 version 24H2 on unsupported devices
GitHubKevin Beaumont
in reply to Kevin Beaumont • • •Nvidia and AMD are bringing Microsoft’s Copilot Plus AI features to gaming laptops
Tom Warren (The Verge)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Riggle
in reply to Kevin Beaumont • • •Marius Kießling
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Marius Kießling • • •MichaelZ
in reply to Kevin Beaumont • • •MostlyBlindGamer
in reply to Kevin Beaumont • • •Melroy van den Berg
in reply to Kevin Beaumont • • •Uwe Küchler
in reply to Kevin Beaumont • • •Screenshot of the output of the script "totalrecall.py" that shows a detected "Windows Recall", and an extraction folder created for extracted Recall contents.
Two lists of captured content follow, one containing the captured windows (one with an open Gmail account) and the other one shows all extracted screenshots.
Marcus
in reply to Kevin Beaumont • • •I really dislike Microsoft's wording around this. They throw around terms like "encrypted" and "secure" to placate the lay person, when they know as well as anybody that encrypted data has to be decrypted at runtime, and if the user has access to the unencrypted data, so does any malware running with that user's privileges.
And you just know that it's gonna be on by default, if you turn it off Windows updates will randomly re-enable it, etc. This will be a privacy nightmare.
Kevin Beaumont
in reply to Kevin Beaumont • • •Recent DHS published report handed to the US President which said it had "identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management"
Microsoft: let’s use AI to screenshot everything users do every 5 seconds, OCR the screenshots, make it searchable and store it in AppData!
Rachel Rawlings
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •João Tiago Rebelo
in reply to Kevin Beaumont • • •Cameron Watters
in reply to Kevin Beaumont • • •8tpercent
in reply to Kevin Beaumont • • •reddit.com/r/Windows11/comment…
Andres Jalinton
in reply to Kevin Beaumont • • •Justin Scholz
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •If anybody is wondering if you can enable Recall on a machine remotely without Copilot+ hardware support - yep.
I’ve also found a way to disable the tray icon.
starchy
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to starchy • • •The Doctor
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to The Doctor • • •Shannon Clark
in reply to Kevin Beaumont • • •Rye
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •I went and looked at YouTube for Recall to get out of the echo chamber and I can only find one positive video. Even the people at the event are slating it, including people with media provided Copilot+ PCs.
There’s some content creators who’ve realised it records their credit cards, so they’re making videos of their cards going walkies.
acquirer
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to acquirer • • •Kevin Beaumont
in reply to Kevin Beaumont • • •It’s going to be interesting to see how Microsoft get out of this one. They may have contractual commitments to ship Recall with external parties.
I thought they were risking crashing the Copilot brand with this one, but I was wrong looking at the videos and comments on them - I think they’re crashing the Windows consumer brand.
The reaction to photographic memory of what people do at home has - you’ll be surprised to know - not been seen as a reason to buy a device, but a reason why not to.
Forgi :neofox_woozy:
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Forgi :neofox_woozy: • • •yep. And there’s loads of tangible security benefits from the rest of the work going on in Windows 11 in terms of security.
They just shit their own bed on this one by not understanding their customers, Apple must be so happy.
Forgi :neofox_woozy:
in reply to Kevin Beaumont • • •Actual clown show announcing it immediately after this blog post:
blogs.microsoft.com/blog/2024/…
But yeah, the direction 11 was going in has been great, then they abruptly veered right off the cliff.
Prioritizing security above all else - The Official Microsoft Blog
Microsoft Corporate Blogs (The Official Microsoft Blog)Longhorn
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Longhorn • • •Mike Taylor 🦕
in reply to Kevin Beaumont • • •Noah Cook
in reply to Kevin Beaumont • • •@never_released Fraud? Domestic violence is the event that's going to be disastrous for them. The first time a man beats his wife to death after finding a screenshot of a convo she didn't want him to see?
The Microsoft Murderer Trial would certainly test the aphorism that there's no such thing as bad publicity.
Anthony, of course
in reply to Kevin Beaumont • • •Cyberkillen
in reply to Kevin Beaumont • • •Nicole Parsons
in reply to Kevin Beaumont • • •Investments by oil despots yields products that despots want.
businessinsider.com/microsoft-…
arabnews.com/node/2507356/busi…
consultancy-me.com/news/8148/p…
cio.com/article/2079045/pwc-mi…
arabnews.com/node/2518936/amp
bloomberg.com/news/articles/20…
Amazon, Microsoft Boosting Saudi Offices Amid State Pressure
Matthew Martin (Bloomberg)Kevin Beaumont
in reply to Nicole Parsons • • •Nicole Parsons
in reply to Kevin Beaumont • • •Saudi Arabia had been flooding American tech companies with cash since 2018.
Twitter was just one example of anti-democracy oil oligarchs hijacking tech.
Kushner's $2 billion in Saudi sovereign funds isn't buying beach-front condos in Gaza, it's being spent on torpedoing tech brands like Microsoft.
Google, Apple, Oracle, Amazon, Microsoft, all had MBS visit in 2018. The investments continued after the Khassoghi murder & its accelerated in recent months.
vox.com/technology/2023/5/1/23…
How Saudi money returned to Silicon Valley
Jonathan Guyer (Vox)Kevin Beaumont
in reply to Nicole Parsons • • •Nicole Parsons
in reply to Kevin Beaumont • • •Microsoft made a sudden shift towards AI development in 2018 under pressure from investors. As did the Big Five.
Recall was one of the products developed with those investments.
OvertonDoors
in reply to Kevin Beaumont • • •@Npars01
Sure, and it's an coincidence that the WaPo ousted it's editor in favor of someone who wants TuckerKarlson op-eds.
I suppose you believe it was pure incompetence that drove Musk's management of Twitter into the shitter.
Rupert Murdoch marries his ruZZian handler, nothing to see here.
But co-pilot's creation has nothing to do with the billions of autocratic petro-dollars being pumped into Microsoft. Your not trying nearly hard enough to stick your head in the sand.
Kevin Beaumont
in reply to OvertonDoors • • •das_menschy
in reply to Kevin Beaumont • • •das_menschy
in reply to Kevin Beaumont • • •dexternemrod
in reply to Kevin Beaumont • • •Mediocre Zombie Shuffle
in reply to Kevin Beaumont • • •part of me suspects there is some government/agency pressure behind the whole idea, because who really benefits from this
then again I wonder if I am just being overly paranoid, and remind myself of Hanlon's razor
maswan
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •"Microsoft should recall Windows Recall" — Security researcher discovers Microsoft's new AI tool is woefully insecure
Zac Bowden (Windows Central)João Tiago Rebelo
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to João Tiago Rebelo • • •João Tiago Rebelo
in reply to Kevin Beaumont • • •GP
in reply to Kevin Beaumont • • •miketcope
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Microsoft has been declining to comment on criticism of Recall for a week - but they have apparently told a journalist off the record at Future that changes will be made before Copilot+ devices drop in the coming days.
This may include an attempt to invalidate researcher criticism, we’ll see.
Charles Fulton
in reply to Kevin Beaumont • • •ROTOPE~1 :yell:
in reply to Kevin Beaumont • • •Edvin Malinovskis
in reply to Kevin Beaumont • • •Jason Parker (he/they)
in reply to Kevin Beaumont • • •"will have the option to choose not to"
so opt-out
Kevin Beaumont
in reply to Kevin Beaumont • • •WIRED has a piece about Total Recall, a now released tool which dumps keypresses, text and screenshots (they’re JPEGs) from Microsoft Recall
wired.com/story/total-recall-w…
Total Recall software by @xaitax github.com/xaitax/TotalRecall
Example search for ‘password’:
🪟 Captured Windows: 133
📸 Images Taken: 36
🔍 Search results for 'password': 22
📄 Summary of the extraction is available in the file:
C:\Users\alex\Downloads\TotalRecall\2024-06-04-13-49_Recall_Extraction\TotalRecall.txt
GitHub - xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
GitHubCharlie Stross reshared this.
Lazarou Monkey Terror 🚀💙🌈
in reply to Kevin Beaumont • • •Alan
in reply to Kevin Beaumont • • •Lauren P. Burka
in reply to Kevin Beaumont • • •husjon.dev
in reply to Kevin Beaumont • • •Andy Wood
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •I hadn’t been aware until today of the external reaction to Recall. Holy shit. Tim Apple must be pleased.
Everything from media coverage to YouTube to TikTok is largely negative. All the comments are negative.
These videos have tens of millions of views and hundreds of thousands of comments.
I knew it would be bad but.. it’s worse. I’ve spent hours looking at the sentiment and.. well, they probably would have got better coverage from launching an NFT of pregnant Clippy.
Charlie Stross reshared this.
Benjamin Pollack
in reply to Kevin Beaumont • • •David Penfold :verified:
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to David Penfold :verified: • • •pL
in reply to Kevin Beaumont • • •R
in reply to Kevin Beaumont • • •James_inthe_box
in reply to Kevin Beaumont • • •But Kevin, ZDNet says not to worry :chuckle: :wheeze:
zdnet.com/article/is-microsoft…
Is Microsoft Recall a 'privacy nightmare'? 7 reasons you can stop worrying about it
Ed Bott (ZDNET)Kevin Beaumont
in reply to James_inthe_box • • •Really”
Fellows
in reply to Kevin Beaumont • • •John Breen
in reply to Kevin Beaumont • • •Internet Rando
in reply to Kevin Beaumont • • •gunstick
in reply to Kevin Beaumont • • •CMDR Yojimbosan ⁂
in reply to Kevin Beaumont • • •I'm sure someone suggested that Apple was doing the same thing on their platform soon too.
Unless I was remembering 9to5mac.com/2022/11/02/rewind-… ... ?
'Rewind AI' records everything you do on your Mac
Filipe Espósito (9to5Mac)Kevin Beaumont
in reply to CMDR Yojimbosan ⁂ • • •Lowlife's inane ramblings 🦜☠
in reply to Kevin Beaumont • • •Shark Attak
in reply to Kevin Beaumont • • •Alerta! Alerta!
in reply to Kevin Beaumont • • •Would Apple have continued their OpenDirectory, They would be in a pretty awesome position now... 🙄
But macOS Server was sadly not a priority.... 🤷
Chris Bussard
in reply to Kevin Beaumont • • •Killa Koala
in reply to Kevin Beaumont • • •Charlie Stross
in reply to Killa Koala • • •Rebecca Cotton-Weinhold
in reply to Killa Koala • • •Charlie Stross
in reply to Rebecca Cotton-Weinhold • • •Rebecca Cotton-Weinhold
in reply to Charlie Stross • • •smallgreencloud
in reply to Charlie Stross • • •Charlie Stross
in reply to smallgreencloud • • •Kevin Beaumont
in reply to Kevin Beaumont • • •A key element of Recall is Microsoft say only you can access your Recall, it is per user.
ArsTechnica enabled Recall on Windows 11 box and tested the claim. By logging in as another user they could access the database and screenshots.
arstechnica.com/ai/2024/06/win…
Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned
Ars TechnicaCharlie Stross reshared this.
LionelB
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •If you want to know how Microsoft have got themselves into this giant mess with Recall, here’s what the documentation says between the lines:
you, the customer, are a simpleton who doesn’t want to be an AI genius yet. Have a caveman mode.
Charlie Stross reshared this.
Jonly
in reply to Kevin Beaumont • • •S Bodzin, Real American 🇺🇸
in reply to Kevin Beaumont • • •JennyFluff :heart_trans:
in reply to Kevin Beaumont • • •Lars Marowsky-Brée 😷
in reply to Kevin Beaumont • • •The "This is not, ever, a good use case for it" is completely beyond their mental capabilities to grasp as an idea.
Kevin Beaumont
in reply to Kevin Beaumont • • •Recall and Copilot+ is also coming to ASUS systems, including AMD, in a deal with Microsoft.
ASUS Announces Complete Portfolio of AI-Powered Copilot+ PCs asus.com/us/news/pnm9tg6qccql6…
Nvidia announced they are bringing Copilot+ and Recall to PCs, in a deal with Microsoft: theverge.com/2024/6/2/24169568…
Nvidia and AMD are bringing Microsoft’s Copilot Plus AI features to gaming laptops
Tom Warren (The Verge)RootWyrm 🇺🇦:progress:
in reply to Kevin Beaumont • • •EXTREMELY FUCKING RELATED:
youtube.com/watch?v=uYdtpU8FKO…
youtube.com/watch?v=I3DwhTc7Z4…
youtube.com/watch?v=7pMrssIrKc…
ASUS Already On Government's Radar for Warranty Issues
YouTubeKevin Beaumont
in reply to Kevin Beaumont • • •Three Copilot+ Recall questions that keep coming up.
Q. Can you alter the Recall history?
A. Yes. You can change the OCR database and change the screenshots as the logged in user or as software running as the local user. There is no audit log of changes.
Q. Are they snapshots, as Microsoft says, or screenshots?
A. They are just screenshots, jpegs.
Q. What is to stop apps on your machine accessing your Recall covertly?
A. Nothing. There is no audit log of access.
Novyx
in reply to Kevin Beaumont • • •Parade du Grotesque 💀
in reply to Kevin Beaumont • • •praveen
in reply to Kevin Beaumont • • •Jeff Grigg
in reply to Kevin Beaumont • • •Well, I think I see how they *could* use that as an excuse for saying, …
“Look, there's nothing stopping you from making/using 3rd party tools to eliminate any of the data you do not want in there. *So it's not our problem!*”
🙄
.
(But if sensitive data is in there for even a short time, it's a risk!)
[nate@social0 ~]$ :idle:
in reply to Kevin Beaumont • • •Aires
in reply to [nate@social0 ~]$ :idle: • • •Kevin Boyd (he/him) 🇨🇦
in reply to Kevin Beaumont • • •@hacks4pancakes A long time ago, I saw a movie called "The Net", where multiple people's lives were ruined (including what was effectively an assassination) by surreptitious modification of digital records.
I think it's time to reboot The Net.
aqunt
in reply to Kevin Beaumont • • •Lesley Carhart :unverified:
in reply to Kevin Beaumont • • •JaxxAI
in reply to Lesley Carhart :unverified: • • •Kevin Beaumont
in reply to JaxxAI • • •JaxxAI
in reply to Kevin Beaumont • • •Rachel Rawlings
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •If anybody is wondering what Microsoft's reaction to any of the Copilot+ Recall concerns are, they're continuing to decline comment to every media outlet.
I've seen comments MS staff have been given for enterprise customers, which are nonsense handwaving.
Product ships live on devices from Dell, Lenovo etc this month. x.com/zacbowden/status/1798221…
Noah Cook
in reply to Kevin Beaumont • • •I do hope they understand that this strategy does not work with governments. You know, organizations that, believe it or not, really do have more money and more attorneys than Microsoft.
I'm wondering if this is going to be an every-generation thing where MS has to get slapped down HARD by people with the sole monopoly on legitimate use of force, only to slowly forget the lesson over the next two decades.
Or they could spend a tiny amount on due dilligence, but that's boring.
Liam
in reply to Kevin Beaumont • • •billy joe bowers - hates nazis
in reply to Kevin Beaumont • • •Yuri Arabadji
in reply to Kevin Beaumont • • •I don't understand what you keep complaining about.
Guy clearly says "this is my computer, this is my Recall".
If you want to have *your* computer and *your* recall, you'll have to build it yourself. Leave the guy alone.
Sheepie
in reply to Kevin Beaumont • • •@kcarruthers Wait, I assumed Recall was something that was a year or two down the line? It was that fucking stupid and ill thought through I assumed it had to be just a concept at most?
It's actually going live to public this month? WTAF?
That's even worse than AI LLM's going public as prematurely as they have.
How did MS's lawyers approve this? How did nobody realise just how horrible it is before the public reaction?
rmcv42
in reply to Kevin Beaumont • • •did you catch Steve Gobson’s take on recall, after your wonderful breakdown, on this week’s episode of Security Now episode 977?
Apple link podcasts.apple.com/us/podcast/…
Grc’s website 16 kb downloadable page (not there yet though 🤷)
grc.com/securitynow.htm
Security Now (Audio): A Large Language Model in Every Pot - Problems With Recall, End of ICQ, Email @ GRC on Apple Podcasts
Apple PodcastsKevin Beaumont
in reply to Kevin Beaumont • • •Jon Greig
in reply to Kevin Beaumont • • •Mina Molli
in reply to Kevin Beaumont • • •Well, your supervisor at work will appreciate the possibility to easily look into what you did all day.
@tiraniddo
Kevin Beaumont
in reply to Kevin Beaumont • • •GitHub - xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
GitHubKevin Beaumont
in reply to Kevin Beaumont • • •You can now remotely dump Recall data and screenshots over the internet from Linux etc. Changes in flight for parsing data too.
github.com/Pennyw0rth/NetExec/…
Add Recall module for dumping all users Microsoft Recall DBs & screenshots by Marshall-Hallenbeck · Pull Request #335 · Pennyw0rth/NetExec
GitHubJeff Grigg
in reply to Kevin Beaumont • • •Rye
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •petabites
in reply to Kevin Beaumont • • •George Liquor, American
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Turns out speaking out works.
Microsoft are making significant changes to Recall, including making it specifically opt in, requiring Windows Hello face scanning to activate and use it, and actually encrypting the database.
There are obviously going to be devils in the details - potentially big ones.
Microsoft needs to commit to not trying to sneak users to enable it in the future, and it needs turning off by default in Group Policy and Intune for enterprise orgs.
theverge.com/2024/6/7/24173499…
Windows won’t take screenshots of everything you do after all — unless you opt in
Tom Warren (The Verge)Stu
in reply to Kevin Beaumont • • •Lulu · לולו
in reply to Kevin Beaumont • • •Aaron 🍞🏳️🌈 :antiverified:
in reply to Kevin Beaumont • • •Me 🐶
in reply to Kevin Beaumont • • •Meowie Gamer
in reply to Kevin Beaumont • • •stingertough
in reply to Kevin Beaumont • • •Jeff MacKinnon
in reply to Kevin Beaumont • • •Noah Cook
in reply to Kevin Beaumont • • •Sounds like they finally ran this plan past legal, and after having to administer enough sedatives to drop a herd of elephants, the attorneys managed to stop screaming long enough to put put a basic list of Things That Must Happen.
FWIW, policy analysts cost about 1/10th what an attorney charges per-hour. That's actually a pretty standard FAFO tax, if you think about it.
gudenau
in reply to Kevin Beaumont • • •Corbin Davenport
in reply to Kevin Beaumont • • •Kote Isaev
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Obviously, I recommend you do not enable Recall, and you tell your family not to enable it too.
It’s still labelled Preview, and I’ll believe it is encrypted when I see it.
There are obviously serious governance and security failures at Microsoft around how this played out that need to be investigated, and suggests they are not serious about AI safety.
Johan Nilsson
in reply to Kevin Beaumont • • •Robert Link
in reply to Kevin Beaumont • • •Recall's gonna happen. Either accept that Big Brother has won, or use something else.
If you're one of the hapless slobs who can't use something else because your boss loves Big Brother, my condolences.
Misuse Case
in reply to Kevin Beaumont • • •TheTomas
in reply to Kevin Beaumont • • •you nailed it with "serious governance failures" and quoting by the way tha latest CISA report.
cisa.gov/sites/default/files/2…
Mare Polaris
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Microsoft reverses course, makes Recall feature opt-in only after security backlash
therecord.mediaSuzanne Aldrich (she/her)
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Suzanne Aldrich (she/her) • • •Suzanne Aldrich (she/her)
in reply to Kevin Beaumont • • •zstix
in reply to Kevin Beaumont • • •:blahaj: Why Not Zoidberg? 🦑
in reply to Kevin Beaumont • • •John Carlsen 🇺🇸🇳🇱🇪🇺
in reply to Kevin Beaumont • • •Ben Esquivel
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •I should be transparent btw that I took Satya and Charlie’s commitment to security at face value too - I even published a blog on it backing that up - and I have concerns (it isn’t just me).
They’re now going to have to win trust back about winning trust back.
Kevin Beaumont
in reply to Kevin Beaumont • • •I know somebody at a retailer in Europe that is selling Copilot+ PCs. They’ve had fewer than a thousand preorders through to customers.
In relative terms, for them it’s about as successful as Suicide Squad Kill The Justice League.
Graham Sutherland / Polynomial
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Graham Sutherland / Polynomial • • •Graham Sutherland / Polynomial
in reply to Kevin Beaumont • • •miunau
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to miunau • • •Tom DB 🦣
in reply to Kevin Beaumont • • •Meowie Gamer
in reply to Kevin Beaumont • • •gigantos
in reply to Kevin Beaumont • • •which is super annoying to me.
They had the chance to finally sell a powerful #Windows laptop to compete with Apple on battery life and performance.
And what did they do? They made it all about the NPU, so now the only reason to buy it is a feature nobody wants or understands.
Kevin Beaumont
in reply to gigantos • • •HikariKnight
in reply to Kevin Beaumont • • •Less than 1000 sold so far (no idea if this was across the chain, region or that store specifically)
Oggie
in reply to Kevin Beaumont • • •I really want to know how they're going to square this new and improved concept with the fact that it's going to literally be used in abusive situations to get a better hold on the victims.
I realize this isn't a solvable problem, but the fact that it never even apparently showed up on their radar as a potential abuse is...upsetting to say the least.
namlaz
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to namlaz • • •namlaz
in reply to Kevin Beaumont • • •why do multiple sources and OEM themselves they say it isn’t available ?
asus.com/support/faq/1053182/
dell.com/support/kbdoc/en-uk/0…
[Notebook] Copilot Key - Introduction | Official Support | ASUS Global
ASUSKevin Beaumont
in reply to namlaz • • •Kevin Beaumont
in reply to Kevin Beaumont • • •A reminder that a few weeks ago at RSA, Microsoft signed CISA's Secure By Design pledge... and then shipped an enabled by design keylogger that OCRs your screen constantly into AppData.
Edit: I should say that's less a reflection on Microsoft and more a reflection on CISA's Secure By Design pledge.. it's a good idea, but the scope is extremely limited.
Aaron 🍞🏳️🌈 :antiverified:
in reply to Kevin Beaumont • • •skglas
in reply to Kevin Beaumont • • •Mark Koek
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •I think MS are a way off extracting themselves from Recall situation they've got themselves into.
This is just one YouTube comments section on a video since the not-enabled-by-default change - 500k views - but there's loads more, similar on TikTok.
I imagine it's going to continue through week and into next week when the laptops ship.
I have heard rumblings MS are discussing trying to take action against me over the whole thing, which a) good luck and b) would be pouring petrol on the flames.
Stu
in reply to Kevin Beaumont • • •Kerfuffle
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Some backstory - it's being reported Microsoft developed Recall in secret to try to avoid scrutiny. windowscentral.com/software-ap…
I'm hearing that various MSFT people are furious about how this played out over the past few weeks, which IMHO represents a serious lack of introspection.
A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel's back
Zac Bowden (Windows Central)Mountain Mindset
in reply to Kevin Beaumont • • •Walt Wooton
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Walt Wooton • • •cesarb
in reply to Kevin Beaumont • • •Alun Jones
in reply to Kevin Beaumont • • •But the security and privacy aspects should have made Microsoft cause some internal heads to roll.
Kevin Beaumont
in reply to Alun Jones • • •Noah Cook
in reply to Kevin Beaumont • • •That article isn't even good propaganda, I give it a C-.
But yeah, I suspect that this was kept secret from their policy and legal teams as well, because I'm going to assume that the people working on those teams are competent.
I also really, really, really want to know the gender makeup of the supersekrit skunkworks team that tested this. I mean, I feel confident in my hypothesis, but best to await confirmatory evidence.
Kevin Beaumont
in reply to Noah Cook • • •Norbert Kowallik
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Microsoft have paused the rollout of Windows 11 24H2 in preview channel, it was the version containing Recall. Microsoft have not explained why.
x.com/brandonleblanc/status/17…
I don't know if it was publicly known but it was possible to use Recall on more hardware via Mach2, before this was pulled.
Kevin Beaumont
in reply to Kevin Beaumont • • •To put this one into perspective, there's one broadcast TV network looking at Recall still, and an investigative journalist.
Plus I imagine @evacide, @wdormann etc would have something to say if MS tried holding anybody but themselves accountable for their own actions.
El Jefe ":verified:" :donor:
in reply to Kevin Beaumont • • •@evacide @wdormann lol.
Your tinfoil hat might be a bit too tight.
Kevin Beaumont
in reply to El Jefe ":verified:" :donor: • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •I have an image where when viewed on a Copilot+ Recall PC, a Windows process crashes as it tries to process the screenshot.
New email signature?
Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Microsoft’s President Brad Smith appears before US House Committee on Homeland Security tomorrow.
His testimony: homeland.house.gov/wp-content/…
In this bit he talks about Recall (not named), where he pats himself and Microsoft on the back for “a feature change” and job well done.
Given it has been a complete cybersecurity and privacy car crash - and as of today the changes (plural) they’re referring to haven’t even been implemented - it seems like Microsoft fails to grasp customer needs: safety.
Kevin Beaumont
in reply to Kevin Beaumont • • •One other thing - Microsoft's written testimony to the US House says, quoting, bolded by MS:
"Before I say anything else, I think it’s especially important for me to say that Microsoft accepts responsibility for each and every one of the issues cited in the CSRB’s report. Without equivocation or hesitation. And without any sense of defensiveness."
Counterpoint: they publicly disputed the report in the media. theverge.com/2024/4/25/2413991…
Microsoft needs to win back trust
Tom Warren (The Verge)Kevin Beaumont
in reply to Kevin Beaumont • • •I should say that if Brad is asked about Recall tomorrow, the answers may raise some.. uh... eyebrows here.
I don't know what MS SLT have been told, but expect fun when the feature drops on consumer laptops in a few days.
As I mentioned in my blog, there is some more security hardening there on Copilot+ PCs (this was before MS put out their blog)... but it's still easily bypassable.
Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Microsoft’s Recall puts the Biden administration’s cyber credibility on the line
cyberscoop.com/microsoft-recal…
Interesting article. All through this, CISA and the DHS have declined to comment.
Microsoft’s Recall puts the Biden administration’s cyber credibility on the line
eliasgroll (CyberScoop)Kevin Beaumont
in reply to Kevin Beaumont • • •The Verge reports today that "Windows engineers are scrambling to get additional changes tested and ready for the release of Copilot+ PCs next week."
It also says "Recall was developed in secret at Microsoft, and it wasn’t even tested publicly with Windows Insiders."
I've also been told Microsoft security and privacy staff weren't provided Recall, as the feature wasn't made available broadly internally either.
theverge.com/2024/6/13/2417770…
Xbox delivered and Windows scrambles to secure Recall
Tom Warren (The Verge)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Brad Smith just said Recall was designed to be disabled by default. That is not true. Microsoft’s own documentation said it would be enabled by default - they only backtracked after outcry.
He has somehow got almost every detail about Recall wrong while testifying.
Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Obviously, I’ll wait to see the announcement but it sounds like they’ve finally realised they need to take the time and get the feature right (and frankly consider the target audience - most home users, it ain’t).
They should have announced this before or during the US House hearing.
Kevin Beaumont
in reply to Kevin Beaumont • • •Announcement is out. Good on Microsoft for finally reaching a sane conclusion.
- Recall won’t ship as a feature at launch on Copilot+ PCs any more.
- Won’t be available in Insider preview channel at launch, as it was pulled.
When it does appear in preview channels, privacy and security researchers need to keep a close eye on what Microsoft are doing with the feature.
Microsoft tried developing this feature in secret in a way which tried to avoid scrutiny. Thank you to everyone who stood up.
samiamsam
in reply to Kevin Beaumont • • •`Da Elf
in reply to Kevin Beaumont • • •Their InfoSec team is Super Pissed. *They* weren't informed.
Let me say again:
Linux people had to contain MicroSoft InfoSec* from killing Microsofties (last Thurs at the HackSpace meeting).
* InfoSec is InfoSec no matter who you work for. We didn't want our brothers and sisters to go to prison. This is The Way.
Jason 🫧
in reply to Kevin Beaumont • • •Crimea River
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Crimea River • • •Crimea River
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Crimea River • • •Chris Who
in reply to Kevin Beaumont • • •I've always used Windows.
I have played with Ubuntu (really like DDE) and the second they retire Windows 10 and I have to have a Windows with recall, Windows is going in the bin and I'm full on Linux.
This was just insanely stupid.
ChookMother 🇦🇺🦘
in reply to Kevin Beaumont • • •Grant
in reply to Kevin Beaumont • • •@0xThylacine
[object Object]
in reply to Kevin Beaumont • • •this article uses a lot of absolutes to describe a Microsoft product.
“When Windows Recall is enabled, it places a permanent visual indicator icon on the Taskbar …This icon cannot be hidden or moved.”
“Your existing Windows 11 PC is not eligible to run Windows Recall and very likely never will be.”
I fully expect malware that surreptitiously enables Recall on any Windows 11 PC and exfiltrates data.
Andrew Singleton
in reply to Kevin Beaumont • • •Who in their right mid would see Recall and 'That is a wonderful idea and nothing will ever go wrong with its deployment!'
Seriously. you couldn't have come up wit ha better honeypot for malware to harvest data with.
Kierkegaanks regretfully
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kierkegaanks regretfully • • •he won't be, he's the CEO and the chairman at the same time for one thing, and he's led something like a 500% share price increase since he took over. Plus, he likely didn't decide everything along the way.
Nobody needs to be fired, just maybe don't try to ship stuff like this enabled by default in the future, where it's clearly risky.
Kierkegaanks regretfully
in reply to Kevin Beaumont • • •a man can dream. Nearly all enshittification of windows, office, and microsoft accounts are his doing. (I don’t work with Azure so I have no idea what’s going down there). He is the wizard of oz of pulling profit from users while abusing them.
But if this becomes a threshold moment, an infected wound where everything that’s shit about microsoft now turns people away, and keeps people away, valuation will freefall, Azure-AI or not.
Won’t happen, but I can dream
Kevin Beaumont
in reply to Kierkegaanks regretfully • • •@Kierkegaanks he definitely has a problem to manage now as they've just eroded customer so much over the past 5 years in search of inorganic growth.
I had a popup just now to change my search engine to Bing, where the options were basically 'change now' or 'change later'. It just all feels.. cheap and seedy.
Andrew Bartlett
in reply to Kevin Beaumont • • •sortius
in reply to Kevin Beaumont • • •the only comment I disagree with is the "Hey, I don't remember what I was looking at".
I think everyone eventually has a senior moment and thinks of a similar solution, but within seconds we dismiss such an idea as idiotic madness... like Microsoft should have!
`Da Elf
in reply to Kevin Beaumont • • •Hahahhahhahahahahahahahahaha.
*Inhaaaales*
HAHAHAHAHAHAHAHAHAHAHAHA!
Well, they Aren't suing you in Seattle (King County, WA) because we have Anti SLAPP. I'm reasonably certain you're not in East Texas (though they have a presence I'm sure) but you get that tossed for "Wrong Fucking Venue".
They made an aircraft with no fuselage and you pointed it out ... wah.
System Adminihater
in reply to Kevin Beaumont • • •Doesnt matter they have contracts with US feds for cloud. Nobody can make them change. They are too big to hold accountable.
I guess we could all start using Apple PCs but naw?
Claus Cramon Houmann
in reply to Kevin Beaumont • • •Beachbum
in reply to Kevin Beaumont • • •matuzalem
in reply to Kevin Beaumont • • •Maddad ☑️
in reply to Kevin Beaumont • • •Dragon-sided D
in reply to Kevin Beaumont • • •You know what works even better?
Installing Linux
Steve's Place
in reply to Kevin Beaumont • • •Fernando M. S. 🇵🇸
in reply to Kevin Beaumont • • •sebastian büttrich
in reply to Kevin Beaumont • • •While that might be a nice partial interim success, #MicroSoft
will certainly not stop sneaking on users - it s their business concept, and you dont need graphical snapshots to track a user. There s telemetry you cant turn off. Try run a #Windows PC without net connection (or blocking connections to the overlords), and you will know.
There is one way to turn it off: install Linux.
#Total #Recall
JimmyChezPants
in reply to Kevin Beaumont • • •If I was strategic team at MS, I would have every possible statistic I could get on Linux adoption at the personal level.
I wouldn't know how to look into this, but I would bet a solid five internets that downloads of Ubuntu and other Linux desktops skyrocketed in the last week
Not necessarily installs, yet, but there's a pattern now set, where capitalists overstep a bit, and it triggers interest in alternatives (Hey Twi-umm, X, hey buddy...), and they will be aware of that too.
Tyler Griffin
in reply to Kevin Beaumont • • •bytebro
in reply to Kevin Beaumont • • •Andreas S. :verified_paw:
in reply to Kevin Beaumont • • •still:
beige.party/@slowbiex/11248664…
Andreas S. :verified_paw: (@slowbiex@beige.party)
beige.partyMare Polaris
in reply to Kevin Beaumont • • •Mare Polaris
in reply to Kevin Beaumont • • •db
in reply to Kevin Beaumont • • •How can we be so sure?
We know that Google lied about the Chrome's private functions.
db
Andreas
in reply to Kevin Beaumont • • •🪱Wormius🪱
in reply to Kevin Beaumont • • •"Microsoft needs to commit to not trying to sneak users to enable it in the future"
Yeah no - they're going to 100% do it. It's their MO. Just like any public company will fuck you over.
More corporate lullabies to lull you into complacency. They are whole hog "AI" and this is what they will force on us in the end.
Linux or BSD and with the least corporate dominated distros I can find (that is still stable enough).
evacide
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to evacide • • •@evacide I’m not sure if that’s true, honestly, as the public reaction to the feature was overwhelmingly negative.
The other thing is I couldn’t speak to the privacy implications as I just didn’t know enough about that - so I’m glad you and others did.
Microsoft will have known the problems with this one and they just.. tried to do it anyway. It’s really worrying I think as it signifies a feeling of a blank cheque with AI.
datarama
in reply to Kevin Beaumont • • •Kensan
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kensan • • •@Kensan @evacide there is constant internal dissent at Microsoft, directed into Yammer. One problem here it didn’t stop it being rolled out at Build to the world’s press, by which point laptops were in boxes.
That’s not a healthy security or privacy culture. This was Microsoft execs queuing up to score own goals and high five themselves, at the expense of their own customers.
My bio on Twitter is literally “portable toilet cleaner” and I had to publicly unpick things with others.
Kensan
in reply to Kevin Beaumont • • •@evacide That’s what I suspected… How this whole thing came about reflects on the company culture is what I find more disconcerting than the actual feature itself.
Thank you for your much needed cleaning services in great service of everyone!
mastodon.social/@Kensan/112565…
Kensan (@Kensan@mastodon.social)
MastodonMark Koek
in reply to Kevin Beaumont • • •Human 3500
in reply to Kevin Beaumont • • •maswan
in reply to Kevin Beaumont • • •NotMyBub :mverified:
in reply to Kevin Beaumont • • •Dame Holly
in reply to Kevin Beaumont • • •Kerem
in reply to Kevin Beaumont • • •Still not helpful, they need to completely scrap the idea. This just gives black hats another angle of attack.
And I'm pretty sure we'll find out that FBI or whatever will be able to turn recall on remotely and completely trample on people's privacy.
Not Microsoft's first blunder doing this kind of thing.
Cabbidges
in reply to Kevin Beaumont • • •Ooze 𓁟
in reply to Kevin Beaumont • • •Dietmar
in reply to Kevin Beaumont • • •June T. Michael
in reply to Kevin Beaumont • • •Aber da ich die ganze Sache mitverfolge und regelmäßig dazu was teile, teile ich der Vollständigkeit halber auch diese Neuigkeiten. Microsoft rudert zumindest teilweise zurück, weil genug Leute geschimpft haben
Kurtis B. Krew
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kurtis B. Krew • • •Kurtis B. Krew
in reply to Kevin Beaumont • • •Apparently it already is true one day later? 🤷 soapbox.hackdefendr.com/@jeff/… But in the end, it matters not.
NO NAME
2024-06-08 01:43:50
Kevin Beaumont
in reply to Kurtis B. Krew • • •Galactic Man
in reply to Kevin Beaumont • • •So months/years in development and we're asked to accept that mere days/weeks after it was announce Microsoft have re-engineered it to make it safer and more secure?
Or, and hear me out, did MS always intend this as the end-result but have made it more palatable by giving us the shittest possible implementation first? The ol' Ask for Lots, Settle for Less philosophy.
"Hurrah Microsoft have Listened!"
Have they fuck. Don't fall for this. We've been played.
Kevin Beaumont
in reply to Galactic Man • • •@R0B0_G0D oh there’s definitely some of that going on.
Some of the features they’re talking about were in the product before the blog - I haven’t got into that yet as said features don’t actually work properly, I don’t think they realise. The launch will be a car crash still. But at least it’s not on by default.
Rasmus Lindegaard
in reply to Kevin Beaumont • • •Encrypting the database, at rest? If anything can get ahold of unencrypted data from the database, its all fubar, no matter what they do.
But it is good that they are changing some things
Kevin Beaumont
in reply to Rasmus Lindegaard • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Kevin Beaumont • • •so… would that be considered a recall of Recall?
Cassandrich
in reply to Kevin Beaumont • • •They also need to make it possible not to install it at all.
Functionality which is installed but turned off is too easy to get accidentally or maliciously enabled, and non experts have no way of determining if that has happened. Same issue as always connected microphones. You don't make a software switch to fix that. You make a hard switch or a separate disconnectable component.
Gloopsies :fedora:
in reply to Kevin Beaumont • • •"Speaking out works"
I hate to be that guy but this is a known Microsoft playbook...
1. Advertise something awful that people hate
2. People spread the hate online
3. Microsoft acts as a good guy and tones it down a little bit so people can say that they changed and they are the good guys even if the new way is still awful
4. In a couple of updates return to the original proposal silently
Works every time...
Kevin Beaumont
in reply to Gloopsies :fedora: • • •Gloopsies :fedora:
in reply to Kevin Beaumont • • •Jonathan Doughty
in reply to Kevin Beaumont • • •Bluedepth
in reply to Kevin Beaumont • • •Atomic Orbitals
in reply to Kevin Beaumont • • •Phil Stevens :tinoflag:
in reply to Kevin Beaumont • • •David W. Jones
in reply to Kevin Beaumont • • •@gavcloud
Gilgwath
in reply to Kevin Beaumont • • •1. MS: this is gonna be sooo great.
2. Everbody: Nah man, that's creepy GTFO
3. The hacker sceen: this gonna be great. We gonna rip this to shreds.
4. MS: no, no, this all super secure and private and local only. Trust me bro.
5. Hackers continue to rip into the thing like it's butter.
gunstick
in reply to Kevin Beaumont • • •Like having the complete engine running in another VM implying that from now on windows will run as a VM on a hypervisor.
For me that's the only way to have it at least a little protected.
Ceri Davies
in reply to Kevin Beaumont • • •DieMadColonizer
in reply to Kevin Beaumont • • •hey thanks for continuing to post on this.
I saw on bighard's website that they're rolling this Copilot out to Win10 as well but it's not clear if Recall will be on there? Have you been able to find anything on that aspects of this? Thanks again!
support.microsoft.com/en-us/wi…
Welcome to Copilot in Windows - Microsoft Support
support.microsoft.comWIRoadTripper
in reply to Kevin Beaumont • • •VessOnSecurity
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to VessOnSecurity • • •VessOnSecurity
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to VessOnSecurity • • •ROTOPE~1 :yell:
in reply to Kevin Beaumont • • •Scherzog von Beast Oil
in reply to Kevin Beaumont • • •Asta [AMP]
in reply to Kevin Beaumont • • •"Yes. You can change the OCR database and change the screenshots as the logged in user or as software running as the local user. There is no audit log of changes."
One of the very first tasks I had to do at Microsoft was implement an audit log for a service that was used by maybe 200 different people (or groups). It was considered important!
Good thing Windows isn't used by more than 200 people, or
Kevin Beaumont
in reply to Asta [AMP] • • •schrotthaufen
in reply to Kevin Beaumont • • •@pettter@social.accum.se
in reply to Kevin Beaumont • • •Author-ized L.J.
in reply to Kevin Beaumont • • •Stu
in reply to Kevin Beaumont • • •argv minus one
in reply to Kevin Beaumont • • •Estarriol, lucozade dragon
in reply to Kevin Beaumont • • •Moritz Bartl
in reply to Kevin Beaumont • • •Diego Roversi
in reply to Moritz Bartl • •Moritz Bartl
in reply to Diego Roversi • • •GitHub - xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
GitHubjz.tusk
in reply to Kevin Beaumont • • •Marquise de What
in reply to Kevin Beaumont • • •axleyjc
in reply to Kevin Beaumont • • •rrb
in reply to Kevin Beaumont • • •xkcd.com/327/
Exploits of a Mom
xkcdJim Campbell
in reply to Kevin Beaumont • • •Rule #1, The Doctor lies.
#DoctorWho
Yuri Arabadji
in reply to Kevin Beaumont • • •ars piece has factually contradicting sentences:
* "... says admin access to the system isn’t required to read another user’s Recall database. "
* "Another user with an admin account can easily grab any other user’s Recall database and all the Recall screenshots by clicking through a simple UAC prompt. "
Next to each other.
I get they want clicks through sensationalism, but wtf, this needs correcting.
🇨🇦 TRH 🇨🇦
in reply to Kevin Beaumont • • •Ben Rolfe 🌳
in reply to Kevin Beaumont • • •iam-py-test :unverified:
in reply to Kevin Beaumont • • •Of course admin/root can access any user's files by going through the proper process.
That part is no different from reading another user's browser cookies.
Moreover, other than secure enclave/TPM/etc, an adversary who has root/admin can break the security of any lower privileged application.
I still think Recall is a bad idea.
Kevin Beaumont
in reply to iam-py-test :unverified: • • •TransitBiker
in reply to Kevin Beaumont • • •argv minus one
in reply to Kevin Beaumont • • •It should be noted that that UAC prompt is only easily dismissed if you have admin privileges. Otherwise, it's a hard “access denied” error.
It should also be noted that this is also how it works for other users' documents and such.
`Da Elf
in reply to Kevin Beaumont • • •9579cfc2-3e7d-35c7-af3b-cddda26f71bd
in reply to Kevin Beaumont • • •Yuri Arabadji
in reply to Kevin Beaumont • • •> I knew it would be bad but.. it’s worse
Because "someone" has added MS-shaming to his agėnda, but for what reasons remains unknown.
`Da Elf
in reply to Kevin Beaumont • • •"well, they probably would have got better coverage from launching an NFT of pregnant Clippy" ...
That is both, such an amazingly awful analogy, while being likely true, that's it's truly frightening.
Also, thatmental image has be reaching for brain bleach...thanks for that.
Tom Dewar
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Tom Dewar • • •Tom Dewar
in reply to Kevin Beaumont • • •petabites
in reply to Kevin Beaumont • • •when Android uses on-device storage with AI computing (eg., Now Playing) Google says it doesn't need to have anything appear on your PrivacyDashboard ... or even display the MIC indicator any more 😬
* something-something private compute core, and "privacy-preserving analytics"
rrb
in reply to Kevin Beaumont • • •`Da Elf
in reply to Kevin Beaumont • • •Isn't it Great how Microsoft *solved* All The Problems the community has listed, in a few days, before it ships.
So all that has been secured, unit tested, QAd, and packaged in One Week.
Windows Users: I have a beach front time-share in Wyoming you just may be interested in.
Stu
in reply to Kevin Beaumont • • •EnJoule | The Realm of Energy
in reply to Kevin Beaumont • • •Barktic Fox :therian:
in reply to Kevin Beaumont • • •BashStKid
in reply to Kevin Beaumont • • •What are the chances that this was a siloed development for increasing the MS market where interest in AI and repressive authoritarianism go hand in hand, ie the Gulf states? Clearly it was kept secret from the security teams etc, but got all the way through to RTM.
OwenT
in reply to Kevin Beaumont • • •Off topic, but as a casual user of Windows (pretty much exclusively for games) is there a current best tool for removing/blocking all the existing telemetry?
It's been a while since I did the research and I'm getting the "let's set up your computer [ad preferences]" popups again.
I'd be interested if anyone in thread has recommendations
Havyhh2
in reply to Kevin Beaumont • • •techhub.social/@SomeGadgetGuy/…
Bernd Paysan R.I.P Natenom 🕯️
in reply to Kevin Beaumont • • •Can you ask Recall if, and when, what kind of pr0n the person has been watching?
I guess yes. Browsers have tabs that don't remember the history for that purpose.
Crafty
in reply to Kevin Beaumont • • •Ariaflame
in reply to Kevin Beaumont • • •SuperMoosie
in reply to Kevin Beaumont • • •Jonathon Fletcher
in reply to Kevin Beaumont • • •What are the (so far) considered countermeasures to Recall?
e.g. if you have an addon showing a 1x1 drm in all browser pages (wildvine demo or similar) does Recall still record the entire browser page (for “not-Edge” browsers)?
e.g. if you deliberately mangle the sqlite database file does recall stop adding to it?
I am curious what countermeasures are already considered by others.
RealGene ☣️
in reply to Kevin Beaumont • • •Bishop Whitewind
in reply to Kevin Beaumont • • •You literally can't do this. It's literally illegal.
Noah Cook
in reply to Kevin Beaumont • • •Jukka Niiranen
in reply to Kevin Beaumont • • •I've been surprised to see Paul Thurrott consistently dismissing the #Recall security outcry as fake news: thurrott.com/windows/windows-1…
After I left Twitter, I hadn't seen much from Paul anymore. Now that's he was in my Threads, it seemed like he'd gone the MAGA way with what he writes.
Oh well. Unfollow & thanks for all the years of funny #Microsoft keynote shitposts.👋
Microsoft, Please Address the Recall Concerns Immediately (Premium) - Thurrott.com
Paul Thurrott (Thurrott.com)Optional
in reply to Kevin Beaumont • • •With alt text this would've been 10/10
Stephan
in reply to Kevin Beaumont • • •Jordan Erickson
in reply to Kevin Beaumont • • •VessOnSecurity
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to VessOnSecurity • • •Anne at Millrace
in reply to Kevin Beaumont • • •Stefan du Fresne
in reply to Kevin Beaumont • • •ugh describe remotely? You mean as a remote administrator, eg it's a corporate / school device?
This is going very well
Bret Mogilefsky
in reply to Kevin Beaumont • • •Gonna be a laugh riot* when bad actors figure out that you can also remotely plant evidence in Recall that someone did something they didn't, eg view CSAM.
*it will not, as this will further erode public trust in anything and only help awful people, even low-tech CSAM traders who will have plausible deniability
Pomax
in reply to Kevin Beaumont • • •Ongion 🥚🐞
in reply to Kevin Beaumont • • •TrickTim '25
in reply to Kevin Beaumont • • •TheTomas
in reply to Kevin Beaumont • • •Are you aware of this news from EU law enforcement? The timing is remarkable
heise.de/en/news/Encryption-Po…
Encryption: Police want real-time access to data streams from WhatsApp & Co.
Stefan Krempl (heise online)My name is Gordo (not really)
in reply to Kevin Beaumont • • •Benoît Régent-Kloeckner
in reply to Kevin Beaumont • • •Johannes
in reply to Kevin Beaumont • • •Simon Brooke
in reply to Kevin Beaumont • • •PLEASE use #AltText when posting things like this! Folk with visual impairments are JUST as vulnerable to information theft as the rest of us!
[Image in the post above shows incontrovertibly that Microsoft's new 'recall' feature makes passwords available to hackers]
التنينوكس
in reply to Kevin Beaumont • • •furicle
in reply to Kevin Beaumont • • •ISO8601
in reply to Kevin Beaumont • • •With Recall I'm unsure how to handle suppliers remoting in to provide support.
We can't control whether Recall is enabled on *their* PC.
We'd need a remote control app which specifically won't proceed if Recall is enabled on the viewer's side.
Kevin Beaumont
in reply to ISO8601 • • •Mickaël
in reply to Kevin Beaumont • • •Immerse me, Senpai!
in reply to Kevin Beaumont • • •Simon Lucy
in reply to Kevin Beaumont • • •obscurestar
in reply to Kevin Beaumont • • •datatrash
in reply to Kevin Beaumont • • •I have no knowledge of $COUNTRYs regulations for stealing data. But this seems like one could argue under certain circumstances that MS was complicit in such acts if they occur and can be traced to this feature. And in the most clandestine way.
Also, the line 'Windows is a personal experience.' took me some time to comprehend.
I'd very much disagree.
Completely off topic here but that statement confused me.
Nai 🌹 :verifiedtrans: :verifiedpansexual:
in reply to Kevin Beaumont • • •is doublepulsar.com your blog? can you use the user preferred color scheme instead of just hardcoding white on black?
some ppl have SERIOUS struggles reading white on black, and that includes me, sadly
Kevin Beaumont
in reply to Nai 🌹 :verifiedtrans: :verifiedpansexual: • • •Tuxicoman
in reply to Kevin Beaumont • • •@riskybusiness
What is the aim of Microsoft there. This looks a bad idea from every angle.
Nobody would like this feature activated.
So why???
Tim Ward ⭐🇪🇺🔶 #FBPE
in reply to Kevin Beaumont • • •Antonio Páez 🇲🇽🇨🇦
in reply to Kevin Beaumont • • •@WizardBear
Tech journalism is stenography
@cstross
Charlie Stross
in reply to Antonio Páez 🇲🇽🇨🇦 • • •Wuzzy
in reply to Kevin Beaumont • • •Andrew Radev
in reply to Kevin Beaumont • • •https://gigatexal.blog -he/him
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to https://gigatexal.blog -he/him • • •SuperMoosie
in reply to Kevin Beaumont • • •Benjohn
in reply to Kevin Beaumont • • •So … I'm easily gleeful to hate on recall for a host of reasons.
But – I really like the idea, as a feature, in principle. Or at least, something pretty adjacent.
I want to be able to look back through what I've done and I want to be able to search through that. I love even the dumb page history in Safari and I wish it worked better helping me find fuzzily from page content.
I love knowing the music I've heard recently.
I'd love much more of this.
But there seems to have been so little thought to safety put in the Recall.
And while "yeah – wang an AI in there" makes it kind of work from screen grabs, I feel like a real solution that had some semantic understanding of my history could be far more powerful.
I'm happy with my, properly secured personal machine, to keep intimate history of what I've done with it and help me search that. I'd have a system wide and very apparent incognito mode as necessary. But a feature like that needs _a_lot_ of care.
`Da Elf
in reply to Kevin Beaumont • • •I literally almost spit my coffee out.
I can't find a hole in your logic...I'm Trying, just...can't.
Wim🧮
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Wim🧮 • • •GitHub - thebookisclosed/AmperageKit: One stop shop for enabling Recall in Windows 11 version 24H2 on unsupported devices
GitHubcasey is remote
in reply to Kevin Beaumont • • •My first reason for not upgrading to #Windows11 is that I'm lazy.
#MicrosoftRecall will be my second reason.
Kevan
in reply to Kevin Beaumont • • •Guillaume Ross
in reply to Kevin Beaumont • • •Martin Hamilton
in reply to Kevin Beaumont • • •Jake Williams (@malwarejake@infosec.exchange)
Infosec Exchange`Da Elf
in reply to Kevin Beaumont • • •I mean you have to admire how they Totally fuck users, but still kiss Hollywood's ass.
It would be stunningly amazing, if it weren't clinically psychotic that RIAA and MPAA concerns are more valuable than, you know, Users.
tuban_muzuru
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to tuban_muzuru • • •tuban_muzuru
in reply to Kevin Beaumont • • •Curtis "Ovid" Poe (he/him)
in reply to Kevin Beaumont • • •`Da Elf
in reply to Kevin Beaumont • • •Kevin Lyda
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Lyda • • •Can Acar
in reply to Kevin Beaumont • • •so, ... your image analysis technology and your NPU HW are now so efficient that you don't even notice the power impact of doing this continuously in the background, and this is the only use case you could come up with?
Which means, I suppose, this is something they always wanted to do but was prevented because sending those images to the cloud for processing is clearly much worse.
Perhaps, when their privacy/security teams told them that it was a bad idea to process user screenshot images in the cloud, designers of these features assumed it would be OK to do it locally. And when they overcame this largest objection, other concerns must have seemed ... fine, in comparison.
Security/privacy teams are rarely in a position to kill off entire features, so this was most likely some kind of a compromise.
On a related note, a lesson I had to learn the hard way is to not push hard on the biggest security/privacy issue to the exclusion of others. If/when it somehow gets resolved, you look like you are trying to make excuses when you bring up the remaining concerns "but ... but ... domestic abuse".
`Da Elf
in reply to Kevin Beaumont • • •*BAM* Immediately Opt-Out for BUSINESS ACCOUNTS.
WHY Aren't The Corporate Lawyers Lined The Fuck Up in 56th St. with Belt Sanders?!?
I usually occupy a "Director of IT" role and I would be dragging my company's legal team with pitchforks and plasma cutters to Redmond (if I didn't live here and it wasn't a short walk and I actually worked for someone else that I oddly allowed to have Windows machines on my network).
Medea Vanamonde🏳️⚧️ ♀
in reply to Kevin Beaumont • • •When she gets in a bad place she either goes down 20 blind alleys, gets mad and pto’s out, or calls me.
And the calls end up being an hour minimum as her comprehension either clicks in or not .
A constant coach would have been great for her
Thierry 🅰️🕒
in reply to Kevin Beaumont • • •In addition to security concerns, do you know if there are any study in term of cost of energy driven by Recall ?
Just imagine the ecological price of 1.4Giga (billion )computer burning, let say 10watt for recall...
And it will be active during activity. Let say 3000h per day per computer.
14 GigaWatt worldwide × 3kh ... 52 GWh...
This is an ecological nightmare.
Jon Greig
in reply to Kevin Beaumont • • •Fi 🏳️⚧️
in reply to Jon Greig • • •@jgreig
@hacks4pancakes
Speaking from my compliance aspect, this comprehensively fails PCI and GDPR immediately and the SOC2 controls list ain't looking so good either.
Nico Rikken
in reply to Kevin Beaumont • • •DDRitter 🏳️🌈🎗️🇵🇸
in reply to Kevin Beaumont • • •Rupert Reynolds
in reply to Kevin Beaumont • • •A general comment on corporate nature--they will abuse this info (even if by some fluke it doesn't leak like a sieve). It's only a matter of time. It's in their nature to abuse any collection of personal data. Any corporation that doesn't loses profit.
The OCR thing isn't new, of course--years ago I searched my Google Drive for "fish" and the first hit it found was a photo I took on my phone, not tagged or renamed, of a shop sign "WEIRD FISH".
gnaddrig
in reply to Kevin Beaumont • • •Errata
in reply to Kevin Beaumont • • •HCJ
in reply to Kevin Beaumont • • •Grant Gulovsen
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Grant Gulovsen • • •goedelchen
in reply to Kevin Beaumont • • •How does Recall treat Citrix Workspace sessions? (I mean, I'm using my private computer to log into my works desktop)
I'm sure my employer would be very happy to learn that it's recorded on my private machine when I access client data.
Kevin Beaumont
in reply to goedelchen • • •goedelchen
in reply to Kevin Beaumont • • •OMG - I expected it, but still I'm shocked. If I assume negligence, I can be fined up to 250000 CHF - just by having client data on my screen.
Somehow I'm hesitating seeing this as a desirable feature.
Why can't they just make an improved version of searching in/with the browser history ... argh...
Glitch Yeen the Ice Cream
in reply to Kevin Beaumont • • •Paul Anderson
in reply to Kevin Beaumont • • •Satya Nadella: "Secure by Design: Security comes first when designing any product or service."
#Windows11 AI #Recall Devs: