Post AiYDhhymiB2PC0GQDo by Zergling_man@sacred.harpy.faith
(DIR) More posts by Zergling_man@sacred.harpy.faith
(DIR) Post #Ai7wI2IH7biXiGKno0 by GossiTheDog@cyberplace.social
2024-05-21T16:16:42Z
9 likes, 10 repeats
For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default. From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.
(DIR) Post #Ai7wI3POyb0pAeg0YK by GossiTheDog@cyberplace.social
2024-05-21T19:35:52Z
1 likes, 2 repeats
I've written up my thoughts on the Copilot Recall feature in Microsoft Copilot+ PCsI think it will enable fraud and endanger users, and is not the sign of a company who are committed to security first.https://doublepulsar.com/how-the-new-microsoft-recall-feature-fundamentally-undermines-windows-security-aa072829f218
(DIR) Post #Ai9E2K6P8QUUe2OoYS by GossiTheDog@cyberplace.social
2024-05-22T06:28:40Z
0 likes, 1 repeats
The UK’s ICO have opened an investigation into Copilot+ Recall. https://www.bbc.co.uk/news/articles/cpwwqp6nx14o
(DIR) Post #Ai9E2Ko0WJMwpGndWC by GossiTheDog@cyberplace.social
2024-05-22T11:11:08Z
0 likes, 1 repeats
Copilot+ Recall has been enabled by default globally in Microsoft Intune managed users, for businesses. You need to enable DisableAIDataAnalysis to switch it off. https://learn.microsoft.com/en-us/windows/client-management/manage-recall
(DIR) Post #Ai9E3A1w4HoVhEhyoC by ignaloidas@not.acu.lt
2024-05-22T11:25:02.515Z
0 likes, 0 repeats
@GossiTheDog@cyberplace.social "Organizations that aren't ready to use AI for historical analysis" is such a wonderful phrase for "anyone who thinks even a little about the consequences of this"
(DIR) Post #Ai9vGJWmMdMGwheZoe by GossiTheDog@cyberplace.social
2024-05-22T14:02:39Z
0 likes, 0 repeats
Here’s Copilot+ Recall search in action, showing instant text based search finding a WhatsApp chat and a PDF from 6 months ago being viewed on screen.
(DIR) Post #Ai9vGKGVcbwDEX365w by GossiTheDog@cyberplace.social
2024-05-22T19:28:21Z
3 likes, 0 repeats
Two quick updates - A) if you disallow recording of a website in Control Panel or GPO, in Chrome it is still recorded - disallow recording only works in Edge browser B) Firefox and Tor Browser is recorded always, including in private mode - the exception is Hollywood DRM’d videos
(DIR) Post #AiCD2wYAfaDxPOzy5Y by GossiTheDog@cyberplace.social
2024-05-23T21:08:12Z
2 likes, 3 repeats
I got ahold of the Copilot+ software. Recall uses a bunch of services themed CAP - Core AI Platform. Enabled by default. It spits constant screenshots (the product brands then “snapshots”, but they’re hooked screenshots) into the current user’s AppData as part of image storage. The NPU processes them and extracts text, into a database file. The database is SQLite, and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.
(DIR) Post #AiCEFmwNoCb9KA0p1M by fcktheworld587@social.linux.pizza
2024-05-23T22:11:27Z
0 likes, 0 repeats
@GossiTheDog the nice thing about it, too, is that we'll be able to contribute to Microsoft by donating all our otherwise unused clock cycles of compute power
(DIR) Post #AiDQ47RFALsC1ubozw by yaldi@jorts.horse
2024-05-21T16:20:40Z
1 likes, 0 repeats
@GossiTheDog year of the linux desktop baby
(DIR) Post #AiDQ5mDJ3AvQmVse4e by simon@fosstodon.org
2024-05-21T16:28:07Z
1 likes, 0 repeats
@GossiTheDog about 20 years ago, Google introduced the option to press down arrow and match recent searches in the Google search box. I let a crafty colleague type into my browser momentarily and within a nanosecond, he tried to catch me out by typing the start of a smutty search query to see if there were any matches. I passed the test but learned a lesson about the speed at which someone could reveal something about you.
(DIR) Post #AiDQ87E1tsf0WkKlpg by 990000@mstdn.social
2024-05-21T16:42:42Z
1 likes, 0 repeats
@GossiTheDog holy cow I’m still trying to wrap my head around the dangers of this beyond the obvious. Like if someone gets their hands on the trained “edge” data, how much more dangerous is it than conventional hacking?
(DIR) Post #AiDQ8nO58tenI5MOKe by smallerdemon@freeradical.zone
2024-05-21T16:44:24Z
1 likes, 0 repeats
@GossiTheDog I'm sure there's no problem with this being used in healthcare and banking environments at all. Or even in environments assisting vulnerable communities. I mean, it's not like Microsoft has had any well publicized security issues recently.
(DIR) Post #AiDQAVOmzjCq4yVS9Q by hegel@swiss.social
2024-05-21T16:43:02Z
1 likes, 0 repeats
@GossiTheDog even if it's true that everything concerning #Recall happens locally and is stored locally now, it will be monetized eventually. Either #Microsoft changes some policy or some Zero Day makes it possible to exfiltrate the data. I'm looking forward to the first hack that simply lets a hacker ask your PC for compromising facts...
(DIR) Post #AiDk5P70wHycDV2MC0 by GossiTheDog@cyberplace.social
2024-05-24T00:29:54Z
0 likes, 0 repeats
And if you didn’t believe me.. found this on TikTok. There’s an MSFT employee in the background saying “I don’t know if the team is going to be very happy…”They should probably be transparent about it, rather than telling BBC News you’d need to be physically at the PC to hack it (not true). Just a thought.
(DIR) Post #AiDk5Q73DdbHJu3ttA by GossiTheDog@cyberplace.social
2024-05-24T15:40:33Z
2 likes, 1 repeats
I ponder if Microsoft's engineers are following the SQLite code of ethics, since they're using it in Windows OS with Copilot+ Recall? :D
(DIR) Post #AiEGAuNFKhmJ9eIX7w by GossiTheDog@cyberplace.social
2024-05-24T21:19:22Z
1 likes, 2 repeats
So the code underpinning Copilot+ Recall includes a whole bunch of Azure AI backend code, which has ended up in the Windows OS. It also has a ton of API hooks for user activity monitoring.Apps themselves can also search and make themselves more searchable.It opens a lot of attack surface. The semantic search element is fun.They really went all in with this and it will have profound negative implications for the safety of people who use Microsoft Windows.
(DIR) Post #AiIAF9LxlB6Xg5B0vw by GossiTheDog@cyberplace.social
2024-05-26T18:41:17Z
5 likes, 8 repeats
If you want to know where tech companies are with AI safety, know Microsoft Recall won’t record screenshots of DRM’d movies.. ..but will record screenshots of your financial records and WhatsApp messages, as corporate interests were prioritised over user safety. And it’s enabled by default.
(DIR) Post #AiIAFAGgMITUVziJLE by Tatianalaurent@mastodon.social
2024-05-26T18:44:56Z
1 likes, 0 repeats
@GossiTheDog really?
(DIR) Post #AiIAFB8Z7xZnD6vLKS by GossiTheDog@cyberplace.social
2024-05-26T18:48:25Z
1 likes, 0 repeats
@Tatianalaurent yep. https://www.microsoft.com/en-gb/windows/copilot-plus-pcs
(DIR) Post #AiIkoCUjfVdDuFIDJI by tomjennings@tldr.nettime.org
2024-05-27T01:44:30Z
0 likes, 0 repeats
@GossiTheDog @Annalee So, luser was allowed to watch DRM content the first time, but not the 2nd, because DRM. It's possible luser could have not yet got off the seat. Then luser isn't expected to be the audience? Who is?If a cop walks in the door of your house while you are watching DRM content, do they have to leave? Or you turn it off? Obviously irl neither will occur because reasonable circumstance. Yet watching a recorded surveillance (recall) is some other set of conditions? What conditions are those?Any questions like this assume there's a plan in mind. Maybe there isn't.
(DIR) Post #AiQIvy7rjTIcCsBtGy by r000t@ligma.pro
2024-05-30T17:09:40Z
0 likes, 0 repeats
@GossiTheDogSounds like it's subject to the same limitations as any other screen capture tool. Consider, then, using the APIs that black out the screen for DRM'd content, on chat apps. @ada
(DIR) Post #AiRqbfRF5rKI3YhmYS by janneke@todon.nl
2024-05-31T09:45:58Z
0 likes, 0 repeats
@GossiTheDog nobody cares.As if using Microsoft was anywhere near a sane choice a year ago wrt privacy, security, user freedom,...
(DIR) Post #AiRqbgVt64dVOFt0Qy by GossiTheDog@cyberplace.social
2024-05-31T09:47:59Z
0 likes, 0 repeats
@janneke this thread has the most interactions in mastodon history, so “nobody cares” is an interesting take.
(DIR) Post #AiRqbhRfdErCHSv9V2 by janneke@todon.nl
2024-05-31T10:08:25Z
1 likes, 0 repeats
@GossiTheDog if you didn't move to GNU/Linux when Windows95 crashed 5 times a day, and didn't after the '99 finding of facts (fof) by judge Jackson, what makes you think people will choose privacy, security, freedom now?I'm sure people will continue to like sensationalism...
(DIR) Post #AiRqbiQzxDuhLfc85g by selea@social.linux.pizza
2024-05-31T11:01:46Z
0 likes, 0 repeats
@janneke I wonder why I did not move to Linux when Windows 95 crashed on me back in 1997...Comparing the 90's to the 2020's, yeah thats smart.@GossiTheDog
(DIR) Post #AiRuJPA3Gz6wB4DBK4 by janneke@todon.nl
2024-05-31T11:43:20Z
0 likes, 0 repeats
@selea @GossiTheDog I'm not comparing the 90 to the 2020s, I'm comparing the order of magnitude of problems with Microsoft and the numbness/victim attitude of people towards those problems.For about a decade (maybe longer) people are enthousiastically telling me how Windows "has become much more stable and useable". Yeah, right.
(DIR) Post #AiSWhS242v4eI4MvFg by GossiTheDog@cyberplace.social
2024-05-26T22:36:36Z
0 likes, 0 repeats
I’ve managed to get Recall working in full on a non-Copilot+ system, without an NPU. Will accelerate testing.
(DIR) Post #AiSWhTQuq0XydR0Hcu by GossiTheDog@cyberplace.social
2024-05-27T13:05:15Z
0 likes, 0 repeats
Copilot+ Recall feature pop quiz:You deal with a sensitive matter on my Windows PC. E.g. an email you delete. Does Copilot Recall still store the deleted email?Answer: yes. There's no feature to delete screenshots of things you delete while using your PC. You would have to remember to go and purge screenshots that Recall makes every few seconds.If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.
(DIR) Post #AiSWhUKvTlLlR9D0vg by GossiTheDog@cyberplace.social
2024-05-27T13:18:00Z
0 likes, 0 repeats
It comes up a lot as people are rightly confused, but if you wonder what problem Microsoft are trying to solve with Recall:It isn't them being evil, it's business leaders who are middle aged and can't remember what they're doing driving decision making about which problems to solve.A huge amount of business leaders are dudes who have no idea what the fuck is happening. This leads to the Recall feature.Microsoft exists in and is driven by that bubble.
(DIR) Post #AiSWhV8CWYlVtyGMjY by GossiTheDog@cyberplace.social
2024-05-27T13:25:57Z
0 likes, 0 repeats
I asked Microsoft Copilot to write a song about Copilot+ Recall.
(DIR) Post #AiSWhVmy4zNJwPKvHE by GossiTheDog@cyberplace.social
2024-05-28T22:01:32Z
0 likes, 0 repeats
Managed to find out how BBC News printed in a headline story that it was not possible to steal Recall data without being physically at the device (which is false) - this is from the journalist:
(DIR) Post #AiSWhWXlH0o0HXEIDI by GossiTheDog@cyberplace.social
2024-05-30T16:46:58Z
0 likes, 0 repeats
Some screenshots of Recall's SQLite database here: https://mastodon.social/@detective/112513529733646088Just to clarify, I can access it without SYSTEM too. Microsoft are about to set cybersecurity back a decade by empowering cyber criminals via poor AI safety. Feature ships in a few weeks.
(DIR) Post #AiSWhXEehX7IQZIY4W by GossiTheDog@cyberplace.social
2024-05-31T11:40:08Z
1 likes, 0 repeats
The latest Risky Business episode on Recall is good, but one small correction - it doesn’t need SYSTEM rights. Here’s a video of two MSFT employees gaining access to the Recall database folder - with SQLite database right there. Watch their hacking skills. (You don’t need to go this length as an attacker, either). Cc @riskybusinessI’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC.
(DIR) Post #AiSWiQ2UwR4WOn27G4 by GossiTheDog@cyberplace.social
2024-05-31T18:51:37Z
1 likes, 1 repeats
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.My look at the feature, FAQs from the community etchttps://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e
(DIR) Post #AiUvwtqZTJnBdaGrnk by GossiTheDog@cyberplace.social
2024-06-01T01:05:32Z
0 likes, 0 repeats
this is the out of box experience for Windows 11's new Recall feature on Copilot+ PCs. It's enabled by default during setup and you can't disable it directly here. There is an option to tick "open Settings after setup completes so I can manage my Recall preferences" instead. HT @tomwarren
(DIR) Post #AiUvwvBsTaQhnxFOeO by GossiTheDog@cyberplace.social
2024-06-01T16:48:54Z
1 likes, 0 repeats
You allow BYOD so people can pick up webmail and such. It’s okay, because when they leave you revoke their access, and your MDM removes all business data from the machine ✅What the employee does: opens Recall, searches their email, files etc and pastes the data elsewhere. Nothing is removed from Recall, as it is a photographic memory of everything the former employee did.
(DIR) Post #AiUvww4pBINkYMxHIO by GossiTheDog@cyberplace.social
2024-06-01T22:43:50Z
1 likes, 2 repeats
Just in time for Copilot+ Recall!
(DIR) Post #AiXtetLtyNnSVrSLq4 by gsuberland@chaos.social
2024-05-24T15:49:55Z
0 likes, 0 repeats
@GossiTheDog what the fuck lol
(DIR) Post #AiXteuVrepMO737p0S by ignaloidas@not.acu.lt
2024-06-03T09:04:19.634Z
0 likes, 0 repeats
@gsuberland@chaos.social @GossiTheDog@cyberplace.social sqlite developers are devout christianshttps://www.theregister.com/2018/10/22/sqlite_code_of_conduct/
(DIR) Post #AiY4bZZGAqUdmNKAYC by jgreig@ioc.exchange
2024-05-21T16:57:59Z
0 likes, 0 repeats
@GossiTheDog it’s like they got a focus group of cybercriminals together when making this
(DIR) Post #AiY4bafK5mwBBTAWdk by sun@shitposter.world
2024-06-03T11:06:59.891371Z
0 likes, 0 repeats
@jgreig @GossiTheDog basically there is OS and browser support for blocking a panel with DRM content but there's not any such thing for other sensitive information. Maybe there should be.
(DIR) Post #AiYD7VPPyFOzmUSUYC by Zergling_man@sacred.harpy.faith
2024-06-03T12:42:12.008987Z
1 likes, 0 repeats
@GossiTheDog On one hand, I want to see it finally crash and burn so people stop sucking the microcock.On the other hand, those people deserve to suffer too.
(DIR) Post #AiYDViUyxGilKPbd7A by Humpleupagus@eveningzoo.club
2024-06-03T12:46:47.100709Z
0 likes, 2 repeats
I'm old enough to remember when a key stroke monitor wasn't a "feature" of an OS, but rather an exploit.
(DIR) Post #AiYDhhymiB2PC0GQDo by Zergling_man@sacred.harpy.faith
2024-06-03T12:48:49.346517Z
0 likes, 0 repeats
@Humpleupagus @GossiTheDog I'm old enough to remember when https mitm wasn't a "feature" of a website, but rather an exploit.
(DIR) Post #AiYDrTupr3xATF4pCS by munir@fedi.munir.tokyo
2024-06-03T12:50:36.009292Z
1 likes, 0 repeats
@Zergling_man @GossiTheDog @Humpleupagus im old enough to remember nothing
(DIR) Post #AiYH8uQop3MnUf2S2K by amerika@annihilation.social
2024-06-03T13:27:24.608075Z
0 likes, 0 repeats
@taylan @ignaloidas @EmmaFaber Yes, but you know I specialize in demented takes that are also on point...The point here is criminal activity.Men have certain types they favor, and women have certain types they favor.The cheating and divorce not only often ends in murder, but is arguably more destructive.
(DIR) Post #AiYHmuIOkMCgeiAkDo by Robertcw@mastodon.social
2024-05-22T02:31:21Z
0 likes, 0 repeats
@cR0w @beeoproblem @NosirrahSec @GossiTheDog But hopefully there will be an opt-out, to save the pc gamers.
(DIR) Post #AiYHmuze9YnYoqPHdI by tyil@fedi.tyil.nl
2024-06-03T13:34:38.504Z
0 likes, 0 repeats
@Robertcw@mastodon.social @cR0w@infosec.exchange @beeoproblem@mastodon.gamedev.place @NosirrahSec@infosec.exchange @GossiTheDog@cyberplace.social PC gamers can save themselves by playing games on an OS that does not try to fuck you over at every corner. If you're unwilling to slightly inconvenience yourself in game availability, no company will ever listen to you.You've told them countless times you'll be upset online for a short while and then still accept whatever terrible ideas they push onto you. They know about the extremely short-lived online outrage, and the only one who keeps telling them it doesn't matter is you, by continuing to (financially) support them no matter what.
(DIR) Post #AiYMJU5RbyEyk7u2CW by amerika@annihilation.social
2024-06-03T14:24:45.076084Z
0 likes, 0 repeats
@taylan @ignaloidas @EmmaFaber "Criminal" depends on ever-changing laws. I should say they are criminal in the sense of theft, bullying, and abuse. They are violations of the autonomy of others for no good purpose.IMHO there are a lot of murders, both of women and men, related to the problems of divorce law. Google "Nazarene divorce" for one twisted example.In my view, most of them are not only unsolved but undetected. A lot of cheating spouses died of COVID-19 and were cremated the next day, just like a lot of Boomers were.
(DIR) Post #AiYQUFiTmQw1AyYEs4 by realcaseyrollins@noauthority.social
2024-06-03T15:12:12Z
0 likes, 0 repeats
@GossiTheDog My first reason for not upgrading to #Windows11 is that I'm lazy.#MicrosoftRecall will be my second reason.
(DIR) Post #AiYabgpcMdwEqC4jJI by EmmaFaber@spinster.xyz
2024-06-03T15:18:06.570935Z
1 likes, 0 repeats
@taylan @ignaloidas the trans bowel movement is actually homophobic in it's ideologyhow can u persuade lesbians 2 suck dick?The same way u persuade gay men to lick vagina's?You guilt trip them, you tell them they are horrid vile bigots who are being anti trans if they don't & need trans conversion therapy to get rid of their "Wrong Think"?Then everyone will be just like trans, HETEROSEXUAL and homosexuality will no longer have a space to exist in because to say you are same sex attracted (homosexual) will no longer be accepted, but outlawed as anti trans and become taboo
(DIR) Post #AiYabiZ1vHrGDKKVjU by AnungIkwe@spinster.xyz
2024-06-03T15:25:53.896429Z
1 likes, 0 repeats
@EmmaFaber @taylan @ignaloidas The pervy online groomers know they can only "persuade" very young girls to try their "feminine" tasting girl dicks. You'll never see them trying to manipulate and gasslight mature Lesbians. They know their cult shit won't work on any women with any real life experience with men. They have to prey on gullibility and sexual ignorance.
(DIR) Post #AiYbEoCqsYPr0Ub1hQ by amerika@annihilation.social
2024-06-03T17:03:39.602662Z
0 likes, 0 repeats
@EmmaFaber @ignaloidas @taylan This is a good point. Treat transsexuals like a third gender. It's the only way.
(DIR) Post #AiYk4cG3LZn6dpJA4e by GossiTheDog@cyberplace.social
2024-06-02T08:47:44Z
0 likes, 0 repeats
Security and privacy researchers - You can now install Copilot+ Recall on any ARM hardware (doesn’t need an NPU) or in Azure VMs. Guide from @detectiveThe devices launch THIS MONTH to customers so I suggest people look at this. https://github.com/thebookisclosed/AmperageKit
(DIR) Post #AiYk4do7aOdXRmFsoa by GossiTheDog@cyberplace.social
2024-06-02T12:38:19Z
0 likes, 0 repeats
Nvidia just announced that Copilot+ and Recall are coming to AMD systems. https://www.theverge.com/2024/6/2/24169568/microsoft-copilot-plus-gaming-pc-nvidia-amd
(DIR) Post #AiYk4ey5GqCT2xvLyy by GossiTheDog@cyberplace.social
2024-06-02T23:38:15Z
2 likes, 1 repeats
Somebody made a tool called Total Recall to dump Recall database and screenshots. https://x.com/xaitax/status/1797349055917416457?s=46
(DIR) Post #AiYk4fwhdSgo4yHlT6 by GossiTheDog@cyberplace.social
2024-06-03T18:50:24Z
1 likes, 1 repeats
Recent DHS published report handed to the US President which said it had "identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management"Microsoft: let’s use AI to screenshot everything users do every 5 seconds, OCR the screenshots, make it searchable and store it in AppData!
(DIR) Post #AiYk909OSO57twHgSO by marius@kiessling.social
2024-06-03T06:43:10Z
0 likes, 0 repeats
@GossiTheDog my only light at the end of the tunnel at this point is that big orgs will still take some time before they have any devices running the software and hopefully Microsoft gets their shit together for a more secure implementation until then.
(DIR) Post #AiYk91aN7ZFwLtuk9A by GossiTheDog@cyberplace.social
2024-06-03T12:32:19Z
1 likes, 0 repeats
@marius yeah, I agree - my hope is they rework it substantially before it has widespread adoption. I’m not sure they will. Devices are in the wild in a few weeks.
(DIR) Post #AiZExt8PIa43XG0Hs8 by GossiTheDog@cyberplace.social
2024-06-03T18:59:19Z
0 likes, 0 repeats
Searching Recall database for passwords with @awakecoding
(DIR) Post #AiZExu101bjWGZXsxs by GossiTheDog@cyberplace.social
2024-06-03T22:36:32Z
2 likes, 4 repeats
🫡
(DIR) Post #AiZExub9rAem4iSlKC by GossiTheDog@cyberplace.social
2024-06-03T23:23:31Z
1 likes, 1 repeats
If anybody is wondering if you can enable Recall on a machine remotely without Copilot+ hardware support - yep. I’ve also found a way to disable the tray icon.
(DIR) Post #AiZOgQ7guPMqAzyhhw by tuxicoman@social.jesuislibre.net
2024-06-04T02:26:38Z
0 likes, 0 repeats
@GossiTheDog @riskybusiness What is the aim of Microsoft there. This looks a bad idea from every angle.Nobody would like this feature activated.So why???
(DIR) Post #AiZnDGR6LLYAaaFcyO by GossiTheDog@cyberplace.social
2024-06-04T06:23:42Z
0 likes, 0 repeats
I went and looked at YouTube for Recall to get out of the echo chamber and I can only find one positive video. Even the people at the event are slating it, including people with media provided Copilot+ PCs. There’s some content creators who’ve realised it records their credit cards, so they’re making videos of their cards going walkies.
(DIR) Post #AiZnDHotCOAkseO8gq by GossiTheDog@cyberplace.social
2024-06-04T06:35:20Z
0 likes, 1 repeats
It’s going to be interesting to see how Microsoft get out of this one. They may have contractual commitments to ship Recall with external parties.I thought they were risking crashing the Copilot brand with this one, but I was wrong looking at the videos and comments on them - I think they’re crashing the Windows consumer brand.The reaction to photographic memory of what people do at home has - you’ll be surprised to know - not been seen as a reason to buy a device, but a reason why not to.
(DIR) Post #AiZnDIdw8b0PQyGuG0 by never_released@mastodon.social
2024-06-04T06:41:49Z
0 likes, 1 repeats
@GossiTheDog it's too late at this point. MS _will_ ship Recall, but what happens afterwards will be fun to see.
(DIR) Post #AiZnDJBy64EB8WC5Im by GossiTheDog@cyberplace.social
2024-06-04T06:44:19Z
0 likes, 1 repeats
@never_released oh I agree they will be shipping. Commercially it looks like they’ve made New Coke. There’s gonna be victims in terms of fraud from Recall, which is just going to pile on the problems.
(DIR) Post #AiZnDK0f3amFfjuZJg by Ai2ObsFjnLcY8CdUMi.KuteboiCoder@subs4social.xyz
2024-06-04T07:01:31.592Z
0 likes, 0 repeats
@GossiTheDog@cyberplace.social @never_released@mastodon.social The worldwide competency crisis has breached even Microsoft, I wonder why? #Globalist #BrahminicalConspiracy #NameThePoo 🇮🇳
(DIR) Post #AiZnIadEgRKwfmSyhc by Ai2ObsFjnLcY8CdUMi.KuteboiCoder@subs4social.xyz
2024-06-04T07:02:31.138Z
0 likes, 0 repeats
@GossiTheDog@cyberplace.social @never_released@mastodon.social It can't be that Microsoft is hiring people in executive positions, who would intentionally assist scammers and cybercriminals.It can't be. 🇮🇳
(DIR) Post #Aic3Ol9AUN70bZHnqS by GossiTheDog@cyberplace.social
2024-06-04T08:45:00Z
0 likes, 0 repeats
Windows Central, about the only outlet giving Recall positive coverage and having articles tweeted by Microsoft staff - have updated their take after being hands on with a device. https://www.windowscentral.com/software-apps/windows-11/microsoft-should-recall-windows-recall-security-researcher-finds-microsofts-new-ai-tool-woefully-insecure
(DIR) Post #Aic3OmeksPyNHp4Xia by GossiTheDog@cyberplace.social
2024-06-04T13:06:01Z
0 likes, 0 repeats
Microsoft has been declining to comment on criticism of Recall for a week - but they have apparently told a journalist off the record at Future that changes will be made before Copilot+ devices drop in the coming days. This may include an attempt to invalidate researcher criticism, we’ll see.
(DIR) Post #Aic3OnkSog8KfokcFs by GossiTheDog@cyberplace.social
2024-06-04T17:29:58Z
0 likes, 0 repeats
WIRED has a piece about Total Recall, a now released tool which dumps keypresses, text and screenshots (they’re JPEGs) from Microsoft Recall https://www.wired.com/story/total-recall-windows-recall-ai/Total Recall software by @xaitax https://github.com/xaitax/TotalRecallExample search for ‘password’:🪟 Captured Windows: 133📸 Images Taken: 36🔍 Search results for 'password': 22📄 Summary of the extraction is available in the file:C:\Users\alex\Downloads\TotalRecall\2024-06-04-13-49_Recall_Extraction\TotalRecall.txt
(DIR) Post #Aic3OonKvU1dv16QN6 by GossiTheDog@cyberplace.social
2024-06-04T20:16:10Z
1 likes, 0 repeats
I hadn’t been aware until today of the external reaction to Recall. Holy shit. Tim Apple must be pleased. Everything from media coverage to YouTube to TikTok is largely negative. All the comments are negative. These videos have tens of millions of views and hundreds of thousands of comments. I knew it would be bad but.. it’s worse. I’ve spent hours looking at the sentiment and.. well, they probably would have got better coverage from launching an NFT of pregnant Clippy.
(DIR) Post #Aic3OpiPVHgAm1o0Ke by GossiTheDog@cyberplace.social
2024-06-05T08:24:04Z
1 likes, 2 repeats
A key element of Recall is Microsoft say only you can access your Recall, it is per user. ArsTechnica enabled Recall on Windows 11 box and tested the claim. By logging in as another user they could access the database and screenshots. https://arstechnica.com/ai/2024/06/windows-recall-demands-an-extraordinary-level-of-trust-that-microsoft-hasnt-earned/
(DIR) Post #Aic3OqYWNXMZNeBcYa by GossiTheDog@cyberplace.social
2024-06-05T08:51:17Z
0 likes, 2 repeats
If you want to know how Microsoft have got themselves into this giant mess with Recall, here’s what the documentation says between the lines: you, the customer, are a simpleton who doesn’t want to be an AI genius yet. Have a caveman mode.
(DIR) Post #AicLhED2yKEH813Zc8 by Suiseiseki@freesoftwareextremist.com
2024-06-05T12:37:11.833588Z
0 likes, 0 repeats
@jgreig >it’s like they got a focus group of cybercriminals togetherEvery single employee is hired to carry out criminal acts, cyber or otherwise - so a focus group wasn't even required.
(DIR) Post #AicLqJIVQM7XVywNmq by Suiseiseki@freesoftwareextremist.com
2024-06-05T12:38:52.423671Z
0 likes, 0 repeats
@yaldi It will never be the "year of the Linux desktop", as Linux is only a kernel that doesn't operate on its own.It was the year of the systemd/Linux desktop 10+ years ago.
(DIR) Post #AicecFkJjIx9ZixZ0i by Hyperhidrosis@shitposter.world
2024-06-05T16:09:21.985790Z
0 likes, 0 repeats
@GossiTheDog >introduces video screen recording >calls it revolutionary
(DIR) Post #AicfNXnYQhgZAp1Y7U by guitarfosec@cyberplace.social
2024-05-21T16:47:54Z
1 likes, 0 repeats
@GossiTheDog At no point in this video do they mention anyone asking for this. We didn't.I love that they're leaning hard on the fact that the data is protected from other users. That... doesn't matter. You're running automated enumeration for anyone that gets access under my user context. Don't do that. Jesus.
(DIR) Post #Aicmit8az7sn7IzTrU by GossiTheDog@cyberplace.social
2024-06-05T10:14:33Z
0 likes, 0 repeats
Recall and Copilot+ is also coming to ASUS systems, including AMD, in a deal with Microsoft. ASUS Announces Complete Portfolio of AI-Powered Copilot+ PCs https://www.asus.com/us/news/pnm9tg6qccql6ern/Nvidia announced they are bringing Copilot+ and Recall to PCs, in a deal with Microsoft: https://www.theverge.com/2024/6/2/24169568/microsoft-copilot-plus-gaming-pc-nvidia-amd
(DIR) Post #AicmiuTC21x9FTdRbc by GossiTheDog@cyberplace.social
2024-06-05T17:07:02Z
2 likes, 3 repeats
Three Copilot+ Recall questions that keep coming up.Q. Can you alter the Recall history?A. Yes. You can change the OCR database and change the screenshots as the logged in user or as software running as the local user. There is no audit log of changes.Q. Are they snapshots, as Microsoft says, or screenshots?A. They are just screenshots, jpegs. Q. What is to stop apps on your machine accessing your Recall covertly?A. Nothing. There is no audit log of access.
(DIR) Post #AicuuwXswJGanK4wwC by GossiTheDog@cyberplace.social
2024-06-05T18:12:19Z
0 likes, 0 repeats
.@awakecoding becomes the latest person reverse engineering Microsoft Recall https://x.com/awakecoding/status/1798168395583746216
(DIR) Post #Aicuuxw1m2Al6UNkCu by GossiTheDog@cyberplace.social
2024-06-05T18:34:01Z
1 likes, 0 repeats
If anybody is wondering what Microsoft's reaction to any of the Copilot+ Recall concerns are, they're continuing to decline comment to every media outlet. I've seen comments MS staff have been given for enterprise customers, which are nonsense handwaving.Product ships live on devices from Dell, Lenovo etc this month. https://x.com/zacbowden/status/1798221879741931847
(DIR) Post #Aid6RqpqI4Ay8VN9do by TheEternalAnglo@poa.st
2024-06-05T21:21:13.720547Z
0 likes, 0 repeats
@GossiTheDog I love it, Windows is now literally inching closer to being shit tier Russian spyware.
(DIR) Post #AifPYEZRF5iYvuNPQe by GossiTheDog@cyberplace.social
2024-06-06T15:25:20Z
0 likes, 0 repeats
As @tiraniddo rightly points out, anybody can programmatically reach the Recall database without admin rights. https://infosec.exchange/@tiraniddo/112566044174482506
(DIR) Post #AifPYFSNwnfbgK5I4e by GossiTheDog@cyberplace.social
2024-06-06T21:52:34Z
0 likes, 1 repeats
TotalRecall has been updated to exfiltrate Recall database and screenshots without needing admin rights: https://github.com/xaitax/TotalRecall
(DIR) Post #AifPYL5uzFGPANcQt6 by GossiTheDog@cyberplace.social
2024-06-06T21:53:27Z
0 likes, 0 repeats
You can now remotely dump Recall data and screenshots over the internet from Linux etc. Changes in flight for parsing data too. https://github.com/Pennyw0rth/NetExec/pull/335
(DIR) Post #AifPYNXzroucm2lsvo by GossiTheDog@cyberplace.social
2024-06-06T23:58:12Z
0 likes, 0 repeats
YouTubers are continuing to have fun with Recall
(DIR) Post #AigqG1N2TNJ8ha4oSm by GossiTheDog@cyberplace.social
2024-06-07T16:16:50Z
0 likes, 2 repeats
Turns out speaking out works. Microsoft are making significant changes to Recall, including making it specifically opt in, requiring Windows Hello face scanning to activate and use it, and actually encrypting the database. There are obviously going to be devils in the details - potentially big ones. Microsoft needs to commit to not trying to sneak users to enable it in the future, and it needs turning off by default in Group Policy and Intune for enterprise orgs. https://www.theverge.com/2024/6/7/24173499/microsoft-windows-recall-response-security-concerns
(DIR) Post #Aih8i8275ruAeGqDaq by GossiTheDog@cyberplace.social
2024-06-07T16:41:37Z
0 likes, 0 repeats
Obviously, I recommend you do not enable Recall, and you tell your family not to enable it too. It’s still labelled Preview, and I’ll believe it is encrypted when I see it. There are obviously serious governance and security failures at Microsoft around how this played out that need to be investigated, and suggests they are not serious about AI safety.
(DIR) Post #Aih8i9DUh2bQJrAoyG by GossiTheDog@cyberplace.social
2024-06-07T19:47:35Z
0 likes, 0 repeats
Microsoft President Brad Smith is going to be grilled by US gov next week. https://therecord.media/microsoft-reverses-course-recall-opt-in
(DIR) Post #AihSeFm4MtDaaAlZsu by GossiTheDog@cyberplace.social
2024-06-07T23:28:43Z
0 likes, 0 repeats
I should be transparent btw that I took Satya and Charlie’s commitment to security at face value too - I even published a blog on it backing that up - and I have concerns (it isn’t just me). They’re now going to have to win trust back about winning trust back.
(DIR) Post #AihSeGjym98lZynQGW by GossiTheDog@cyberplace.social
2024-06-07T23:45:24Z
1 likes, 1 repeats
I know somebody at a retailer in Europe that is selling Copilot+ PCs. They’ve had fewer than a thousand preorders through to customers. In relative terms, for them it’s about as successful as Suicide Squad Kill The Justice League.
(DIR) Post #AilEodCzTQavQrFixk by GossiTheDog@cyberplace.social
2024-06-09T15:06:58Z
0 likes, 0 repeats
A reminder that a few weeks ago at RSA, Microsoft signed CISA's Secure By Design pledge... and then shipped an enabled by design keylogger that OCRs your screen constantly into AppData.Edit: I should say that's less a reflection on Microsoft and more a reflection on CISA's Secure By Design pledge.. it's a good idea, but the scope is extremely limited.
(DIR) Post #AilEoeKpHmSMvRvUoa by feld@bikeshed.party
2024-06-09T19:32:08.953551Z
0 likes, 0 repeats
@GossiTheDog so CISA's Secure By Design is just like the Paris climate agreement
(DIR) Post #AilEofOlKdCQDwm9aa by GossiTheDog@cyberplace.social
2024-06-09T18:25:16Z
0 likes, 0 repeats
I think MS are a way off extracting themselves from Recall situation they've got themselves into.This is just one YouTube comments section on a video since the not-enabled-by-default change - 500k views - but there's loads more, similar on TikTok.I imagine it's going to continue through week and into next week when the laptops ship.I have heard rumblings MS are discussing trying to take action against me over the whole thing, which a) good luck and b) would be pouring petrol on the flames.
(DIR) Post #AilEohVDVbYCkXoKvY by GossiTheDog@cyberplace.social
2024-06-09T18:43:11Z
0 likes, 0 repeats
Some backstory - it's being reported Microsoft developed Recall in secret to try to avoid scrutiny. https://www.windowscentral.com/software-apps/windows-11/microsoft-has-lost-trust-with-its-users-windows-recall-is-the-last-strawI'm hearing that various MSFT people are furious about how this played out over the past few weeks, which IMHO represents a serious lack of introspection.
(DIR) Post #AilEojyiIuKkQbcvBI by GossiTheDog@cyberplace.social
2024-06-09T19:20:09Z
0 likes, 0 repeats
Microsoft have paused the rollout of Windows 11 24H2 in preview channel, it was the version containing Recall. Microsoft have not explained why. https://x.com/brandonleblanc/status/1799478915582542199I don't know if it was publicly known but it was possible to use Recall on more hardware via Mach2, before this was pulled.
(DIR) Post #AinlkgmbvYPCACYrse by feld@bikeshed.party
2024-06-11T00:50:35.470970Z
0 likes, 0 repeats
@GossiTheDog > Some backstory - it's being reported Microsoft developed Recall in secret to try to avoid scrutiny. Any meat to that or is it just typical internet rumor mill? There should be no expectation that devs on unrelated teams should have known what was being developed.
(DIR) Post #AitXno69VNSEsQCZd2 by GossiTheDog@cyberplace.social
2024-06-09T19:35:41Z
0 likes, 0 repeats
To put this one into perspective, there's one broadcast TV network looking at Recall still, and an investigative journalist. Plus I imagine @evacide, @wdormann etc would have something to say if MS tried holding anybody but themselves accountable for their own actions.
(DIR) Post #AitXnpRSVe5l2nB6Tg by GossiTheDog@cyberplace.social
2024-06-11T14:45:17Z
0 likes, 0 repeats
Cyber Threat Intelligence 2024 is going well
(DIR) Post #AitXnqIdJwcthi3ZMO by GossiTheDog@cyberplace.social
2024-06-11T17:24:13Z
0 likes, 0 repeats
I have an image where when viewed on a Copilot+ Recall PC, a Windows process crashes as it tries to process the screenshot.New email signature?
(DIR) Post #AitXnqsRApGZUkoAAS by GossiTheDog@cyberplace.social
2024-06-11T19:57:24Z
0 likes, 0 repeats
If anybody is wondering, with a Copilot+ PC, you can still programmatically access the Recall database as of today with a few commands. Launch is a few days away.
(DIR) Post #AitXnrRB5f3VEV3uJk by GossiTheDog@cyberplace.social
2024-06-12T21:18:42Z
0 likes, 0 repeats
Microsoft’s President Brad Smith appears before US House Committee on Homeland Security tomorrow.His testimony: https://homeland.house.gov/wp-content/uploads/2024/06/2024-06-13-HRG-Testimony-Smith.pdfIn this bit he talks about Recall (not named), where he pats himself and Microsoft on the back for “a feature change” and job well done.Given it has been a complete cybersecurity and privacy car crash - and as of today the changes (plural) they’re referring to haven’t even been implemented - it seems like Microsoft fails to grasp customer needs: safety.
(DIR) Post #AitXnrg4CIxtyg1nWa by GossiTheDog@cyberplace.social
2024-06-12T21:27:19Z
0 likes, 0 repeats
One other thing - Microsoft's written testimony to the US House says, quoting, bolded by MS:"Before I say anything else, I think it’s especially important for me to say that Microsoft accepts responsibility for each and every one of the issues cited in the CSRB’s report. Without equivocation or hesitation. And without any sense of defensiveness."Counterpoint: they publicly disputed the report in the media. https://www.theverge.com/2024/4/25/24139914/microsoft-cyber-security-incidents-trust-report
(DIR) Post #AitXnsHdwb1TrDbo5w by GossiTheDog@cyberplace.social
2024-06-12T23:00:35Z
0 likes, 0 repeats
I should say that if Brad is asked about Recall tomorrow, the answers may raise some.. uh... eyebrows here. I don't know what MS SLT have been told, but expect fun when the feature drops on consumer laptops in a few days.As I mentioned in my blog, there is some more security hardening there on Copilot+ PCs (this was before MS put out their blog)... but it's still easily bypassable.
(DIR) Post #AitXnsRZLgxkM0FjZA by GossiTheDog@cyberplace.social
2024-06-13T08:29:00Z
0 likes, 0 repeats
Nessus, a vulnerability scanning tool, detects Recall as an informational
(DIR) Post #AitXnsyXN7Km0Fg3xA by GossiTheDog@cyberplace.social
2024-06-13T08:34:25Z
0 likes, 0 repeats
Microsoft’s Recall puts the Biden administration’s cyber credibility on the linehttps://cyberscoop.com/microsoft-recall-secure-by-design/ Interesting article. All through this, CISA and the DHS have declined to comment.
(DIR) Post #AitXnt8SmDH2V2JzQO by GossiTheDog@cyberplace.social
2024-06-13T16:49:13Z
0 likes, 0 repeats
The Verge reports today that "Windows engineers are scrambling to get additional changes tested and ready for the release of Copilot+ PCs next week."It also says "Recall was developed in secret at Microsoft, and it wasn’t even tested publicly with Windows Insiders."I've also been told Microsoft security and privacy staff weren't provided Recall, as the feature wasn't made available broadly internally either. https://www.theverge.com/2024/6/13/24177703/microsoft-xbox-game-showcase-windows-recall
(DIR) Post #AitXntTjV8HtZ0GyZs by GossiTheDog@cyberplace.social
2024-06-13T18:58:36Z
0 likes, 0 repeats
Microsoft President Brad Smith just testified to the US House that Recall is a good example of Secure By Design, and that they have the time to get it right (it’s supposed to launch in 3 working days).
(DIR) Post #AitXntnaJKAQYZYpWK by GossiTheDog@cyberplace.social
2024-06-13T19:12:26Z
1 likes, 1 repeats
(DIR) Post #Aity7vABXpbNO9L8FM by GossiTheDog@cyberplace.social
2024-06-13T19:43:48Z
0 likes, 0 repeats
Brad Smith just said Recall was designed to be disabled by default. That is not true. Microsoft’s own documentation said it would be enabled by default - they only backtracked after outcry.He has somehow got almost every detail about Recall wrong while testifying.
(DIR) Post #Aity7vx6bwjXpsECUy by GossiTheDog@cyberplace.social
2024-06-13T21:13:44Z
0 likes, 0 repeats
I've been back and rewatched the Recall footage at the US House hearing and I just don't get it, Brad Smith representing Microsoft basically did this about Recall's security.. he had no challenge from the Senators as they didn't know any details.
(DIR) Post #Aity7wsBBkO4gsvmSW by GossiTheDog@cyberplace.social
2024-06-13T22:12:56Z
0 likes, 0 repeats
I’m being told Microsoft are prepping to fully recall Recall. Another announcement is being prepped for tomorrow afternoon saying the feature will not ship on Copilot+ devices at launch as it is not secure.
(DIR) Post #Aity7xoJhatLbC8D4q by GossiTheDog@cyberplace.social
2024-06-13T22:30:26Z
0 likes, 0 repeats
Obviously, I’ll wait to see the announcement but it sounds like they’ve finally realised they need to take the time and get the feature right (and frankly consider the target audience - most home users, it ain’t). They should have announced this before or during the US House hearing.
(DIR) Post #Aity7yZ6tcK1wK1a0u by GossiTheDog@cyberplace.social
2024-06-14T00:09:28Z
0 likes, 0 repeats
Announcement is out. Good on Microsoft for finally reaching a sane conclusion.- Recall won’t ship as a feature at launch on Copilot+ PCs any more. - Won’t be available in Insider preview channel at launch, as it was pulled.When it does appear in preview channels, privacy and security researchers need to keep a close eye on what Microsoft are doing with the feature.Microsoft tried developing this feature in secret in a way which tried to avoid scrutiny. Thank you to everyone who stood up.
(DIR) Post #Aity80YTUx0C6vk6Ii by GossiTheDog@cyberplace.social
2024-06-14T00:31:02Z
1 likes, 0 repeats
If anybody is wondering, Microsoft moved the announcement up as I scooped them 🤣 Thank you to everyone who helped out with this one, there was no way something that constantly OCR’d the screen being implemented so poorly was acceptable but Microsoft really, really dug their heels in. Photographic memory of everything you’ve ever done on a computer has to be entirely optional, with risks explained and be done right.. or not at all. Accountability matters. Microsoft, be better.
(DIR) Post #AiucVkqBZVJ6URu9Vg by ignaloidas@not.acu.lt
2024-06-14T08:10:33.897Z
0 likes, 0 repeats
@GossiTheDog@cyberplace.social This would be very good grounds for perjury if this was an actual courtGod did they fuck up
(DIR) Post #Aj1vAJI9CXnIWbuKwK by GossiTheDog@cyberplace.social
2024-06-14T09:26:36Z
0 likes, 0 repeats
(DIR) Post #Aj1vAK2ERCeopXT8ls by GossiTheDog@cyberplace.social
2024-06-14T14:20:37Z
0 likes, 0 repeats
If anybody wonders if Recall classifies what porn you watch, yes. Aside from OCRing text it also classifies images in videos. 9 minute 50 second mark in this, screen is blurred for obvious reasons. https://youtu.be/2GTI00pFcLc?si=EiBEaJ7Lh66fqRff
(DIR) Post #Aj1vAKacNMAAYBYbMu by GossiTheDog@cyberplace.social
2024-06-14T18:49:40Z
0 likes, 0 repeats
Here’s the clip translated around adult content with Microsoft Recall. They filter search terms in English like nude - but don’t filter it in other languages. Everything you view - including in videos - is classified and stored in the database regardless.
(DIR) Post #Aj1vAL4Oadyy2XUNma by GossiTheDog@cyberplace.social
2024-06-15T00:10:59Z
0 likes, 0 repeats
This is pretty good - detecting Microsoft Recall misuse for data exfil. https://youtu.be/SV9-dn-5uEY?si=jVz9sC4A2wKxeiBtI tested this against the latest release of Recall and both TotalRecall and these detections still work. Obviously Recall may well alter before it hits Insider preview channel, nobody needs to rush out detections yet. Btw all through this saga, Microsoft Defender never triggered Recall specific alerts for me. Sophos did.
(DIR) Post #Aj1vALeYQCuDqgPG8u by GossiTheDog@cyberplace.social
2024-06-15T08:37:16Z
0 likes, 0 repeats
Nail on head.
(DIR) Post #Aj1vALnlrwHKJGicVc by GossiTheDog@cyberplace.social
2024-06-16T01:33:20Z
0 likes, 0 repeats
Apple on Microsoft Recall.
(DIR) Post #Aj1vAMGU9BFNkK9YGW by GossiTheDog@cyberplace.social
2024-06-17T20:16:24Z
1 likes, 1 repeats
Windows 11 24H2 preview release has been rereleased (but only for Copilot+ devices). It doesn’t include Recall any more. https://www.pcworld.com/article/2370043/windows-11s-latest-update-is-kind-of-insane-in-a-bad-way.htmlAdditionally the Copilot+ PCs now have an update which enables the other AI features. This wasn’t available until a few hours ago, hence the lack of unsupervised reviews of the devices. It means you will see those reviews drop after the devices launch tomorrow.
(DIR) Post #AjdCahwMqLYLdh8ntQ by GossiTheDog@cyberplace.social
2024-06-28T22:49:35Z
0 likes, 0 repeats
There’s a website which gives some insight into how the UI and marketing push for Copilot+ Recall came together. The actual video appears to have gone MIA. https://www.iamp.at/work/introducing-recall
(DIR) Post #AjdCaiyB16aupazlLs by GossiTheDog@cyberplace.social
2024-06-28T22:57:49Z
0 likes, 0 repeats
.@JohnHammond’s video on Recall is great, and a lot of fun - should also stop history being rewritten on this one later. https://youtu.be/JujkOmvbgGw
(DIR) Post #AjdCajbsdULyojZTEm by GossiTheDog@cyberplace.social
2024-06-30T21:12:28Z
0 likes, 0 repeats
I got ahold of what I think is the latest Microsoft Recall (Copilot+ Recall? Nobody knows the branding) build and.. well.. Total Recall still works with the smallest of tweaks to export the database, it's still accessible as a plaintext database with marketing as the security layer. Another observation, the Recall backlog must be very large as it's just becoming a truck load of features being dumped on.
(DIR) Post #AjdCakQDcKcTKr7fhQ by GossiTheDog@cyberplace.social
2024-06-30T21:29:40Z
0 likes, 0 repeats
One thing MS needs to fix in Recall, before the Insider canary build hits again, is the MSRC bug bounty. As far as I can see, if you find a critical or high in Recall it qualifies for *drumroll* $1k bounty, unless I'm misinformed.That probably needs clarifying as nobody is going to sell photographic memory access to Windows devices to MS for that value - it's way more valuable elsewhere.
(DIR) Post #AjdCalMi6rPKGGUNs0 by GossiTheDog@cyberplace.social
2024-07-04T13:21:28Z
0 likes, 0 repeats
Linus Tech Tips on Copilot+ and Recall, after their embargo lifted. https://youtu.be/w5h_1Buf54I
(DIR) Post #AjdCamRi5l07c3ptIm by GossiTheDog@cyberplace.social
2024-07-05T20:18:31Z
2 likes, 0 repeats
Microsoft have started running paid adverts for Recall, apparently unaware the feature didn’t ship. https://www.tomshardware.com/software/windows/new-microsoft-ads-tout-unavailable-recall-feature-dont-mention-it-was-indefinitely-delayed-due-to-privacy-concerns
(DIR) Post #Amrd9vRByZGywLdNBY by GossiTheDog@cyberplace.social
2024-07-16T10:33:15Z
0 likes, 0 repeats
Something about Recall which I don’t think got enough (any?) coverage is it was marketed by Satya as using the NPU.. but it didn’t.
(DIR) Post #Amrd9wixC14gvix4Vc by GossiTheDog@cyberplace.social
2024-07-29T14:20:01Z
0 likes, 0 repeats
Should Microsoft Recall ever reappear I plan to keep checking how secure it is, because the next evolution of security cannot be Microsoft pouring petrol onto the infostealer fire. Infostealer malware is swiping millions of passwords, cookies, and search histories. It’s a gold mine for hackers—and a disaster for anyone who becomes a target.https://www.wired.com/story/infostealer-malware-password-theft/
(DIR) Post #Amrd9xoJ9ax4IcSrUe by GossiTheDog@cyberplace.social
2024-08-02T21:14:28Z
0 likes, 0 repeats
XDA Developers, who were a good source of behind the scenes info during the Microsoft Recall saga, are saying Microsoft have kicked Recall into the long grass and they think it may never launch. https://www.xda-developers.com/thread/microsoft-wants-you-to-forget-about-copilot-recall-it-seems/It’s been almost two months since Microsoft said it would launch for Insiders in “weeks” instead.
(DIR) Post #Amrd9ygXtwKx0pqB28 by GossiTheDog@cyberplace.social
2024-08-21T18:30:36Z
0 likes, 0 repeats
Microsoft now say Recall will available for Insider testing in October on select Copilot+ PCs. As a community we’ll need to test the security implications out extensively. Due to hardware requirements this will obviously be a problem, unless we can hack it to install on non-NPU systems again - I don’t know if that has been ‘fixed’ or not. https://www.theverge.com/2024/8/21/24225439/microsoft-recall-windows-ai-feature-october-testing
(DIR) Post #Amrd9zeSJCG80ds1Pk by GossiTheDog@cyberplace.social
2024-09-02T12:07:15Z
0 likes, 0 repeats
The Microsoft Recall saga continues - Microsoft accidentally introduced the ability to uninstall it. They say this was an error and you won’t be able to uninstall it in the future. https://www.theverge.com/2024/9/2/24233992/microsoft-recall-windows-11-uninstall-feature-bug
(DIR) Post #AmrdA0KdmM0G7TbiAS by GossiTheDog@cyberplace.social
2024-09-27T18:02:42Z
0 likes, 0 repeats
Recall is back. Overall the planned changes here are much more robust. Some of the things are boomerangs - eg they said it wasn’t uninstallable weeks ago, but it is now. Also they said it wasn’t developed under Secure Future Initiative a few months ago.. but now say it was originally under SFI. The proof is in the pudding obviously so hands on tests will be required. They’ve locked it to Copilot+ PC systems now, which will limit research. https://www.theverge.com/2024/9/27/24255721/microsoft-windows-recall-ai-security-improvements-overhaul-uninstall
(DIR) Post #AmrdA10TGpSoDDB7Mu by GossiTheDog@cyberplace.social
2024-10-10T12:11:08Z
0 likes, 0 repeats
Microsoft need to go back and fix this if true, as Explorer shouldn’t be tied to Copilot and Recall. https://news.itsfoss.com/microsoft-windows-recall/
(DIR) Post #AmrdA1j8alC0Rk4mzQ by Jonly@mastodon.social
2024-10-10T12:27:31Z
0 likes, 0 repeats
@GossiTheDog so if i read this correctly you can uninstall it but your explorer gets downgraded to the old one?Thats pity but managable
(DIR) Post #AmrdA2LmH66KNa9eDY by GossiTheDog@cyberplace.social
2024-10-10T12:31:47Z
0 likes, 0 repeats
@Jonly they shouldn’t be tying base OS functionality to Recall
(DIR) Post #AmrdA2va7yk0AcuF1c by Jonly@mastodon.social
2024-10-10T12:44:23Z
0 likes, 0 repeats
@GossiTheDog of course Im just glad it doesnt completely turn into a brick if i do
(DIR) Post #AmrdA3aLgPLoD3ynZI by Haikyoneko@famichiki.jp
2024-10-10T13:02:03Z
0 likes, 0 repeats
@Jonly @GossiTheDog yet.
(DIR) Post #AmrdNMAftO0xcLJRaa by Jonly@mastodon.social
2024-10-10T13:03:16Z
0 likes, 0 repeats
@Haikyoneko @GossiTheDog i just want to use the computer without that crap 😭
(DIR) Post #AmrdOi8nh8QW2r58KW by Haikyoneko@famichiki.jp
2024-10-10T13:03:48Z
0 likes, 0 repeats
@Jonly @GossiTheDog Linux?
(DIR) Post #Amrdgh9k5wh4Cf686C by Jonly@mastodon.social
2024-10-10T13:08:00Z
0 likes, 0 repeats
@Haikyoneko @GossiTheDog I would rather not if avoidable
(DIR) Post #AmsiEDOrPPAq14ZUxs by Haikyoneko@famichiki.jp
2024-10-11T01:33:37Z
0 likes, 0 repeats
@Jonly @GossiTheDog in particular reason? I've recently switched to Linux Mint, and I couldn't be happier.I guess it depends on your use case, though.
(DIR) Post #AtK8kpiaNEhc1YScYC by GossiTheDog@cyberplace.social
2024-10-31T18:35:59Z
0 likes, 0 repeats
Microsoft have recalled Recall again.It still hasn't even made it to Insider preview yet, that's been delayed too, now in December.Good, by the way. They should take the time to get it right. I still don't know what they were thinking when they had the CEO stand on stage and say it was launching on devices 6 months ago and would be fully secure, when they hadn't even done a basic security review of it.https://www.theverge.com/2024/10/31/24284572/microsoft-recall-delay-december-windows-insider-testing
(DIR) Post #AtK8kql6VMJLFee97A by GossiTheDog@cyberplace.social
2024-10-31T18:43:32Z
0 likes, 0 repeats
I'd be surprised if it is released in December btw, as Redmond is a ghost town in the office from basically now until mid January. I guess a cynical version is they're trying to rush out the Insider preview during Christmas so nobody actually reviews it.. but, well, I don't think that would happen as it'd be another own goal. It probably needs 6 months in Insider release with a bug bounty, to avoid exploits dropping like Joker 2 at the box office on release.
(DIR) Post #AtK8krfT7nOi4T19yC by GossiTheDog@cyberplace.social
2024-11-19T16:16:28Z
0 likes, 0 repeats
In a newly released blog entitled "Windows: AI-powered, cloud-enabled, and secure", Microsoft say the business versions of Windows will ship with Recall disabled by default - IT departments will have to enable the feature before it is available. This is a smart move and frankly it was incredible that the original idea was to ship this enabled by default in business - it was never, ever going to fly and hopefully Microsoft is rightly humbled by the experience.https://techcommunity.microsoft.com/blog/windows-itpro-blog/windows-ai-powered-cloud-enabled-and-secure/4299069
(DIR) Post #AtK8ksSkAaoSXI4Vm4 by GossiTheDog@cyberplace.social
2024-11-20T22:44:38Z
0 likes, 0 repeats
Microsoft are getting positive press for calling Recall “one of the most secure experiences it has built”.I’d point out - they haven’t provided a Preview build to Insiders still, and there’s been no externally provided build (outside of NDA), so nobody has been able to assess the security and talk about it. There’s no specific bug bounty for it either.When they first announced Recall, they called it totally secure - which was laughably inaccurate. It feels like a lot of premature high fiving
(DIR) Post #AtK8ktBlTCpEmv8Swq by GossiTheDog@cyberplace.social
2024-11-23T20:43:37Z
0 likes, 0 repeats
Microsoft Recall is now available for testing. https://www.theregister.com/2024/11/22/microsoft_recall_release/It’s only available on Qualcomm Snapdragon-powered Copilot+ PCs. My feeling is we’re probably going to want to hook one up to the internet and hack RDP for unlimited sessions, to allow research - I’ll look into it. I’ve been told Recall is eligible for bug bounty as part of the Insider programme. I think the process is supposed to be sandboxed so in theory (my reading) the payout limit should be $20k.
(DIR) Post #AtK8ku8xv6BFkWpkDw by GossiTheDog@cyberplace.social
2025-04-11T15:46:43Z
0 likes, 1 repeats
Microsoft are rolling out Recall to users in Windows Insider (testing) before a wider rollout to all compatible systems. It's definitely one to watch (and yes, I am) from a security point of view.https://www.bbc.co.uk/news/articles/cj3xjrj7v78o
(DIR) Post #AtK8l5WPcGTJ2Qt7nU by GossiTheDog@cyberplace.social
2025-04-21T18:14:03Z
0 likes, 0 repeats
I've took a look at the past year of work Microsoft has done on Recall, which is due to roll out to compatible Windows devices soon tl;dr it's much better from a security and privacy point of view. My partner managed to hack my Recall memory in 5 minutes to browse prior Signal discussions, by guessing my Windows Hello PIN. There's a bunch of risks people who enable it need to understand.https://doublepulsar.com/microsoft-recall-on-copilot-pc-testing-the-security-and-privacy-implications-ddb296093b6c
(DIR) Post #AtK8lE41rA7DX0g5J2 by GossiTheDog@cyberplace.social
2025-04-21T18:18:07Z
0 likes, 0 repeats
I think the following groups should probably not enable Microsoft Recall
(DIR) Post #AtKIFDPRknAdmC4RPc by phaedral@mastodon.social
2025-04-21T19:08:00Z
1 likes, 0 repeats
@GossiTheDog No attorney should ever allow such a security risk, nore anyone with HIPPA duties.
(DIR) Post #AtL9Hg4PSaF4odI2SG by GossiTheDog@cyberplace.social
2025-04-21T20:22:43Z
0 likes, 1 repeats
Ars Technica have a good look at Recall too https://arstechnica.com/gadgets/2025/04/in-depth-with-windows-11-recall-and-what-microsoft-has-and-hasnt-fixed/
(DIR) Post #AtTAbpalQDuVMEHDEG by GossiTheDog@cyberplace.social
2025-04-23T11:37:58Z
0 likes, 0 repeats
One other Microsoft Recall observation, it records Citrix client sessions, even with anti-screen capture enabled.
(DIR) Post #AtTAbqVU1LHSC8oVdY by GossiTheDog@cyberplace.social
2025-04-25T18:55:43Z
0 likes, 0 repeats
Microsoft have announced, in a Friday night blog post, they are rolling out Copilot+ Recall to all compatible devices over the next month. https://blogs.windows.com/windowsexperience/2025/04/25/copilot-pcs-are-the-most-performant-windows-pcs-ever-built-now-with-more-ai-features-that-empower-you-every-day/
(DIR) Post #AtTAbr3rxUmnumtyEa by GossiTheDog@cyberplace.social
2025-04-25T19:15:06Z
0 likes, 1 repeats
Tabletop scenario for you:Employee gets into a dispute with employer, leaves, had sensitive role. Employer revokes access, devices etc. Employee had logged in via BYOD to email, IM etc. Due to Recall, employee walks away with 6 months of screenshots of everything she's ever worked on in a text indexed form - every email, chat, document, Teams call with video snapshots, transcripts of verbal calls etc - even if they set M365 to not store documents locally.What does the employer do now?
(DIR) Post #AtTPg0b3wlbbxWrmMq by simon_bitdiddle@mastodon.sandwich.net
2024-05-24T18:02:12Z
1 likes, 0 repeats
@GossiTheDog SQLite is in the short running for the Tom Midgley Jr. Award for Contributing to Terrible things.
(DIR) Post #AtTQTZqvefDhUcvLEm by hugo_the_baerliner@berlin.social
2024-05-25T04:10:51Z
1 likes, 0 repeats
@GossiTheDogWhat I find most shocking is the disastrous #ITsecurity concept. Which is simply not there.Apple would have stored the data in an inaccessible, encrypted area and only given the AI engine access.----Such functions should always be optional, the user should be able to make an informed decision very easily. In other words, they should be asked for brief background information. And above all, the data must be protected according to its sensitivity.#Copilot #copilotplus
(DIR) Post #AuKTe5bdROJCycLOzY by GossiTheDog@cyberplace.social
2025-05-21T16:56:10Z
0 likes, 1 repeats
Signal have rolled out an update to all users that stops Microsoft Recall from capturing Signal conversations. I’ve tested this and it works. Brilliant work by the @signalapp team. 💪They call on Microsoft to build better, as there was no standardised way as an app developer to do this. Because Signal is open source, now app developers have a template to protect their users from Windows. https://signal.org/blog/signal-doesnt-recall/
(DIR) Post #AuKnSUjoApNcWuuq1o by tyil@fedi.tyil.nl
2025-05-21T23:48:48.269Z
0 likes, 0 repeats
@GossiTheDog@cyberplace.social @signalapp@mastodon.world I’ve tested this and it works.How long before Microsoft makes it impossible to block screenshots, or gives its own applications the ability to override any such blocks, though... You're working in the confines of a proprietary OS, you'll always be beholden to the whims of the company producing it, and its very unlikely they will just accept that you outsmarted them.A better solution would be to simply stop offering Windows builds, and inform Windows users that it is not possible to provide a safe, secure and/or private chat application (or any other application, really) on such an OS.
(DIR) Post #AwzcA3mxJEDKItSHey by GossiTheDog@cyberplace.social
2025-06-20T11:10:29Z
0 likes, 0 repeats
I found an interesting Microsoft Recall issue with the latest version - Recall is enabled on my PC, but the tray icon (bottom right) saying it is running is missing.Edit: after a reboot, it's back. I'll keep an eye on it. After the latest Windows Update the UI wasn't visible, but it was still recording.
(DIR) Post #AwzcA58yGrQ0VSlNc8 by GossiTheDog@cyberplace.social
2025-07-23T22:44:24Z
0 likes, 0 repeats
Brave are blocking Microsoft Recall by default, hopefully Vivaldi follow. https://www.bleepingcomputer.com/news/security/brave-blocks-windows-recall-from-screenshotting-your-browsing-activity/
(DIR) Post #AwzcA5mJuYtUTVAnwm by GossiTheDog@cyberplace.social
2025-08-08T20:31:06Z
0 likes, 0 repeats
The Register took a look at Microsoft Recall and found it captured personal information, such as social security numbers and such in its database.They also found they could access it remotely using TeamViewer, using just a PIN.https://www.theregister.com/2025/08/01/microsoft_recall_captures_credit_card_info/
(DIR) Post #B2T7f7Zy14u0zTxHtI by GossiTheDog@cyberplace.social
2025-10-28T10:29:18Z
0 likes, 0 repeats
I still use Recall on my development laptop, and actually use the feature quite a lot through testing Recall... and yet, I've started to get regular engagement prompts to use it lately.To me this strongly suggests people aren't actually using it in the wild as MS are trying to juice numbers via nudge prompts.On a separate note I also got prompted to change my default browser to Edge (I use Vivaldi) and my search engine to Bing when switching on my laptop today 🤦
(DIR) Post #B2T7f8ec1IDEKB8Vlo by GossiTheDog@cyberplace.social
2026-01-19T21:27:16Z
0 likes, 0 repeats
Microsoft are upselling security controls for Microsoft Recall, which allow orgs to limit what it records specifically - if the org pay for Microsoft Purview. I’ve had a look at how this works under the hood, it is using undocumented features in Recall. https://learn.microsoft.com/en-us/purview/dlp-recall-get-started
(DIR) Post #B2T7f9jc0Bo1fyU1Ca by gerowen@mastodon.social
2026-01-20T05:10:50Z
1 likes, 0 repeats
@GossiTheDog Didn't they get yelled at a year or so ago because of some breach of government systems that didn't get caught because they were charging extra for event logging or something? Kinda feels like if somebody is paying for your product, they should get the whole product, not just bits and pieces.