• gravitas_deficiency@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    106
    arrow-down
    2
    ·
    edit-2
    5 months ago

    It’s entirely a nonstarter for entire fucking industries. That’s not hyperbole. I work in one of them.

    Edit: scratch that - If any infosec team, anywhere, in any industry, at any corporation or organization, doesn’t categorically refuse to certify for use any system that is running MS Recall, they should be summarily fired and blackballed from the industry. It’s that bad. For real: this is how secrets (as in, cryptographic) get leaked. The exposure and liability inherent to this service is comical in the extreme. This may actually kill the product.

    E2: to the title’s implication that such trust can be earned: it kinda can’t. That’s basically the point of really good passwords and secrets (private keys, basically): nobody else knows them. To try to dance around that is fundamentally futile. Also: who am I kidding, this shit will sell like hotcakes. Everyone’s on fucking Facebook, and look how horrifically they exploit everyone’s data for goddamn everything. This isn’t much worse than that to the average mostly-tech-illiterate consumer.

    • ziviz@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      55
      arrow-down
      1
      ·
      5 months ago

      Accounting details, sensitive credentials for sys admin use, HIPAA data, PII etc. there’s just so much crap understood to be temporarily unlocked, viewed, and then immediately deleted or locked again. Even home users shouldn’t turn this thing on, check your bank? Balance and account details now always available. Use a password manager? Whatever you looked at is likely captured.

      • tal@lemmy.today
        link
        fedilink
        English
        arrow-up
        30
        arrow-down
        1
        ·
        edit-2
        5 months ago

        Using it may not be legal for videoconferencing in states and countries where recording without notification is illegal.

        Also, legalities aside, if there is any application that might be displaying the contents of one’s laptop webcam onscreen, that turns it into something that logs a series of snapshots of that (and then OCRs any text that the camera can see). I can see potential problems there.

      • NateNate60@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        1
        ·
        5 months ago

        Microsoft’s solution will be to remove the feature from Enterprise versions of Windows while keeping it around for the plebs using Pro and Home

        • Morphit @feddit.uk
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          1
          ·
          5 months ago

          Their solution is to let users filter out websites in compatible browsers. This lets them blame the user for not marking sensitive websites as such. I don’t know if native applications can also be filtered.

          Of course they also filter out precious DRM protected content. You wouldn’t steal a series of JPEGs.

    • helenslunch@feddit.nl
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      to the title’s implication that such trust can be earned: it kinda can’t. That’s basically the point of really good passwords and secrets

      Most people use and recommend encrypted password managers on remote servers. Which is fine, so long as the encryption is open source and audited and the company has a good and long positive reputation.

      MS has none of these things.