this post was submitted on 07 Jun 2024
299 points (95.4% liked)

Technology

59605 readers
3444 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Norgur@fedia.io 3 points 5 months ago* (last edited 5 months ago) (1 children)

So your reply is, “but other people don't read…”? Yeah, I'm not “other people”, so stop making me a scapegoat for behavior you've seen elsewhere (and on which I agreed with you, btw).

Yet, you misunderstood my comment: Copilot is important. It not being encrypted is important (and hilariously naive). Where they put the turn on or off option in the setup menu ultimately is not. I wrote that pretty clearly. Didn't you read my answer? That was the only information I could have gotten from the article I didn't have already. Thing is: If I had read it (from a Screenshot I wouldn't have seen anyway because I normally use reading mode, no less), I would still have commented on the dark patterns Microsoft uses to get you to send your “telemetry” to them.

I have since skipped through the article and literally the only thing in there I didn't know were those stupid screenshots. So why the heck would I read the article when I had read others just like it?

You just saw something you'd been irritated about in other places and treated me (and others here) as if we were the offenders behind the things you saw as well, lashing out without provocation and felt justified because "it happens all the time". While some of that's correct, the people you went and "showed'em" aren't the source of all evil, so skip the scapegoat bullshit and be civil towards people you've never talked to before, will ya?

[–] MudMan@fedia.io 1 points 5 months ago (1 children)

Yeah, see, here's how I know I'm not scapegoating you and you also didn't read it.

The article clearly explains they WILL in fact encrypt it and require a passkey to access it once per session.

So yeah, no, my condescension is exactly about you. And others. But also you.

[–] Norgur@fedia.io 1 points 5 months ago (1 children)

Are you really this dense? The whole opt-in thing comes because Researchers found that Recall wasn't encrypting shit and there was already a tool out to scrape this data automatically (Totalrecall). That was what I mentioned there. Come on, you must be trolling now. This is just laughable. But so you can't be half-read my comments and make it fit your argument again, it's even in the bloody article:

Microsoft’s changes to the way the database is stored and accessed come after cybersecurity expert Kevin Beaumont discovered that Microsoft’s AI-powered feature currently stores data in a database in plain text. That could have made it easy for malware authors to create tools that extract the database and its contents. Several tools have appeared in recent days, promising to exfiltrate Recall data.

[–] MudMan@fedia.io 4 points 5 months ago

Yes, I am aware. I read about that yesterday, and yes, I did read it again at the bottom of this piece. It was really bad.

Which is presumably why, a couple of paragraphs above, they explain that:

Microsoft will also require Windows Hello to enable Recall, so you’ll either authenticate with your face, fingerprint, or using a PIN. “In addition, proof of presence is also required to view your timeline and search in Recall,” says Davuluri, so someone won’t be able to start searching through your timeline without authenticating first.

This authentication will also apply to the data protection around the snapshots that Recall creates. “We are adding additional layers of data protection including ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates,” explains Davuluri. “In addition, we encrypted the search index database.”

Here's the thing, it shouldn't take somebody calling you out on it on the Internet and engaging in a defensive back-and-forth driven by pride for you to actually read the thing. Commenting should be secondary to following the link and figuring out what's actually happening. But it's not. That is the part that pisses me off. Not the stupid feature that is still bad even without glaring security holes. Only partially the stupid rooting for commerical products like they're football teams. Fundamentally that our consumption patterns when it comes to information are broken and we think it only affects everybody else but not us.

That part is terrifying and infuriating.