this post was submitted on 21 Dec 2024
37 points (100.0% liked)

Privacy

0 readers
1 users here now

Everything about privacy (the confidentiality pillar of security) -- but not restricted to infosec. Offline privacy is also relevant here.

founded 1 year ago
MODERATORS
ciferecaNinjo@fedia.io
37
"Microsoft’s Recall feature recently made its way back to Windows Insiders after having been pulled from test builds back in June, due to security and privacy concerns. The new version of Recall (tldr.nettime.org)
submitted 1 week ago by remixtures@tldr.nettime.org to c/privacy@fedia.io
3 comments fedilink hide all child comments
 

"Microsoft’s Recall feature recently made its way back to Windows Insiders after having been pulled from test builds back in June, due to security and privacy concerns. The new version of Recall encrypts the screens it captures and, by default, it has a “Filter sensitive information,” setting enabled, which is supposed to prevent it from recording any app or website that is showing credit card numbers, social security numbers, or other important financial / personal info. In my tests, however, this filter only worked in some situations (on two e-commerce sites), leaving a gaping hole in the protection it promises.

When I entered a credit card number and a random username / password into a Windows Notepad window, Recall captured it, despite the fact that I had text such as “Capital One Visa” right next to the numbers. Similarly, when I filled out a loan application PDF in Microsoft Edge, entering a social security number, name and DOB, Recall captured that. Note that all info in these screenshots is made up, but I also tested with an actual credit card number of mine and the results were the same."

#Microsoft #MicrosoftRecall #DataProtection #Privacy

https://www.tomshardware.com/software/windows/microsoft-recall-screenshots-credit-cards-and-social-security-numbers-even-with-the-sensitive-information-filter-enabled

top 3 comments
sorted by: hot top controversial new old
[–] lobut@lemmy.ca 18 points 1 week ago (1 children)

I don't see how you can build this feature without it being a security nightmare.

[–] marcos@lemmy.world 3 points 1 week ago

You encrypt everything with a hardware-specific key that only the computer owner has access to. (Possibly on a removable token.)

That is, if it is a single user computer. This is not the kind of functionality you can make a widespread installation. Any blind widespread installation of something like this is an attack, and will physically harm people.

[–] neidu3@sh.itjust.works 1 points 1 week ago

I'm just gonna leave this here in case someone finds it relevant for some reason: https://www.linuxmint.com/download.php