this post was submitted on 01 Jun 2024
0 points (NaN% liked)
Technology
59672 readers
2965 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is a feature hundreds of millions of people will use and very likely won't cause any security issues. These doomsday scenarios every Linux user here is predicting is a bit much, don't you think so?
Oh it WILL cause security issues. It's just a tradeoff against if they are worth the benefits.
There likely won't be anything major while 1. 4 billion people will benefit. Security measures will be adapted for this new feature.
This same thing happened before, a lot of panic for nothing.
Define "new security measures"
I don't know. We will both be able to discover them when the features are deployed.
This is a senseless hysteria about how this is horrible and... I don't even want to go into all the dumb shit I read.
Are you braindead? Yes yes taking regular screenshots of the desktop can't possibly be a security risk, right?
You can define almost anything as a security risk. But we aren't children to play such stupid games.
We are talking about someone gaining that information and the probability of that happening without even knowing what security mesaures will be in place. I think the risk is negligible even today with the limited information about it that we have now. Other People here, presumably you as well are hysterical about it.
Thats what the discussion is. You actually believe Microsoft will launch this and then everybody will be hacked or something. I think that is... not smart.
No, I don't think "everyone will get hacked or something", don't put words in my. I mouth for the sake of your argument.
What it is, and this is undeniable, is a massive fucking privacy and security hole if someone gains control of your computer.
I didn't want to put words in your mouth, but wanted to clear up where each of us stand so there is no missunderstanding.
If somebody gains control of your computer today, that's a massive privacy and security hole in itself.
If you didn't want to put words in someone's mouth then you shouldn't have said something like
Oh a knight in shining armour trying to defend my dialogue partner?
Did you ask anyone needed defense? Because I'm pretty sure they don't.
If you read carefully I wrote "or something" at the end implying that I don't know exactly what they believe. It was not that subtle of invitation for them to agree with my first assessment or correct me. I will try to be really blunt in the future, so that you don't missunderstand again.
? I'm not defending anyone, I'm calling out bullshit when I see it
I don't really care that you like watching kids through their bedroom windows or whatever
If that doesn't accurately describe your views, no worries—I said "or whatever," so it's fine
What a dumb and petty response.
Bye.
Absolutely, but even with control of your computer, if you're smart, other accounts etc will still be inaccessible by the attacker.
Not when they get access to the Windows built in desktop spy saving everything it sees.
Not if it's encrypted and if sensitive information is not saved.
Main point is still that gaining control of someone's computer against their will is practically impossible today. If someone manages to do it, they already have your files and all the sensitive information they could want. They won't even bother with this recall. And if you are worried about it, you will be able to just turn it off.
Much ado about nothing.
"If sensitive information is not saved" is doing a lot of heavy lifting for you there. The issue is that it saves everything.
But it doesn't save completely everything. It does snapshots as far as I understand. So it's unlikely a whole password would be there on a snapshot. And again, it had to be mentioned that anything can be excluded from recall or disabled completely.
At this point it has to be again highlighted that gaining access to a computer is very hard and that in itself is game over scenario. More information can be gained from a keylogger than this recall feature.
A keylogger isn't retroactive to before the keylogger was installed though. Recall is. Also, with Recall you don't need to write keylogging software and get it past antimalware scans (and keep it from getting detected), you just have to get an infostealer past them one single time to take the Recall database.
It's very unlikely you could get the password from recall
????? It saves everything it sees that's the point ?????
Not the same as a snapshot.
The video posted by Moorshou literally shows someone getting a password and a credit card number from it. Yes, the password was due to someone clicking the show password button momentarily but do we just never expect people to use those or to not use a password manager that would show the password on screen at some point? Due to it doing text recognition, you would literally be able to just search for "credit card" to find all the times when it was displaying a credit card field on a checkout page or "password" to find all the times someone is logging in or using their password manager. And that's using the built in search, not even exfiltrating the data and processing it with more specialized tools.
You really need to watch that video to see what it can do and how easily it can do it.
We've seen it before, it's not idle speculation. Windows machines have been the hosts of the largest botnets in the world. Whenever a company does something stupid like this it invariably gets into the wrong hands. It's not even a question of if it will happen just when it will happen.
Oh and it's not "Linux users" saying it, it's everybody with an ounce of technical common sense. We're all here shouting at Microsoft "it's a bad idea" and they won't care and it will go exactly as badly as predicted.
Which kinda correlate with each other. Which allows for a certain bad faith argument to be made.
Yes, we have seen it many times before. Much ado about nothing. New feature that will mean some new security measures. Everybody will move on and in a year nobody will remember how some people in the Linux community were panicking.
I will never find out exactly when your bank data is stolen because of this, so I'm just going to laugh about it now.
Go ahead laugh. Because you will indeed forget all about it and never remember your doubts and panic laughter as nothing will happen.
Did you read the article?
This system basically do a character recognition on EVERYTHING the user is displaying and save the results in a very small file not that well protected.
The data is very small (I guess because it's basically text?), seems easy to find. That means the history of all you did on your computer (apparently only for the last three feays by default,but well...) can be stolen at once, in a minuscule file.
I'm not an IT specialist, but I don't see in which world this can remotely be a good idea...
As I understand not everything will be read and stored, storage will be encrypted. We don't even know what exactly will be stored and everybody here is losing their mind.
We already have a lot of sensitive information on our computers and nobody is panicking.
I guess it's hard to get used to new stuff. Or maybe Linux users are afraid that their favourite system won't be able to compete anymore.
You didn't read the article.
We do know the answers to these questions. And if I can use a 2 line script to exfiltrate all your screen data for days/weeks in under a few MB of data.
So better hope you, never, ever, ever run unauthorized or malicious code, because now it basically has a honeypot of top priority data, always stored in a known location and compressed for easy uploads.
What kind of malicious code would be able to do that?
Do I have to continue or do you think you could actually read the article for the rest? It's clearly a bigger deal than "linux users mad because windows better" and your poor excuse for a troll just makes it look like you're too stupid to read the article laid out in front of you. Well, now you have no excuse so get good.
Sorry I don't take everyones word as truth. This guy is just one guy. One guy against the whole Microsoft corporation whose entire fortune depends on this not to fail in the way he said it certainly will. Absurd.
Lol you're hopeless.
Lol you believe everything lol.
Have fun with that.
I will, together with 1.4 billion people who will do the same.
Based on what Microsoft themselves said we know: everything will be stored (except edge private session...). They specifically say they don't do content moderation: they log everything.
Did you read the article?
As a windows user I'm not delighted by this.
Edit: at this point you must be trolling...
If you are so afraid, you can just turn it of. You are aware of this are you not?
OK if you think I'm trolling, why did you answer?
I give you the benefit of the doubt you are a reasonable person who can go beyond their emotions of a feature of an os. And the emotions this article stirred.
Hahahahaha. Oh wait, you're serious? Let me laugh even harder. HAHAHA
You are the clown with a sign: the end is nigh. You are being naive.
You're being exceptionally - and genuinely stupidly - naiive.
Sure. Why not. These hysterical people here panicking are the chosen ones that know and understand everything.