Conversation

Notices

1. Embed this notice
   evacide (evacide@hachyderm.io)'s status on Wednesday, 22-May-2024 09:28:59 JST evacide

   "...a would-be hacker would need to gain physical access to your device, unlock it and sign in before they could access saved screenshots."

   I've got some news for Microsoft about how domestic abuse works.

   https://www.bbc.com/news/articles/cpwwqp6nx14o

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     wrosecrans (wrosecrans@mstdn.social)'s status on Wednesday, 22-May-2024 16:54:28 JST wrosecrans

     in reply to

     @evacide I absolutely believe you there. But I still struggle to understand why it got implemented. There are a zillion other obvious reasons it's a bad feature that one would notice even if they weren't sensitive to that specific issue.

     This is gonna have screenshots of HIPAA protected data. Trade secrets. API keys. Passwords. HR department PII. GDPR protected stuff. On and on and on.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     evacide (evacide@hachyderm.io)'s status on Wednesday, 22-May-2024 16:54:30 JST evacide

     in reply to

     • wrosecrans

     @wrosecrans This feature is being implemented because there were zero survivors of domestic abuse involved the high-level decision-making.

   • Embed this notice
     wrosecrans (wrosecrans@mstdn.social)'s status on Wednesday, 22-May-2024 16:54:31 JST wrosecrans

     in reply to

     @evacide

     ... as opposed to all the would-be hackers who have never thought to try to unlock a device and sign into it, or access data without proper credentials.

     It's like Microsoft is just sort of taunting hackers to try and get it broken as quickly as possible for some reason. Is this feature being implemented because somebody lost a bet, or the NSA has compromat on Nadella, or what?

   • Embed this notice
     wrosecrans (wrosecrans@mstdn.social)'s status on Wednesday, 22-May-2024 16:55:17 JST wrosecrans

     in reply to

     • Misuse Case

     @MisuseCase If I had to guess, the feature is not compliant with Microsoft's own legal department's retention policy, and Microsoft's lawyers are about to scream about the fact that if MS gets sued, the blast radius for document discovery just exploded if they don't disable it internally.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Misuse Case (misusecase@twit.social)'s status on Wednesday, 22-May-2024 16:55:18 JST Misuse Case

     in reply to

     • wrosecrans

     @wrosecrans @evacide Nobody consulted a policy and compliance specialist about this. It’s shocking that Microsoft didn’t get input from at least one. This would violate a lot of data protection policies for many enterprise customers.