Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 14-Jun-2024 23:22:04 JST Kevin Beaumont

   If anybody wonders if Recall classifies what porn you watch, yes. Aside from OCRing text it also classifies images in videos.

   9 minute 50 second mark in this, screen is blurred for obvious reasons.

   https://youtu.be/2GTI00pFcLc?si=EiBEaJ7Lh66fqRff

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 15-Jun-2024 03:50:58 JST Kevin Beaumont

     in reply to

     Here’s the clip translated around adult content with Microsoft Recall.

     They filter search terms in English like naked - but don’t filter it in other languages.

     Everything you view - including in videos - is classified and stored in the database.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 15-Jun-2024 09:12:00 JST Kevin Beaumont

     in reply to

     This is pretty good - detecting Microsoft Recall misuse for data exfil. https://youtu.be/SV9-dn-5uEY?si=jVz9sC4A2wKxeiBt

     I tested this against the latest release of Recall and both TotalRecall and these detections still work.

     Obviously Recall may well alter before it hits Insider preview channel, nobody needs to rush out detections yet.

     Btw all through this saga, Microsoft Defender never triggered Recall specific alerts for me. Sophos did.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 15-Jun-2024 17:38:24 JST Kevin Beaumont

     in reply to

     Nail on head.

   • Embed this notice
     Khleedril (khleedril@cyberplace.social)'s status on Saturday, 15-Jun-2024 17:45:17 JST Khleedril

     in reply to

     @GossiTheDog Rubbish. This is nothing to do with software not being tested, but the pure arrogance of a company on an insidious path to steal every scrap of data from its entire clientele, including potential rival businesses and take-over targets.

   • Embed this notice
     Khleedril (khleedril@cyberplace.social)'s status on Saturday, 15-Jun-2024 17:54:47 JST Khleedril

     @GossiTheDog Come on, anybody with eyes knows where they are going.

   • Embed this notice
     Khleedril (khleedril@cyberplace.social)'s status on Saturday, 15-Jun-2024 18:16:21 JST Khleedril

     @GossiTheDog Ok. I respect your authority on this subject and admire your work, but I think you are being a little naive here. We'll see where we are in ten years' time!

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 16-Jun-2024 10:34:00 JST Kevin Beaumont

     in reply to

     Apple on Microsoft Recall.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 18-Jun-2024 05:19:50 JST Kevin Beaumont

     in reply to

     Windows 11 24H2 preview release has been rereleased (but only for Copilot+ devices). It doesn’t include Recall any more.

     https://www.pcworld.com/article/2370043/windows-11s-latest-update-is-kind-of-insane-in-a-bad-way.html

     Additionally the Copilot+ PCs now have an update which enables the other AI features. This wasn’t available until a few hours ago, hence the lack of unsupervised reviews of the devices. It means you will see those reviews drop after the devices launch tomorrow.

   • Embed this notice
     Maxi 10x 💉 (frumble@chaos.social)'s status on Friday, 21-Jun-2024 04:23:53 JST Maxi 10x 💉

     @GossiTheDog So, the next time, we should better shut up and giggle in anticipation?

   • Embed this notice
     Maxi 10x 💉 (frumble@chaos.social)'s status on Friday, 21-Jun-2024 04:34:40 JST Maxi 10x 💉

     @GossiTheDog My point is destroying Microsoft’s reputation is a good thing in the long run. ;)

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 29-Jun-2024 07:52:06 JST Kevin Beaumont

     in reply to

     There’s a website which gives some insight into how the UI and marketing push for Copilot+ Recall came together. The actual video appears to have gone MIA.

     https://www.iamp.at/work/introducing-recall

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 29-Jun-2024 07:59:19 JST Kevin Beaumont

     in reply to

     • John Hammond

     .@JohnHammond’s video on Recall is great, and a lot of fun - should also history being rewritten on this one later.

     https://youtu.be/JujkOmvbgGw

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 01-Jul-2024 06:14:01 JST Kevin Beaumont

     in reply to

     I got ahold of what I think is the latest Microsoft Recall (Copilot+ Recall? Nobody knows the branding) build and.. well.. Total Recall still works with the smallest of tweaks to export the database, it's still accessible as a plaintext database with marketing as the security layer.

     Another observation, the Recall backlog must be very large as it's just becoming a truck load of features being dumped on.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 01-Jul-2024 06:31:22 JST Kevin Beaumont

     in reply to

     One thing MS needs to fix in Recall, before the Insider canary build hits again, is the MSRC bug bounty.

     As far as I can see, if you find a critical or high in Recall it qualifies for *drumroll* $1k bounty, unless I'm misinformed.

     That probably needs clarifying as nobody is going to sell photographic memory access to Windows devices to MS for that value.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 04-Jul-2024 22:23:31 JST Kevin Beaumont

     in reply to

     Linus Tech Tips on Copilot+ and Recall, after their embargo lifted. https://youtu.be/w5h_1Buf54I

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 06-Jul-2024 05:19:57 JST Kevin Beaumont

     in reply to

     Microsoft have started running paid adverts for Recall, apparently unaware the feature didn’t ship. https://www.tomshardware.com/software/windows/new-microsoft-ads-tout-unavailable-recall-feature-dont-mention-it-was-indefinitely-delayed-due-to-privacy-concerns

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 16-Jul-2024 19:33:42 JST Kevin Beaumont

     in reply to

     Something about Recall which I don’t think got enough (any?) coverage is it was marketed by Satya as using the NPU.. but it didn’t.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 29-Jul-2024 23:20:36 JST Kevin Beaumont

     in reply to

     Should Microsoft Recall ever reappear I plan to keep checking how secure it is, because the next evolution of security cannot be Microsoft pouring petrol onto the infostealer fire. https://www.wired.com/story/infostealer-malware-password-theft/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 03-Aug-2024 06:15:15 JST Kevin Beaumont

     in reply to

     XDA Developers, who were a good source of behind the scenes info during the Microsoft Recall saga, are saying Microsoft have kicked Recall into the long grass and they think it may never launch. https://www.xda-developers.com/thread/microsoft-wants-you-to-forget-about-copilot-recall-it-seems/

     It’s been almost two months since Microsoft said it would launch for Insiders in “weeks” instead.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 22-Aug-2024 03:31:10 JST Kevin Beaumont

     in reply to

     Microsoft now say Recall will available for Insider testing in October on select Copilot+ PCs.

     As a community we’ll need to test the security implications out extensively.

     Due to hardware requirements this will obviously be a problem, unless we can hack it to install on non-NPU systems again - I don’t know if that has been ‘fixed’ or not.

     https://www.theverge.com/2024/8/21/24225439/microsoft-recall-windows-ai-feature-october-testing

     GreenSkyOverMe (Monika) repeated this.
   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 02-Sep-2024 21:07:40 JST Kevin Beaumont

     in reply to

     The Microsoft Recall saga continues - Microsoft accidentally introduced the ability to uninstall it. They say this was an error and you won’t be able to uninstall it in the future. https://www.theverge.com/2024/9/2/24233992/microsoft-recall-windows-11-uninstall-feature-bug

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 28-Sep-2024 03:02:55 JST Kevin Beaumont

     in reply to

     Recall is back.

     Overall the planned changes here are much more robust.

     Some of the things are boomerangs - eg they said it wasn’t uninstallable weeks ago, but it is now. Also they said it wasn’t developed under Secure Future Initiative a few months ago.. but now say was originally.

     The proof is in the pudding obviously so hands on tests will be required. They’ve locked it to Copilot+ PC systems now, which will limit research.

     https://www.theverge.com/2024/9/27/24255721/microsoft-windows-recall-ai-security-improvements-overhaul-uninstall

   • Embed this notice
     gz (godzero@sfba.social)'s status on Saturday, 28-Sep-2024 04:51:39 JST gz

     in reply to

     @GossiTheDog
     Why would anyone believe them regarding these changes? They could still turn it on surreptitiously and store/look at whatever data they wanted.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 10-Oct-2024 21:11:21 JST Kevin Beaumont

     in reply to

     Microsoft need to go back and fix this if true, as Explorer shouldn’t be tied to Copilot and Recall. https://news.itsfoss.com/microsoft-windows-recall/

   • Embed this notice
     Jonly (jonly@mastodon.social)'s status on Thursday, 10-Oct-2024 21:32:00 JST Jonly

     in reply to

     @GossiTheDog so if i read this correctly you can uninstall it but your explorer gets downgraded to the old one?
     Thats pity but managable

   • Embed this notice
     Edgar Whelp (edgarwhelp@cyberplace.social)'s status on Thursday, 10-Oct-2024 21:35:21 JST Edgar Whelp

     in reply to

     @GossiTheDog you can remove it with DISM without breaking explorer.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 01-Nov-2024 03:36:15 JST Kevin Beaumont

     in reply to

     Microsoft have recalled Recall again.

     It still hasn't even made it to Insider preview yet, that's been delayed too, now in December.

     Good, by the way. They should take the time to get it right. I still don't know what they were thinking when they had the CEO stand on stage and say it was launching on devices 6 months ago and would be fully secure, when they hadn't even done a basic security review of it.

     https://www.theverge.com/2024/10/31/24284572/microsoft-recall-delay-december-windows-insider-testing

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 01-Nov-2024 03:43:49 JST Kevin Beaumont

     in reply to

     I'd be surprised if it is released in December btw, as Redmond is a ghost town in the office from basically now until mid January.

   • Embed this notice
     niffnaff (niffnaff@cyberplace.social)'s status on Friday, 01-Nov-2024 16:13:12 JST niffnaff

     in reply to

     @GossiTheDog a conspiracy theory I have is that Recall has been developed for the Visual Capturing feature in Purview Insider Risk for better indexing of user activity. Somebody realised it was better purposed to ship to consumers. 0 proof but otherwise I really don’t understand what even brought the idea of Recall to life; literally nobody asked for it.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 20-Nov-2024 01:17:02 JST Kevin Beaumont

     in reply to

     In a newly released blog entitled "Windows: AI-powered, cloud-enabled, and secure", Microsoft say the business versions of Windows will ship with Recall disabled by default - IT departments will have to enable the feature before it is available.

     This is a smart move and frankly it was incredible that the original idea was to ship this enabled by default in business - it was never, ever going to fly and hopefully Microsoft is rightly humbled by the experience.

     https://techcommunity.microsoft.com/blog/windows-itpro-blog/windows-ai-powered-cloud-enabled-and-secure/4299069

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 21-Nov-2024 07:44:56 JST Kevin Beaumont

     in reply to

     Microsoft are getting positive press for calling Recall “one of the most secure experiences it has built”.

     I’d point out - they haven’t provided a Preview build to Insiders still, and there’s been no externally provided build (outside of NDA), so nobody has been able to assess the security and talk about it. There’s no specific bug bounty for it either.

     When they first announced Recall, they called it totally secure - which was laughably inaccurate. It feels like a lot of premature high fiving

   • Embed this notice
     Andrew Golding (huronbikes@cyberplace.social)'s status on Thursday, 21-Nov-2024 08:15:37 JST Andrew Golding

     in reply to

     @GossiTheDog the statement could still be accurate and "most secure experiences it has built" is incredibly low bar including the old Windows 95 authentication control users could just close.