this post was submitted on 08 Jun 2024
1650 points (97.5% liked)

Technology

60052 readers
2821 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

It's a nightmare scenario for Microsoft. The headlining feature of its new Copilot+ PC initiative, which is supposed to drive millions of PC sales over the next couple of years, is under significant fire for being what many say is a major breach of privacy and security on Windows. That feature in question is Windows Recall, a new AI tool designed to remember everything you do on Windows. The feature that we never asked and never wanted it.

Microsoft, has done a lot to degrade the Windows user experience over the last few years. Everything from obtrusive advertisements to full-screen popups, ignoring app defaults, forcing a Microsoft Account, and more have eroded the trust relationship between Windows users and Microsoft.

It's no surprise that users are already assuming that Microsoft will eventually end up collecting that data and using it to shape advertisements for you. That really would be a huge invasion of privacy, and people fully expect Microsoft to do it, and it's those bad Windows practices that have led people to this conclusion.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 36 points 6 months ago* (last edited 6 months ago) (1 children)

I've worked extensively in the Enterprise environment, and data exfiltration is a massive concern for any company with intellectual property, which is most of them.

Having data leak at all, another vector for exfiltration, is a huge huge risk.

Heck, I'd be surprised if Microsoft itself let its own developers run Total recall

[–] [email protected] 20 points 6 months ago* (last edited 6 months ago) (1 children)

As an infosec professional for way longer than I care to remember, you are preaching to the choir. That said, all of our clients are both large enterprise and critical infrastructure, and they all log (and mine) everything. Not only that, they are shipping this directly to third parties. It makes me break out into a cold sweat every time I think about it, but here we are.

PS: OK, all the US based ones. Our EU based client does not do this to my knowledge and I assume it has to do with EU regulations, but that's just a wild guess.

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago)

Good point. But the companies are at least controlling the data pathway, being aware of it, signing off on it, doing it for their benefit.

And I imagine at least for the US companies, every company they exfiltrate data to, is contractually obligated to keep their data private