You allow BYOD so people can pick up webmail and such. It’s okay, because when they leave you revoke their access, and your MDM removes all business data from the machine
What the employee does: opens Recall, searches their email, files etc and pastes the data elsewhere.
Nothing is removed from Recall, as it is a photographic memory of everything the former employee did.
Security and privacy researchers - You can now install Copilot+ Recall on any ARM hardware (doesn’t need an NPU) or in Azure VMs.
Guide from @detective
The devices launch THIS MONTH to customers so I suggest people look at this.
Nvidia just announced that Copilot+ and Recall are coming to AMD systems. https://www.theverge.com/2024/6/2/24169568/microsoft-copilot-plus-gaming-pc-nvidia-amd
Somebody made a tool called Total Recall to dump Recall database and screenshots. https://x.com/xaitax/status/1797349055917416457?s=46
Recent DHS published report handed to the US President which said it had "identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management"
Microsoft: let’s use AI to screenshot everything users do every 5 seconds, OCR the screenshots, make it searchable and store it in AppData!
Searching Recall database for passwords with @awakecoding
If anybody is wondering if you can enable Recall on a machine remotely without Copilot+ hardware support - yep.
I’ve also found a way to disable the tray icon.
I went and looked at YouTube for Recall to get out of the echo chamber and I can only find one positive video. Even the people at the event are slating it, including people with media provided Copilot+ PCs.
There’s some content creators who’ve realised it records their credit cards, so they’re making videos of their cards going walkies.
It’s going to be interesting to see how Microsoft get out of this one. They may have contractual commitments to ship Recall with external parties.
I thought they were risking crashing the Copilot brand with this one, but I was wrong looking at the videos and comments on them - I think they’re crashing the Windows consumer brand.
The reaction to photographic memory of what people do at home has - you’ll be surprised to know - not been seen as a reason to buy a device, but a reason why not to.
Windows Central, about the only outlet giving Recall positive coverage and having articles tweeted by Microsoft staff - have updated their take after being hands on with a device. https://www.windowscentral.com/software-apps/windows-11/microsoft-should-recall-windows-recall-security-researcher-finds-microsofts-new-ai-tool-woefully-insecure
Microsoft has been declining to comment on criticism of Recall for a week - but they have apparently told a journalist off the record at Future that changes will be made before Copilot+ devices drop in the coming days.
This may include an attempt to invalidate researcher criticism, we’ll see.
WIRED has a piece about Total Recall, a now released tool which dumps keypresses, text and screenshots (they’re JPEGs) from Microsoft Recall
https://www.wired.com/story/total-recall-windows-recall-ai/
Total Recall software by @xaitax https://github.com/xaitax/TotalRecall
Example search for ‘password’:
C:\Users\alex\Downloads\TotalRecall\2024-06-04-13-49_Recall_Extraction\TotalRecall.txt
I hadn’t been aware until today of the external reaction to Recall. Holy shit. Tim Apple must be pleased.
Everything from media coverage to YouTube to TikTok is largely negative. All the comments are negative.
These videos have tens of millions of views and hundreds of thousands of comments.
I knew it would be bad but.. it’s worse. I’ve spent hours looking at the sentiment and.. well, they probably would have got better coverage from launching an NFT of pregnant Clippy.
A key element of Recall is Microsoft say only you can access your Recall, it is per user.
ArsTechnica enabled Recall on Windows 11 box and tested the claim. By logging in as another user they could access the database and screenshots.
If you want to know how Microsoft have got themselves into this giant mess with Recall, here’s what the documentation says between the lines:
you, the customer, are a simpleton who doesn’t want to be an AI genius yet. Have a caveman mode.
Recall and Copilot+ is also coming to ASUS systems, including AMD, in a deal with Microsoft.
ASUS Announces Complete Portfolio of AI-Powered Copilot+ PCs https://www.asus.com/us/news/pnm9tg6qccql6ern/
Nvidia announced they are bringing Copilot+ and Recall to PCs, in a deal with Microsoft: https://www.theverge.com/2024/6/2/24169568/microsoft-copilot-plus-gaming-pc-nvidia-amd
Three Copilot+ Recall questions that keep coming up.
Q. Can you alter the Recall history?
A. Yes. You can change the OCR database and change the screenshots as the logged in user or as software running as the local user. There is no audit log of changes.
Q. Are they snapshots, as Microsoft says, or screenshots?
A. They are just screenshots, jpegs.
Q. What is to stop apps on your machine accessing your Recall covertly?
A. Nothing. There is no audit log of access.
.@awakecoding becomes the latest person reverse engineering Microsoft Recall https://x.com/awakecoding/status/1798168395583746216
If anybody is wondering what Microsoft's reaction to any of the Copilot+ Recall concerns are, they're continuing to decline comment to every media outlet.
I've seen comments MS staff have been given for enterprise customers, which are nonsense handwaving.
Product ships live on devices from Dell, Lenovo etc this month. https://x.com/zacbowden/status/1798221879741931847
As @tiraniddo rightly points out, anybody can programmatically reach the Recall database without admin rights. https://infosec.exchange/@tiraniddo/112566044174482506
TotalRecall has been updated to exfiltrate Recall database and screenshots without needing admin rights: https://github.com/xaitax/TotalRecall
You can now remotely dump Recall data and screenshots over the internet from Linux etc. Changes in flight for parsing data too.
Turns out speaking out works.
Microsoft are making significant changes to Recall, including making it specifically opt in, requiring Windows Hello face scanning to activate and use it, and actually encrypting the database.
There are obviously going to be devils in the details - potentially big ones.
Microsoft needs to commit to not trying to sneak users to enable it in the future, and it needs turning off by default in Group Policy and Intune for enterprise orgs.
https://www.theverge.com/2024/6/7/24173499/microsoft-windows-recall-response-security-concerns
Obviously, I recommend you do not enable Recall, and you tell your family not to enable it too.
It’s still labelled Preview, and I’ll believe it is encrypted when I see it.
There are obviously serious governance and security failures at Microsoft around how this played out that need to be investigated, and suggests they are not serious about AI safety.
Microsoft President Brad Smith is going to be grilled by US gov next week. https://therecord.media/microsoft-reverses-course-recall-opt-in
I should be transparent btw that I took Satya and Charlie’s commitment to security at face value too - I even published a blog on it backing that up - and I have concerns (it isn’t just me).
They’re now going to have to win trust back about winning trust back.
I know somebody at a retailer in Europe that is selling Copilot+ PCs. They’ve had fewer than a thousand preorders through to customers.
In relative terms, for them it’s about as successful as Suicide Squad Kill The Justice League.
A reminder that a few weeks ago at RSA, Microsoft signed CISA's Secure By Design pledge... and then shipped an enabled by design keylogger that OCRs your screen constantly into AppData.
Edit: I should say that's less a reflection on Microsoft and more a reflection on CISA's Secure By Design pledge.. it's a good idea, but the scope is extremely limited.
I think MS are a way off extracting themselves from Recall situation they've got themselves into.
This is just one YouTube comments section on a video since the not-enabled-by-default change - 500k views - but there's loads more, similar on TikTok.
I imagine it's going to continue through week and into next week when the laptops ship.
I have heard rumblings MS are discussing trying to take action against me over the whole thing, which a) good luck and b) would be pouring petrol on the flames.
Some backstory - it's being reported Microsoft developed Recall in secret to try to avoid scrutiny. https://www.windowscentral.com/software-apps/windows-11/microsoft-has-lost-trust-with-its-users-windows-recall-is-the-last-straw
I'm hearing that various MSFT people are furious about how this played out over the past few weeks, which IMHO represents a serious lack of introspection.
Microsoft have paused the rollout of Windows 11 24H2 in preview channel, it was the version containing Recall. Microsoft have not explained why.
https://x.com/brandonleblanc/status/1799478915582542199
I don't know if it was publicly known but it was possible to use Recall on more hardware via Mach2, before this was pulled.
I have an image where when viewed on a Copilot+ Recall PC, a Windows process crashes as it tries to process the screenshot.
New email signature?
If anybody is wondering, with a Copilot+ PC, you can still programmatically access the Recall database as of today with a few commands. Launch is a few days away.
@GossiTheDog isn't Recall a super GDPR violation?
@morten_skaaning @GossiTheDog probably not, as the data is stored in your machine and never sent to the cloud. There are many issues, but I suspect GDPR is not one of them.
@gigantos @morten_skaaning @GossiTheDog
What about the data you view of other people (thinking in the context of BYOD or just businesses that don’t disable it)