hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

10K
active users

For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.

From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."

Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.

I've written up my thoughts on the Copilot Recall feature in Microsoft Copilot+ PCs

I think it will enable fraud and endanger users, and is not the sign of a company who are committed to security first.

doublepulsar.com/how-the-new-m

DoublePulsar · How the new Microsoft Recall feature fundamentally undermines Windows securityBy Kevin Beaumont

Copilot+ Recall has been enabled by default globally in Microsoft Intune managed users, for businesses.

You need to enable DisableAIDataAnalysis to switch it off. learn.microsoft.com/en-us/wind

Here’s Copilot+ Recall search in action, showing instant text based search finding a WhatsApp chat and a PDF from 6 months ago being viewed on screen.

Two quick updates -

A) if you disallow recording of a website in Control Panel or GPO, in Chrome it is still recorded - disallow recording only works in Edge browser

B) Firefox and Tor Browser is recorded always, including in private mode - the exception is Hollywood DRM’d videos

I got ahold of the Copilot+ software.

Recall uses a bunch of services themed CAP - Core AI Platform. Enabled by default.

It spits constant screenshots (the product brands then “snapshots”, but they’re hooked screenshots) into the current user’s AppData as part of image storage.

The NPU processes them and extracts text, into a database file.

The database is SQLite, and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.

And if you didn’t believe me.. found this on TikTok.

There’s an MSFT employee in the background saying “I don’t know if the team is going to be very happy…”

They should probably be transparent about it, rather than telling BBC News you’d need to be physically at the PC to hack it (not true). Just a thought.

I ponder if Microsoft's engineers are following the SQLite code of ethics, since they're using it in Windows OS with Copilot+ Recall? :D sqlite.org/codeofethics.html

So the code underpinning Copilot+ Recall includes a whole bunch of Azure AI backend code, which has ended up in the Windows OS. It also has a ton of API hooks for user activity monitoring.

Apps themselves can also search and make themselves more searchable.

It opens a lot of attack surface.

The semantic search element is fun.

They really went all in with this and it will have profound negative implications for the safety of people who use Microsoft Windows.

If you want to know where tech companies are with AI safety, know Microsoft Recall won’t record screenshots of DRM’d movies..

..but will record screenshots of your financial records and WhatsApp messages, as corporate interests were prioritised over user safety.

And it’s enabled by default.

I’ve managed to get Recall working in full on a non-Copilot+ system, without an NPU. Will accelerate testing.

Copilot+ Recall feature pop quiz:

You deal with a sensitive matter on my Windows PC. E.g. an email you delete. Does Copilot Recall still store the deleted email?

Answer: yes. There's no feature to delete screenshots of things you delete while using your PC. You would have to remember to go and purge screenshots that Recall makes every few seconds.

If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.

It comes up a lot as people are rightly confused, but if you wonder what problem Microsoft are trying to solve with Recall:

It isn't them being evil, it's business leaders who are middle aged and can't remember what they're doing driving decision making about which problems to solve.

A huge amount of business leaders are dudes who have no idea what the fuck is happening. This leads to the Recall feature.

Microsoft exists in and is driven by that bubble.

I asked Microsoft Copilot to write a song about Copilot+ Recall.

Managed to find out how BBC News printed in a headline story that it was not possible to steal Recall data without being physically at the device (which is false) - this is from the journalist:

The latest Risky Business episode on Recall is good, but one small correction - it doesn’t need SYSTEM rights.

Here’s a video of two MSFT employees gaining access to the Recall database folder - with SQLite database right there. Watch their hacking skills. (You don’t need to go this length as an attacker, either). Cc @riskybusiness

I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC.

Daniel Feldman

@GossiTheDog Thanks for the awesome thread! I don't have an ARM machine other than my Mac, but I was able to get Recall running in an ARM Azure VM very easily.

It's interesting that this is an ARM-only feature actually! It runs fine in a fairly small Azure VM with no GPU or NPU, so it would work on x86 just as well. It must be a marketing/strategy reason, not a technical reason.

@dfeldman @GossiTheDog it's absolutely marketing bollocks. It's just doing OCR on screenshots.

@dfeldman @GossiTheDog it’s probably a bit of both.

Microsofts minimum NPU TOPs requirement for Recall is 40, and only the ARM NPUs in their copilot PCs meet this requirement.

Intel & AMDs NPUs don’t even reach half way to the minimum.

So the question is, does it *need* 40 TOPs (bearing mind they may have other tech planned), or is it arbitrary to promote their new ARM chip models?

Probably a little of both.