Bruce Schneier on Microsoft Recall: đ§
Because Recall is âdefault allowâ (it relies on a list of things not to record) ... itâs going to vacuum up huge volumes and heretofore unknown types of data, most of which are ephemeral today. The âwe canât avoid saving passwords if theyâre not maskedâ warning Microsoft included is only the tip of that iceberg. Thereâs an ocean of data that the security ecosystem assumes is âout of reachâ because itâs either never stored, or itâs encrypted in transit. All of that goes out the window if the endpoint is just going to...turn around and write it to disk. (And local encryption at rest wonât help much here if the data is queryable in the userâs own authentication context!)
This:
The fact that Microsoftâs new Recall thing wonât capture DRM content means the engineers do understand the risk of logging everything. They just chose to preference the interests of corporates and money over people, deliberately.
This:
Microsoft Recall is going to make post-breach impact analysis impossible. Right now IR processes can establish a timeline of data stewardship to identify what information may have been available to an attacker based on the level of access they obtained. Itâs not trivial work, but IR folks can do it. Once a system with Recall is compromised, all data that has touched that system is potentially compromised too, and the ML indirection makes it near impossible to confidently identify a blast radius.
This:
You may be in a position where leaders in your company are hot to turn on Microsoft Copilot Recall. Your best counterargument isnât threat actors stealing company data. Itâs that opposing counsel will request the recall data and demand it not be disabled as part of e-discovery proceedings.
Jac
npub14eâŚwm4rw
2024-06-24 17:19:26
Author Public Key
npub14eng8plhflea40cu3lafnw6nwkxsp5te2v7hzy74lz6a9mjhpaks0wm4rwPublished at
2024-06-24 17:19:26Event JSON
{
"id": "f926d59b26400dc264d782fb10acc8aee1be30a1d55f96f83bce40c073ad1fff",
"pubkey": "ae668387f74ff3dabf1c8ffa99bb53758d00d179533d7113d5f8b5d2ee570f6d",
"created_at": 1719242366,
"kind": 1,
"tags": [],
"content": "Bruce Schneier on Microsoft Recall: đ§\n\nBecause Recall is âdefault allowâ (it relies on a list of things not to record) ... itâs going to vacuum up huge volumes and heretofore unknown types of data, most of which are ephemeral today. The âwe canât avoid saving passwords if theyâre not maskedâ warning Microsoft included is only the tip of that iceberg. Thereâs an ocean of data that the security ecosystem assumes is âout of reachâ because itâs either never stored, or itâs encrypted in transit. All of that goes out the window if the endpoint is just going to...turn around and write it to disk. (And local encryption at rest wonât help much here if the data is queryable in the userâs own authentication context!)\n\nThis:\n\nThe fact that Microsoftâs new Recall thing wonât capture DRM content means the engineers do understand the risk of logging everything. They just chose to preference the interests of corporates and money over people, deliberately.\n\nThis:\n\nMicrosoft Recall is going to make post-breach impact analysis impossible. Right now IR processes can establish a timeline of data stewardship to identify what information may have been available to an attacker based on the level of access they obtained. Itâs not trivial work, but IR folks can do it. Once a system with Recall is compromised, all data that has touched that system is potentially compromised too, and the ML indirection makes it near impossible to confidently identify a blast radius.\n\nThis:\n\nYou may be in a position where leaders in your company are hot to turn on Microsoft Copilot Recall. Your best counterargument isnât threat actors stealing company data. Itâs that opposing counsel will request the recall data and demand it not be disabled as part of e-discovery proceedings.",
"sig": "bef65b8b8ecbc1c1a36b76fe54532fada4297ad177603799c335f00dc1b87c552220fe9cebedc05b612bdc15ffc7bac7eea99e1104b0e4c0369d101e34603202"
}