wdormann ,
@wdormann@infosec.exchange avatar

This Microsoft Recall thing...

While it does actually omit things that it knows are sensitive (e.g. incognito mode in recognized browsers) from the screenshots it saves, things that it does not know about are all fair game.

DuckDuckGo browser? Never heard of it. Let's hoover up all the data we can get.
Signal? 🤷‍♂️ I'll just default to saving everything I see there.
You get the picture...

wdormann OP ,
@wdormann@infosec.exchange avatar

Chrome-based browser windows in incognito (or whatever they call it) mode are actually omitted from the saved screenshots. Which is sort of neat.

However, Windows is apparently unaware that Firefox Private Browsing is a thing. So all that stuff gets saved.

Microsoft Recall saves Firefox Private Browsing data.

erickolb ,
@erickolb@infosec.exchange avatar

@wdormann How does it handle a vault like KeePassXC? Or LassPass/1Password plugins in a non-private browser window?

wdormann OP ,
@wdormann@infosec.exchange avatar

@erickolb
Anything you do in a non-incognito (or other recognized equavalent) is fair game.
If you see something on the screen, Recall sees and indexes it.

erickolb ,
@erickolb@infosec.exchange avatar

@wdormann Makes sense re: LastPass/1Password plugins. There's clearly some mechanism to acknowledge that certain applications should not be captured ever, since private windows were excluded (save Firefox). Have we got any indication what that might be? Reg keys perhaps? Knowing that would be important for assessing both offensive and defensive capabilities.

wdormann OP ,
@wdormann@infosec.exchange avatar

@erickolb
TBH, I'm not sure what it takes for an app to be excluded from Recall snapshots.
Specifically if it's something the app needs to do explicitly, or if it's up to Microsoft to provide a list of things not to capture.
For example, the KeePassXC app isn't included, but the 1password session in a browser is.

image/png

erickolb ,
@erickolb@infosec.exchange avatar

@wdormann Fascinating. That's actually better than I expected on that front!
I appreciate you digging into this!

wdormann OP ,
@wdormann@infosec.exchange avatar

@erickolb
I mean, it's better than nothing.
But at the same time, the 1password stand-alone app is NOT exempt from Recall indexing.
Is this 1password's fault for not exempting itself from Recall, or is this Microsoft's fault for not recognizing that 1password should be exempt?

image/png

erickolb ,
@erickolb@infosec.exchange avatar

@wdormann That is the operative question, and there's risks and opportunities that come from the answer to that.
If it is controlled locally, could the user/admin make any application invisible to Recall? If so, what permissions and knowledge would an adversary need to undo that and use Recall to harvest secrets? If it's controlled by MS somehow, then wow that is an egregious power grab of privacy isn't it?

wdormann OP ,
@wdormann@infosec.exchange avatar

@erickolb
You can manually exclude apps and websites.
But both of these lists are empty, at least from the GUI perspective.
So how Recall knows to ignore the KeePassXC app, but doesn't know to ignore 1password is beyond me...

GossiTheDog ,
@GossiTheDog@cyberplace.social avatar

@wdormann @erickolb if KeePassXC uses a DRM window/display it won’t capture, might be that

Ailantd ,
@Ailantd@mastodon.art avatar

@GossiTheDog @wdormann @erickolb This should be opt in, not a everything by default. Is this even legal in the EU?

chx ,

@Ailantd @GossiTheDog @wdormann @erickolb any% speedrun from product launch to new EU legislation specifically banning your product.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •