this post was submitted on 23 Aug 2024
419 points (98.4% liked)

Technology

59111 readers
3801 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
419
Microsoft will try the data-scraping Windows Recall feature again in October | Initial Recall preview was lambasted for obvious privacy and security failures (arstechnica.com)
submitted 2 months ago by [email protected] to c/[email protected]
71 comments fedilink hide all child comments
 

Microsoft will begin sending a revised version of its controversial Recall feature to Windows Insider PCs beginning in October, according to an update published today to the company's original blog post about the Recall controversy. The company didn't elaborate further on specific changes it's making to Recall beyond what it already announced in June.

For those unfamiliar, Recall is a Windows service that runs in the background on compatible PCs, continuously taking screenshots of user activity, scanning those screenshots with optical character recognition (OCR), and saving the OCR text and the screenshots to a giant searchable database on your PC. The goal, according to Microsoft, is to help users retrace their steps and dig up information about things they had used their PCs to find or do in the past.

The problem was that other users on the same PC, or attackers with physical or remote access to your PC, could easily access, view, and export those screenshots and the OCR database since none of the information was encrypted at rest or protected in any substantive way.

Among the changes Microsoft has said it will make: The database will be encrypted at rest and will require authentication (and periodic reauthentication) with Windows Hello before users will be allowed to access it. The feature will also be off by default, whereas the original plan was to turn it on by default and make users go into Settings to turn it off.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 22 points 2 months ago (1 children)

So do they like plan to do something with the massive amount of hospitals using Windows?

Like it seems to me that scraping PHI might be a bad idea

[–] [email protected] 16 points 2 months ago

Yes. They plan that all the HIPAA lawsuits they’ll fight off will cost less than all the money they’ll make from selling everyone’s private data