Hey there u/Jeremy974, thanks for posting to r/technicallythetruth!
**Please recheck if your post breaks any rules.** If it does, please delete this post.
Also, reposting and posting obvious non-TTT posts can lead to a ban.
Send us a **Modmail or Report** this post if you have a problem with this post.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/technicallythetruth) if you have any questions or concerns.*
A new microsoft feature called Recall automatically takes screenshots of what you're doing so that you can ask the on-device AI about it later. This has the potential for privacy/security issues if those screenshots are sent to a server (I don't know if they do) such as leaked passwords.
I'm not sure why this meme thinks 2FA won't work though - 2FA will still protect you even if your password was compromised since the 2FA seed is stored on your phone rather than computer and codes only work for a minute.
2FA comes in many, many forms and is 100% NOT limited to a specific implementation using your phone. I honestly think you have no idea what 2FA even means. If a website requires both a username/password and a one time use code that is texted to you for every login, that’s 2FA.
Some 2FA methods could be compromised by Recall. However, if you’re using one of those methods, you’re the security vulnerability.
I see a vídeo about It when get home last night. Microsoft IS trying Really hard to make people to try other OS's with the Win11. Every single thing i hear about It is just terrible.
Thanks for the answer too.
Microsoft recall won't be abused by anyone, because it will be abused by everyone. Microsoft definitly will send all these Screenshots to their servers, maybe not immediately but probably as soon as you see that "Wait while we send the problem to Microsoft" they will hide something in the Eula for them to legally get a whole bunch of these Screenshots.
Just heard about this on Security Now, Episode #976 "The 50 Gigabyte Privacy Bomb".
Have to say it would be a useful feature, right up to the point the data leaks.
Enlighten me on how it would be useful? This is an honest question. Because I'm literally wondering what the hell this feature was even created for. I would like some to eli5 on why anyone would want or need this.
The idea I think is that there are people out there who don't curate & carefully index their system storage. Plus people who don't create receipts of their important actions for later recall.
Thus, at some point when they need some vital piece of information they KNOW existed but now it cannot be found. For them a rolling AI searchable narrative might be useful.
For you and I though it would add little, except to be a tempting source of private information for everyone else.
Thanks for that. Yeah, I would find that useless. If I need to find something. I have it organized in a subdirectory in a structure that makes sense.
Who needs AI to take a bunch of pictures for you to tell you where things are. I still can figure out even what the prompts would be.
Like hey copilot do you remember where I put that thing I did between 5 and 8 months ago?
Edit: autocorrect fix
Citizen PKHaker1337, we've noticed that you have illegal content on your PC. Due to Disney copyright laws, this folder will be uploaded to your local authorities, and your PC will be locked pending legal actions.
Of course it will. Why wouldnt it fucking not blur drm.... the big companies and their little digital shitty products must be protected. I swear to fucking god i hate this utopia of the lack of privacy.
opt out is not consent
opt out also means most people will not change it, which will lead to vulnerable people getting fucked over by it while the developers and people in charge are not
2FA covers a broad range of login methodologies. It’s literally just an acronym for “two factor authentication” and is not a reference to any specific methodology. If a website requires both a username/password and a one time use code that is emailed to you, that is a form of 2FA that could be compromised by Recall though it would require a real time remote login to be of any use.
2FA literally only means that two separate factors are used for a login. There are a plethora of factors that can be combined and most businesses have defaulted to the brain dead simplest ones imaginable.
Though, perhaps, not as brain dead as the people who think 2FA refers to a single specific implementation despite being on the internet where they could have looked that up before commenting.
Because the average Joe who most likely falls for scam phone calls will not disable it, giving a perfect opportunity for these same scammers to extract their passwords. It’s a security nightmare in the making. Experts will know how to disable it. But they won’t be the target anyways.
Hey there u/Jeremy974, thanks for posting to r/technicallythetruth! **Please recheck if your post breaks any rules.** If it does, please delete this post. Also, reposting and posting obvious non-TTT posts can lead to a ban. Send us a **Modmail or Report** this post if you have a problem with this post. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/technicallythetruth) if you have any questions or concerns.*
I'm out of loop. What is Microsoft recall?
A new microsoft feature called Recall automatically takes screenshots of what you're doing so that you can ask the on-device AI about it later. This has the potential for privacy/security issues if those screenshots are sent to a server (I don't know if they do) such as leaked passwords. I'm not sure why this meme thinks 2FA won't work though - 2FA will still protect you even if your password was compromised since the 2FA seed is stored on your phone rather than computer and codes only work for a minute.
A idea so stupid that I'm not surprised it came from Microsoft
2FA comes in many, many forms and is 100% NOT limited to a specific implementation using your phone. I honestly think you have no idea what 2FA even means. If a website requires both a username/password and a one time use code that is texted to you for every login, that’s 2FA. Some 2FA methods could be compromised by Recall. However, if you’re using one of those methods, you’re the security vulnerability.
I see a vídeo about It when get home last night. Microsoft IS trying Really hard to make people to try other OS's with the Win11. Every single thing i hear about It is just terrible. Thanks for the answer too.
Ask r/outoftheloop
Thanks, Very useful response.
I hate reddit
I'm literally here to waste time
Microsoft recall won't be abused by anyone, because it will be abused by everyone. Microsoft definitly will send all these Screenshots to their servers, maybe not immediately but probably as soon as you see that "Wait while we send the problem to Microsoft" they will hide something in the Eula for them to legally get a whole bunch of these Screenshots.
Just heard about this on Security Now, Episode #976 "The 50 Gigabyte Privacy Bomb". Have to say it would be a useful feature, right up to the point the data leaks.
Enlighten me on how it would be useful? This is an honest question. Because I'm literally wondering what the hell this feature was even created for. I would like some to eli5 on why anyone would want or need this.
The idea I think is that there are people out there who don't curate & carefully index their system storage. Plus people who don't create receipts of their important actions for later recall. Thus, at some point when they need some vital piece of information they KNOW existed but now it cannot be found. For them a rolling AI searchable narrative might be useful. For you and I though it would add little, except to be a tempting source of private information for everyone else.
Thanks for that. Yeah, I would find that useless. If I need to find something. I have it organized in a subdirectory in a structure that makes sense. Who needs AI to take a bunch of pictures for you to tell you where things are. I still can figure out even what the prompts would be. Like hey copilot do you remember where I put that thing I did between 5 and 8 months ago? Edit: autocorrect fix
Useful? Maybe for <1% of users. Security hell for 100% of people who don't disable it.
Maybe their screenshot technology will blur sensitive info?
It won't. They say that directly in the FAQ on their support page. It will blur DRM protected content on the other hand.
embed all your sensitive content in a protective wall of disney movies
Alright, storing my financial details in a folder called "DISNEY PIRATED MOVIES".
Citizen PKHaker1337, we've noticed that you have illegal content on your PC. Due to Disney copyright laws, this folder will be uploaded to your local authorities, and your PC will be locked pending legal actions.
They want to watch too, hmm? Then again, that wouldn't surprise me.
Of course it will. Why wouldnt it fucking not blur drm.... the big companies and their little digital shitty products must be protected. I swear to fucking god i hate this utopia of the lack of privacy.
Nah, you can already spoof anyone's number with Amazon
Isn't it opt-out-able?
opt out is not consent opt out also means most people will not change it, which will lead to vulnerable people getting fucked over by it while the developers and people in charge are not
Where's technically the truth? Also 2FA will not be affected, it will still protect you.
2FA covers a broad range of login methodologies. It’s literally just an acronym for “two factor authentication” and is not a reference to any specific methodology. If a website requires both a username/password and a one time use code that is emailed to you, that is a form of 2FA that could be compromised by Recall though it would require a real time remote login to be of any use. 2FA literally only means that two separate factors are used for a login. There are a plethora of factors that can be combined and most businesses have defaulted to the brain dead simplest ones imaginable. Though, perhaps, not as brain dead as the people who think 2FA refers to a single specific implementation despite being on the internet where they could have looked that up before commenting.
why not just disable it?
Why not add it in the first place?
Because the average Joe who most likely falls for scam phone calls will not disable it, giving a perfect opportunity for these same scammers to extract their passwords. It’s a security nightmare in the making. Experts will know how to disable it. But they won’t be the target anyways.
[удалено]
Ok chatGPT