"Beaumont says admin access to the system isn’t required to read another user’s Recall database. Another user with an admin account can easily grab any other user’s Recall database and all the Recall screenshots by clicking through a simple UAC prompt."
The person quoted in the article says admin access isn't required and to bolster this gives an example of someone with admin access being able to access the recall database. I'm confused.
The research is... kinda bad. Beaumont critzies that Microsoft stores the data... locally in an SQLite database? Because it's "easy to steal with malware" (just like your browser history, etc). Blew up in the media though...
What's the difference between stealing the history of OCRs of screenshots on anything you did versus the ability to steal my tax/financial documents, business trade secrets, private letters, photos and other information commonly stored on a computer which can be taken in the same manner whether it is on Windows, Linux or macOS?
If someone has admin access to your PC (which they need to access the SQLite file) they could also just install malware that sends everything you do and type over the network.
One difference is the speed apparently. You'd need the malware to be installed for a while. With recall you need to exfiltrate a couple kb of data that's already there on disk.
That said, yeah, if the user interacts dumping saved passwords is trivial as well.
Your trust is not required. Like all the "features" Microsoft has forced on its users in the past, it will run on your (their) computer whether you trust them or not. Sure, a few nerds like me will ditch them for other OSes, but most Windows users are trapped, and Microsoft can do whatever it wants to them.
Trust is moot when someone can abuse their position with no consequences. Windows has been the overwhelmingly dominant desktop OS for 30 years and it is unlikely to lose that position any time soon.
It's really refreshing and heartening to see the criticism on Microsoft in the comments there on ars.
I work in a typical MS shop and as usual their evangelism is really strong. Everyone in the admin team is a hardcore Microsoft promoter, everywhere from internally on Yammer and externally on socials. They're probably fishing to get made MVP. But still, I have more self-respect. While they're all eagerly piling on Copilot studio I'm making my own bots with ollama. I don't like having my knowledge and experience locked behind someone else's brand and interests.
I'm very critical and feel they are a mediocre company which mainly floats on being "just good enough to not pass over" because of their marketshare. The old "nobody got fired for buying IBM" thing. I don't think they're actually leaders in anything. They're just big so they're hard to get around. Every third party solution we've replaced with a MS alternative was more capable, more ethical and easier to use. It was always a step back to settle for the MS solution.
Now again with the whole Copilot war they can do nothing wrong in the eyes of my colleagues. I'm glad to see I'm not the only one seeing this.
"Hello, each and every Windows Update actually switches that button from disable to enable. All you have to do is remember to switch it back after every security update." --The future based off Microsofts past behavior.
This is why I left windows recently[0]. When you design an OS that doesn't respect the user's choices, you are no longer in control of the OS. Windows 11 shifted to trying to force people to use Edge. You can't even change the default browser in many cases without some serious work.
And the FTC is going after anyone but Microsoft for anti-competitive behaviors. The desktop world looks bleak for people that depends on Windows.
The person quoted in the article says admin access isn't required and to bolster this gives an example of someone with admin access being able to access the recall database. I'm confused.