Hacker News new | ask | show | jobs
by sunaookami 741 days ago
The research is... kinda bad. Beaumont critzies that Microsoft stores the data... locally in an SQLite database? Because it's "easy to steal with malware" (just like your browser history, etc). Blew up in the media though...
1 comments
firebaze 741 days ago
What's the difference between stealing some random sqlite database and the history of OCRs of screenshots of anything ypu did on that PC?
link
tssva 741 days ago
What's the difference between stealing the history of OCRs of screenshots on anything you did versus the ability to steal my tax/financial documents, business trade secrets, private letters, photos and other information commonly stored on a computer which can be taken in the same manner whether it is on Windows, Linux or macOS?
link
lolc 741 days ago
This Recall feature keeps text of emails typed and never sent, of documents viewed and deleted.
link
tssva 741 days ago
And that makes the security associated with it any more important than my kept documents how?
link
wkat4242 741 days ago
It's the more exposed thought process that shines a strong light into your mind. It's not just what you do but the why.

It's no wonder collecting this info is a priority. It will be a goldmine for dataminers with the right correlation. Sure right now it's not collected centrally but I'm sure sooner or later there'll be a quick "just click off this tiny T&C update before you continue" crossing our paths.

Also, it means that this confidential info is now in more places than one. It's no longer sufficient to encrypt a file and lay it on a usb stick in the safe.

And it's also there in centralised place ripe for the taking. Not even any need to scan the system to find valuable information.

link
lolc 741 days ago
Text on screen can be more confidential than text on disk.
link
tssva 741 days ago
And it can be the other way around. I still don’t get why this demands some new level of security beyond what protects other data.
link
sunaookami 741 days ago
If someone has admin access to your PC (which they need to access the SQLite file) they could also just install malware that sends everything you do and type over the network.
link
pohuing 741 days ago
One difference is the speed apparently. You'd need the malware to be installed for a while. With recall you need to exfiltrate a couple kb of data that's already there on disk.

That said, yeah, if the user interacts dumping saved passwords is trivial as well.

link
hulitu 740 days ago
Someone like Microsoft ? /s
link