> The fact that a different user can get to it so easily is bad though.
This is what I was referring to. The data this collects is of high sensitivity and value. It will, without question, be targeted aggressively. It needs to be handled accordingly.
While I think that this service is dangerous and misguided and shouldn't be used by most people, I would hope that Microsoft would at least be a whole lot more careful about protecting those who do.
> Recall processes your content locally on the Copilot+ PC and securely stores it on your device
While it doesn't use the word "encrypted" here, "stores securely" certainly implies that.
> Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11.
Here is where they say encrypted. They also say it's just from BitLocker, which means it's not really encrypted in the sense that security-minded people would assume (encrypted separately from the whole-disk encryption). I also think most laypeople won't really understand what this means.
The point is that the existence of this code proves that remote access is possible, you just use any one of the many proven malware vectors to get the user to install a binary that does the same thing as this repo does but ships it over the network to your servers.
That seems like an unreasonably broad definition of remote access to me. If installing a local program that proxies data counts, then the only true way to make "remote access" impossible is by installing it in a secure room with no networking and where no other electronics are allowed in. How many people interpreted that claim as SCIF-equivalency?
> How many people interpreted that claim as SCIF-equivalency?
Basically everyone who isn't employed in tech? This is what the BBC said [0]:
> And it said a would-be hacker would need to gain physical access to your device, unlock it and sign in before they could access saved screenshots.
Those of us here can readily see that this "physical access" claim is bunk, but that's what Microsoft represented to the BBC and what the BBC is telling the world.
If it's just to prove those two words wrong, then this repo seems extremely overblown. "It works like every other program in the world" isn't very exploity.
Also I don't think many people even saw or noticed that particular claim. They just saw the part about it saving everything you do to your computer and were rightfully worried.
> If it's just to prove those two words wrong, then this repo seems extremely overblown. "It works like every other program in the world" isn't very exploity.
The FAQ author explained it worked like every other program in the world. Some people doubted him because why wouldn't he show proof if it was so easy? The tool author called it a very simple tool and no rocket science whatsoever.
> Also I don't think many people even saw or noticed that particular claim.
Fewer people will see this repo. What is the correct number of people before misinformation should be corrected?
The fact that a different user can get to it so easily is bad though.
And the FAQ claims that remote access is possible but does not elaborate, so that's confusing.