Hacker News new | ask | show | jobs
by Dylan16807 743 days ago
The BBC quote says "a would-be hacker". I interpreted that as a general claim about windows security, not saying that this particular feature is invisible to malware. They have to break the security of your particular device, the data is nowhere else.
2 comments
smarx007 743 days ago
> I interpreted that as a general claim about windows security

Sure, because you understand that the other interpretation is nonsensical. All the publications that are popping up showing that the Recall DB is locally accessible are aimed at all the other Windows users.

Now, I would fully agree if you question what's the benefit of posting this on GH and not on FB, for example, and what's in there to surprise the HN crowd.

link
pseudalopex 742 days ago
> Now, I would fully agree if you question what's the benefit of posting this on GH and not on FB, for example, and what's in there to surprise the HN crowd.

The author posted Wired's article about the tool on LinkedIn. Does Facebook host code and render Markdown? Does the author have a Facebook account? Would you bet your Facebook account they wouldn't consider it distributing a hacking tool and lock the account?

Must it be surprising? Some in the HN crowd would want to explore their own databases I think. Some will have family and friends ask them about Recall security.

link
Dylan16807 743 days ago
> All the publications that are popping up showing that the Recall DB is locally accessible are aimed at all the other Windows users.

See, that's the thing. Proving it's locally accessible...

Microsoft never even implied it wasn't locally accessible.

link
pseudalopex 743 days ago
> Microsoft never even implied it wasn't locally accessible.

BBC said Microsoft said a hacker would need physical access. You can think this meant to hack Recall or Windows.

link
Dylan16807 743 days ago
Right. They specifically laid out a scenario where the data is locally accessible.

So code that proves the data is locally accessible doesn't contradict them.

link
pseudalopex 742 days ago
https://news.ycombinator.com/item?id=40579531
link
Dylan16807 742 days ago
? That comment thread is about a completely different thing at this point.
link
pseudalopex 743 days ago
You interpreted a statement about saved screenshots in an article about Recall as a general claim about Windows security even the general public would know was false?
link
Dylan16807 743 days ago
I guess I worded that badly. Let me try again:

I interpreted that line as analogous to normal Windows security.

As a general rule, a would-be hacker can't get to any of your on-device data, Recall included, without a local user giving them access.

So the intent of the statement is to say it's immune to anything else being hacked, like servers. Not to say they finally invented a completely hack-proof system... and only used it for this single program.

link
pseudalopex 742 days ago
> As a general rule, a would-be hacker can't get to any of your on-device data, Recall included, without a local user giving them access.

Physical access means physical access to experts and the general public. Not physical access, social engineering, supply chain exploit, or remote code execution. Saying Windows can't be hacked without physical access would be false too.

> So the intent of the statement is to say it's immune to anything else being hacked, like servers.

Anything else would include Windows Update and Microsoft accounts.

They said Recall snapshots were stored on the PC itself and not available to Microsoft. Adding a misleading description of Windows security did nothing but confuse people.

link