| > The security concerns apply regardless of Recall existing. Not quite. Because there is a world of difference between an attacker being able to grab information that is being entered or temporarily present, or permanently present and encrypted, and an attacker being able to, within seconds, grab everything the user ever did, watched, saw, entered, etc. on his machine in one fell swoop: https://doublepulsar.com/recall-stealing-everything-youve-ev... Quote from the Q&A Section of the post: "Q. But if a hacker gains access to run code on your PC, it’s already game over! A. If you run something like an info stealer, at present they will automatically scrape things like credential stores. At scale, hackers scrape rather than touch every victim (because there are so many) and resell them in online marketplaces. Recall enables threat actors to automate scraping everything you’ve ever looked at within seconds. During testing this with an off the shelf infostealer, I used Microsoft Defender for Endpoint — which detected the off the shelve infostealer — but by the time the automated remediation kicked in (which took over ten minutes) my Recall data was already long gone." End Quote. And this is THE core problem with such a system, that just hoovers up everything, everywhere, all at once: It creates a single point of failure so critical, it will instantly become the prime target of every attack, because no other target is needed any more. |