The even more worrying thing for anyone considering any solutions which do such mass surveillance, regardless of motive (like Windows Rewind). They're all one or two steps removed from massive scale access to these recordings. All of the steps have happened repeatedly in the past. The only way to be safer is not keep that data in the first place.
> the tiny shell lets anyone execute abitrary php code by simply setting a cookie. what makes this file such an interesting find, though, is that the shell has been present since at least december 2011 (which is when the site got moved to its current server). it is impossible to tell whether this shell was placed there by pcTattletale (for whatever reason) or by a threat actor; either way, it reveals that pcTattletale has been backdoored for basically forever and may have had data exfiltrated from it for years by external actors
Isn't MS Rewind/Recall supposed to be encrypted and offline, on-device only? I don't see how it could be anything else and pass any data-protection regulation (in the EU, at least).
It's a hazard and its usefulness needs to be balanced with other needs, but on a work machine that belongs to me, it could be useful.
Now, if my boss has unfettered access to this data, or any of it is online, then obviously it's a no no.
Understanding the implications of tools like this is necessary. I'm not too optimistic that the general user will fully understand these implications though. That's one of the main danger with these technologies: promises are made, people don't think twice and overshare, and the data is used against their interests.
However, I want it to exist, MS or Open Source, preferrably, but only if I get 100% control over it, and it is never accessible to anyone else.
Having said that, I'm very much aware that most implementation of these tools will become a security and surveillance nightmare.
The next few years are going to be interesting, and probably frightening.
>> Isn't MS Rewind/Recall supposed to be encrypted and offline, on-device only?
From what I have been reading, the raw data is meant to remain local (the screen recordings) but I am unclear about the indexed AI-generated metadata. For instance, if the AI identified that you used X software at Y time to complete Z task, are the XYZ tags kept local or archived elsewhere? That might not violate many privacy rules. Either way, they certainly could be uploaded/shared very easily should Microsoft's policies change. I guess it is down to how much we all trust Microsoft long term.
Personally, I will never accept someone recording my screens. In fact, running any such software on my work machine would violate a host of professional rules.
That's what I assume, they're very specific in saying your screenshots and recordings are kept locally to be analyzed by the AI, but they don't mention the data generated by the AI from your activities.
So Rewind expands the "locally malicious software" scenario from "it accesses all my files and it can monitor me going forward" to "it accesses all my files and it can monitor me retroactively for a few months and also going forward"?
It's much worse, because even if you detect the malwar after a few hours it's still enough for it to steal all your past recording.
But to be honest nobody in the malware world cares about your screen unless you're a president or CEO. They will just steal your passwords, and either encrypt your disk or use you as a residential proxy.
No real contradiction: MS implementation is probably in line with current data protection regulations. Everyone has eyes on them.
Doesn't mean others will take as much care, or that new cool tools will not push the boundaries of what's ethical, safe or even legal.
We've seen it with many industries, not least the ad industry: some actors stay within the dotted line, but there is tremendous financial incentive not to.
The sarcasm made an already shaky point even worse.
There's a huge difference in magnitude here (writing a note vs. screen grabbing everything you ever do on the computer), and also a difference of awareness (intently recording one moment in time with a photo vs. almost unconsciously being recorded all the time even if you enabled it).
These simplistic fallacies are the result of very superficial assessments. Either an apparently small mistake leads to a wildly wrong conclusion (being overheard once is the same as being overheard all the time, because overheard is overheard), or everything is justifiable in small increments so you just loop through them as many times as it takes to get to a wildly unacceptable result (if one photo is ok, then two photos are ok, and just iterate it until you get 30 photos per second of constant video surveillance, you just said you're fine with one more photo).
Bottom line being you won't get anything of value out of such a conversation. I know I don't.
This dismissive, snarky one-liner only works if people already overwhelmingly agree with you. Most people are tired of companies adding more and more surveillance "features" and grew up in a time that set a higher bar for how much privacy they're willing to give away. A user taking a note? Sure. The OS recording everything you do 24/7 to send through an AI? Maybe we need new legislation to address your behavior.
Its keys or the token which gets the key from the TPM will probably be memory resident. I don't see encryption as a barrier to get relevant information.
In the future, if I know Microsoft, this trove will be mined for "consumer oriented optimization and improvement of Windows Experience". This means at least a DLL or more probably an API will be present to tap into that data, which can be (ab)used by third parties.
So, even if it's stored locally and be encrypted at rest, it doesn't mean it'll be completely unavailable to Microsoft or third parties.
Oh, lastly, I'm sure that there'll be at least one forensics company which will build a tool to dump this data, making governments do a little happy dance.
We will see. I still have some hopes, call me foolish or naive, that Microsoft will implement Recall in way that would be compliant with EU GDPR. The user is in control and can decide how data are being accessed. So far that’s what I’ve seen, users can control applications, website that are saved, and for how long. They can also easily delete a timeframe of data.
But if I’m honest I would never use that feature if I would leave outside of the EU, I don’t know another regulatory body big tech is taking seriously.
Companies are regularly fined meaningful amounts due to not respecting Gdpr, citizens have clear ways to complain, companies do take EU rules seriously given risks of massive fines. I’m pretty sure it’s the most successful, well known privacy regulatory framework in the world, to the point where other regions point to it to describe their own frameworks.
Lawful interception is not limited to network capture and traffic sniffing. Border searches and “enhancement of the target device with surveillance tools to increase visibility” (i.e.: bugging your device with surveillance software) is also lawful interception.
I live in a country which borders EU. We have GPDR compatible laws and my work contains a lot of cooperation with people and organizations inside EU. However, I think you can still find some “legitimate interest” in that data to mine it nevertheless.
Sure, but that’s like saying your browser history + cookies + local storage + ssh keys + Auth tokens + … could be stolen on a compromised machine because it’s valuable data. It’s true but not something against the feature itself
Until a year or two later when MS rolls out the feature of "AI" on "your data". Or gives the option/default to store the recording on OneDrive. Or any number of options that MS can monetize somehow while selling it as a benefit for you. How many massively popular feature requests sit on the waiting list every day while this one comes out of the blue despite almost no user ever asking for it, and it's for you?
Rewind is the house's foundation, the rest of the walls come later. How fast they come depends on what the CEO sees as the future of making money.
Having these recordings is a liability more than it is a productivity boost. People today don't operate computers under the assumption they are recorded at all times even if they know the feature is there. So of course it's dangerous.
One day, when you'll be thoroughly used to being surveilled at all times, having Rewind-like features will be as ubiquitous or as normal as walking around today with a GPS tracker, microphone and spy cam in your pocket, for someone else to use. Something equally unacceptable some decades ago.
The only good thing about Recall is that it has been the definitive decider of moving away from Microsoft permanently because for them to create such a ‘feature’ shows a complete lack of care about people’s private data - they’ll be leaving a huge jackpot prize for anyone who breaks into a system.
Just the kind of thing this NSA Prism-participating company would think was a top notch idea.
Not saying the real motive is surveillance… I’m sure a feature update or two away will also turn the data into a real money maker of advertising which instead of just being able to advertise to you, can kill two birds with one stone in being able to increase tenfold the ad revenue by watching who you’re talking with in your emails, your PM’s on Facebook (or wherever else) and then selling marketing data on you AND them.
If I was a purely profit driven individual - I’d be doing exactly that. But I have too much of a heart.
Even if they say that they’ll be abandoning this idea as they have ‘listened to user feedback’ or some other bull, the complete damage has already been done here.
Thank the lord there are an abundance of excellent OS alternatives.
> Microsoft is very adamant the images are stored locally
But this is today (as in "at the literal moment the statement was made"). What about tomorrow?
History is plastered with examples of things companies were adamant about and as it turned out they either didn't keep their word for long or even it was a lie as it was spoken.
One day they'll decide it's for your own interest to share this data. Or a patch will accidentally sync it to the cloud. Or their model will be trained on your data. Or authorities start targeting this for obtaining way more data than otherwise needed. Or malware will use it as a treasure trove of info like never before. All of this keeps happening, I can't bring myself to believe this case in particular will break the mold.
Doesn't matter as a tool of domestic abuse, as the attacker almost certainly has local access to the device concerned.
The howls of outrage when Microsoft announced this are such that they may well have gotten the message on this one. But somebody else lower-profile will have the same bright idea.
Honestly I never asked for it but now that I’ve seen it I want to try on my personal machines, if data are local I have no issues with it at all. I’m personally not afraid of Microsoft, but I understand they haven’t been good at building trust for the past decade+. It would be awesome as an open source project.
However I can see how something like Recall is pretty problematic in a corporate context, when enabled by admins without end-user controls
I'm all for tools like this if they allow me to review my activity, especially if that's across the multiple systems I use, to get a handle on how and where I spend my time.
It's not a surprise that Microsoft and Apple are determined to get us to use their cloud products for our personal data - there's billions up for grab.
What a wild story. From one of the linked reports:
> it took Fleming over 20 hours to take the defaced website offline, but the long time was not for lack of trying: his own spyware recorded him clumsily attempting to restore the site fairly early on but ultimately failing to do so. while pcTattletale itself has now been entirely down for a few hours, the sending of screenshots to the s3 bucket continued until Flemings aws account was locked down by amazon shortly before publishing this article.
Unfortunately there are 86400 timestamps per day, so enumerating this across all days and all devices would take forever.
Instead we'll use a heuristic: we'll start with the last screenshot and subtract one second at a time, downloading from each and seeing if we get a valid photo or the error XML that comes up if no screenshot was taken at that second. If we get the error XML 20 times in a row, we'll assume the recording is over and give up.
what makes this file such an interesting find, though, is that the shell has been present since at least december 2011
It's really easy to change the creation date of a file by changing the system clock for a millisecond, and create a file, before changing the clock back to normal. Some people like to do this to avoid their back doors being found by IR doing a "find" for any newly created files.
Indeed, that's what `touch -t 201101020304 /tmp/old-file` is for. (Although on ext4 it seems that you can't control the birth time; for that you would need to set your system clock.)
Their joke was that the security is so poor, it could even be conceived as a doorway they never put a door in. They were playing off your comment and agreeing by exaggerating further.
> the pcTattletale client api returns raw aws credentials. it's intended to allow screenshots to be directly uploaded to the storage bucket, which is already terrible enough on its own, but it's worsened by the fact that these credentials are the same for all devices and provide full unscoped access to Fleming's aws infrastructure
(From the Maia arson crimew blog post linked in the article)
This is my favorite part of the story. This is one of the worst decisions you can make when developing an app that uses cloud resources.
It's so pathetic that it makes me wish that we could revoke someone's license to write code.
So 17Tb of screenshot data from the last 7 years is doing the rounds in the wild? An AI will have a field day extracting whatever kinds of specific juicy details an attacker could ever want.
“Give me a list of all the credit card numbers”
“Give me any emails where somebody is asking a lawyer to block publication of something”
Etc
> pcTattletale is a discreet and powerful tool that records and shows you the online activities of your employees and children. (emphasis mine)
Work computers with work secrets and children's computers with children's data. 17,000,000,000,000 bytes of such data. Maybe 5,000,000 screens if it was "normal" cell images. (Based on say a 3 MB screen, which might be large. If it's all XGA, or SXGA, or something, it may be way more screens.)
Not taking sides on this one because I don’t live in San Francisco and haven’t had the chance to look into these claims.
But on the issue of domestic and family violence, where I live in Australia it has become a major political issue, and there have been significant changes to law and policy to try and reduce the risks.
In this case, we are dealing with a relatively small number of people selling a product intended to facilitate what is recognised in most jurisdictions as a serious crime. As such, putting more effort into finding and prosecuting (or suing) these people seems like a worthwhile investment - but because it’s a global market there needs to be global cooperation to achieve much.
They’re probably referring to situations in California where people walk out with merchandise because the penalties are less than the merch they’re getting.
It’s less of a “the way things are headed” in the US, and more of a side effect of the state-level political games each side is playing, where blue states score points by loosening penalties, and red states score points by tightening penalties.
Neither population of state citizens is right or wrong, but rather they’re all pawns. As someone put it, the politicians have organized the country into two LARPing teams to keep everyone distracted while they run out the back door with the money.
You mean the ability to install your choice of software on a device that you own is dangerous????? Someone should tell the authors of literally every other operating system ever made about this astonishing discovery!
They should. Every major platform has this issue pervasively, except for iOS.
People like you have decided that you own my phone, not me. You get to tell me and Apple how I have to use my phone, just because you don’t like that my choice of software is a locked down device.
> the tiny shell lets anyone execute abitrary php code by simply setting a cookie. what makes this file such an interesting find, though, is that the shell has been present since at least december 2011 (which is when the site got moved to its current server). it is impossible to tell whether this shell was placed there by pcTattletale (for whatever reason) or by a threat actor; either way, it reveals that pcTattletale has been backdoored for basically forever and may have had data exfiltrated from it for years by external actors