this post was submitted on 22 May 2025
217 points (99.1% liked)

Privacy

5971 readers
411 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
217
“Microsoft has simply given us no other option,” Signal says as it blocks Windows Recall (arstechnica.com)
submitted 1 day ago by floofloof@lemmy.ca to c/privacy@lemmy.world
7 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] pelespirit@sh.itjust.works 41 points 1 day ago (1 children)

But the changes go only so far in limiting the risks Recall poses. As I pointed out, when Recall is turned on, it indexes Zoom meetings, emails, photos, medical conditions, and—yes—Signal conversations, not just with the user, but anyone interacting with that user, without their knowledge or consent.

Researcher Kevin Beaumont performed his own deep-dive analysis that also found that some of the new controls were lacking. For instance, Recall continued to screenshot his payment card details. It also decrypted the database with a simple fingerprint scan or PIN. And it's unclear whether the type of sophisticated malware that routinely infects consumer and enterprise Windows users will be able to decrypt encrypted database contents.

[–] monogram@feddit.nl 5 points 1 day ago (1 children)

That last part sounds overdone:

And it's unclear whether the type of sophisticated malware that routinely infects consumer and enterprise Windows users will be able to decrypt encrypted database contents.

Thanks to W11 requirements for a tpm chip, I don’t think it’s a stretch to assume it uses the same method as Passkeys use.

[–] tribut 22 points 1 day ago

No, with passkeys you tell the TPM: Never give me the secret, even if I ask you. In this case, Recall needs the database decrypted to work. TPM won't save you.