• bassomitron@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    6 months ago

    The snapshot feature is only going to be available on certain laptops that have the Snapdragon + AI chip. DoD will likely simply just not buy those laptops and ban any org from purchasing them, like they already do for certain hardware that have been found to be especially vulnerable. Additionally, this feature isn’t turned on by default and costs a subscription fee (i.e. Copilot+), so people will have to consciously enable and pay for it. Lastly, in enterprise versions of Windows, I would bet money that it can be disabled via GPO, as it’s not only the DoD that would have serious issues/concerns with this feature.

    • SkyNTP@lemmy.ml
      link
      fedilink
      English
      arrow-up
      6
      ·
      6 months ago

      Right. Microsoft themselves just announced a feature to disable screenshoting some webpages in Edge, which is a complete 180 from recall.

      I expect windows to be split into two tiers of products again: the free version that is paid for by ads/tracking/AI bloatware possibly even mandatory cloud connectivity, and an enterprise version with all off that off, but that is paid.

      • gravitas_deficiency@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        6 months ago

        They’re gonna need a way for IT departments to categorically disable Recall from doing any visual capture/scraping of data. I work in a HIPAA-constrained industry, and the entire concept of MS’s Recall is 100% a non-starter. The legal liability alone categorically disqualifies it from being an acceptable piece of software to run on ANY system that has access to ANY PII or PHI.

        • bassomitron@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          Yeah, that’s why I mentioned in my comment that enterprise/professional versions will almost certainly allow it to be completely disabled via GPO, as this would be a death sentence for Windows. Businesses and governments across the world would immediately begin planning to off board to something else otherwise.

        • tal@lemmy.today
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          Hmm. Do you allow people to VPN in from non-company-controlled laptops? Because I figure that anyone doing work at home is going to be maybe unwittingly having local copies made of data that they’re working with.

          • gravitas_deficiency@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            6 months ago

            No, we do not. Our corporate network connectivity is pretty tightly controlled, and non-issue devices are not permitted on sensitive networks - either VPN or on-premises. I haven’t bothered asking, but I would assume they’re doing system-wide MAC filters as one of the security layers.

            I mean yeah it’s possible to exfil data, but it definitely takes some effort, and doing so would be a willful violation of some pretty significant security policies (up to and including “you’re fired, security will escort you out”, depending on the data and the circumstances”), and, you know, it’s nice having a job. Not to mention, I think HIPAA and GDPR privacy stuff, while often tedious in terms of implementation, are absolutely good and worthwhile things for consumers and users, and should not be ignored for expediency or profit.

    • OpenStars@discuss.online
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      But do we know that the tracking part will not be enabled by default - and possibly in a hidden, highly obscured manner, where the system claims it to not be but it in fact is? The access to Copliot+ may cost money, but why would Microsoft turn away that source of free data? At the very least it is a strong temptation, which even if they start out being responsible with, in every future update there is the potential to change course.

      And even if it were not enabled by default, I do worry that a 2-prong attack could first turn it on, then later exploit it to gather the data. If it for truly certain is limited to those chips though… then yes that provides security, thank you for mentioning that.

      One good thing is that government systems are always at least couple versions behind, specifically to allow time for exploits to be discovered & patched, prior to upgrades - i.e. prioritizing safety & security over ease-of-use and being on the bleeding edge of “new features”.

      • bassomitron@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 months ago

        I mentioned in another comment this would kill all trust in their product if it was found out that Windows was secretly doing all of that in the background in their enterprise products. There are other options, and as painful as transitioning to another OS would be, Microsoft being able to spy on everyone at any time would be worth the pain. This would absolutely destroy MS’s stock within a year as their dozens of multi-billion dollar contracts with governments and corporations evaporated. There’s no way the data they’re spying on would be worth the hundreds of billions they’d lose in sales.

        …Then again, we’ve seen corporations kill themselves in dumber ways before… I guess we’ll see.

        • OpenStars@discuss.online
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          “Oopsie, we didn’t mean to leave the libraries in like that, and then for that update to switch ON the collection of all data after people stopped paying attention to it, and then after a lot of data has been collected for that still additional update to cause all that data to be sent back to our home servers…”

          And perhaps it would not even be a lie - one malicious actor, working inside the company, might be able to sneak it in without the higher-ups knowing about it. Or arguably worst of all, not even realize themselves that they did it, until after-the-fact.

          When working with something dangerous - e.g. explosives, or heavy like a car - it behooves us to treat it with special care. The fact that this data collection option now exists already warrants greater care in using Microsoft products in terms of security. Except, just how much do people care?

          I could also see another alternative moving forward: the DoS simply freezes their Windows versions at the last version that did not include the data collection capability, and then never updates again. As the first years and then decades roll by, and they are using the equivalent of Windows 7, then XP, then 95, then 3.1, they simply lose out on having “computers”. Possibly here I’ve gone too far into the doom-and-gloom, b/c while it’s possible it’s not terribly plausible, though it illustrates how Microsoft is not committed to the safety of a national government, but rather instead solely their own profits - and short-term ones at that.