<< I really don't understand this line of thinking. What was cracked? That the database is readable, unencrypted? How could it be encrypted and usable at the same time?
I am admittedly mildly confused by this response. Do online portals typically use unencrypted passwords? Do they let data flow unecrypted? Are those portals somehow unusable?
Could you elaborate a little bit? It is possible I am misunderstanding your point.
I have only been somewhat paying attention, but there were lots of stories about someone "cracking" the implementation of Recall and getting access to the locally-stored database. The criticism is that it is easily accessible, but it's hard for me to imagine it any other way and have it still be useful. It's still encrypted at rest, but must be unencrypted for data to be written to it.
There is plenty to criticize about Microsoft, but that one seems manufactured.
As far as I know, the database is local, and Recall does not use the cloud at all. That also means that you can't view the history from one computer on another. But I agree that trust that it will stay that way is not particularly wise.
I think you have a point there. Would you accept reverse engineering[1] as a more accurate term instead of cracking?
<< I have only been somewhat paying attention
We are in the same boat. I saw the thing pop in my feeds in the past weeks. I skimmed it, thought it was a bad idea, but since I don't have a PC that would be affected, mostly ignored it. I think I only pay more attention today, because it is the weekend and somehow my testing is not ready for me..
Ah I see. I guess that came across as criticizing your terminology, but it was more aimed at the general hype around those reverse-engineering articles, which seemed a bit over the top to me :)
Either way, I'm holding off on buying one of these PCs until some real-world info comes out (no one really has this capability yet, so it's all largely speculative).
I have also only been skimming the info but the issues seem to be:
1) Recall takes snapshots of user’s activity and then copilot analyses it and keep the info in a plain text database.
2) The database is accessible to other accounts in the same computer.
3) The database is kept very small in order to save storage space. The trouble is that it is so small that it takes no time at all to upload it. One researcher infected his machine with a know piece of malware. By the time the AV software recognized it the database had already been sent.
4) Oncenthe database is in hand it is trivial to see whatever the person was working on and what information was involved. Apparently you can literally see some things.
So yeah, collecting large amounts of sensitive data makes for a very juicy target.
I am admittedly mildly confused by this response. Do online portals typically use unencrypted passwords? Do they let data flow unecrypted? Are those portals somehow unusable?
Could you elaborate a little bit? It is possible I am misunderstanding your point.