Don’t install any version of Windows 11 that can run copilot/recall

[solarbird]

Don’t install any version of Windows 11 that can run Copilot/Recall if there is or ever will be absolutely anything on the machine you want to keep private in any way. Anything.

Particularly passwords, but in no way just that.

Not even if your hardware theoretically doesn’t support it and theoretically can’t run it. That doesn’t matter. Do not install it.

To be as clear as I can be, I’m not just saying “turn off this feature no matter what,” though if it’s already running, you need to do that right now and also purge your entire history and also see if you can scrub your system drive of all abandoned data files related to Copilot/Recall. I’m saying, literally, do not install any version of Windows that contains recall.

Yes, I am being obscure about why. Deliberately. I get this way when a problem is both too serious and too easy to replicate. This is the kind of shit I have in the past – when I was what one might call not a white hat – gone through trusted third parties to report and get fixed, mostly because of the “too easy” part.

It’s been a while, but I just did this again, some several days ago. I do not know whether anything is coming of it, but at least I have tried. And today, I have received information which – if correct, and that’s always an if – says that the situation is even worse than I thought.

One of the solutions I handed my third-party relay does, at least, address one of the new issues I am absolutely not describing here. However, none of the solutions I brought address the other issues I am also not describing here.

Do not install.

Posted via Solarbird{y|z|yz}, Collected.

Comments

[rialian]

===Conspiracy sidebrain is not amused by timing of this.

[solarbird]

Sorry.

For what it's worth, there's no indication of "conspiracy" here. Just truly breathtaking, reckless, and obvious incompetence... on basically every level.

[rialian]

===No doubt...which is why I say "conspiracy sidebrain", not full cortex.

===The timing is JUST THAT BAD.

[rmd]

I have never been a developer and I haven't done any proof of concept testing or anything, but I assume that squeeing sound in the distance is a bunch of malware writers being delighted at the idea that there's a binary already installed on the machines that will capture and log data. Even if it's not enabled, the binary is still there and they can execute it in place and don't have to go to all that bother of, ya know, loading bits to do it.

[melchar]

Yes!! So much THIS! Sing this out from the rooftops.

Stated in much greater detail here = https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e

[solarbird]

This isn't everything.

I mean, Kevin knows that, and says so. I also know it's not everything in part because I follow him on Mastodon and, well. He - and others - have been talking about more. It's hilarious, by which I mean tragic.

[melchar]

It's pretty much something that just came up on my 'radar' because of Andrew Ducker's daily link page. The article is so worth reading - and sobering a.f.

[rmd]

Aaaaand there's the inevitable "extract the data" proof of concept. https://mastodon.social/@campuscodi/112559479294594886

[solarbird]

There are so many problems.

At least they've started solving the least difficult ones.

[kathmandu]

Thank you for the warning.

[solarbird]

Glad to.

[armiphlage]

Thank you.

[solarbird]

You're welcome ^_^