Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Microsoft states that "Recall snapshots are kept on Copilot+ PCs themselves, on the local hard disk, and are protected using data encryption on your device and (if you have Windows 11 Pro or an enterprise Windows 11 SKU) BitLocker." From the wording here, that looks like your snapshots will only be encrypted if you have Windows Pro or a business Windows code.

I don't think that's what their main page is saying, but it is ambiguous enough to be confusing.

For reference, the quote being referenced is "How is your data protected when you use Recall?" on this page: https://www.microsoft.com/en-us/windows/copilot-plus-pcs?r=1...

The parenthetical after the "and" is throwing people off. My interpretation of the sentence is that recall snapshots are protected using data encryption on your device, no matter the version of Windows 11. However, if you have Windows 11 Pro or the enterprise SKU, you gain the additional level of protection of using Bitlocker - which could mean that the key to encrypt those snapshots lives in the TPM (or not). It's just too ambiguous and needs clarification.

The support page for Recall (https://support.microsoft.com/en-us/windows/privacy-and-cont...) provides some clarification in this area that drives the point home:

> Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11. Recall doesn't share snapshots with other users that are signed into Windows on the same device. Microsoft can't access or view the snapshots.



The data is still being recorded and saved. For example, it could make my security weaker by recording a password briefly displayed on screen. Now there's a second copy stored elsewhere on my computer than the password manager.

Also, that only mentions the snapshots (the images) themselves. It feels like its leaving them an out for data pulled from the pictures or summaries of locally processed data.


I do not disagree with your sentiment - I am just pointing out that a lot of articles are misrepresenting some important aspects of the discussion


Fair. It's important to have the facts straight.


Yeah I have no doubt they would use the data gleaned from the images. All the data generated from processing the screenshots to be useful to the user would be just as useful to third parties. More useful than the screenshots themselves, in fact. I haven't heard anything about promises to keep the extracted information locally.


Why waste bandwidth to send snapshot when the local AI can detail user activity and send a report to Microsoft?


Exactly, few kilobytes here in there on your activities will not be felt on your end, all while building a profile on you. Fun stuff.


I had the same response and emailed the author.

Misinterpreting it does help your argument when you're against it though.


Device Encryption and BitLocker use the same encryption, BitLocker offers more options for key management.

If you login to a Windows Home machine as admin with a Microsoft account, then the key is stored in the TPM with a recovery key in the Microsoft account. Before that, the key is stored in plain text on the drive, meaning it's not really secure. There's no option to save the recovery key onto paper or a USB key.

So, they are really just saying the data is stored on your hard drive, which follows the usual hard drive format of Windows.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: