Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Technically, how would Windows know what's a password and what isn't?

Now I'm wondering if people have outrage over OBS and Zoom capturing passwords.



Now that every app is an electron app, you can just look for type="password".


God, the future really is stupid, isn't it?


it's probably going to get worse. Now that we have normalized using 2GB of ram for a text chat app because it's a bit easier to code, I bet it's only a matter of time before they go one abstraction level higher and start emulating an entire OS.


emacs does the entire OS thing in 8MB


Eight megs and constantly swapping


I mean,, the snapdragon laptops are still emulations.


It’s not like Windows Forms didn’t have password inputs


If it's using AI I'm sure they can train the model to identify the word "Password" in close proximity to a textbox.

OBS and Zoom are screen recorders, not utilizing AI. That's an oranges to apples comparison.


Since when was Zoom not using AI to create transcripts and all of other crap they've added to "stay relevant"?


Usually people don't type in passwords in a way that's visible Zoom calls. Most password fields obscure their content.


> Most password field obscure their content

iOS device unlock password field _magnifies_ content as visible plaintext.


But they keep the sound on while typing it on their keyboards.


That requires a little more effort than an employee casually browsing training data and jotting down passwords on a notepad.


It may just be an audio model then, not a visual model.


Usually the text will be stars or something you can also train on that or exclude them based on type of text box


Lotus Notes for the win:

  * The hieroglyphics on the left of the dialog box are supposed to distract anyone who is peering over your shoulder trying to learn your password as you type.

  * The number of characters you type is hidden; a random number of X's appear instead of one asterisk per character.
https://blog.codinghorror.com/the-dramatic-password-reveal/


try the native screen recording feature on iOS if you have an iPhone or iPad. go log into some website or app. the recording will show the keyboard come up, keypress animations, and the characters being entered into the username/email field, but when you focus the password field all of that disappears. I was surprised when I first saw it, but it totally works


Could that be used to prevent iOS on-screen display of magnified plaintext characters, during passcode entry for device unlock?


Well, it could capture only content of programs that ask to be captured, while they do.

Web browsers could not ask to be captured when sensitive content is on screen (perhaps the web server could communicate that in headers). So could code editors and other production software that deals with trade secrets and confidential information. As well as any government and armed forces, medical, legal and similar software.

SharePoint supports sensitivity labels for documents. These labels are synced to the device through OneDrive if my memory serves right. I think that could be (if it’s not already) extended to non-SharePoint documents. If an application deals with these documents, it could also not ask to be captured at that time.

Capturing for Recall should be opt-in per program, so no legacy software leaks info.

Even with visual captures, look at what Discord, Zoom and even PlayStation live streaming and captures do - they simply block out the parts of the UI that could contain sensitive info.

But bigger cross-program Windows API feature adoptions have been achieved, like dynamic DPI scaling, DirectX, multitouch support, UWP and similar.

They could do it, if they wanted to. But I think right now it may all be a half-baked executive idea. It will evolve into something though… there is an opportunity to do it right.


Indeed, it already won't capture Edge's equivalent to Incognito Mode because the OS already knows what that signal is shaped like. But there isn't an equivalent, general "This window should be private" OS-level signal because none was ever needed before.


Local AI and/or OCR?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: