• Norgur
    link
    fedilink
    12
    edit-2
    7 months ago

    So, are we done berating everybody passive-aggressively with just a sprinkle of condescension? Because maybe, just maybe, I was making a remark about the general practice of Microsoft to hide stuff behind nondescript bullshit names (especially in non-English versions where the English bullshit name gets translated literally most of the time, which yields even more nondescript results).

    Maybe, just maybe, you chose the wrong comments to act up on “PeOpLe NoT rEaDiNg ThE aRtIcLe” when all that was posted about was inconsequential stuff about the precise clicks needed to turn a feature off that’s not even in the respective menus yet. So this is not someone talking bullshit because they misunderstood the headline about a murder case or something.

    All that was said was about practices Microsoft has abused into oblivion: Hiding stuff behind obscure menus and hiding stuff behind obscure names. The comments made were a persiflage of exactly that.

    Maybe, just maybe, the precise placement and wording in a menu that doesn’t even exist yet is a topic inconsequential enough that people will not read the tenth article about the general subject (Copilot becoming “opt-in”) to make sure they wouldn’t miss this super irrelevant point to the story. A point which you guessed from screenshots that haven’t reached production yet (even if they are likely to go into production as shown, it can still change), so your condescending attitude is based on wobbly grounds.

    There are tons of articles where people post absolutely wrong and quite absurd stuff because they didn’t read the article. Some of them even matter (politics, world events). So let’s criticize people when they don’t read through actually important articles before posting, and agree that it’s okay to not read the exact article posted on unimportant sidenote stuff if one knows about the thing in general. Because if I’d be only allowed to comment on the article posted itself, I wouldn’t need Lemmy, I could just comment on the site that posted the article in the first place.

    Besides: You did notice that you commented on two different people, yes? Because you sure sounded like you didn’t read the usernames before commenting and thought you always replied to the same guy.

    • MudMan
      link
      fedilink
      -87 months ago

      That is a very long rant to agree with me in that you care enough to rant about this online but not enough to read past the headline.

      So no, I have no intention to shut off the condescension, there is nothing passive about my aggression and people absolutely don’t read the article regardless of how important they feel the issue is. Yesterday this was all about the most important threat to the security of the average cosnumer, now it’s “unimportant sidenote stuff”. Somebody should have told MS how unimportant it is, could have saved the devs the crunch to fix it by the time it ships in 10 days.

      For the record, you’re right about how hard it is to find things sometimes in localized versions of OSs. That’s true of all of them, though, and I blame the fact that we’re all stuck here speaking the haegemonic language and reading about tech only in English while local journalists struggle to stay relevant, so we learn all the brand names and settings in English despite the software itself being available in localized versions. But that’s a whole other conversation.

      • Norgur
        link
        fedilink
        3
        edit-2
        7 months ago

        So your reply is, “but other people don’t read…”? Yeah, I’m not “other people”, so stop making me a scapegoat for behavior you’ve seen elsewhere (and on which I agreed with you, btw).

        Yet, you misunderstood my comment: Copilot is important. It not being encrypted is important (and hilariously naive). Where they put the turn on or off option in the setup menu ultimately is not. I wrote that pretty clearly. Didn’t you read my answer? That was the only information I could have gotten from the article I didn’t have already. Thing is: If I had read it (from a Screenshot I wouldn’t have seen anyway because I normally use reading mode, no less), I would still have commented on the dark patterns Microsoft uses to get you to send your “telemetry” to them.

        I have since skipped through the article and literally the only thing in there I didn’t know were those stupid screenshots. So why the heck would I read the article when I had read others just like it?

        You just saw something you’d been irritated about in other places and treated me (and others here) as if we were the offenders behind the things you saw as well, lashing out without provocation and felt justified because “it happens all the time”. While some of that’s correct, the people you went and “showed’em” aren’t the source of all evil, so skip the scapegoat bullshit and be civil towards people you’ve never talked to before, will ya?

        • MudMan
          link
          fedilink
          17 months ago

          Yeah, see, here’s how I know I’m not scapegoating you and you also didn’t read it.

          The article clearly explains they WILL in fact encrypt it and require a passkey to access it once per session.

          So yeah, no, my condescension is exactly about you. And others. But also you.

          • Norgur
            link
            fedilink
            17 months ago

            Are you really this dense? The whole opt-in thing comes because Researchers found that Recall wasn’t encrypting shit and there was already a tool out to scrape this data automatically (Totalrecall). That was what I mentioned there. Come on, you must be trolling now. This is just laughable. But so you can’t be half-read my comments and make it fit your argument again, it’s even in the bloody article:

            Microsoft’s changes to the way the database is stored and accessed come after cybersecurity expert Kevin Beaumont discovered that Microsoft’s AI-powered feature currently stores data in a database in plain text. That could have made it easy for malware authors to create tools that extract the database and its contents. Several tools have appeared in recent days, promising to exfiltrate Recall data.

            • MudMan
              link
              fedilink
              47 months ago

              Yes, I am aware. I read about that yesterday, and yes, I did read it again at the bottom of this piece. It was really bad.

              Which is presumably why, a couple of paragraphs above, they explain that:

              Microsoft will also require Windows Hello to enable Recall, so you’ll either authenticate with your face, fingerprint, or using a PIN. “In addition, proof of presence is also required to view your timeline and search in Recall,” says Davuluri, so someone won’t be able to start searching through your timeline without authenticating first.

              This authentication will also apply to the data protection around the snapshots that Recall creates. “We are adding additional layers of data protection including ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates,” explains Davuluri. “In addition, we encrypted the search index database.”

              Here’s the thing, it shouldn’t take somebody calling you out on it on the Internet and engaging in a defensive back-and-forth driven by pride for you to actually read the thing. Commenting should be secondary to following the link and figuring out what’s actually happening. But it’s not. That is the part that pisses me off. Not the stupid feature that is still bad even without glaring security holes. Only partially the stupid rooting for commerical products like they’re football teams. Fundamentally that our consumption patterns when it comes to information are broken and we think it only affects everybody else but not us.

              That part is terrifying and infuriating.

      • @conciselyverbose@sh.itjust.works
        link
        fedilink
        English
        27 months ago

        This is still a huge threat, because their “mitigations” are a joke. The only possible way this can be an acceptable feature is if it is built from the ground up with security as the primary concern. You can’t “tack on” security at the end and get a secure product.

        If security was in any way a consideration, there is no path to shipping anything where the database is unencrypted at any point. Not in an insider build. Not as a tech demo. Nothing.

        • MudMan
          link
          fedilink
          -17 months ago

          I mean, no, that’s dogmatic weirdness. The feature is secure if the feature that is live is secure. Software isn’t magic, it doesn’t have karma, it works the way it works.

          Now, this is as secure as whatever they ship, but even assuming it’s ironclad it’s still a bad feature. You do not need an automatic screengrabber to remember what you did yesterday. Every piece of work software you may need to reopen has a recent files list, Windows has a file search function, browsers have a history. You have a brain. You don’t lose track of so much stuff that you need to be recording your entire activity just in case. This is a bad gimmick that covers no use case, just like Timeline was. And because it’s a bad useless feature the logical thing is to turn it off and forget about it, which is why everybody seems to have memory holed that Timeline ever existed.

          You guys really don’t need to get weird about it for it to be a bad idea, but since they’re railroaded into shipping it, at least it’s better to ship it with proper encryption and authorization features. Still turn it off, though.

          • @conciselyverbose@sh.itjust.works
            link
            fedilink
            English
            27 months ago

            The feature that is live cannot possibly be secure. That’s the entire point.

            If you do not design every element that interacts with user data very consciously and deliberately around controlling access properly, you cannot get a result that is not massively vulnerable to bad actors. Security is a core design principle. It cannot possibly be achieved after the fact.

            • MudMan
              link
              fedilink
              07 months ago

              Yeeeah, I’m thinking this conversation isn’t worth pursuing. My point is already up there.

              • @conciselyverbose@sh.itjust.works
                link
                fedilink
                English
                17 months ago

                It’s insane technology illiteracy like this that’s the reason that security is such a shitshow across the world and allows tech companies to just ignore the bare minimum effort. Tech CEOs should be criminally liable when gross negligence like this results in meaningful breaches to consumers.

                Sloppily patching the giant hole in your stone wall doesn’t make it hold water when there are 500 other cracks and smaller holes. If you didn’t consider “don’t have big holes” a feature that justified spending money on bricks at the start, you’re never going to get an end result that does the job.

                • MudMan
                  link
                  fedilink
                  0
                  edit-2
                  7 months ago

                  This is hilarious for life context reasons that I’m not gonna disclose here.

                  But good one. I swear, this place sometimes is Dunning-Kruger headquarters. Gotta decide if “this place” means “the whole Internet” or not, one of these days.