• NaibofTabr@infosec.pub
    link
    fedilink
    English
    arrow-up
    58
    ·
    edit-2
    6 months ago

    Ok, let’s assume (for the sake of argument) that everything is on the up-and-up, and Microsoft will behave in a completely equitable and user-friendly way with regard to this feature going forward. Where does that leave us?

    There is a spyware feature built into Windows 11. It is off by default, but a malware that wants to capture this kind of information doesn’t have to install anything, and it doesn’t have to run any background processes that might get caught by a system monitor or blocked by application whitelisting. All it has to do is turn this built-in feature on, and then exfiltrate the data later.

    Setting this off by default doesn’t remove the security issue.

    • sugartits@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      6 months ago

      Ok, let’s assume (for the sake of argument) that everything is on the up-and-up, and Microsoft will behave in a completely equitable and user-friendly way with regard to this feature going forward

      This is so fantastical that there’s no point in even having the hypothetical discussion about it.

      • HauntedCupcake@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 months ago

        You’re right, it’s fantastical, but it’s still worth talking about.

        It’s worth talking about as it solidifies the argument more than just assuming your opponent is acting poorly. The argument of “Even if Microsoft is a saint, it’s still a bad idea. But we know Microsoft also has a history of data collection, spying, anti-patterns etc.” is a much stronger argument than the latter half on its own

        • sugartits@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          You’re right, it’s fantastical, but it’s still worth talking about.

          Is it though?

          It’s a feature which is very clearly evil and of very little benefit to the user. Only a shit business like Microsoft would even attempt it, lie about it being secure, then make it “optional” (and we all know what that means) and it will still be an insecure mess when it’s done, sucking down resources from a machine I purchased for no benefit to myself.

          The “feature” by it’s current definition can only be conceived of by a piece of shit organisation like Microsoft.

          No need to separate the art from the artist in this case, as they are perfectly aligned.