But the changes go only so far in limiting the risks Recall poses. As I pointed out, when Recall is turned on, it indexes Zoom meetings, emails, photos, medical conditions, and—yes—Signal conversations, not just with the user, but anyone interacting with that user, without their knowledge or consent.
Researcher Kevin Beaumont performed his own deep-dive analysis that also found that some of the new controls were lacking. For instance, Recall continued to screenshot his payment card details. It also decrypted the database with a simple fingerprint scan or PIN. And it’s unclear whether the type of sophisticated malware that routinely infects consumer and enterprise Windows users will be able to decrypt encrypted database contents.
And it’s unclear whether the type of sophisticated malware that routinely infects consumer and enterprise Windows users will be able to decrypt encrypted database contents.
Thanks to W11 requirements for a tpm chip, I don’t think it’s a stretch to assume it uses the same method as Passkeys use.
No, with passkeys you tell the TPM: Never give me the secret, even if I ask you. In this case, Recall needs the database decrypted to work. TPM won’t save you.
That last part sounds overdone:
Thanks to W11 requirements for a tpm chip, I don’t think it’s a stretch to assume it uses the same method as Passkeys use.
No, with passkeys you tell the TPM: Never give me the secret, even if I ask you. In this case, Recall needs the database decrypted to work. TPM won’t save you.