SN 977: A Large Language Model in Every Pot

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

I haven’t got to the part about Microsoft Recall yet, but posting this here for relevance. I’m assuming that Steve is reacting to the story about someone hacking a version of Recall to work on a non-compatible machine (as there aren’t any compatible machines currently on the market).

I’m posting this now as a marker, as I usually hear these stories on the move and by the time I get somewhere, where I can write a reply, I’ve forgotten what I wanted to say. I’ll update the post with any relevant comments, once I’ve heard Steve’s take on the story.

Paul’s point is, that this is a hacked version not running on secured hardware, so the results are pretty irrelevant at the current time, as the software is designed to run on a secured device, with per-user encrypted storage… It is something Microsoft needs to address, mainly to stop wild speculation, until Recall can actually be run properly configured.

Edit: One thing Steve mentioned was that the data would be backed up in the cloud, on OneDrive. Microsoft has explicitly stated that this is not the case. If you lose your PC, set up a new PC or re-install the existing PC, there is no way to get the Recall data from that original installation on another device or the re-installed version of Windows. At least with the current version.

I suspect in the long run, Microsoft will try and do something along those lines, but given most users have 5GB of OneDrive storage, it would be a non-starter. Obviously, if the user is using a different cloud service, they could opt to back up the data themselves, but they would be copying an encrypted blob and would need to extract the key from the Pluton chip, which is by design impossible, at least in theory.

1 Like

That’s absolutely irrelevant if the user gets infected with malware. The malware would presumably be able to extract (and then exfiltrate) any useful data from the AI in the exact same manner the user could.

The malware would need to use the Microsoft AI APIs to get at the data, but it would theoretically be possible, if the user’s PC isn’t protected against malware.

I am not a fan of Recall, I don’t really want it on my PC, but most of the arguments at the moment, even Gossi The Dog’s analysis of Recall that Steve is referencing, are doing so on incomplete data.

I hope Microsoft will clarify the situation, but the point remains, until actual hardware is delivered and Recall isn’t hacked to work, but is correctly installed, this is still just conjecture. It could be that everything Kevin says is correct, but, until we can test it on real hardware that is properly configured, with a release version of Windows that supports the AIs and the unadulterated Recall code, we just don’t know.

Kevin’s argument is along the lines of, “I built a copy of the bank vault out of cardboard and I could open the vault door using a simple kitchen knife.” I will be very interested to see if his research carries over to a real installation of Recall. (I have a lot of respect for Kevin, so I am a little surprised at the apparent flaws in his current testing that he seems to not have addressed, but hopefully this work will put him in good stead to test the real thing, once it is available.)

1 Like

So, I’ve listened to that part of the show yet. What he found is bad, but it was a hacked version running on a non-configured PC. If it really is that bad, when the PC is correctly set up and running the official code, we have a huge problem on our hands. But the fact remains, this is a hacked together version not running in default configuration, let alone properly configured (he doesn’t have access to a Copilot+ PC to test his findings on).

Also, the bit about incognito mode working on Edge, but not currently on Chrome, allays my fears somewhat. By the time that PCs with Recall are available, I expect that browsers will have been updated to block incognito mode and, I would hope, that password managers and other software, like authenticators, are updated to disable Recall in their windows. Given the announcement less than 2 weeks ago and the fact that no PCs have yet shipped, this gives developers some lead time to get their security orientated apps (and financial, for example) updated to exclude themselves from Recall.

As I said, I am not really a fan of Recall, as it has been described by Microsoft, but I still want to see if Kevin’s hypothesis is correct, when he tries his tests on an actual Recall installation.

1 Like

It looks like Microsoft is backtracking after the privacy calls, which is good. Other researchers have now also run Gossi’s tests on official Microsoft preview VMs and confirmed his findings, but the important Pluton and Hello ESS parts of the equation are still missing, but that Microsoft is backtracking and taking the complaints seriously is at least a start.