Yeah, if you've got corporate espionage going on this isn't going to stop someone from lifting your slides and taking them elsewhere. But the most common culprit of corporate information security violations isn't a spy, it's a well-meaning employee who didn't hear, remember, or correctly interpret the request to not record the meeting.
Blocking the most common way in which this kind of well-meaning but ill-informed employee would break the expected security rules does work. It's just getting flak here because people are imagining a much more exciting threat model.
> Some people might want it, but it doesn’t actually work
It probably works as well as the company firewall blocking sites or the data exfiltration detection blocking companies from being stolen.
Everyone knows they’re not perfect and can be defeated by a sufficiently motivated attacker, but in practice they stop most casual attempts and discourage others.
Yeah, some enterprise admin will click it and make it clickable for others. It’s a classic ratchet of enshittification until things reach a magic intolerability point and folks evacuate to other systems leading those to get rolled into one of the borgs: lather, rinse, repeat.
These aren't the use cases that really matters. What matters is the common case, and it's not about deterring honest folks. Honest folks aren't recording.
This is really a lesson in security blind spots. The number of people that are trying to "get around this" assuming that's the issue.
Edit: I'll make it simple. It will work because honest people aren't trying to get around it. But, they could still expose data they shouldn't. This helps prevent that. Again, a camera is enough to prove it doesn't need to be 100% perfect (and probably more honest considering screenshots can be faked).
So, instead of trying to think of how you can exploit, think of all the ways this private information can get out when it shouldn't and the people on the call aren't trying to release it. Work through that, and see where you get.
> It will work because honest people aren't trying to get around it.
I think this makes the counterargument even stronger.
Let's take for granted that this isn't intended to stop a determined leaker and is just meant to prevent honest, unintentional mistreatment of sensitive data.
The question is whether the false positives outweigh the true positives. This feature will impede people from getting things done in subtle but annoying ways (making it more difficult to take notes, hurting accessibility, etc). It's likely that when this is widely deployed, many big orgs are going to overuse it and enable it as a matter of course to prevent liability. Those scenarios where honest people are blocked from doing honest things for which there's no harm are the false positives in this scenario -- there was no need to prevent those scenarios, but they were prevented anyway.
Now consider the true positives: we've agreed that intentional malice is not covered by this feature, and so the true positives are limited just to the smaller subset of scenarios in which honest people unintentionally mistreat sensitive data, and don't include any scenarios where data is being intentionally leaked.
I suspect the number of scenarios that fall into the false positive category will be much greater than the number of scenarios that fall into the true positive category, especially so after intentional malice is excluded. So is this really a net win for anyone?
Honest folks who want to be able to cover their ass later on are.
Honest folks who are working for dishonest people and are planning to be a whistleblower are.
Honest folks who have Recall on are. Possibly against their will if they haven't found out how to turn it off, or it's a work machine where they're not allowed to do so. Maybe they're not if Microsoft actually has enough interdepartmental communication for the "no screenies please" signal to make it all the way to Recall. It'll be hilarious if they don't.
One of the best rules I ever heard of was told to me by a cop here in Australia. She told me every time they unholster their firearm, they have to fill out about 3 pages of paperwork. I think that’s so genius.
Think about it - if you’re in a life or death situation, you won’t hesitate. Your gun is right there, and it’s there so you can use it. But if the situation doesn’t feel dangerous, the image of having to fill out 3 pages of paperwork justifying your actions is enough to make you hesitate. It’s weaponised bureaucracy. It’s like - there’s an ideal amount of friction for some actions to have. Pulling your gun out should have some friction to it. The choice should have weight.
I see this in just the same way. If the presenter doesn’t want their presentation recorded, there should be some friction to recording it anyway. It shouldn’t be impossible to record. But it shouldn’t be as easy as just taking a screenshot in windows.
Just like that cop with a gun, there should be the right amount of friction for recording a meeting against the wishes of the presenter. How many pages did the cop have to fill out? 3 pages. Not zero. Not 100 pages. How hard is it to record a meeting despite this protection? It’s doable - you need an hdmi capture card, or a camera out of shot, or something else. You probably need to set it all up before the meeting. And so on. It’s not impossible. But it’s not trivial either. That sounds just right to me.
I haven’t had that experience when the same mechanisms were used to prevent screen sharing streaming video.
I just fired up a linux vm, and hit play.
If this thing actually breaks machines that don’t have a properly configured hdcp chain, it’ll create insane “this meeting is broken” debugging scenarios.
Also, hdcp is trivially bypassed these days (if, for some reason a camera phone recording of the damning meeting isn’t enough, and a perfect digital copy is needed…)
