this rootless Python script rips Windows Recall’s screenshots and SQLite database of OCRed text and allows you to search them.

  • csm10495
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    5
    ·
    edit-2
    7 months ago

    GDPR has little to do with this. People use site cookies to remember sessions and not have to login again, etc. I’d guess most browser users use and want to use this functionality. If you’re fully opting out to not even have persistent sessions, I’m guessing you’re in the far minority of users here.

    I’m not aware of any non-trivial readily available built-in encryption for cookies. There are easy to find libraries that exist to just pull out cookies (stored locally including session tokens).

    To clear up a bit more misinformation from your response: this is an offline feature. The data doesn’t go back to Microsoft. It works even if your computer is disconnected from the internet. If you consider their word to be a lie on this part, that’s you’re right to believe, but until proven, isn’t a fact.

    • ulkesh@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      7 months ago

      GDPR has little to do with this

      Not at all true, GDPR is the exact reason why you see all of the sites these days letting users know that their site stores cookies and requesting acceptance of it. Hence why I said we, as a global society, are trying to do something about this, even if it’s something as simple as cookie use disclosure on sites – it’s a start.

      If you’re fully opting out to not even have persistent sessions, I’m guessing you’re in the far minority of users here.

      Never once said I did.

      I’m not aware of any non-trivial readily available built-in encryption for cookies.

      You’re correct, data-at-rest encryption doesn’t exist for cookies, but data-in-flight does with SSL. Also, signing cookies and samesite origin is a thing being done these days, which makes them quite improbable, if implemented properly, to be hacked for any actual use in terms of leaking logins to said sites.

      this is an offline feature. The data doesn’t go back to Microsoft

      For the moment, that’s what they say, yes. And that’s the problem, especially since it’s turned on, by default. Thisis notsomethingMicrosoft has earned trust for.

      But you are free to believe them all you want – the rest of us who have seen what Microsoft has done these past 40 years use that as a guide to judge – and history is usually a very good judge.