Comment by tylerchilds
1 day ago
1. Any kernel level vulnerability nullify any formal protections Microsoft guarantees as the first party
https://www.bcs.org/articles-opinion-and-research/crowdstrik...
2. Settlements also avoid discovery because the impact is likely way worse than checks notes less than one day of profits per company, respectively.
1. More irrelevant stuff. A kernel level vulnerability can nullify all sorts of good faith security design.
2. I could sue you today for, well, pretty much anything. I don’t have a good case but I can file that lawsuit right now. Would you rather take my settlement offer of $50 or pay a lawyer to go to trial and potentially spend the next months/years of your life in court? You can’t make a blanket statement to say that every company that decides to settle has something to hide, or, similarly, that everyone who exercises their 4th amendment rights has something to hide. I will also point out that companies that make lots of money are huge lawsuit targets, e.g., patent trolls sue large corporations all the time.
Don’t forget we are here talking about a fully optional feature that isn’t even turned on by default. I’m not telling you to love Windows Recall, turn it off or switch to Linux if you don’t love it. My only point is that it’s gotten a lot of incorrect news and social media coverage that is factually untrue and designed to get clicks and reinforce feelings.
1. Most people don’t realize kernel hacks undermine their entire mental model of security— tbh, only after crowdstrike did I learn it was possible to mass blue screen a population by a security vendor
2. I’m very much already on Linux, most of my threat model is: “if it’s technically possible, it’s probable” and I adjust my technology choices accordingly
I’m just saying a max cap of $60 for Apple’s settlement sets precedence for future mass surveillance wrist slaps and maybe it would be worth the discovery process to uncover the actual global impact