I haven’t used a Microsoft browser or operating syatem in almost 25 years.
M365 chat also fetches a copy of whatever secured file links you send to each other. Goes without saying, but never use Microsoft products if you value security.
… They are so bad
How can a company manage to be so bafflingly incompetent and why are there people out there still standing for it.
Everytime I read a Microsoft headline these days
That’s the added trust and security they always boast about
trust is multiplicative, not additive
don’t worry bb
Safety and security are foundational to Microsoft Edge. Access to browser data as described in the reported scenario would require the device to already be compromised. Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats.
“We value user safety and usability, but if you’re already compromised you can go fuck yourself”
No, if you are already compromised there is just no way anyone can help you anymore besides wiping your whole system.
True, but there’s a big fucking difference between handing over the keys without being asked, and doing basic fucking due diligence and not loading all your passwords in plain text into memory by default.
(@iglou@programming.dev ) I can’t defend MicroSlop because that mentality is pants on head stupid and is directly in opposition to any statement that they care about security. Because, again, they made their browser behave this way for no real reason besides blowing smoke up our ass. Chromium handles passwords properly, MicroSlop chose to do it insecurely and is hiding behind the dumbest defense. Because their OS has more holes than Swiss cheese and they refuse to plug a basic security hole that they put there intentionally.
Chrome’s handling is barely more secure. A compromised device will have a much easier time reading Chrome’s encrypted store than scanning your RAM to find passwords.
Remember that if you don’t need to input a password to open the store, then anything with access to your device can also read it.
Wether it’s encrypted in your RAM or not barely makes any difference in how difficult the task is.
The only solution is: Browsers should require a password. Or even better: Use a dedicated, properly secured password manager.
Chrome’s handling is barely more secure. A compromised device will have a much easier time reading Chrome’s encrypted store than scanning your RAM to find passwords.
Regardless, they’re still loading them into memory in plain text, and knowing this exists, is going to be an easier task to grab than dealing with the encrypted store chromium uses. At least chromium uses the in built credential api to try to protect the secrets, the fact edge doesn’t is an egregious security hole.
I don’t disagree that users need to have to enter a password to view their stored passwords, but you’re hand waving a massive and intentional decrease in security on Edge’s part. No matter how easy it is to get out of another browser, this is a violation of basic secure development practices. Security is only as strong as the weakest link, and edge is determined to not even close one of the easiest links in the chain.
I will disagree on the RAM scanning being easier. It is my opinion that the weakest link here is the password store.
The security hole here is a password management system that can work without external secret. It is shocking that this is still common practice and that people use them.
Yeah, I can’t believe I’m defending Microsoft but that’s probably what they meant. No browser password saving feature is safe if your device is compromised.
Use a proper encrypted password manager
Nothing in this timeline surprises me any more.
Lucky. I have surprise fatigue lol
I just can’t be indifferent to reading news like “US To Start Firing Unspayed and Neutered Dogs Into The Ocean From Florida Coast”
Ha!
I don’t worry, I just don’t use Edge or Windows or any MS software really (except for Teams at work)
Teams at work
Same here. Boss still thinks he’s funny bashing Apple products as a MS fanboy 🙄
we will take your data but don’t worry be happy 😁 🇯🇲 we will not use it. Because we are smoking ganja and smiling to each other in our office. We are so happy; Thanks to AI. Peace ☮️✌️😁🕶️
Microslop Edge Team
2026 is gonna be the year I finally move to Linux. I have huge concerns about many aspects of switching, but they’re being overtaken by concerns about staying with Windows. I don’t even mind if my overall user experience is a bit worse on Linux (I am trying to have reasonable expectations that it won’t be the walk in the park Linux advocates on Lemmy like to claim), I just have much more faith in its security, privacy, customisability and - most importantly - the motivations and intentions of its developers.
Just made the move a few months ago. Only headache was a missing headset driver, but Claude was able to one shot one for me that’s been stable ever since.
Not looking back. There have been very few things that haven’t worked so far. Take the leap!
Best of luck! If you’ve got questions or problems feel free to DM me (or reply here) and I’ll try to help as best I can. I’ve been using linux since the mid 90s, so I have a decent idea of how it all works :)
If you move to one of the big supported distributions, you’ll be extremely surprised how easy it is.
If you just want things to stay consistent and easy, I can’t recommend Linux mint enough. I installed it on my son’s laptop almost two years ago and he’s never needed my help to fix anything since.
The installation walks you through everything, just like Windows, but it’ll only take about the third of the time. Everything just works and there’s no trash to uninstall or debloat scripts to run when you’re done.
If you do any gaming you might want to run Fedora or bazzite (fedora with training wheels), but if you’re using KDE for the desktop that’s almost as easy and seamless.
Can confirm, Bazzite is ridiculously easy. If you don’t want to dual-boot it’s easier to install than Windows. I have it on my laptop and all my games run better now.
Except Tropico 6. For some reason that made my entire system go crazy. 😄
Bazzite is so easy to set up it’s kind of ridiculous. I ended up jumping to straight Fedora just so I can fiddle with things a little more, but for 99% of users the immutable distro thing is perfectly fine
I have huge concerns about many aspects of switching, but they’re being overtaken by concerns about staying with Windows.
Do not. Use. Mint.
That shit bricked my computer for 3 years as a teen with an unpatched bug that impossible to ever download any file to my PC again, including any potential fixes. Spent months on stackexchange forums. No solution lol
Windows has yet to screw me over that hard. (Yet.)
I’ll take things that didn’t happen for 500
Around what year was this issue? Both windows and Linux were pretty unstable until - someone correct me on this - 2012? Windows 8 was the last unrecoverable crash I had. Oddly never had an issue with Linux, but I know it happens, I’ve just been lucky.
Microsoft SSH agent persistently stores your unencrypted private keys in the registry. They’re still there unlocked and usable after you reboot.
God, the final comment in that thread makes my blood boil.
Right there in the name, it says Secure She’ll Hades
Btw, don’t ever copy&paste from your password manager, if that’s a problem. That’s what memory protection mechanisms in hardware and software are for.
The problem is, the weird way it is implemented in Edge and how MS handles the issue.
Btw, don’t ever copy&paste from your password manager, if that’s a problem
Maybe, but at least with my password manager, they’d only get passwords as I use them and not the keys to the kingdom when I open it.
The problem is, the weird way it is implemented in Edge and how MS handles the issue.
“Handles the issue” is a weird way to say they don’t give a shit about protecting your passwords. They had to change this behavior, because chromium doesn’t do this by default, so it’s not really even negligence in Microsoft at that point. They chose to do this.
