• Prove_your_argument@piefed.social
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    23
    ·
    1 day ago

    Imagine if you were a malicious actor and you wanted a copy of all photos someone plugged into a computer that were not things like browser cache, just good honest to god OC.

    All you have to do is listen on drive letters D, E, F, G and when one is plugged in with a DCIM directory… silently upload the data contents to a server over the internet when a drive is detected with that subdirectory.

    Have you ever wondered why you couldn’t eject a drive without rebooting? It’s not like it’s going to tell you what process is keeping it locked… Encryption wouldn’t even matter, because you’re gonna need to decrypt/unlock it to access it, and windows doesn’t care what service or application is trying to access it, it is glad to allow any kind of file action without even admin rights.

    Anywho, actor has your photo, AI trivially builds facial recognition models, pulls in timestamps, geolocation metadata, camera metadata… and now those photos you never intended to upload anywhere are in a database of PII that will be shared to god-knows-who.

    • Beacon@fedia.io
      link
      fedilink
      arrow-up
      44
      ·
      1 day ago

      If someone else has the ability to upload any of your files then the name of your folders is completely unimportant.

      • Prove_your_argument@piefed.social
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        4
        ·
        1 day ago

        How do you know that the latest version of a piece of software that auto updated on your computer doesn’t have anything snooping on your hard drive and uploading whatever it wants somewhere?

        Think about it. How would you know? Let’s assume it’s not using a bug, exploit or vulnerability.

    • my_hat_stinks@programming.dev
      link
      fedilink
      English
      arrow-up
      29
      ·
      1 day ago

      I’m not sure how that’s relevant? If the default folder was “Camera” or “Pictures” or whatever else your malware would just scan those directories and any real attack likely already does. You’ve only described how having malware on your machine compromises your machine, not exactly a groundbreaking revelation.

      Windows hasn’t been my main os for a while but I’m fairly certain you can mount/unmount drives without rebooting. That’s certainly the case on Linux, and my distro definitely tells me what processes are locking drives when applicable.

      • Prove_your_argument@piefed.social
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 day ago

        Windows hasn’t been my main os for a while but I’m fairly certain you can mount/unmount drives without rebooting.

        I work in IT for a living. Sometimes something keeps your drive locked. Windows does not confess. I wasn’t talking about linux user experience because most people don’t use linux like we do.

        • hexagonwin@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          17 hours ago

          try making the disk offline and online again using diskmgmt.msc, always worked for me

          you also can usually find which process is using the disk. sometimes it’s a windows system process which is very stupid tho

        • Trail@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          19 hours ago

          I work in IT

          linux “user experience”

          Hmm something does not add up to me very well

          • Prove_your_argument@piefed.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            11 hours ago

            What companies have you worked for that provide linux laptops and linux desktops to common users? Not developers, not as servers.

            I’ve worked in multiple industries. Macs are not rare, but they aren’t prevalent. Windows still has ultramajority market share.

            On the server side, tons of things run linux. Maybe if you work for a tech company or are on a development team you use linux day to day, but this is generally a small subset of people at a company. This is not a forum for “developers” but for everybody. Someone in HR, Finance, Sales, R&D, etc is not going to be familiar with linux at work typically.

            I don’t doubt that there are companies out there that have linux workstations for normal users, I just doubt it’s more than 2% of the workforce in the western world. It’s probably way less than that.

    • Telodzrum@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 day ago

      Have you ever wondered why you couldn’t eject a drive without rebooting? It’s not like it’s going to tell you what process is keeping it locked

      Windows PowerToys has had this as a function for a long as I can remember. Before that there were programs which existed only to tell you what process was keeping a folder or drive open. On Linux lsof can do this for you.

      • LikeableLime@piefed.social
        link
        fedilink
        English
        arrow-up
        6
        ·
        21 hours ago

        Powertoys should be installed by default. Its a testament to how out of touch MS is that they leave all these great features as a little known optional install. Almost every single thing in power tools should be in windows outright.

        I use it on any machine that I have to use windows on, and tell everyone I can about it. Just feels like such a miss to leave those features out of the OS

      • otacon239@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        ·
        1 day ago

        On top of this, it’s usually because the local cache hasn’t actually written all the data to the drive and if you go yanking the drive in this state, your most recent chunk of data would be missing or corrupt. The eject button forces your OS to clear its write cache before unmounting the file system.

        But that’s a lot less of an exciting answer.

        • FooBarrington@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 day ago

          Hm, the way I remember it is that the cache being flushed showed a spinner before ejecting the drive. GP is referring to an actual error being shown.

        • Prove_your_argument@piefed.social
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 day ago

          It also happens from image preview caches created by explorer. I see this get hung up for some time with SMB shares and the like that have images.

          Something is still interacting with the photos on your device, and although it may be mundane… do you really know every single service and process running on your device, all the time? Could we ever know? Just takes one dependency for one thing you installed to be bogus… it could even be from a rootkit installed in bios that installs whatever software on bootup so even if you wipe your system it’s there, ever monitoring, ever feeding your data away.

          There’s just no user friendly tooling on windows that’s built-in which would ever pick this stuff up. AV doesn’t know what is desired or undesired behavior when it comes to stuff like this either. Sure, it won’t send up stuff protected by UAC from a non-admin request… but thumb drives, CF cards, SD cards etc all have no restrictions.

      • Prove_your_argument@piefed.social
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 day ago

        I have power toys… well on my windows dual boot anyway. Do normal users? Probably not.

        I’ve used unlocker tools in the past as well, but this is not something provided in the OS and as such not something a typical user is even aware of, let alone has available.

        • Ghoelian@piefed.social
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 day ago

          You can just install it if you do need it to debug something on their pc though. There’s probably even portable versions you don’t have to install at all.

    • slazer2au@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 day ago

      The unmounting needing a reboot seems very much a you problem.

      I have managed over 1000 systems since XP days and never came across it.