Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Internet Microsoft

Microsoft Edge Will Begin Blocking Screenshots On the Job (pcworld.com) 99

Microsoft is adding screenshot prevention controls in Edge to block you from taking screenshots at work. "It's all designed to prevent you from sharing screenshots with competitors, relatives, and journalists using Microsoft Edge for Business," reports PCWorld. From the report: Specifically, IT managers at corporations will be able to tag web pages as protected, as defined in various Microsoft policy engines in Microsoft 365, Microsoft Defender for Cloud Apps, Microsoft Intune Mobile Application Management and Microsoft Purview, Microsoft said. The screenshot prevention feature will be available to customers in the "coming months," Microsoft said. It's also unclear whether third-party tools will be somehow blocked from taking screenshots or recording video, too.

Microsoft will also roll out a way to force Edge for Business users to automatically update their browsers. The feature will enter a preview phase over the next few weeks, Microsoft said. "The Edge management service will enable IT admins to see which devices have Edge instances that are out of date and at risk," Microsoft said. "It will also provide mitigating controls, such as forcing a browser restart to install updates, enabling automatic browser updates or enabling enhanced security mode for added protections."

This discussion has been archived. No new comments can be posted.

Microsoft Edge Will Begin Blocking Screenshots On the Job

Comments Filter:
  • by Smidge204 ( 605297 ) on Wednesday May 22, 2024 @06:23PM (#64492181) Journal

    We wouldn't want anyone taking screenshots of your desktop [slashdot.org]. That could be a security risk.

    And thank goodness nobody carries around an internet-connected, high definition camera in their pocket everywhere they go.
    =Smidge=

    • by sonamchauhan ( 587356 ) <sonamc@NOsPam.gmail.com> on Wednesday May 22, 2024 @06:30PM (#64492207) Journal

      Soon to come: new Microsoft feature that requires webcam to be active when displaying the screen; it actively monitors for cameras

      • Soon to come: new Microsoft feature that requires webcam to be active when displaying the screen; it actively monitors for cameras

        My first thought was even simpler than that...my first thought was:

        Who the fuck uses Edge?

        • My first thought was, why would Edge have a feature to take a screenshot? Do other browsers do this? Is there some unnatural tying of the browser to the operating system internals going on here, such as the sort of thing thatwere forbidden by past lawsuits?

        • Haha .. one such example: companies that mandated use of internet explorer for broken intranets.

          Those companies now mandate Edge as it seems to support those same broken sites.

    • Re: (Score:1, Insightful)

      by thegarbz ( 1787294 )

      We wouldn't want anyone taking screenshots of your desktop [slashdot.org]. That could be a security risk.

      Funny joke aside, there is a big difference between blocking screenshots to close an exfiltration risk and a windows feature which can be disabled through group policy which also saves locally encrypted screen that isn't accessible to any other users. If actual screenshots worked the recall does, no one in corporate security would give a shit.

      And thank goodness nobody carries around an internet-connected, high definition camera in their pocket everywhere they go.

      You think you're being clever but there's a very big obvious difference between someone's actions when they are sitting and using a computer and mouse, and someone who

      • by Smidge204 ( 605297 ) on Wednesday May 22, 2024 @07:05PM (#64492279) Journal

        > blocking screenshots to close an exfiltration risk ...by potentially creating another one?

        In any event, you can just disable Printscreen. You do not need to introduce a Rube Goldberg system that only works in Edge.

        > obvious difference between someone's actions

        So now we're assuming someone is watching every computer user? If you're already looking over their shoulder why can't you just see them saving the screenshot to file and sending it to someone? Hell, why can't you catch them sending ANY file over ANY connection that isn't authorized? What data exfiltration scenario does this actually prevent? Maybe makes it slightly less convenient at best.

        If a system is so locked down that I can't whip out my phone for 10 seconds and take a photo of the screen, or use a USB drive with a portable web browser to view the protected page (bypassing this feature) or even a third party util to save the screen, then this feature is already not necessary nor particularly useful.

        Your defense of this bullshit is not as clever as you think it is.
        =Smidge=

        • by ukoda ( 537183 )
          The "only works in Edge" bit could be seen as a plus for Microsoft. Any company going along with this idea would also have to block users from installing other browsers, forcing the use of Edge only in such work places.

          Personally I would hate to work in a place with that level of distrust in their employees. I guess is doesn't really affect me because any job that force me to use a Windows PC would have to be very likely working on stuff outside my areas of interest.
          • I think that might be the real angle; "Value add" to the Edge browser and leverage that to get corporate networks to block alternatives because Edge is "more secure."

            Yeah that 100% tracks.
            =Smidge=

          • Personally I would hate to work in a place with that level of distrust in their employees.

            If people were honest, this wouldn't be an issue. But since we're not, this is what happens. Also, these restrictions come in handy at government, military, or intelligence operations, or anywhere senisitive material is around such as at chip manufacturers (computer, not tasty).
        • by AmiMoJo ( 196126 )

          It's a standard part of Windows, an app only needs to use the API to enable it for its windows: https://deviceadvice.io/2021/1... [deviceadvice.io]

          A lot of times systems are locked down enough that you can't load a different browser, or even see the URL you need to browse to. As for phone screenshots, assuming they don't have a ban on phones, it's still less bad than screenshotting because phones add a load of metadata to the photo and most people don't know how to strip it. Also in some countries you can't disable the camer

          • by Bert64 ( 520050 )

            Also in some countries you can't disable the camera shutter sound without some hacking that is beyond the ability of most users.

            Only japan AFAIK...
            And damaging the speaker works pretty well, and is well within the ability of most people. As is buying a foreign import phone.

        • In any event, you can just disable Printscreen. You do not need to introduce a Rube Goldberg system that only works in Edge.

          Nothing quite like throwing the baby out with the bathwater. There are some things you give a shit about, and some things you don't. 99% of the stuff I work with is not marked secret. It would be crippling for IT to block my ability to screenshot the 99% for the sake of protecting the 1%. It absolutely makes sense to discriminate.

          So now we're assuming someone is watching every computer user?

          In the office, yes. I don't think I would be able to point a phone at my computer without someone noticing in the office. That's the nature of offices. There are lots of people aro

          • > Nothing quite like throwing the baby out with the bathwater.

            Either you're in a secure environment or you're not. Pick one.

            > In the office, yes. I don't think I would be able to point a phone at my computer without someone noticing in the office.

            I bet you could, unless you're trying to do a duck-face while taking a selfie with your monitor behind you or something. And in the slim chance that someone notices, the chance they'll give a shit is even lower.

            Even if you work in one of those nightmare open

          • I regularly point my phone camera at my monitor at work, namely when there's a link I'd like to have on my phone to read later or send someone. I use Ditto to create a qr code on Windows, then scan with binary eye from F-Droid. In any case, with home office as a regular thing, this is nothing special nor suspicious.
        • by Anonymous Coward

          FWIW, many call centers prevent users from entering the call floor with a phone, paper, pencil/pens, etc. And their computers are quite locked down. Real world exfiltration is happening using things as simple as text input fields on internal sites or in ticket systems the use for the support. Users are monitored, but not 1-on-1 and 24x7. Everything they enter is recorded, but alerting based on that isn't all that straight forward.

          And no, you would not be able to whip out your phone - you passed through a me

      • by gweihir ( 88907 ) on Wednesday May 22, 2024 @07:22PM (#64492311)

        Your post isn't as clever as you think it is.

        As usual, right back at you. I was part of a team that evaluated prevention of this type of exfiltration of data a while back.The possible measures went up to building special terminals for a few 100 people. The environment was a civilian enterprise, so no special laws or provisions with which you can limit employee rights. The conclusion was: Not preventable. Cameras you can only prevent if you search people (generally not acceptable) and ban overtime at the workplace (generally not acceptable) and ban home-office (generally not acceptable). But here is the second problem: Some, not that few, people can exfiltrate a lot of critical data in their brains. And each time they leave the office, they can record that outside of the protected environment and come back to get more data.

        The conclusion was that you may make the exfiltration effort for low-value, high-volume data prohibitive, but anything high-value and low-volume your workers can steal and there is nothing you can do about it.
        The other conclusion (not reported to the customer was) that apparently a lot of not-so-smart people in "management" have this illusion that they have a full control and have real, personal psychological problems with not being able to control something and come up with the most stupid ideas and "explanations" in order to convince themselves that they are in control. Explains a lot.

        • by Kokuyo ( 549451 )

          I know why those findings weren't reported to the customers but I wonder what the world would look like if they were repeatedly.

          Seriously, I know that insulting people generally isn't helpful but I think many managers could profit from being made aware of the fact that every one of their underlings knows how insecure they are.

          • by gweihir ( 88907 )

            I agree. Many managers would benefit from the occasional reality check. But you can typically only do that of higher up management endorses it or your consulting business goes bankrupt. Sometimes you can do it very friendly and simple. For example, I once demonstrated that MAC-based "authentication" is not effective by fitting a network card with a socket for its eeprom (thus allowing easy MAC changes) and handing that around at a meeting. Cost me about 3 hours on the weekend (billed to the customer) and d

        • but anything high-value and low-volume your workers can steal and there is nothing you can do about it.

          You seem to have not considered the fundamental aspects of security: The harder you make something the less likely it is to be attempted. Is this going to prevent targeted corporate espionage? No. It is designed to prevent significantly more accidental leaks.

          • by gweihir ( 88907 )

            I have. The date in question was well worth the effort even with the maximum effort that could reasonably have been achieved. And this was not about accidental leaks at all. I do agree that accidental leaks should never be easy to do.

      • Troll alert!

        • If understanding security risk management makes me a troll I'll get that printed on my lunchbox and display it proudly.

    • Yeah but it's got a screenshot blocker... it's what CEOs crave.
    • Just print it on the company printer and scan it back in?
    • Bring up the gaming toolbar and record the screen to a video if you like.
    • I'm guessing the next version of Edge will require a web cam to always be on pointing in the user's direction, and the user has to be visible at all times so an AI can verify it is you who are using the product. As part of this it will periodically ask you to perform gestures to confirm you are really there, e.g. "show me a vulcan salute", or a friendly "put your elbow to your nose (haha, just kidding, that's impossible, but good try)". This AI will check whether you are holding a mobile phone or similar de

    • They said it was about competitors, not about themselves.
    • And nobody doing the promotion of a Rayban Camera equiped glasses.

    • by Bert64 ( 520050 )

      All a feature like this will do is provide a false sense of security...
      As you pointed out, people will just take photos of the screen instead, and share them via their mobile data plan which will have even less oversight. Meanwhile naive management will believe that this feature actually does what it claims and images of data from the screen can no longer be shared so they let their guard down.

  • by ebunga ( 95613 ) on Wednesday May 22, 2024 @06:24PM (#64492185)

    How does this jive with their other announcement that Windows will record everything you do and save it to your permanent record for advertising and blackmail purposes?

    • by korgitser ( 1809018 ) on Wednesday May 22, 2024 @06:28PM (#64492199)
      In Soviet America, screenshots take you!
    • How does this jive with their other announcement that Windows will record everything you do and save it to your permanent record for advertising and blackmail purposes?

      Perfectly fine, given that windows recall stores the record on the device in an encrypted way which makes it presumably very frigging difficult to share with any third parties.

      Seriously did anyone on Slashdot actually understand how recall works at all? Does no one here understand that even as a feature it is under control of the same corporate group policy as this Edge for Business feature is?

      • by mrfaithful ( 1212510 ) on Wednesday May 22, 2024 @10:13PM (#64492521)

        Seriously did anyone on Slashdot actually understand how recall works at all?

        We don't need to. Decades of experience with microsoft tells us that no matter how clever and esoteric our random guessing about how terrible a new microsoft feature will be for security and privacy the eventual and inevitable real world security flaw or privacy invasion will be even worse. And just as true after we find out, apologists will crawl all over slashdot, reddit and the like to tell us how it's not really that bad and we should just accept it and anyway you can always disable it with these 3 obscure group policy options and what do you mean you didn't know 24H2 added a 4th one that invalidates the other 3? What are you? Not terminally online and dedicating part of your day to keeping up with the workarounds?! LoL, everything microsoft do is your fault for not staying on top of their bullshit and also it's simultaneously not bullshit. It's an amazing feature you should be accepting of while simultaneously not stupid enough to lobotomise through hidden toggles.

        • Seriously did anyone on Slashdot actually understand how recall works at all?

          We don't need to. Decades of experience with microsoft tells us

          Actually you do. There's no middle ground here. Either you trust Microsoft and need to understand how recall works in detail (in which case the fact that data is encrypted locally stored should be good for you), or you don't trust Microsoft and you have already sold yourself out to them by virtue of running their OS which is at the whim of their updates and their data harvesting.

          Either way you look at it Recall does not represent a change in risk to you.

          • you have already sold yourself out to them by virtue of running their OS

            Yes you have? You'll have to explain that because I don't recognize the frame of reference. Because if it was a question phrasing, I would say:

            Nope,

            virtue? (apropos of nothing, laying an inference framework for later reference? I'm pretty sure you're turning a facile phrase here, though.)

            And nope, no running that.

            No one should run MS OSs. You can though. Seems like you must run MS OSs for some reason and are convinced it is a must for all. Good for you! Treats and stuff for being a in-lier! Onboard! Wit

            • No one should run MS OSs.

              Indeed. People don't need to, and to them there is no risk. For those people who do the risk profile hasn't changed (something you didn't seem to even refute).

              You can though. Seems like you must run MS OSs for some reason and are convinced it is a must for all. Good for you!

              I'm not sure why you think I am running an MS OS, or why you think anything I said suggests that someone else must as well. Did you not learn basic literacy at school? Please turn on your brain before you post next time.

    • by gweihir ( 88907 )

      Simple: Only MS is allowed to record your desktop at any time. You are not. They really are going into late-stage enshittification now.

      • by vbdasc ( 146051 )

        They merely show you who is the master.

        But one day you might be allowed to do that yourself if you pay them, to be honest.

      • False. MS provide organisations the choice of either. They don't have a say in this. It's a corporate feature and you are *NOT* the master of your PC in a corporate environment regardless of what OS you run -- if your IT department is even remotely compentent that is.

    • ... Windows will record everything you do ...

      Microsoft is helping you work smarter ^H^H^H^H, harder and your boss approves.

      ... automatically update their browsers.

      Microsoft is helping your boss block your criminal behaviour and increase the the recording of everything you do, to guarantee you haven't committed a crime (using Microsoft Edge).

      This is a solution looking for a problem and the problem, obviously, is every employee using a computer.

    • by unrtst ( 777550 )

      Linux already beat them to the solution - Wayland!</s>

      It is a bit eerie that, as a side effect of how Wayland implemented things, existing screen sharing programs could no longer easily grab all window contents, and have to go through some higher layer now, which sets it up to be in the perfect position to implement both a Windows Relay clone and screenshot blocking/security. Maybe someone can throw together some quick plugins to do that so we have a clean room reference implementation before this is

  • by Tony Isaac ( 1301187 ) on Wednesday May 22, 2024 @06:32PM (#64492211) Homepage

    You know those dumb online compliance training courses companies make you take, the ones that have a 10-question quiz at the end, to make sure you understood the difference between "disparate impact" and "disparate treatment"? Screenshots are great for these courses, paste them into a word document as you go, and if you forgot some small detail during the quiz, you can refer to your document. You know, kind of like...taking notes. You know those e-learning companies will tag their pages as "no screenshots allowed."

  • by DMJC ( 682799 ) on Wednesday May 22, 2024 @06:34PM (#64492217)
    And it works very well. This is just another security theatre thing.
    • by taustin ( 171655 )

      Not to mention how many screen shot apps there are, many of them free, that won't give a damn about Edge's idiotic features.

      • by mysidia ( 191772 )

        If this is in a company with IT trying to control Screenshots on certain websites.. They already have to take steps to ban the other web browsers like Firefox or Chrome from being able to access their websites.

        Presumably in that process they have to take control of what Apps are allowed to run on their desktop endpoints. The user wouldn't have access to install Screenshot apps.

        But none of that affects their ability to take Screenshots with a cellphone or hidden camera. Which is Also a better idea if

      • Not to mention how many screen shot apps there are, many of them free, that won't give a damn about Edge's idiotic features.

        Edge already has DRM based screenshot blocking features. Seriously go try it, log into e.g. Netflix or Disney+ and take a screenshot, see if any content shows up.

        • by taustin ( 171655 )

          Seems to work fine with Screenpresso. Including, specifically, just capturing the client window in Edge.

          Perhaps they're not actually as clever as they want you to believe the are.

    • If you're dealing with sensitive information you are significantly more likely to be found out in a public office environment by pointing a camera at a screen (weird thing to do) compared to typing on your keyboard (normal thing to do).

      That is assuming you're allowed a phone in the first place. Some people working on secret information aren't even allowed to have their cell phone on them.

  • Well, I’m so glad that Microsoft is going to dictate when my screenshot activity is “at work” committing corporate espionage. Nothing like labeling a PC being a member of an AD domain as inherently suspect.

    You want to prevent sharing information with competitors? How about you work on securing the core product first. Screenshots are the least of your damn concerns looking at history.

  • by jmccue ( 834797 ) on Wednesday May 22, 2024 @06:40PM (#64492231) Homepage
    I guess people at M/S never worked on an SAP system. With issues occur, users will send many screen prints to support people for help.
    • This is exactly right. Screenshots are useful for reporting errors, support, and other useful purposes. Thank-you M$ for getting in the way again of me getting my work done.

    • Aside people taking screenshots because they need help, before that there's taking screenshots to make walk-through support files. To avoid all those users needing to get help for trivial things.
  • by Osgeld ( 1900440 ) on Wednesday May 22, 2024 @06:50PM (#64492251)

    in windows 10 and 11 there are two programs to take screenshots of your desktop already, why did edge need yet another on on top of that

    firefox has its very own unique system for handling printers, google decided the print dialog wasnt good enough and MS has a screenshot utility... repeat after me guys "your shitty little web browser is not an OS replacement"

  • We disabled the door locks on your car.

    But we also disconnect the steering wheel at random unannounced intervals so nobody can steal it.

  • How stupid (Score:4, Informative)

    by gweihir ( 88907 ) on Wednesday May 22, 2024 @07:11PM (#64492299)

    People routinely carry high-resolution cameras around. All this will do is make it harder to work with Windows. It is like MS has no ideas at all anymore besides bad ones. Well, maybe this is part of their lie that they will now care more about security after a "cascade of security failures at Microsoft" that lead to an attack that "should never have happened" ( https://www.cisa.gov/sites/def... [cisa.gov] ). Of course, pretending to do something is worse than doing nothing.

    • People routinely carry high-resolution cameras around.

      Indeed. And they will look suspicious pointing them at their own computer while doing something involving secret information.

      Incidentally we don't all carry high-resolution cameras around. Some people work on sensitive things. I hope you can see the overlap here.

  • I see a whole line of new product being released in the near future.

    • by vbdasc ( 146051 )

      Microsoft certified keyboard without a PrtScr key

      Yes, because they need to make space for the new Copilot key.

  • Almost every new Windows feature I've heard of in the past several years seem like a complete anti-feature. Other than git metadata being added to Explorer, has Microsoft introduced any new significantly exciting features to Windows in the past five years? Windows users: are there any plans for a new feature that you're genuinely excited about?
  • by Plugh ( 27537 ) on Wednesday May 22, 2024 @10:12PM (#64492519) Homepage
    I am responsible for software that falls under various compliance schemes like FedRamp GDPR HIPPA etc etc. Every compliance audit I have ever been subjected to has required screenshots of webpages to be submitted as evidence.
    • Well I'm sure you can work with your IT department to ensure that the pages you need to send for compliance reasons are not blocked. You realise this is in your company's control right? It's a feature for companies, if it doesn't work for you, then you have your own implementation to blame.

  • ... FOR WORK you MS morons.
  • I use screenshots as part of doing my work.

    I'm not going to take the risk that Microsoft is going to stop me from taking one in the middle of a workflow.

    My choices of browser are Edge or Chrome. I've been using Edge, because one Chrome-based browser is much like another, and who cares. But now I care.

    At home I use Firefox, with additional goodies like Enable Right-Click.

  • As if it's a popular browser or anything, the days of MS imposing stupid browser rules is over.

  • how will people send me word documents containing screenshots of their errors now?

  • It's not like everybody has an image capturing sensor on, like, their phones or anything.

  • or, if it's some kind of really clever Windows back end thing, temporarily switch to a different operating system?

  • Okay, so you might not be able to take a screenshot of the browser, which mitigates what attack vector? Will they be turning off the key logging, AI training, Ad Wear and bloat?

    If I can take a picture with my phone, then this feature is absolutely pointless, and if I can send anything to a printer, or export it, it's also useless. If you want to prevent data / secret theft, you can't use stupid party tricks.

    I'm not sure if it's possible to make data that can be seen truly private, but if you were goi
  • Everything not compulsory is prohibited.

  • Just give everyone a typewriter. Problem solved.

He has not acquired a fortune; the fortune has acquired him. -- Bion

Working...