Microsoft Edge Will Begin Blocking Screenshots On the Job (pcworld.com) 99
Microsoft is adding screenshot prevention controls in Edge to block you from taking screenshots at work. "It's all designed to prevent you from sharing screenshots with competitors, relatives, and journalists using Microsoft Edge for Business," reports PCWorld. From the report: Specifically, IT managers at corporations will be able to tag web pages as protected, as defined in various Microsoft policy engines in Microsoft 365, Microsoft Defender for Cloud Apps, Microsoft Intune Mobile Application Management and Microsoft Purview, Microsoft said. The screenshot prevention feature will be available to customers in the "coming months," Microsoft said. It's also unclear whether third-party tools will be somehow blocked from taking screenshots or recording video, too.
Microsoft will also roll out a way to force Edge for Business users to automatically update their browsers. The feature will enter a preview phase over the next few weeks, Microsoft said. "The Edge management service will enable IT admins to see which devices have Edge instances that are out of date and at risk," Microsoft said. "It will also provide mitigating controls, such as forcing a browser restart to install updates, enabling automatic browser updates or enabling enhanced security mode for added protections."
Microsoft will also roll out a way to force Edge for Business users to automatically update their browsers. The feature will enter a preview phase over the next few weeks, Microsoft said. "The Edge management service will enable IT admins to see which devices have Edge instances that are out of date and at risk," Microsoft said. "It will also provide mitigating controls, such as forcing a browser restart to install updates, enabling automatic browser updates or enabling enhanced security mode for added protections."
Well that's a relief. (Score:5, Insightful)
We wouldn't want anyone taking screenshots of your desktop [slashdot.org]. That could be a security risk.
And thank goodness nobody carries around an internet-connected, high definition camera in their pocket everywhere they go.
=Smidge=
Re: Well that's a relief. (Score:5, Funny)
Soon to come: new Microsoft feature that requires webcam to be active when displaying the screen; it actively monitors for cameras
Re: (Score:2)
My first thought was even simpler than that...my first thought was:
Who the fuck uses Edge?
Re: (Score:2)
My first thought was, why would Edge have a feature to take a screenshot? Do other browsers do this? Is there some unnatural tying of the browser to the operating system internals going on here, such as the sort of thing thatwere forbidden by past lawsuits?
Re: Well that's a relief. (Score:2)
Haha .. one such example: companies that mandated use of internet explorer for broken intranets.
Those companies now mandate Edge as it seems to support those same broken sites.
Re: (Score:1, Insightful)
We wouldn't want anyone taking screenshots of your desktop [slashdot.org]. That could be a security risk.
Funny joke aside, there is a big difference between blocking screenshots to close an exfiltration risk and a windows feature which can be disabled through group policy which also saves locally encrypted screen that isn't accessible to any other users. If actual screenshots worked the recall does, no one in corporate security would give a shit.
And thank goodness nobody carries around an internet-connected, high definition camera in their pocket everywhere they go.
You think you're being clever but there's a very big obvious difference between someone's actions when they are sitting and using a computer and mouse, and someone who
Re:Well that's a relief. (Score:4, Insightful)
> blocking screenshots to close an exfiltration risk ...by potentially creating another one?
In any event, you can just disable Printscreen. You do not need to introduce a Rube Goldberg system that only works in Edge.
> obvious difference between someone's actions
So now we're assuming someone is watching every computer user? If you're already looking over their shoulder why can't you just see them saving the screenshot to file and sending it to someone? Hell, why can't you catch them sending ANY file over ANY connection that isn't authorized? What data exfiltration scenario does this actually prevent? Maybe makes it slightly less convenient at best.
If a system is so locked down that I can't whip out my phone for 10 seconds and take a photo of the screen, or use a USB drive with a portable web browser to view the protected page (bypassing this feature) or even a third party util to save the screen, then this feature is already not necessary nor particularly useful.
Your defense of this bullshit is not as clever as you think it is.
=Smidge=
Re: (Score:3)
Personally I would hate to work in a place with that level of distrust in their employees. I guess is doesn't really affect me because any job that force me to use a Windows PC would have to be very likely working on stuff outside my areas of interest.
Re: (Score:3)
I think that might be the real angle; "Value add" to the Edge browser and leverage that to get corporate networks to block alternatives because Edge is "more secure."
Yeah that 100% tracks.
=Smidge=
Re: (Score:2)
If people were honest, this wouldn't be an issue. But since we're not, this is what happens. Also, these restrictions come in handy at government, military, or intelligence operations, or anywhere senisitive material is around such as at chip manufacturers (computer, not tasty).
Re: (Score:3)
It's a standard part of Windows, an app only needs to use the API to enable it for its windows: https://deviceadvice.io/2021/1... [deviceadvice.io]
A lot of times systems are locked down enough that you can't load a different browser, or even see the URL you need to browse to. As for phone screenshots, assuming they don't have a ban on phones, it's still less bad than screenshotting because phones add a load of metadata to the photo and most people don't know how to strip it. Also in some countries you can't disable the camer
Re: (Score:2)
Also in some countries you can't disable the camera shutter sound without some hacking that is beyond the ability of most users.
Only japan AFAIK...
And damaging the speaker works pretty well, and is well within the ability of most people. As is buying a foreign import phone.
Re: (Score:2)
Had a friend who had his texting devices, pagers, phones, palm 7s, etc banned at a defense contractor. I thought it was reasonable, but he was absolutely livid that he wouldn't be able to flirt online all day at work (which is what he used them for). Of course, work provided pagers were ok at the time. This guy though had a bat utility belt full of communication devices and was baffled why other people didn't. Anyway; it's certainly a thing that some companies absolutely forbid anything that might be a
Re: (Score:3)
In any event, you can just disable Printscreen. You do not need to introduce a Rube Goldberg system that only works in Edge.
Nothing quite like throwing the baby out with the bathwater. There are some things you give a shit about, and some things you don't. 99% of the stuff I work with is not marked secret. It would be crippling for IT to block my ability to screenshot the 99% for the sake of protecting the 1%. It absolutely makes sense to discriminate.
So now we're assuming someone is watching every computer user?
In the office, yes. I don't think I would be able to point a phone at my computer without someone noticing in the office. That's the nature of offices. There are lots of people aro
Re: (Score:2)
> Nothing quite like throwing the baby out with the bathwater.
Either you're in a secure environment or you're not. Pick one.
> In the office, yes. I don't think I would be able to point a phone at my computer without someone noticing in the office.
I bet you could, unless you're trying to do a duck-face while taking a selfie with your monitor behind you or something. And in the slim chance that someone notices, the chance they'll give a shit is even lower.
Even if you work in one of those nightmare open
Re: (Score:2)
Re: (Score:1)
FWIW, many call centers prevent users from entering the call floor with a phone, paper, pencil/pens, etc. And their computers are quite locked down. Real world exfiltration is happening using things as simple as text input fields on internal sites or in ticket systems the use for the support. Users are monitored, but not 1-on-1 and 24x7. Everything they enter is recorded, but alerting based on that isn't all that straight forward.
And no, you would not be able to whip out your phone - you passed through a me
Re:Well that's a relief. (Score:5, Insightful)
Your post isn't as clever as you think it is.
As usual, right back at you. I was part of a team that evaluated prevention of this type of exfiltration of data a while back.The possible measures went up to building special terminals for a few 100 people. The environment was a civilian enterprise, so no special laws or provisions with which you can limit employee rights. The conclusion was: Not preventable. Cameras you can only prevent if you search people (generally not acceptable) and ban overtime at the workplace (generally not acceptable) and ban home-office (generally not acceptable). But here is the second problem: Some, not that few, people can exfiltrate a lot of critical data in their brains. And each time they leave the office, they can record that outside of the protected environment and come back to get more data.
The conclusion was that you may make the exfiltration effort for low-value, high-volume data prohibitive, but anything high-value and low-volume your workers can steal and there is nothing you can do about it.
The other conclusion (not reported to the customer was) that apparently a lot of not-so-smart people in "management" have this illusion that they have a full control and have real, personal psychological problems with not being able to control something and come up with the most stupid ideas and "explanations" in order to convince themselves that they are in control. Explains a lot.
Re: (Score:3)
I know why those findings weren't reported to the customers but I wonder what the world would look like if they were repeatedly.
Seriously, I know that insulting people generally isn't helpful but I think many managers could profit from being made aware of the fact that every one of their underlings knows how insecure they are.
Re: (Score:3)
I agree. Many managers would benefit from the occasional reality check. But you can typically only do that of higher up management endorses it or your consulting business goes bankrupt. Sometimes you can do it very friendly and simple. For example, I once demonstrated that MAC-based "authentication" is not effective by fitting a network card with a socket for its eeprom (thus allowing easy MAC changes) and handing that around at a meeting. Cost me about 3 hours on the weekend (billed to the customer) and d
Re: (Score:2)
Maybe it's an old story. A lot of older NICs wouldn't let you change the MAC address.
Re: (Score:2)
but anything high-value and low-volume your workers can steal and there is nothing you can do about it.
You seem to have not considered the fundamental aspects of security: The harder you make something the less likely it is to be attempted. Is this going to prevent targeted corporate espionage? No. It is designed to prevent significantly more accidental leaks.
Re: (Score:2)
I have. The date in question was well worth the effort even with the maximum effort that could reasonably have been achieved. And this was not about accidental leaks at all. I do agree that accidental leaks should never be easy to do.
Re: (Score:1)
Troll alert!
Re: (Score:2)
If understanding security risk management makes me a troll I'll get that printed on my lunchbox and display it proudly.
Re: (Score:3)
Re: (Score:1)
Yeah but it's got a screenshot blocker... it's what CEOs crave.
If they can somehow implement it with AI and blockchain, it worth TRILLIONS.
Re: (Score:2)
What, like from the toilet?
Re: (Score:2)
Re: Well that's a relief. (Score:2)
Meta-G (Score:2)
Re: (Score:2)
I'm guessing the next version of Edge will require a web cam to always be on pointing in the user's direction, and the user has to be visible at all times so an AI can verify it is you who are using the product. As part of this it will periodically ask you to perform gestures to confirm you are really there, e.g. "show me a vulcan salute", or a friendly "put your elbow to your nose (haha, just kidding, that's impossible, but good try)". This AI will check whether you are holding a mobile phone or similar de
Re: (Score:2)
Re: (Score:2)
And nobody doing the promotion of a Rayban Camera equiped glasses.
Re: (Score:2)
All a feature like this will do is provide a false sense of security...
As you pointed out, people will just take photos of the screen instead, and share them via their mobile data plan which will have even less oversight. Meanwhile naive management will believe that this feature actually does what it claims and images of data from the screen can no longer be shared so they let their guard down.
Right, but windows itself will save everything (Score:5, Interesting)
How does this jive with their other announcement that Windows will record everything you do and save it to your permanent record for advertising and blackmail purposes?
Re:Right, but windows itself will save everything (Score:4, Funny)
Re: (Score:1)
How does this jive with their other announcement that Windows will record everything you do and save it to your permanent record for advertising and blackmail purposes?
Perfectly fine, given that windows recall stores the record on the device in an encrypted way which makes it presumably very frigging difficult to share with any third parties.
Seriously did anyone on Slashdot actually understand how recall works at all? Does no one here understand that even as a feature it is under control of the same corporate group policy as this Edge for Business feature is?
Re:Right, but windows itself will save everything (Score:5, Insightful)
Seriously did anyone on Slashdot actually understand how recall works at all?
We don't need to. Decades of experience with microsoft tells us that no matter how clever and esoteric our random guessing about how terrible a new microsoft feature will be for security and privacy the eventual and inevitable real world security flaw or privacy invasion will be even worse. And just as true after we find out, apologists will crawl all over slashdot, reddit and the like to tell us how it's not really that bad and we should just accept it and anyway you can always disable it with these 3 obscure group policy options and what do you mean you didn't know 24H2 added a 4th one that invalidates the other 3? What are you? Not terminally online and dedicating part of your day to keeping up with the workarounds?! LoL, everything microsoft do is your fault for not staying on top of their bullshit and also it's simultaneously not bullshit. It's an amazing feature you should be accepting of while simultaneously not stupid enough to lobotomise through hidden toggles.
Re: (Score:2)
Seriously did anyone on Slashdot actually understand how recall works at all?
We don't need to. Decades of experience with microsoft tells us
Actually you do. There's no middle ground here. Either you trust Microsoft and need to understand how recall works in detail (in which case the fact that data is encrypted locally stored should be good for you), or you don't trust Microsoft and you have already sold yourself out to them by virtue of running their OS which is at the whim of their updates and their data harvesting.
Either way you look at it Recall does not represent a change in risk to you.
Re: (Score:2)
They are going to record everything, but Hey, it's alright. They'll block screenshots in the browser. There. Problem solved. No one has cell phones. /s
Yes they are going to record things locally encrypted on your computer. - Not a risk. You can either believe that or not. If you don't believe them about what they say their OS does then you already are exposing yourself to a massive risk running software from a party you don't trust.
Jesus, you're a moron.
It's just embarrassing to read your naive apologies for MS.
Right back at you. My post isn't an apology (or apologies) for Microsoft, it's an attack on other people's stupidity. I mad no comment for or against Microsoft. Please learn to read.
As previous poster says, there's nothing about Microsoft you can trust. That is empirically proven.
And as I say, if you can't trust Microsoft th
Re: (Score:2)
you have already sold yourself out to them by virtue of running their OS
Yes you have? You'll have to explain that because I don't recognize the frame of reference. Because if it was a question phrasing, I would say:
Nope,
virtue? (apropos of nothing, laying an inference framework for later reference? I'm pretty sure you're turning a facile phrase here, though.)
And nope, no running that.
No one should run MS OSs. You can though. Seems like you must run MS OSs for some reason and are convinced it is a must for all. Good for you! Treats and stuff for being a in-lier! Onboard! Wit
Re: (Score:2)
No one should run MS OSs.
Indeed. People don't need to, and to them there is no risk. For those people who do the risk profile hasn't changed (something you didn't seem to even refute).
You can though. Seems like you must run MS OSs for some reason and are convinced it is a must for all. Good for you!
I'm not sure why you think I am running an MS OS, or why you think anything I said suggests that someone else must as well. Did you not learn basic literacy at school? Please turn on your brain before you post next time.
Re: (Score:2)
Simple: Only MS is allowed to record your desktop at any time. You are not. They really are going into late-stage enshittification now.
Re: (Score:2)
They merely show you who is the master.
But one day you might be allowed to do that yourself if you pay them, to be honest.
Re: (Score:2)
False. MS provide organisations the choice of either. They don't have a say in this. It's a corporate feature and you are *NOT* the master of your PC in a corporate environment regardless of what OS you run -- if your IT department is even remotely compentent that is.
Re: (Score:2)
Microsoft is helping you work smarter ^H^H^H^H, harder and your boss approves.
Microsoft is helping your boss block your criminal behaviour and increase the the recording of everything you do, to guarantee you haven't committed a crime (using Microsoft Edge).
This is a solution looking for a problem and the problem, obviously, is every employee using a computer.
Re: (Score:2)
Linux already beat them to the solution - Wayland!</s>
It is a bit eerie that, as a side effect of how Wayland implemented things, existing screen sharing programs could no longer easily grab all window contents, and have to go through some higher layer now, which sets it up to be in the perfect position to implement both a Windows Relay clone and screenshot blocking/security. Maybe someone can throw together some quick plugins to do that so we have a clean room reference implementation before this is
Re: (Score:2)
You know we can just point a camera at the screen, right?
Hi, Dave, I'm your Copilot.
I believe you've just pointed your phone camera at the screen of your employer's computer. Ive locked you out, locked you in your cubicle and notified the security robot, which will arrive shortly to take you into custody for further questioning.
Please remain calmly in your seat to avoid the need for us to restrain you physically and employ a small dose of stress-relieving drugs.
Thank you.
Re: (Score:2)
I can't wait to see Robocops powered by Copilot patrolling the streets and fighting crime. What might go wrong?
Re: (Score:2)
As long as they end up throwing the PHB out of that 50th floor window, I'm all for it :)
Re: (Score:2)
The Copilot is your friend! Trust the Copilot!
Re: (Score:2)
Or put a kvm between the VGA port and monitor. Or run the os inside a vm.
Re: (Score:2)
Edge playing the dirty tricks of Internet Explorer all over again. Time for the DOJ to open a new lawsuit and, hopefully, break up Micro$oft at last.
The worst side effect (Score:5, Insightful)
You know those dumb online compliance training courses companies make you take, the ones that have a 10-question quiz at the end, to make sure you understood the difference between "disparate impact" and "disparate treatment"? Screenshots are great for these courses, paste them into a word document as you go, and if you forgot some small detail during the quiz, you can refer to your document. You know, kind of like...taking notes. You know those e-learning companies will tag their pages as "no screenshots allowed."
Re: (Score:2, Insightful)
Go figure when the main takeaway from all that e-learning was how to cheat your way through the fucking test while not actually learning a damn thing.
That which is measured is improved.
The test results are what is measured. The previous poster simply found an efficient way to improve their test results.
The failure is in the design of the training which incentivizes test results instead of learning.
It's called a Cellphone Camera (Score:3)
Re: (Score:2)
Not to mention how many screen shot apps there are, many of them free, that won't give a damn about Edge's idiotic features.
Re: (Score:2)
If this is in a company with IT trying to control Screenshots on certain websites.. They already have to take steps to ban the other web browsers like Firefox or Chrome from being able to access their websites.
Presumably in that process they have to take control of what Apps are allowed to run on their desktop endpoints. The user wouldn't have access to install Screenshot apps.
But none of that affects their ability to take Screenshots with a cellphone or hidden camera. Which is Also a better idea if
Re: (Score:2)
Not to mention how many screen shot apps there are, many of them free, that won't give a damn about Edge's idiotic features.
Edge already has DRM based screenshot blocking features. Seriously go try it, log into e.g. Netflix or Disney+ and take a screenshot, see if any content shows up.
Re: (Score:2)
Seems to work fine with Screenpresso. Including, specifically, just capturing the client window in Edge.
Perhaps they're not actually as clever as they want you to believe the are.
Re: (Score:2)
If you're dealing with sensitive information you are significantly more likely to be found out in a public office environment by pointing a camera at a screen (weird thing to do) compared to typing on your keyboard (normal thing to do).
That is assuming you're allowed a phone in the first place. Some people working on secret information aren't even allowed to have their cell phone on them.
AD Doman = Corporate Espionage (Score:2)
Well, I’m so glad that Microsoft is going to dictate when my screenshot activity is “at work” committing corporate espionage. Nothing like labeling a PC being a member of an AD domain as inherently suspect.
You want to prevent sharing information with competitors? How about you work on securing the core product first. Screenshots are the least of your damn concerns looking at history.
SAP (Score:3)
Re: (Score:2)
This is exactly right. Screenshots are useful for reporting errors, support, and other useful purposes. Thank-you M$ for getting in the way again of me getting my work done.
Re: (Score:2)
why is this a feature to begin with (Score:5, Insightful)
in windows 10 and 11 there are two programs to take screenshots of your desktop already, why did edge need yet another on on top of that
firefox has its very own unique system for handling printers, google decided the print dialog wasnt good enough and MS has a screenshot utility... repeat after me guys "your shitty little web browser is not an OS replacement"
We Fixed It (Score:2)
We disabled the door locks on your car.
But we also disconnect the steering wheel at random unannounced intervals so nobody can steal it.
How stupid (Score:4, Informative)
People routinely carry high-resolution cameras around. All this will do is make it harder to work with Windows. It is like MS has no ideas at all anymore besides bad ones. Well, maybe this is part of their lie that they will now care more about security after a "cascade of security failures at Microsoft" that lead to an attack that "should never have happened" ( https://www.cisa.gov/sites/def... [cisa.gov] ). Of course, pretending to do something is worse than doing nothing.
Re: (Score:2)
People routinely carry high-resolution cameras around.
Indeed. And they will look suspicious pointing them at their own computer while doing something involving secret information.
Incidentally we don't all carry high-resolution cameras around. Some people work on sensitive things. I hope you can see the overlap here.
Microsoft certified keyboard without a PrtScr key (Score:2)
I see a whole line of new product being released in the near future.
Re: (Score:2)
Microsoft certified keyboard without a PrtScr key
Yes, because they need to make space for the new Copilot key.
Microsoft: A Neverending Source of Anti-Features (Score:2)
Compliance (Score:3)
Re: (Score:2)
Well I'm sure you can work with your IT department to ensure that the pages you need to send for compliance reasons are not blocked. You realise this is in your company's control right? It's a feature for companies, if it doesn't work for you, then you have your own implementation to blame.
I take screenshots... (Score:2)
Oh look, I'm switching to Chrome (Score:3)
I use screenshots as part of doing my work.
I'm not going to take the risk that Microsoft is going to stop me from taking one in the middle of a workflow.
My choices of browser are Edge or Chrome. I've been using Edge, because one Chrome-based browser is much like another, and who cares. But now I care.
At home I use Firefox, with additional goodies like Enable Right-Click.
Does Edge need more reasons to not use it? (Score:2)
As if it's a popular browser or anything, the days of MS imposing stupid browser rules is over.
Says it all, I think (Score:2)
https://thedailywtf.com/articl... [thedailywtf.com]
word documents with screenshots inside (Score:2)
how will people send me word documents containing screenshots of their errors now?
This is foolproof. (Score:2)
It's not like everybody has an image capturing sensor on, like, their phones or anything.
so, don't use edge? (Score:2)
or, if it's some kind of really clever Windows back end thing, temporarily switch to a different operating system?
What's the point? (Score:2)
If I can take a picture with my phone, then this feature is absolutely pointless, and if I can send anything to a printer, or export it, it's also useless. If you want to prevent data / secret theft, you can't use stupid party tricks.
I'm not sure if it's possible to make data that can be seen truly private, but if you were goi
everything (Score:2)
Everything not compulsory is prohibited.
Typewriter (Score:1)