Microsoft’s Windows Recall feature is attracting controversy before even venturing out of preview.
Microsoft said in its FAQs that its snapshotting feature will vacuum up sensitive information: “Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”
Mozilla’s Chief Product Officer Steve Teixeira told The Register: "Mozilla is concerned about Windows Recall. From a browser perspective, some data should be saved, and some shouldn’t.
Jake Moore, Global Cybersecurity Advisor at ESET, noted that while the feature is not on by default, its use “opens up another avenue for criminals to attack.”
Moore warned that “users should be mindful of allowing any content to be analysed by AI algorithms for a better experience.”
Cybersecurity expert Kevin Beaumont was scathing in his assessment of the technology, writing: “In essence, a keylogger is being baked into Windows as a feature.”
AI expert Gary Marcus was blunter: “F^ck that. I don’t want my computer to spy on everything I ever do.”
Yup, I’m setting up a dual boot when my thumb-drive arrives.
Actually really excited to get back to computing the way it was in 2010. :)
2010 sounds so fantastical, and such a far away time of mystery in the future. We’ll have flying cars, and robot monkey maids, and brain chips that can drive cars, and…it was 14 years ago??? It’s currently 2024? Well that sounds like a depressing year!
Yup, I couldn’t have imagined the extent of the enshittification.
I’m glad I can turn back the clock a little on my PC at least.
Actually really enjoying OpenSUSE Tumbleweed… first time on a rolling release distro and so far no major complaints.
Probably would have started with Arch (btw) but I felt a little daunted by the install process. In contrast with my ~2010 attempt, all my data is on a separate drive with automatic backups to NAS — so when I upgrade to an NVMe drive I’m going to give it a whirl.
Nice!
I just want something that’s similar to Windows, regularly updated, easy to use, and comes with proton already installed.
So currently only Edge users can filter what gets picked up by Recall by site, and Chromium users get private browsing mode blocked out of the box? In the article, the Mozilla rep they interviewed says that Microsoft didn’t reach out to them or hasn’t made available any documentation on how to get non chromium browsers to pick what gets included in Recall.
Even if this is something thats off by default and is encrypted if you do turn it on, boy would I never want to turn it on.
Me either, and at least in my experience with Windows these things have a way of ‘accidentally’ turning themselves on after a random update or something
As much as I want “Jarvis” OS system, I really don’t want the version made by Microsoft, Google, or, Apple.
I want to be able to talk with my AI PC, but I want secure AI that’s just for me and won’t steal all my data for any Corporations to browse.
I think the would becomes a lonely place if everyone started only talking with their AI friend. And you know that’s what would happen. Humans would isolate from each other ever more.
if everyone started only talking with their AI friend.
This would be super great for the ruling class behind the AI curtain. Your AI pal would compliment and flatter you while guiding you down the corporate cattle chute.
Is this a Black Mirror episode yet?
deleted by creator
To a way you can already do AI audio chat with sillytavern or tavernAI and oobabooga llm in the backend. Its a little setup required but you can find online tutorials. For example from aitrepreneur on YT. It’s not perfect yet, but we’ll get there. It’s already fun to use, I just wish I had a better PC to run with a bigger and newer language model. Now using a recall function, that’s too new, but I’d not surprised if we get that in a few months.
The potential for self hosted AI is there! I’ve seen a few projects in the works, and if youre tech saavy you can spin up your own. It is pretty resource intensive, but could be run on a home server.
I’m pretty excited to have my own personal AI, vut i want one that is trained on data I select and who only phones home to my server lol.
You want something that will never happen.
WTF? You can make your very own private, locally run, AI assistant on a Raspberry PI, and make your own interface with an ESP32. Right now.
Why is this upvoted. It’s a wrong statement. Maybe there’s no recall open source local AI yet but voice chat with AI is already possible without sending your information to anyone else.
Why never? There are already AI models you can run locally on your own machine.
What’s the point of this feature ? If it were not evil, what problem would it solve ? How often do you go to your PC and think “what was that thing I saw but never thought to create a bookmark or save the link/image”.
Even if people use it, it would be for something they missed because they thought it was unimportant or didn’t interest them, which is a very rare use case.
And still it is a highlight feature !
I wonder if it is lack of ideas or lack of commitment to create a good idea , given a technology, when these kinds of useless features are launched.
I can’t think of a single reason why I would need detailed snapshots of everything I did with my own computer.
But I can think of plenty of reasons why corporations, advertisers and governments would want that.
I can’t remember the last time Microsoft Imolemented a good idea into windows other than small UI changes.
Windows 11 has better window shadows than Windows 10. That is literally the only improvement I’ve found
Use case: I remember doing something yesterday about this, but I can’t find the email/document/etc.
But I honestly don’t think the value outweighs the cost, so if I still used Windows, this would absolutely be something that drives me away.
Just do what video game companies do. They have an old game. It runs on old hardware. Some parts of the game feel very outdated in modern day. So they update the graphics, retool some outdated game mechanics, update it’s availability to run modern hardware.
They take 20 year old games, update them, and then sell it back to you at full price as a remaster.
I guess what I’m saying is…forget trying NEW ideas. Just give us Windows XP 2.0 that works on modern hardware with ongoing security updates.
That’s all anyone wants.
The thought of Microsoft remastering XP scares me, you and I both know they’d still be throwing Copilot into it.
I think the problem with big companies like Microsoft, EA, Ubisoft, Bethesda, etc is that once all the smart & creative people have gone, all you have left are the “line must always go up” business idiots, who have no idea what their company does or how to fix it.
CoPilot is exactly the kind of End-stage, “let’s screw our customers to death” idea the CEOs come up with right before their company implodes.
The reason I know that’s true is because when this stupid idea for CoPilot came up, there were no smart people who immediately said, “do you have any idea what a terrible f*cking plan this is?”
I’m sure some did, but, unfortunately, those people aren’t the ones making the business decisions.
The “line must go up” people are in charge because “line must go up” investors are saying the “line must go up”.
Ironically the business people are terrible at business. I genuinely think LLMs (despite their economic evils) are stunning pieces of technology.
But they are money sinks and the only plans for profit are subscriptions or advertisements. It’s Social Media/Streaming/Tech Startups panicked hype investing all over again. Subscriptions and advertising just simply do not pay the bills for huge server and gpu farms.
But sustainability isn’t what they want is it? They want the stock to go up to then cash out when it’s about to fall. sigh
all you have left are the “line must always go up” business idiots, who have no idea what their company does or how to fix it.
boy does this seem to describe google nowadays
This is something that steve jobs talked about in an interview that I cannot find at the moment. Its ironic coming from him, but he was talking about when a company truly begins to die. His theory was that when a company is founded, the people that made and designed the product/service are in positions of power. But as a company grows and lives on they get replaced with marketing people. They dont know how to make anything, but they do have that “line go up” mentality. Instead of making something better, the marketing and sales people find ways to sell worse things. Again, hilarious coming from him but i think he had a point.
I don’t know if it’s really about a breakdown between ‘innovators’ and ‘sales/marketing’, but instead a breakdown between people who sincerely want to deliver something intrinsically valuable versus product delivery being some unfortunate obnoxious means to the end of “more money now”. A company founded from the onset of “don’t care, just make money” will generally fail, and the ones that succeed are the ones that care. Then you move beyond the “founder” generation of a company and then you get to watch the effort get scavenged to pieces.
Whatever may be said of Jobs, he really liked the company and products he was in charge of. Sometimes he would value form over function more than I would like, but it was still at least a facet of the actual product rather than hyper fixation on how to make the profit margins grow without much regard for the product itself. Yes, massive wealth flowed in as they caught the culture just right with iPod and then iPhone, but I don’t think it ever descended to cannibalizing the company to make those numbers even better than they were.
But the C-suite folks think it’s a great new way to spy in their employees, so I’m guessing it’s here to stay.
I bet their lawyers might not think it’s a great idea.
Why? Their company, their computers.
But AI is “somebody else’s computer,” at least that’s how most work. What’s to guarantee that it’s actually local and stays local going forward?
Not that I’m defending it but the data and the model itself on Recall stays all local and encrypted, according to Microsoft. It also says it won’t use it for ad targeting or will sell the data. Of course, the caveat is that is what they are saying right now and may not be saying in the future. We’ve obviously seen strategies where gradually things move down the spectrum as it continuously normalizes.
With MS we’ve seen the “Start” menu advertise Candy Crush forever and then “recommended apps” and it isn’t a far step to show “sponsored recommended apps” and then just “sponsored content” as things continue to become more normal for everyone, especially if its for the “Home” version or whatever. People will just argue to pay whatever for a Pro license.
Going to full blown ads now though? It’ll piss the consumer off. Do it gradually over a decade? There will be some rumblings, sure, but it probably won’t matter. By then they might be able to give you a “free” cloud VDI (with lots ads from the OS) with less ads and CPU/GPU power based on subscription tiers and you just need to buy a cheap $30 thin client and everyone will just be OK with that.
…corporate good will to be on the side of the peoHAHAHAHAHA!!!
Sorry, could say it with a straight face.
Total Recall? Get your ass to Linux!
Honestly if you do truly value having control over your privacy take this advice to heart. There are so many good Linux options now that are even easier than Windows to install. All it takes is a few clicks. You can even choose which UI you prefer in many cases. All those previous barriers to entry no longer exist.
I’ve tried to get into linux 4 different times now. Over the coarst of 15 years.
I have no idea what I’m doing.
Try BazziteOS
It’s meant for gaming, but I find it’s so feature complete that’s it’s great for non-gaming purposes.
Somehow it even works better on my monitor than Windows, since I can actually control my brightness from an applet rather than having to use my monitor buttons.
Not OP, but I feel like every time I come across a thread like this, someone is recommending a different version of Linux. It makes it really difficult to decide, and I can’t exactly just “try out” Linux on my computer the same way I could try out other programs.
Yes, I could install it on a thumb drive, but that’s not persistent, so I couldn’t try it out for more than a few hours. Takes longer than that to decide to completely switch OSes.
You can make a persistent install on a thumb drive actually. Has been possible for about a decade I think. There’s even a program now called Ventoy that lets you make multiple persistent installs of different Linux distros on a single thumb drive even.
I think I’ve tried Ventoy before, actually. I didn’t know it did persistent installs.
Unfortunately, I couldn’t figure out how to enable my PC to boot from a USB device. It uses the most recent version of the MyAsus UEFI, the one that looks like this picture I pulled from online (minus the red outline, obviously):
You don’t happen to know how to enable booting from a device from there, do you? All the guides I found online were for an older version of the Asus UEFI settings.
Normally when your PC is initially starting up, F8 will bring up the boot menu and you’d select the USB drive. Otherwise, where it says boot order, clicking around there should let you change the boot order and have the drive boot first every time. Actually, if you’re using it as a persistent then this is probably the better option.
I’m not the biggest computer buff compared to some here, so if I’m wrong in any way let me know or comment again - someone will likely come give the right answer lol.
Plus I haven’t used Ventoy much, I only used to do it the old fashioned way of partitioning it many years ago until I found what I liked best.
For beginners, I recommend Fedora or Ubuntu based distros because they’re definitely the most user friendly, like windows or the days, possibly more now? At least BazziteOS has had more feature compatibility than Windows, which I was shocked by. Still testing all my games, but so far that works well too.
Chiming in to say that on my asus laptop, the start up button is f12! Press as soon as the first logo appears on the screen. It might take a few times to get the timing right, if you miss it just restart the computer.
It should take you to a menu that looks like a classic hacker screen (blue screen with pixilated text, no clickable UI). Then go to the boot options and select the USB.
You can use something like VirtualBox or VMWare. Won’t be the fastest experience, but also not so bad. It’s good enough to have a feel of how something works.
The kicker is, for years and years down the line, all of your tech questions will be written to Google as “How do I xxxx in <obscure distro name here>”.
Many, but not all, of those problems are resolved by searching “in Linux”, but others you’d have to search for “in <similar distro>”. Windows is just Windows.
You can create a partition on your hard drive and set your PC up to dual-boot. I have no idea if this is still widely used or if there is another, better/easier way, but it’s what I did a long time ago for a hat simulator game.
I’ve read in a few different places that, unfortunately, more recent Windows bootloader’s can break dual-boot setups.
And not just that, but each distro of linux has its own quirks and each one is compatible with a different list of brands of hardware. you could brick your system if you install the wrong distro on the wrong hardware, like down to the bios
And contrary to popular belief, LINUX CAN GET MALWARE JUST AS EASILY AS WINDOWS CAN.
With windows, there’s a 30 year history of malware infections and there’s several good choices for windows based antivirus programs, and three amazing ones. The people who work at those antivirus companies know how vulnerable windows is and so they’re always working on improving their software…at least the good ones are, but those same antivirus programs on linux don’t have nearly as much stuff in them to fight against APTs most linux versions of great antivirus programs like comodo and kaspersky are gutted down to just a regular antivirus with heuristics, no zero-day threat protection at all, you’re completely dependent on how fast the new malware can get added to the blacklist.
But on windows, if you use comodo and know how to configure it and understand that it will never pop up unless something might be wrong, you’re always prepared for zero-day threats and even zero-hour threats.
Linux used to be super secure, simply because there were so few people using it or even aware of it, but with every linux distro being open source, malware-makers can make all kinds of exploit kits for it in record time, because there’s no trial an error like there is on windows, at this point in time, no antivirus company is really prepared to deal with zero-day linux malware.
But windows users, even stupid ones know that you need an antivirus program on windows. So the malware-makers have to play a cat-and-mouse game with windows malware if they hit a decent number of systems with their malware, that malware isn’t going to be unknown for very long. And antivirus companies like bitdefender and avira, the former of which is great at adding new samples to the blacklist at super speed, and avira which isn’t as good at that anymore because they got bought by…norton? If I remember correctly, they rent their database out to other antivirus companies, Eset, another really good detector of new malware also rents their database out to other antivirus companies.
ClamAV is good at detecting linux based malware…as far as I’ve heard, but it’s useless against anything unknown to it.
windows is a pain in the ass to detail with…but that’s only if you don’t know how to work with it. Linux can be that way too. If there’s a bug in some software that fucks up parts of your OS, there’s not much support you can get from local techs, but if something like that happens with windows, there’s loads of freelance independent computer techs out there that know how to fix it.
Linux is cool, if you can make it work for you, great! But don’t act like windows is worthless. There’s ways to deal with the bloat, and there’s endless amounts of free advice on countless forums across the entire internet on how to deal with problems that come up
Honestly, I have Windows working just the way I want it right now (and I do know enough to be able to wrangle it to do just what I want it to do), but I could do without so much spyware. That’s the main reason I’m looking into Linux. Any way you know how to get rid of Windows’ built-in spyware without impacting security at all or breaking anything too badly?
On a different note, I have actually been looking for a new antivirus, preferably a free but very good one. Norton (my dad subscribed to it and got like 10 license keys years ago and shared with the family) has become too much like adware for me in recent years. Your comment has been helpful with that.
malware on linux is surprisingly common, more common than most people realize.
in fact, for every variety of malware for windows, there’s a version of it for many linux distros too
Most malware that targets linux goes for server stuff, since those are the most valuable targets. End user linux, which barely hits 3% usage, isn’t a common target because there’s not much to be gained.
Seems like all hospitals and medical providers would need to avoid the OS in order to remain in compliance with HIPAA.
I give it two weeks, tops.
This is going to be terrible for work place security.
literally every cybersecurity expert is saying this would be a bad idea that could be used maliciously by anyone. I really hope the executives listen to them.
yeah, sure, it’s supposedly encrypted and supposedly stored locally exclusively and supposedly not turned on by default, but even if that does turn out to be true, scammers can use it with remote desktop to snoop, anyone who plants a RAT on your system could look through that shit too.
“I really hope the executives listen to them.”
Oh man. Needed a good laugh tonight. Thanks champ.
No one here mentioning this will be a gold mine for Malware makers and hackers.
The actual article does mention it.
Even if we believe them and all the data stays local to your machine, what’s to stop your average bit of malware accessing it?
So now not only is any data compromised going forward, but all your data going back as well.
Microsoft’s bread and butter has been selling and servicing to businesses.
So with that in mind, the hell are they thinking? Windows 10 end of life guarantees that businesses specifically will have to switch. Then the next option in line is one that will by default vacuum up all your proprietary information to feed into an AI, effectively “copyright laundering” it?.
Even if there’s ways to deactivate the feature, the non-tech savvy managers will just go off of the headlines and the tech savvy ones will recognize the security risk. And government/healthcare computer might just fork Linux into a non-open source version.
Ironically it feels like they’re focusing too much on consumers (on extorting them) and shooting themselves in the foot for their business clientele.
Ironically it feels like they’re focusing too much on consumers (on extorting them) and shooting themselves in the foot for their business clientele.
It’s like they saw all the shittiest things about apple products and said “game on motherfuckers!”
imagine how many people are going to get doxxed by this feature.
This is the best summary I could come up with:
The user can then scroll through the archive of snapshots to find what were doing some time back, or query an AI system to recall past screenshots by text.
The Windows 11 feature is supposed to eventually expand to allow users to pull up anything that happened recently on their Copilot+ PC and interact with or use it again, as the system logs all app activity, communications, and so on, as well as by-the-second screenshots, to local storage for search and retrieval.
The IT giant also says that for the relatively small number of users running its Edge browser – with a market share of just under 13 percent, according to Statcounter – InPrivate sessions won’t be snapped, nor will DRM content.
Other Chromium-based browsers can filter out private browsing activity but lose the ability to block sensitive websites (such as financial sites) from Recall.
Microsoft did not engage our cooperation on Recall, but we would have loved for that to be the case, which would have enabled us to partner on giving users true agency over their privacy, regardless of the browser they choose."
Industry must consider data protection from the outset and rigorously assess and mitigate risks to people’s rights and freedoms before bringing products to market.
The original article contains 1,057 words, the summary contains 209 words. Saved 80%. I’m a bot and I’m open source!
Hopefully this will get more people into looking at Linux as their OS.