Microsoft's new Recall AI will take screenshots of everything you do - freaky

Quoting: pleasereadthemanual

Quoting: LoudTechieWhat mcirosoft didn't disclose with their TPM requirement is that breaking bitlocker of the TPM they required at first(hardware based) is so easy that a teacher suggested it as a project in my first year of embedded software engineering. This is the relevant trick..
Doesn't work for fTPM, but that only got allowed when it turned out that gamers with game pcs can be very loud.

Huh. That's pretty interesting. I guess the real professionals might have a suitcase full of these pogo pin sniffers for common laptop models, ready to disassemble the laptop at a moment's notice.

My desktop computer from 2017 has fTPM. Let me check if my Dell business laptop from 2022, which came with Windows 11, has fTPM.

<Rebooting>...

Edit:I have no clue. It doesn't tell me in the BIOS whether I have a fTPM, it just has the option to enable Secure Boot.

If you can't enable/disable your TPM in the BIOS you've no fTPM. If you can you do.(f stands for firmware)
EDIT:
This probably means you've hardware TPM for such a modern device.

Rant:
For some reason the advised practice in the security community is that for drm like activities dedicated hardware is most effective, but as far as I've encountered so far this is complete and utter bull.
Nintendo did and does it and failed.
Intel doesn't and succeeds(Intel ME)
By binding it to existing devices changing it is more intermingled with stuff the attacker doesn't want to touch.
Yes giving it more permissions helps, but if you integrate it in the firmware of something important it's harder to take away.

Edit:
Looked it up:
You've both, but the hardware TPM is probably the used one.

Bussiness laptop had TPM before consumer ones, because physical attacks are much more dangerous for owners of laptops who aren't also the user, such as businesses.
I assumed your laptop was new when you got it.


Last edited by LoudTechie on 23 May 2024 at 7:08 pm UTC

Quoting: wvstolzing... so I take it that plaintext indexing & search already works flawlessly on windows, that they're now expanding their horizons to indexing images, & user actions and the like?

... and that the promised indices won't take up half of the user's boot drive, and perpetually occupy half of their cpu & ram? (which of course they won't because all the processing and storage will be 'in the cloud')

Actually they promised to keep it local(for now), so I hope you've a really large drive, because it'll contain a video of its entire existence.

Edit:
Also they promised to keep it encrypted, so it will take up even more space than a normal video of it existence.


Last edited by LoudTechie on 23 May 2024 at 6:40 pm UTC

Man, Cory Doctorow's word "enshittification" really has turned out to be one of the words of the year, eh?

[quote=Lofty]

Quoting: LoudTechie

Quoting: Lofty

Quoting: Eike

Quoting: Lofty

QuoteI'm not even what you may call a "privacy nut".

Although this is a common turn of phrase. It's time we removed the association of conspiracy theorist with a human right to privacy.

I agree.

Quoting: LoftyIn the early day's people were far more trusting of technology and saw it as largely altruistic and a benefit to society (which with opensource it still can be) but invariably the usual shadowy forces do their thing and here we are.

[bolding by me]

... but this does sound... conspirational.

Maybe they aren't out in public stood on a box selling you data viewable on a large screen but im perfectly happy to identify groups tucked away in some monolithic corporate box connected to a vast data center sharing deeply personal information about you or your loved ones to the highest bidder as shadowy forces.

To me that is the usual shadowy forces. i couldn't think of a better phrase as my "tin foil" hat is blocking the connection to my neural-link Ai brain feed.

if you cant think of a better turn of phrase then let me know.

Shadowy implies lack of transparency, which has really improved over the years.
The term forces dehumanizes them.
The "shadowy forces" call themselves "data brokers".
I would call them "privacy salesmen/salespeople(reliant on who I'm talking to)".

That having said. I'm not opposed to the term "privacy nut".
I've no issue with being the crazy one and it does get the point across.

Quoting: LoudTechie

Quoting: Lofty

Quoting: Eike

Quoting: Lofty

QuoteI'm not even what you may call a "privacy nut".

Although this is a common turn of phrase. It's time we removed the association of conspiracy theorist with a human right to privacy.

I agree.

Quoting: LoftyIn the early day's people were far more trusting of technology and saw it as largely altruistic and a benefit to society (which with opensource it still can be) but invariably the usual shadowy forces do their thing and here we are.

[bolding by me]

... but this does sound... conspirational.

Maybe they aren't out in public stood on a box selling you data viewable on a large screen but im perfectly happy to identify groups tucked away in some monolithic corporate box connected to a vast data center sharing deeply personal information about you or your loved ones to the highest bidder as shadowy forces.

To me that is the usual shadowy forces. i couldn't think of a better phrase as my "tin foil" hat is blocking the connection to my neural-link Ai brain feed.

if you cant think of a better turn of phrase then let me know.

QuoteShadowy implies lack of transparency, which has really improved over the years.

Has it ? I mean i know there are laws around data protection such as GDPR. At least from a European perspective i could mostly agree. But Microsoft is an American company.

Aha, but to do business in Europe it still has to report who it sells and provides, which data to and to keep it a little scalable they will try to keep these pieces of information the same for europe and the rest of the globe(especially the first time they had to publish this, because making a special "europe" exception takes time) and the same is true for California.
Also thanks to the Snowden leaks the USA government more often publishes(often due to court cases) on the subject. Also there are nowadays more external monitoring methods.
Also the EU thanks to Snowden leaks once in a while get forced to publish parts of its own espionage through court cases.

Quoting: Lofty

QuoteThe term forces dehumanizes them.

Forces implies a large gathering of people committed to the same objective. Are we 'dehumanizing' an invading army by calling them a 'force' ?

Okay here you're just right, my excuses for the mistake.

Quoting: Lofty

QuoteThe "shadowy forces" call themselves "data brokers".
I would call them "privacy salesmen/salespeople(reliant on who I'm talking to)".

'privacy salesmen' should not even be a thing,i would call them immoral shysters. It should not be a job to sell people's private information without consent at the level proposed here.

[quote=Lofty]
Well yeah that's why I prefer the term. It gets the point across without sounding like an accusation of conspiracy beyond normal business transactions.

Quoting: Lofty

QuoteThat having said. I'm not opposed to the term "privacy nut".
I've no issue with being the crazy one and it does get the point across.

So long as it's not used to dehumanize people who care about privacy or minimize the risks involved, hushing people into silence.

Meh, many badges of honor in the past began as a way to dismiss owning up to it is often more effective. The term jesuit was meant to call them traitors, Cavalier was at first meant as an insult, Anarchist started as an insult it, conservative started as an insult.


Last edited by LoudTechie on 23 May 2024 at 6:43 pm UTC

Oh man, I can't wait for the first news articles to break about when Microsoft inevitably stuffs something up in an update and people's embarrassing private session get uploaded and shared far and wide. 🤣 You know that's going to happen eventually.

It's worth noting that not even Windows users are particularly enthused at the idea, as in this article on PCGamer.

Quoting: LoftyAre we 'dehumanizing' an invading army by calling them a 'force' ?

Yes. We call them "enemy forces," not "enemy people." An important facet of war is finding ways to dehumanize the people you're fighting so you/your soldiers don't feel so bad about killing them.

The screenshot made just as you hover over the view password icon to check will be worth gold;)

Quoting: PhiladelphusIt's worth noting that not even Windows users are particularly enthused at the idea, as in this article on PCGamer.

I'll be amazed if many will put their money where their mouth is and walk away. It's only gotten as bad as it is now because they never take action about their complaints.

This is so wonderful, it's setting the groundwork for my friends who have started asking me about Linux and it'll develop into them considering, and hopefully even switching to it before October 2025.

I would trust such a feature if it was opensource.. for instance if a DE on Linux implemented this feature I would use it without batting an eye considering I could just go look at the source code to see what its doing and mostly likely use my OWN ai models to boot.. only way folks gona feel conforble using this from Microsoft is if they opensourced it.. To be frank it should be a LAW features such as this must be opensourced regardless if the OS is or not.


Last edited by tohur on 23 May 2024 at 9:15 pm UTC

Quoting: tohurI would trust such a feature if it was opensource.. for instance if a DE on Linux implemented this feature I would use it without batting an eye considering I could just go look at the source code to see what its doing and mostly likely use my OWN ai models to boot.. only way folks gona feel conforble using this from Microsoft is if they opensourced it.. To be frank it should be a LAW features such as this must be opensourced regardless if the OS is or not.

I wouldn't
The data is still stored on the computer and made readily accessible.
A malicious actor on my system(this can just be chrome looking for delicious data) can take it and run with it.

Quoting: Pengling

Quoting: PhiladelphusIt's worth noting that not even Windows users are particularly enthused at the idea, as in this article on PCGamer.

I'll be amazed if many will put their money where their mouth is and walk away. It's only gotten as bad as it is now because they never take action about their complaints.

But the situation is not immutable. Linux's share on Steam has been growing, largely thanks to the Steam Deck--but the Linux share on the desktop in general seems to have been growing significantly faster the last year or two; we're apparently up to about 4%. I think something like this could add a couple of percentage points.

Quoting: Purple Library GuyBut the situation is not immutable. Linux's share on Steam has been growing, largely thanks to the Steam Deck--but the Linux share on the desktop in general seems to have been growing significantly faster the last year or two; we're apparently up to about 4%. I think something like this could add a couple of percentage points.

Oh, don't get me wrong, I reckon you're right. It's just infuriating to always see people saying "I don't like this!" only to then continue to use the offending products, in spite of the existence of alternatives that will suit a huge amount of people just fine and relieve them of that stress. (Life's too short, why would you put yourself through it?)


Last edited by Pengling on 23 May 2024 at 10:28 pm UTC

Quoting: LoudTechie

Quoting: tohurI would trust such a feature if it was opensource.. for instance if a DE on Linux implemented this feature I would use it without batting an eye considering I could just go look at the source code to see what its doing and mostly likely use my OWN ai models to boot.. only way folks gona feel conforble using this from Microsoft is if they opensourced it.. To be frank it should be a LAW features such as this must be opensourced regardless if the OS is or not.

I wouldn't
The data is still stored on the computer and made readily accessible.
A malicious actor on my system(this can just be chrome looking for delicious data) can take it and run with it.

And thats on you not the DE. but fact is this is Linux if a DE did implement such a feature 1.) you wouldn't be required to use such a feature. 2 .) it would 99% be a opt in not opt out. 3.) it would most likely be encrypted


Last edited by tohur on 23 May 2024 at 10:35 pm UTC

Quoting: Pengling

Quoting: Purple Library GuyBut the situation is not immutable. Linux's share on Steam has been growing, largely thanks to the Steam Deck--but the Linux share on the desktop in general seems to have been growing significantly faster the last year or two; we're apparently up to about 4%. I think something like this could add a couple of percentage points.

Oh, don't get me wrong, I reckon you're right. It's just infuriating to always see people saying "I don't like this!" only to then continue to use the offending products, in spite of the existence of alternatives that will suit a huge amount of people just fine and relieve them of that stress. (Life's too short, why would you put yourself through it?)

It's like becoming a Canadian. That would go against our freedoms.

I might be misremembering something I heard a long time ago...

I really hope, this time, a lot of people will wake up. I don't know what else they'll need if that's not sufficient for them. And I just really know, like some of you sadly, if I speak about that to some of my family's members they'll just think I'm paranoid, more than usual I mean...
Some people I know already use Linux, for some with my help, and I speak about it regularly.
I don't know for you, but whenever people switch to Linux because of me I'm pretty happy, but that's just a drop in the ocean...
It's frightening, a nightmare, and it's worse day after day, I'm losing hope for fuck sake.

Quoting: pleasereadthemanualI might be misremembering something I heard a long time ago...

lmao I never read the whole Canada tweet until today. That's hilarious.
Yeah, stand up against Microsoft... by making it your mission to continue using their products. Either you keep making an invasive, broken operating system and I keep giving you money, or you 180 where I will give you money. Either way, I will continue to give you money. That's the level of stupidity I come to expect from Mr. Sweeney.


Last edited by pilk on 24 May 2024 at 12:34 am UTC

I don't expect much to change though, people will just go along with it begrudgingly. Or they wont even know about it.

Quoting: Liam Dawe

Quoting: phil995511It is prohibited for an employer to spy on its employees in any way. This type of function is therefore formally prohibited in the professional field.

Depends where you are. Lots of companies in lots of countries already keep tabs on what employees are doing and looking at.

I believe that in all South America when your employee gives you a computer all the content of the computer is property of your employee (At least I know that happens in 8 of 11 countries), the first thing in what I thought is this going to be the panacea of the middle manager and number crunching bosses. Almost all the companies uses Windows, if they don't have a contract as partner, is all the people now how to use (Including IT guys), so deploying this in all machine they will now what are you doing all day, or if you are not doing something for the company all the hours they are paying you.

More troublesome is the public offices that you have to give your information, they will also take screenshot of that ? Make me glad that my country on a very controversial situation some public offices start using Linux to not pay the licenses fees of all the machines, so at least some data will not reach them so easily.

Quoting: tohur

Quoting: LoudTechie

Quoting: tohurI would trust such a feature if it was opensource.. for instance if a DE on Linux implemented this feature I would use it without batting an eye considering I could just go look at the source code to see what its doing and mostly likely use my OWN ai models to boot.. only way folks gona feel conforble using this from Microsoft is if they opensourced it.. To be frank it should be a LAW features such as this must be opensourced regardless if the OS is or not.

I wouldn't
The data is still stored on the computer and made readily accessible.
A malicious actor on my system(this can just be chrome looking for delicious data) can take it and run with it.

And thats on you not the DE. but fact is this is Linux if a DE did implement such a feature 1.) you wouldn't be required to use such a feature. 2 .) it would 99% be a opt in not opt out. 3.) it would most likely be encrypted

Actually I think encryption wouldn't be a feature if it were open source.
Secret management is important in open source security considerations and the secret would in this case be stored on the same place as the data.
The rest of your points are convincing and yes this's certainly on me.

People always seem to get worked up over nothing, it's as if they're constantly searching for something to worry about. The article discusses the potential consequences if someone were to steal your device and access your personal information. However, if someone gains access to your computer, they could uncover much more than just random screenshots taken out of context. If privacy concerns you, you have the option to disable Recall from saving anything anyway.

It seems like most people are simply going about their day with their Androids or iPhones, casually browsing through Instagram or YouTube, maybe dropping a comment on Reddit or Twitter. But where do we draw the line on privacy? I say, let people choose their tools and determine what they're comfortable sharing without resorting to unnecessary fear tactics.