This will be preaching to the choir for some readers, as you didn't exactly need another reason not to use Windows right? Microsoft's new Recall AI will take screenshots of everything you do and that sounds truly terrible. Spyware as a service, courtesy of Microsoft's push to stick AI into everything.
You might think I'm being perhaps a bit sensational here or even clickbaity, but no, this is actually genuinely what Recall does. As Microsoft said: "Recall uses Copilot+ PC advanced processing capabilities to take images of your active screen every few seconds", and not only just on their new ARM PCs, they said it will roll out to x86 platforms too via a Windows update.
What's the point? It's to give you a special timeline of your day (it stores up to 3 months worth of what you do), allowing you to go back through it and find things, highlight things, open the original application shown in pictures and eventually open up whatever you were working on in the right application with the right content at the time. Basically, some fancy-pants AI search going over everything you've done.
Microsoft do say the storage is local to your device, and is "protected using data encryption on your device" and even using BitLocker if you're on Windows 11 Pro or an enterprise Windows 11 SKU. Microsoft also claim it doesn't share it anywhere else, at all, no advertisers or Microsoft themselves. But, how far do we trust data being fed into a black-box AI that no one can really see what it's doing huh?
Here's the thing: straight from their own FAQ (scroll down) it notes how "Recall does not perform content moderation" and it will "not hide information such as passwords or financial account numbers". Oh wow, that sure sounds good for your privacy doesn't it. But don't worry it "does not take snapshots of certain kinds of content, including InPrivate web browsing sessions in Microsoft Edge" and "material protected with digital rights management (DRM)" is also protected. We can't have Netflix or Disney getting annoyed with it taking a shot of that movie you watched, nope.
I'm not even what you may call a "privacy nut". I use big-name stuff all the time, my main browser is plain ol' Google Chrome and you get the idea. But still, this is super weird.
What happens if someone else gets access to your device? Lost, stolen, sold (and you forgot to wipe) and so on. If you get hacked, they'll end up seeing everything, it's another major attack point. Yeah great it's stored on your device, but people and companies get broken open all the time, malicious orgs will have a real party with your data. There's plenty of other times people may end up with access to your device to think about, I'm not going to list them all of course.
You can hear Microsoft CEO Satya Nadella speak about it to The Wall Street Journal, skip to 3:23:
Direct Link
No thanks. I'll pass, forever. I never want this. It feels creepy and gross.
The UK's Information Commissioner's Office (ICO) is already looking into it. No doubt others will be too. A privacy nightmare for everyone.
If you wish to try Linux, I can recommend Kubuntu which is my daily-driver.
Quoting: pleasereadthemanualQuoting: LoudTechieWhat mcirosoft didn't disclose with their TPM requirement is that breaking bitlocker of the TPM they required at first(hardware based) is so easy that a teacher suggested it as a project in my first year of embedded software engineering. This is the relevant trick..Huh. That's pretty interesting. I guess the real professionals might have a suitcase full of these pogo pin sniffers for common laptop models, ready to disassemble the laptop at a moment's notice.
Doesn't work for fTPM, but that only got allowed when it turned out that gamers with game pcs can be very loud.
My desktop computer from 2017 has fTPM. Let me check if my Dell business laptop from 2022, which came with Windows 11, has fTPM.
<Rebooting>...
Edit:I have no clue. It doesn't tell me in the BIOS whether I have a fTPM, it just has the option to enable Secure Boot.
If you can't enable/disable your TPM in the BIOS you've no fTPM. If you can you do.(f stands for firmware)
EDIT:
This probably means you've hardware TPM for such a modern device.
Rant:
For some reason the advised practice in the security community is that for drm like activities dedicated hardware is most effective, but as far as I've encountered so far this is complete and utter bull.
Nintendo did and does it and failed.
Intel doesn't and succeeds(Intel ME)
By binding it to existing devices changing it is more intermingled with stuff the attacker doesn't want to touch.
Yes giving it more permissions helps, but if you integrate it in the firmware of something important it's harder to take away.
Edit:
Looked it up:
You've both, but the hardware TPM is probably the used one.
Bussiness laptop had TPM before consumer ones, because physical attacks are much more dangerous for owners of laptops who aren't also the user, such as businesses.
I assumed your laptop was new when you got it.
Last edited by LoudTechie on 23 May 2024 at 7:08 pm UTC
Quoting: wvstolzing... so I take it that plaintext indexing & search already works flawlessly on windows, that they're now expanding their horizons to indexing images, & user actions and the like?
... and that the promised indices won't take up half of the user's boot drive, and perpetually occupy half of their cpu & ram? (which of course they won't because all the processing and storage will be 'in the cloud')
Actually they promised to keep it local(for now), so I hope you've a really large drive, because it'll contain a video of its entire existence.
Edit:
Also they promised to keep it encrypted, so it will take up even more space than a normal video of it existence.
Last edited by LoudTechie on 23 May 2024 at 6:40 pm UTC
Quoting: LoudTechieQuoting: LoftyQuoting: EikeQuoting: LoftyQuoteI'm not even what you may call a "privacy nut".
Although this is a common turn of phrase. It's time we removed the association of conspiracy theorist with a human right to privacy.
I agree.
Quoting: LoftyIn the early day's people were far more trusting of technology and saw it as largely altruistic and a benefit to society (which with opensource it still can be) but invariably the usual shadowy forces do their thing and here we are.
[bolding by me]
... but this does sound... conspirational.
Maybe they aren't out in public stood on a box selling you data viewable on a large screen but im perfectly happy to identify groups tucked away in some monolithic corporate box connected to a vast data center sharing deeply personal information about you or your loved ones to the highest bidder as shadowy forces.
To me that is the usual shadowy forces. i couldn't think of a better phrase as my "tin foil" hat is blocking the connection to my neural-link Ai brain feed.
if you cant think of a better turn of phrase then let me know.
Shadowy implies lack of transparency, which has really improved over the years.
The term forces dehumanizes them.
The "shadowy forces" call themselves "data brokers".
I would call them "privacy salesmen/salespeople(reliant on who I'm talking to)".
That having said. I'm not opposed to the term "privacy nut".
I've no issue with being the crazy one and it does get the point across.
Quoting: LoudTechieAha, but to do business in Europe it still has to report who it sells and provides, which data to and to keep it a little scalable they will try to keep these pieces of information the same for europe and the rest of the globe(especially the first time they had to publish this, because making a special "europe" exception takes time) and the same is true for California.Quoting: LoftyQuoting: EikeQuoting: LoftyQuoteI'm not even what you may call a "privacy nut".
Although this is a common turn of phrase. It's time we removed the association of conspiracy theorist with a human right to privacy.
I agree.
Quoting: LoftyIn the early day's people were far more trusting of technology and saw it as largely altruistic and a benefit to society (which with opensource it still can be) but invariably the usual shadowy forces do their thing and here we are.
[bolding by me]
... but this does sound... conspirational.
Maybe they aren't out in public stood on a box selling you data viewable on a large screen but im perfectly happy to identify groups tucked away in some monolithic corporate box connected to a vast data center sharing deeply personal information about you or your loved ones to the highest bidder as shadowy forces.
To me that is the usual shadowy forces. i couldn't think of a better phrase as my "tin foil" hat is blocking the connection to my neural-link Ai brain feed.
if you cant think of a better turn of phrase then let me know.
QuoteShadowy implies lack of transparency, which has really improved over the years.
Has it ? I mean i know there are laws around data protection such as GDPR. At least from a European perspective i could mostly agree. But Microsoft is an American company.
Also thanks to the Snowden leaks the USA government more often publishes(often due to court cases) on the subject. Also there are nowadays more external monitoring methods.
Also the EU thanks to Snowden leaks once in a while get forced to publish parts of its own espionage through court cases.
Quoting: LoftyOkay here you're just right, my excuses for the mistake.QuoteThe term forces dehumanizes them.
Forces implies a large gathering of people committed to the same objective. Are we 'dehumanizing' an invading army by calling them a 'force' ?
Quoting: Lofty[quote=Lofty]QuoteThe "shadowy forces" call themselves "data brokers".
I would call them "privacy salesmen/salespeople(reliant on who I'm talking to)".
'privacy salesmen' should not even be a thing,i would call them immoral shysters. It should not be a job to sell people's private information without consent at the level proposed here.
Well yeah that's why I prefer the term. It gets the point across without sounding like an accusation of conspiracy beyond normal business transactions.
Quoting: LoftyQuoteThat having said. I'm not opposed to the term "privacy nut".
I've no issue with being the crazy one and it does get the point across.
So long as it's not used to dehumanize people who care about privacy or minimize the risks involved, hushing people into silence.
Meh, many badges of honor in the past began as a way to dismiss owning up to it is often more effective. The term jesuit was meant to call them traitors, Cavalier was at first meant as an insult, Anarchist started as an insult it, conservative started as an insult.
Last edited by LoudTechie on 23 May 2024 at 6:43 pm UTC
It's worth noting that not even Windows users are particularly enthused at the idea, as in this article on PCGamer.
Quoting: LoftyAre we 'dehumanizing' an invading army by calling them a 'force' ?Yes. We call them "enemy forces," not "enemy people." An important facet of war is finding ways to dehumanize the people you're fighting so you/your soldiers don't feel so bad about killing them.
Quoting: PhiladelphusIt's worth noting that not even Windows users are particularly enthused at the idea, as in this article on PCGamer.I'll be amazed if many will put their money where their mouth is and walk away. It's only gotten as bad as it is now because they never take action about their complaints.
Last edited by tohur on 23 May 2024 at 9:15 pm UTC
Quoting: tohurI would trust such a feature if it was opensource.. for instance if a DE on Linux implemented this feature I would use it without batting an eye considering I could just go look at the source code to see what its doing and mostly likely use my OWN ai models to boot.. only way folks gona feel conforble using this from Microsoft is if they opensourced it.. To be frank it should be a LAW features such as this must be opensourced regardless if the OS is or not.
I wouldn't
The data is still stored on the computer and made readily accessible.
A malicious actor on my system(this can just be chrome looking for delicious data) can take it and run with it.
Quoting: PenglingBut the situation is not immutable. Linux's share on Steam has been growing, largely thanks to the Steam Deck--but the Linux share on the desktop in general seems to have been growing significantly faster the last year or two; we're apparently up to about 4%. I think something like this could add a couple of percentage points.Quoting: PhiladelphusIt's worth noting that not even Windows users are particularly enthused at the idea, as in this article on PCGamer.I'll be amazed if many will put their money where their mouth is and walk away. It's only gotten as bad as it is now because they never take action about their complaints.
Quoting: Purple Library GuyBut the situation is not immutable. Linux's share on Steam has been growing, largely thanks to the Steam Deck--but the Linux share on the desktop in general seems to have been growing significantly faster the last year or two; we're apparently up to about 4%. I think something like this could add a couple of percentage points.Oh, don't get me wrong, I reckon you're right. It's just infuriating to always see people saying "I don't like this!" only to then continue to use the offending products, in spite of the existence of alternatives that will suit a huge amount of people just fine and relieve them of that stress. (Life's too short, why would you put yourself through it?)
Last edited by Pengling on 23 May 2024 at 10:28 pm UTC
Quoting: LoudTechieQuoting: tohurI would trust such a feature if it was opensource.. for instance if a DE on Linux implemented this feature I would use it without batting an eye considering I could just go look at the source code to see what its doing and mostly likely use my OWN ai models to boot.. only way folks gona feel conforble using this from Microsoft is if they opensourced it.. To be frank it should be a LAW features such as this must be opensourced regardless if the OS is or not.
I wouldn't
The data is still stored on the computer and made readily accessible.
A malicious actor on my system(this can just be chrome looking for delicious data) can take it and run with it.
And thats on you not the DE. but fact is this is Linux if a DE did implement such a feature 1.) you wouldn't be required to use such a feature. 2 .) it would 99% be a opt in not opt out. 3.) it would most likely be encrypted
Last edited by tohur on 23 May 2024 at 10:35 pm UTC
Quoting: PenglingIt's like becoming a Canadian. That would go against our freedoms.Quoting: Purple Library GuyBut the situation is not immutable. Linux's share on Steam has been growing, largely thanks to the Steam Deck--but the Linux share on the desktop in general seems to have been growing significantly faster the last year or two; we're apparently up to about 4%. I think something like this could add a couple of percentage points.Oh, don't get me wrong, I reckon you're right. It's just infuriating to always see people saying "I don't like this!" only to then continue to use the offending products, in spite of the existence of alternatives that will suit a huge amount of people just fine and relieve them of that stress. (Life's too short, why would you put yourself through it?)
I might be misremembering something I heard a long time ago...
Some people I know already use Linux, for some with my help, and I speak about it regularly.
I don't know for you, but whenever people switch to Linux because of me I'm pretty happy, but that's just a drop in the ocean...
It's frightening, a nightmare, and it's worse day after day, I'm losing hope for fuck sake.
Quoting: pleasereadthemanualI might be misremembering something I heard a long time ago...lmao I never read the whole Canada tweet until today. That's hilarious.
Yeah, stand up against Microsoft... by making it your mission to continue using their products. Either you keep making an invasive, broken operating system and I keep giving you money, or you 180 where I will give you money. Either way, I will continue to give you money. That's the level of stupidity I come to expect from Mr. Sweeney.
Last edited by pilk on 24 May 2024 at 12:34 am UTC
Quoting: Liam DaweQuoting: phil995511It is prohibited for an employer to spy on its employees in any way. This type of function is therefore formally prohibited in the professional field.Depends where you are. Lots of companies in lots of countries already keep tabs on what employees are doing and looking at.
I believe that in all South America when your employee gives you a computer all the content of the computer is property of your employee (At least I know that happens in 8 of 11 countries), the first thing in what I thought is this going to be the panacea of the middle manager and number crunching bosses. Almost all the companies uses Windows, if they don't have a contract as partner, is all the people now how to use (Including IT guys), so deploying this in all machine they will now what are you doing all day, or if you are not doing something for the company all the hours they are paying you.
More troublesome is the public offices that you have to give your information, they will also take screenshot of that ? Make me glad that my country on a very controversial situation some public offices start using Linux to not pay the licenses fees of all the machines, so at least some data will not reach them so easily.
Quoting: tohurQuoting: LoudTechieQuoting: tohurI would trust such a feature if it was opensource.. for instance if a DE on Linux implemented this feature I would use it without batting an eye considering I could just go look at the source code to see what its doing and mostly likely use my OWN ai models to boot.. only way folks gona feel conforble using this from Microsoft is if they opensourced it.. To be frank it should be a LAW features such as this must be opensourced regardless if the OS is or not.
I wouldn't
The data is still stored on the computer and made readily accessible.
A malicious actor on my system(this can just be chrome looking for delicious data) can take it and run with it.
And thats on you not the DE. but fact is this is Linux if a DE did implement such a feature 1.) you wouldn't be required to use such a feature. 2 .) it would 99% be a opt in not opt out. 3.) it would most likely be encrypted
Actually I think encryption wouldn't be a feature if it were open source.
Secret management is important in open source security considerations and the secret would in this case be stored on the same place as the data.
The rest of your points are convincing and yes this's certainly on me.
It seems like most people are simply going about their day with their Androids or iPhones, casually browsing through Instagram or YouTube, maybe dropping a comment on Reddit or Twitter. But where do we draw the line on privacy? I say, let people choose their tools and determine what they're comfortable sharing without resorting to unnecessary fear tactics.
See more from me