Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Mozilla Privacy

Mozilla Says It's Concerned About Windows Recall (theregister.com) 67

Microsoft's Windows Recall feature is attracting controversy before even venturing out of preview. From a report: The principle is simple. Windows takes a snapshot of a user's active screen every few seconds and dumps it to disk. The user can then scroll through the snapshots and, when something is selected, the user is given options to interact with the content.

Mozilla's Chief Product Officer, Steve Teixeira, told The Register: "Mozilla is concerned about Windows Recall. From a browser perspective, some data should be saved, and some shouldn't. Recall stores not just browser history, but also data that users type into the browser with only very coarse control over what gets stored. While the data is stored in encrypted format, this stored data represents a new vector of attack for cybercriminals and a new privacy worry for shared computers.

"Microsoft is also once again playing gatekeeper and picking which browsers get to win and lose on Windows -- favoring, of course, Microsoft Edge. Microsoft's Edge allows users to block specific websites and private browsing activity from being seen by Recall. Other Chromium-based browsers can filter out private browsing activity but lose the ability to block sensitive websites (such as financial sites) from Recall. "Right now, there's no documentation on how a non-Chromium based, third-party browser, such as Firefox, can protect user privacy from Recall. Microsoft did not engage our cooperation on Recall, but we would have loved for that to be the case, which would have enabled us to partner on giving users true agency over their privacy, regardless of the browser they choose."

This discussion has been archived. No new comments can be posted.

Mozilla Says It's Concerned About Windows Recall

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Wednesday May 22, 2024 @04:56PM (#64491807)

    build in spyware takeing an screen shot that often

  • by KiltedKnight ( 171132 ) on Wednesday May 22, 2024 @04:56PM (#64491809) Homepage Journal
    Even espionage in general. If you don't have a way to turn this off, fine-tune what it can do, completely scramble the data to make it useless, etc, this is a big fat attack surface and should be scaring everyone.
    • by ctilsie242 ( 4841247 ) on Wednesday May 22, 2024 @05:25PM (#64491871)

      Just the fact that compromising one machine can get a ton of info, perhaps even authentication tokens that are normally ephemeral and forgotten about, is a cause for concern.

      Oh, don't forget this data is subject to legal holds, motions of discoveries, and FOIA requests. I'm sure companies and governments don't want a Bittorrent of people's workstations showing all their files, keyboard entries, files interacted with and all communications on the public web, after a successful data exfiltration attack.

      MS needs to set something in Windows that once the switch is set, Recall is disabled, and can never be enabled for that machine again, even after a reinstall.

      • MS needs to set something in Windows that once the switch is set, Recall is disabled, and can never be enabled for that machine again, even after a reinstall.

        This, of course, is obviously impossible. How can you make it impossible to enable Recall after a complete brain wipe and reinstall?
        • The same way AutoPilot works. It intercepts the machine ID during the installation process and installs whatever the company who owns the machine desires to put on it.

    • If you don't have a way to turn this off...

      Don't worry about needing to turn things off to help security. Microsoft is already on this whole security business! That's why they're enabling full disk encryption by default, even if you don't want it.

  • by starworks5 ( 139327 ) on Wednesday May 22, 2024 @05:02PM (#64491825) Homepage

    Where do you think that Sam Altman is going to develop AGI? He needs to teach an AI how to use an operating system and "self drive" its own training data, by having us create the data that teaches the AGI how humans use the internet and a personal computer, rather than giving the AI direct access to the internet and operating system to let it go do whatever it wants, thus by the time that the thing is fully trained it will be constrained into doing only a narrow range of actions out of the entire possibility of actions that are possible on the internet.

    • by narcc ( 412956 )

      You can't possibly believe this. You're not going to get AGI with today's tech just by collecting the right kind of training data. That's beyond silly.

      • by vbdasc ( 146051 )

        You're not going to get AGI with today's tech just by collecting the right kind of training data.

        You don't need to have an AGI to sell something that vaguely resembles an AGI to the gullible and convince them that it's an actual AGI.

        • by narcc ( 412956 )

          There are idiots who think we have AGI now. The parent, however, was talking about some science fiction 'rogue AI' scenario. I have him pegged as a singularity nut.

  • by JustNiz ( 692889 ) on Wednesday May 22, 2024 @05:18PM (#64491855)

    Why does everyone just put up with this kind of shit and just keep buying more Windows licences even though there are better/safer/more secure/more private OS's out there for free download?

    • I keep thinking, "OK, this will be Microsoft's one step too far, and people, especially business people, will turn away from it." I've been wrong every time. With the exception of one computer where I have no choice, I never went beyond Win 8.1. When I finally retire, Windows retires with me and I'll move over to Linux.

      • Business people are not technical people. Microsoft is like McDonalds, you can't go wrong if you buy a lot of things from their menu when you're feeding a party, you know that you're going to cover enough of the group with the selection of what you buy. Yes it's a poor choice, and if you do it too much the queues at the toilet will grow as bellys become painful.

        • Yeah...it's more likely they'll try to find ways of weaseling out of responsibility for their mess than not making one in the first place.

      • I don't think most people would even know how big a security risk this is, sure people in IT will see it but most other people will just say they are Microsoft they are a big powerful computer company they must know what they are doing.

    • by zippthorne ( 748122 ) on Wednesday May 22, 2024 @05:51PM (#64491943) Journal

      This feature doesn't actually affect most people - it currently requires specific hardware - Qualcomm's Snapdragon X Elite - so it seems like you might have to go out of your way to get a machine infected with it. Those people aren't going to complain because they're buying the machines to get that as a feature.

      I'm sure they will keep salami slicing until it covers everyone, but every step of the way it will only be a minority who are actually affected so there won't be enough outrage at once to get something done before apathy and "industry standard practice" kick in.

    • Point me towards the Linux build of Solidworks.

    • That's an easy one. Most people consider "free toys" to be more important than data privacy. Most people literally do not care that marketers are collecting their data, or if they do care, they just don't believe there is a way to avoid it.

    • ... put-up with this kind of shit ...

      Because much software is Windows-only. No-one will pay for software to be ported to Debian/RedHat linuxes. Linux and its software might be free but there's still the labour of installing it and teaching the workers to use it. Businesses would need to close for a month to solve that single problem.

      • by narcc ( 412956 )

        This is why Microsoft shifting Office to the web is so foolish. When you do everything a browser, the underlying OS doesn't really matter.

        So much the better for companies that had the foresight to move their internal apps to the web in the 2000's.

  • I thought Microsoft finally jumped the shark with Windows 10 - but jumping sharks seems to be in their DNA now! Next come Windows 11 and then AI this and that and now this.This is so stupid. People, you need a reason to leave Windows ... here it is. Microsoft has run out of actual ideas. They jumped megalodon with this one!

  • As long as there's an OFF switch ...

    • As long as there's an OFF switch ...

      My problem is the number of OFF switches needed. I have a list I use for when I setup Windows machines at work. Bypass to avoid the MS account. Software to remove. Things to turn off. Notification settings to change. Updates to run. Remove onedrive again. Now this crap. What next?

      • Re:I'm OK (Score:4, Interesting)

        by markdavis ( 642305 ) on Wednesday May 22, 2024 @06:58PM (#64492115)

        And when those off switches suddenly turn on again at some update whim. Or when the switches change meaning. Or when you have to reinstall. Or when the data you are concerned about is yours on someone else's machine and they don't have it off.

        I am baffled that people continue to put up with this never-ending "attack."

    • by The Cat ( 19816 )

      Yeah, there's an off switch. Might not be connected to anything, but it's there!

  • by ConceptJunkie ( 24823 ) on Wednesday May 22, 2024 @05:39PM (#64491903) Homepage Journal

    Like so much that has been done in Windows in the last 10 years, this primarily serves Microsoft. Users be damned. There is nothing more sure to compromise users' security than a company like Microsoft promising that it won't compromise users' security. Given that they have been in quality free fall for some years now, there is no scenario where this Recall feature is not a disaster for users.

  • by El_Muerte_TDS ( 592157 ) on Wednesday May 22, 2024 @05:42PM (#64491915) Homepage

    I really do not give a fuck about your reasons, you created this piece of shit, you are responsible for creation a serious privacy and security violation.
    You should have resigned over implementing this.

    • by narcc ( 412956 )

      Who are you yelling at? Do you ... do you think that someone that matters will read your post? Do you think they'll be swayed by your expression of outrage? Do you think they don't know about the very obvious security and privacy issues?

      This reminds me of part of the J6 footage. There's a guy who picks up a phone and pretends to call congress. He aggressively yells into the phone, even making hand gestures for some reason, as though he expected that Congress would listen and obey if he was loud enough,

  • Glad, that is, that I switched to Linux circa 15 years ago and no longer have to put up with this shit.

    I can just imagine how well this is going to go over in the enterprise. There are many cases where this kind of data capture is simply unacceptable, and for all I know possibly even illegal. Will Microsoft allow IT departments to disable this anti-feature? Will they charge for the 'privilege'?

    Then there's the extra processor load. My wife's work laptop - a capable and well-provisioned Lenovo - already grin

    • After this news I did a test of automatic screenshotting on Windows using a third party tool and I was quite surprised it made no perceptible difference.
  • by slack_justyb ( 862874 ) on Wednesday May 22, 2024 @05:54PM (#64491949)
    A link to a reporter talking to Nadella about the feature. [x.com]

    Reporter says:

    There might be this reaction from some people that this is pretty creppy.

    Nadella

    Yeah. I mean that's why that you can only do it on the edge. This is my computer. This is my Recall. And it's all being done locally.

    Nadella thinking we were all born yesterday. Yeah, it's all local, UNTIL IT ISN'T. Just like Google was do no evil, UNTIL IT WASN'T. And Twitter is an open API, UNTIL IT WASN'T. And Reddit was all about user comments and not using that for AI, UNTIL IT WASN'T.

    Look. There's always these pie in the sky promises to "not do whatever bad thing" until all those promises disappear.

    Nadella have you not existed for the last two fucking decades?

    This why even the guy who fucking write the anti-cheat for games is saying we've got to get off fucking Windows like yesterday. [x.com] And a lot of the Linux community doesn't what that shit. And that guy knows the Linux community doesn't want him. But he's seeing the writing on the fucking wall here. If Nadella is this fucking blind to the obvious and trying to hock this shit and convince folks "oh we'll never be THAT evil" and think they're going to fall for it yet again. Hang it up, Nadella is looking to full steam the ship into Gibraltar at this rate.

    Like whatever crazy shit is going on at Microsoft that makes them think their OS is going to do this shit and consumers be cool with it. I don't know if they're bleeding money like a motherfucker or I should stop by to pick up some of the shit they're smoking. But whatever it is, holy shit, everyone deserves to be really questioning how viable Windows is years from now. Because this is some crazy ass talking Nadella is throwing down here. Like sane people don't make these kinds of arguments. People who are backs to the wall or lost complete touch with reality make these arguments.

    All you Windows folks, I hope y'all like your paid for spyware, that's all I've got to say.

    • by Deathlizard ( 115856 ) on Thursday May 23, 2024 @01:05AM (#64492593) Homepage Journal

      Nadella's comment is a clear example of whats wrong with modern feature creep not only at Microsoft, but just about every major software company these days. There's no boss anymore like Bill Gates telling programmers that their feature idea is the "Stupidest fucking thing he's ever heard" and instead of features getting scrutinized, more stupid, useless features get shoved in as the product swirls down the toilet.

      I swear no one thinks features can be exploited for harm anymore because its' stored locally and encrypted until the obvious happens and they realize that yes, the laws of computer stupidity [slashdot.org] are real and 99% of computer users do not know what they are doing and run stupid things on their PC bypassing encryption (since you need access to your data to read it and if you can access it, so can the virus) and safeguards (because screw you I'm a virus! I do what I want!) and get hacked or exploited. I can guarantee that Scam Call Centers and Spammers will have a field day convincing old people using Quick Assist (which is an actually useful feature that I'm sure MS is going to screw up or remove trying to stop scammers) that they recorded every private thing they did, and it will cost a small bitcoin or two to keep it from being sent to everyone they know.

      I'm convinced all modern UI and Program designers work like this now:

      1) Add useless feature or design element because if someone tells them no it hurts their fragile ego and/or feelings.
      2) Watch feature get hacked, exploited or hated.
      3) Shit Pants in disbelief that Feature got hacked, exploited or hated.
      4) Release New Revision of Feature that fixes current hack, exploit or hate
      5) Watch feature get hacked, exploited or hated in a different way.
      6) Shit Pants again.
      7) Repeat step 4, never realizing that the useless feature or design element was indeed useless.

      It'll be hilarious a few years from now when I reference this post and illustrate what step MS is on when it comes to this feature. That is, if it gets implemented.

  • by DeathElk ( 883654 ) on Wednesday May 22, 2024 @06:03PM (#64491971)

    Dump Windows.

    • >"Simple solution. Dump Windows."

      Simple for you. Simple for me, I haven't used MS-Windows in decades, on anything. Simple for others who have control over their equipment and are willing.

      Not so simple for others who are tied into it by their employer or due to some application they MUST run that isn't available for Linux/whatever, especially if no suitable alternative exists.

      As for the latter, if there is motivation, things will get ported. But that takes consumers willing to DO something- complaining

  • The arms race for features and billion dollar infra spend is reminiscent to me of web 1.0. Things like security and actual customer utility are taking a back seat to releasing quickly and licking all the cookies. A big difference from web 1.0, though, is that it's not a bunch of wacky startups but like 5 giant corporations.

    Specific to Windows Recall, it seems like they didn't do thorough threat modeling prior to release. Domestic abuse, government surveillance, identity theft, and credit card fraud are jus

  • ... I had in mind.

    "Bring your Windows system back to the point of sale and receive a copy of DOS 3.11."

    • by vbdasc ( 146051 )

      Yeah, drop the MS crap, only to replace it with their older crap... A winning strategy for sure.

  • I'm sure that the entire US intelligence community is thrilled that no matter how secure a computer is, or what location it's in, there is an ongoing history of what's on the screen stored on disk.

    Given the recent public outrage [arstechnica.com] over Microsoft utterly broken security, maybe it's time for the federal government to switch as much computing as possible to Linux.

    Yes, I know that the blow-back was about the Azure cloud, but even so the way Microsoft sucks up information and sends it back to the mothership mea

    • by rickkw ( 920898 )
      So are China, Russia, Iran, North Korea, India, ... I'd say they are just as thrilled, if not more.
    • There's no conceivable outcome where Microsoft wouldn't just trick them into installing their spyware on Linux too.

  • Buy more storage (Score:5, Informative)

    by JustAnotherOldGuy ( 4145623 ) on Wednesday May 22, 2024 @07:22PM (#64492177) Journal

    "The principle is simple. Windows takes a snapshot of a user's active screen every few seconds and dumps it to disk."

    Way to eat up my disk space, you fuckers.

  • Yep, makes sense. Only MS would do something this stupid.

  • by NotEmmanuelGoldstein ( 6423622 ) on Wednesday May 22, 2024 @08:59PM (#64492341)

    ... and dumps it to disk.

    A searchable record of everything ever done on your computer: That's great for work, possibly but it doesn't take long to see the bad side. Your computer never forgets your browser history, never forgets your rants of outrage, even when a moment of lucidity resulted in their deletion. But the real problem is copyright: When using a web-browser, Microsoft is taking a photo of a third-party's property and using it without a license.

    ... protect user privacy ...

    Turning Windows into an advertising platform is causing outrage, so Microsoft needs a new way to create daily revenue: Microsoft is doubling-down on "All your browser-histories are belong to us." History that can be sold to others, such as the government.

    This is like shops selling shovels demanding a share of what-ever you shovel. It's been in EULA contracts for years: There's a limit to the "all your data are belong to us" clauses but photographing everything, is also demanding ownership of everything. I doubt that subscription-based services like Adobe and VMware want the (photos of) files created by their services, to become the property of Microsoft.

  • WE need to talk about your problems too. WE, think you might have a....dependency problem. And WE think that you might be deflecting here a bit. Can you ...commit...to making the user your focus, all of the time, as well as when others screw up and you are in a position to point it out. That can be rewarding, right? Let's all think about the people depending on you Mozilla. We've given you support and now we want you to give something too. To your users. Bring it in for a hug. The tears are natural, let it
  • If you play on their turf, all you can do is bend over..
  • There a thing that happens to me constantly. I read something on the internet or watch it in a youtube video and then a few days later something related comes up in conversation and then I try to remember where on earth I saw that thing but search engines are useless nowadays and image/video content isn't properly searchable anyway. Having something that's screen grabbing and indexing everything I'm doing would scratch that particular itch, but since it's microsoft I just assume it's going to cause all my d

  • Linux user for almost a quarter of a century here...the Windows masses and Apple sheeple sure put up with lots of optional abuse. If only there were Linux/ BSD options.
  • It's one of those features. You know the kind of feature that's useful but also has a dark side. Like how AirTags and such can be used to help find lost items, or to stalk people. Or how guns can be used to catch food, or kill people.

    I mean, there are times I do wish for a feature like this - plenty of times I've gone and said "I recall reading about X, but I can't figure out how to get it back again" and no amount of history searching or other things will let me remember it. I might stumble around and figu

  • The concerns are overblown. 1. This is just in beta. It may never go to production 2. It is totally local, if you wipe your machine your history is gone 3. There is a simple on and off in the settings.

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Working...