Mozilla Says It's Concerned About Windows Recall (theregister.com) 67
Microsoft's Windows Recall feature is attracting controversy before even venturing out of preview. From a report: The principle is simple. Windows takes a snapshot of a user's active screen every few seconds and dumps it to disk. The user can then scroll through the snapshots and, when something is selected, the user is given options to interact with the content.
Mozilla's Chief Product Officer, Steve Teixeira, told The Register: "Mozilla is concerned about Windows Recall. From a browser perspective, some data should be saved, and some shouldn't. Recall stores not just browser history, but also data that users type into the browser with only very coarse control over what gets stored. While the data is stored in encrypted format, this stored data represents a new vector of attack for cybercriminals and a new privacy worry for shared computers.
"Microsoft is also once again playing gatekeeper and picking which browsers get to win and lose on Windows -- favoring, of course, Microsoft Edge. Microsoft's Edge allows users to block specific websites and private browsing activity from being seen by Recall. Other Chromium-based browsers can filter out private browsing activity but lose the ability to block sensitive websites (such as financial sites) from Recall. "Right now, there's no documentation on how a non-Chromium based, third-party browser, such as Firefox, can protect user privacy from Recall. Microsoft did not engage our cooperation on Recall, but we would have loved for that to be the case, which would have enabled us to partner on giving users true agency over their privacy, regardless of the browser they choose."
Mozilla's Chief Product Officer, Steve Teixeira, told The Register: "Mozilla is concerned about Windows Recall. From a browser perspective, some data should be saved, and some shouldn't. Recall stores not just browser history, but also data that users type into the browser with only very coarse control over what gets stored. While the data is stored in encrypted format, this stored data represents a new vector of attack for cybercriminals and a new privacy worry for shared computers.
"Microsoft is also once again playing gatekeeper and picking which browsers get to win and lose on Windows -- favoring, of course, Microsoft Edge. Microsoft's Edge allows users to block specific websites and private browsing activity from being seen by Recall. Other Chromium-based browsers can filter out private browsing activity but lose the ability to block sensitive websites (such as financial sites) from Recall. "Right now, there's no documentation on how a non-Chromium based, third-party browser, such as Firefox, can protect user privacy from Recall. Microsoft did not engage our cooperation on Recall, but we would have loved for that to be the case, which would have enabled us to partner on giving users true agency over their privacy, regardless of the browser they choose."
build in spyware takeing an screen shot that often (Score:5, Insightful)
build in spyware takeing an screen shot that often
Spyware... corporate espionage... (Score:5, Insightful)
Re:Spyware... corporate espionage... (Score:5, Insightful)
Just the fact that compromising one machine can get a ton of info, perhaps even authentication tokens that are normally ephemeral and forgotten about, is a cause for concern.
Oh, don't forget this data is subject to legal holds, motions of discoveries, and FOIA requests. I'm sure companies and governments don't want a Bittorrent of people's workstations showing all their files, keyboard entries, files interacted with and all communications on the public web, after a successful data exfiltration attack.
MS needs to set something in Windows that once the switch is set, Recall is disabled, and can never be enabled for that machine again, even after a reinstall.
Re: (Score:2)
This, of course, is obviously impossible. How can you make it impossible to enable Recall after a complete brain wipe and reinstall?
Re: (Score:2)
The same way AutoPilot works. It intercepts the machine ID during the installation process and installs whatever the company who owns the machine desires to put on it.
Re: (Score:2)
If you don't have a way to turn this off...
Don't worry about needing to turn things off to help security. Microsoft is already on this whole security business! That's why they're enabling full disk encryption by default, even if you don't want it.
Microsoft AGI training sandbox (Score:4, Interesting)
Where do you think that Sam Altman is going to develop AGI? He needs to teach an AI how to use an operating system and "self drive" its own training data, by having us create the data that teaches the AGI how humans use the internet and a personal computer, rather than giving the AI direct access to the internet and operating system to let it go do whatever it wants, thus by the time that the thing is fully trained it will be constrained into doing only a narrow range of actions out of the entire possibility of actions that are possible on the internet.
Re: (Score:3)
You can't possibly believe this. You're not going to get AGI with today's tech just by collecting the right kind of training data. That's beyond silly.
Re: (Score:3)
You're not going to get AGI with today's tech just by collecting the right kind of training data.
You don't need to have an AGI to sell something that vaguely resembles an AGI to the gullible and convince them that it's an actual AGI.
Re: (Score:2)
There are idiots who think we have AGI now. The parent, however, was talking about some science fiction 'rogue AI' scenario. I have him pegged as a singularity nut.
I really dont get it (Score:4, Insightful)
Why does everyone just put up with this kind of shit and just keep buying more Windows licences even though there are better/safer/more secure/more private OS's out there for free download?
Re: (Score:2)
I keep thinking, "OK, this will be Microsoft's one step too far, and people, especially business people, will turn away from it." I've been wrong every time. With the exception of one computer where I have no choice, I never went beyond Win 8.1. When I finally retire, Windows retires with me and I'll move over to Linux.
Re: (Score:2)
Business people are not technical people. Microsoft is like McDonalds, you can't go wrong if you buy a lot of things from their menu when you're feeding a party, you know that you're going to cover enough of the group with the selection of what you buy. Yes it's a poor choice, and if you do it too much the queues at the toilet will grow as bellys become painful.
Re: (Score:2)
Yeah...it's more likely they'll try to find ways of weaseling out of responsibility for their mess than not making one in the first place.
Re: (Score:2)
I don't think most people would even know how big a security risk this is, sure people in IT will see it but most other people will just say they are Microsoft they are a big powerful computer company they must know what they are doing.
Re: (Score:2)
I need the "thumbs up" emoticon. You're probably right.
Re: (Score:2)
The main hindrance to alternatives is support or lack thereof. Those who can self-support already switched at some point prior to now.
Re:I really dont get it (Score:5, Informative)
The main hindrance to alternatives is support or lack thereof.
Have you ever tried to get support out of Microsoft? Because I have, and it was NOT fun. Not saying others are better, but MS is not good either.
Re: (Score:2)
The support is readily available.
$/hr for Windows support vs your particular flavor of Linux. Plug and play device support, etc. There is a real cost to switching to a free operating system.
Re: (Score:2)
The $/hr Windows support vs $/hr Linux support is essentially the same. Do you have evidence otherwise?
Plug and play device support? Really? Have you used a Linux distro in the past couple decades?
There is a real cost to switching to a free operating system.
And it's the same bullshit it's been forever - vendor lock in, preinstalled OS, corporate buy in / software mandates.
Tech support and hardware support are not the issue.
Re: (Score:2)
You must not know real people.
And yes, I have used lots of distros and they are meh about the device support at the outset. Anything bleeding edge is going to be an issue. Anything for Windows will come with a mini cd or a download location for an installable driver - or even better will pull one down automatically. Once the hardware is old, it's bundled in with the kernel and it'll work.
2.5g network cards are a nice current example. Depends on the distro, but some work and some won't without some extra
Re: (Score:2)
You must not know real people.
Yawn. Personal attacks from the outset. Thanks for letting us know you have little to no case.
Anything bleeding edge is going to be an issue. Anything for Windows will come with a mini cd or a download location for an installable driver
So... not plug and play. Whereas my experience has been that Linux automatically recognizes the vast majority of those devices out of the box.
On my sole Windows laptop (a fairly high end i7 from HP), the touchscreen started freaking out (mouse suddenly moves to one side of the screen and stays there) and no driver updates have fixed it, though it works under Linux (dual boot). The network card doesn't resume proper
Re: I really dont get it (Score:2)
Re:I really dont get it (Score:4, Informative)
This feature doesn't actually affect most people - it currently requires specific hardware - Qualcomm's Snapdragon X Elite - so it seems like you might have to go out of your way to get a machine infected with it. Those people aren't going to complain because they're buying the machines to get that as a feature.
I'm sure they will keep salami slicing until it covers everyone, but every step of the way it will only be a minority who are actually affected so there won't be enough outrage at once to get something done before apathy and "industry standard practice" kick in.
Re: (Score:3)
Point me towards the Linux build of Solidworks.
Re: (Score:2)
https://github.com/cryinkfly/S... [github.com]
Uses wine but sounds like it works.
Re: (Score:2)
That's an easy one. Most people consider "free toys" to be more important than data privacy. Most people literally do not care that marketers are collecting their data, or if they do care, they just don't believe there is a way to avoid it.
Re: (Score:2)
Because much software is Windows-only. No-one will pay for software to be ported to Debian/RedHat linuxes. Linux and its software might be free but there's still the labour of installing it and teaching the workers to use it. Businesses would need to close for a month to solve that single problem.
Re: (Score:2)
This is why Microsoft shifting Office to the web is so foolish. When you do everything a browser, the underlying OS doesn't really matter.
So much the better for companies that had the foresight to move their internal apps to the web in the 2000's.
Re: (Score:2)
There were some incompetent developers that used ActiveX, a few others that used Java. Even I had a little Java applet to facilitate what we would later come to call SPAs, before AJAX was a thing. No one really expected Java to disappear, but sensible developers knew not to lean too heavily on it, knowing that the browser's role should be reserved for the UI, maybe some cashing.
In the late 90's/early 2000's, the height of the Java craze, deployment was the big issue. Slow internet and internet that wasn'
Jumping sharks! (Score:2)
I thought Microsoft finally jumped the shark with Windows 10 - but jumping sharks seems to be in their DNA now! Next come Windows 11 and then AI this and that and now this.This is so stupid. People, you need a reason to leave Windows ... here it is. Microsoft has run out of actual ideas. They jumped megalodon with this one!
I'm OK (Score:2)
As long as there's an OFF switch ...
Re: (Score:2)
As long as there's an OFF switch ...
My problem is the number of OFF switches needed. I have a list I use for when I setup Windows machines at work. Bypass to avoid the MS account. Software to remove. Things to turn off. Notification settings to change. Updates to run. Remove onedrive again. Now this crap. What next?
Re:I'm OK (Score:4, Interesting)
And when those off switches suddenly turn on again at some update whim. Or when the switches change meaning. Or when you have to reinstall. Or when the data you are concerned about is yours on someone else's machine and they don't have it off.
I am baffled that people continue to put up with this never-ending "attack."
Re: (Score:1)
Yeah, there's an off switch. Might not be connected to anything, but it's there!
Yet another feature that only serves Microsoft... (Score:5, Insightful)
Like so much that has been done in Windows in the last 10 years, this primarily serves Microsoft. Users be damned. There is nothing more sure to compromise users' security than a company like Microsoft promising that it won't compromise users' security. Given that they have been in quality free fall for some years now, there is no scenario where this Recall feature is not a disaster for users.
Re: (Score:2)
I actually do want this feature. Windows search has sucked forever. Maybe this will finally fix this.
Microsoft already knows everything I type and everything I click, so I'm not sure how this takes anything away from the privacy I already don't have.
Re: (Score:2)
Wow. If you had any credibility left, it's long gone now...
Re: Yet another feature that only serves Microsoft (Score:2)
But let's not pretend that you've ever had any.
unethical programmers (Score:3)
I really do not give a fuck about your reasons, you created this piece of shit, you are responsible for creation a serious privacy and security violation.
You should have resigned over implementing this.
Re: (Score:1)
Who are you yelling at? Do you ... do you think that someone that matters will read your post? Do you think they'll be swayed by your expression of outrage? Do you think they don't know about the very obvious security and privacy issues?
This reminds me of part of the J6 footage. There's a guy who picks up a phone and pretends to call congress. He aggressively yells into the phone, even making hand gestures for some reason, as though he expected that Congress would listen and obey if he was loud enough,
I'm so glad... (Score:2)
Glad, that is, that I switched to Linux circa 15 years ago and no longer have to put up with this shit.
I can just imagine how well this is going to go over in the enterprise. There are many cases where this kind of data capture is simply unacceptable, and for all I know possibly even illegal. Will Microsoft allow IT departments to disable this anti-feature? Will they charge for the 'privilege'?
Then there's the extra processor load. My wife's work laptop - a capable and well-provisioned Lenovo - already grin
Re: (Score:1)
Literal heads in sand. (Score:4, Interesting)
Reporter says:
There might be this reaction from some people that this is pretty creppy.
Nadella
Yeah. I mean that's why that you can only do it on the edge. This is my computer. This is my Recall. And it's all being done locally.
Nadella thinking we were all born yesterday. Yeah, it's all local, UNTIL IT ISN'T. Just like Google was do no evil, UNTIL IT WASN'T. And Twitter is an open API, UNTIL IT WASN'T. And Reddit was all about user comments and not using that for AI, UNTIL IT WASN'T.
Look. There's always these pie in the sky promises to "not do whatever bad thing" until all those promises disappear.
Nadella have you not existed for the last two fucking decades?
This why even the guy who fucking write the anti-cheat for games is saying we've got to get off fucking Windows like yesterday. [x.com] And a lot of the Linux community doesn't what that shit. And that guy knows the Linux community doesn't want him. But he's seeing the writing on the fucking wall here. If Nadella is this fucking blind to the obvious and trying to hock this shit and convince folks "oh we'll never be THAT evil" and think they're going to fall for it yet again. Hang it up, Nadella is looking to full steam the ship into Gibraltar at this rate.
Like whatever crazy shit is going on at Microsoft that makes them think their OS is going to do this shit and consumers be cool with it. I don't know if they're bleeding money like a motherfucker or I should stop by to pick up some of the shit they're smoking. But whatever it is, holy shit, everyone deserves to be really questioning how viable Windows is years from now. Because this is some crazy ass talking Nadella is throwing down here. Like sane people don't make these kinds of arguments. People who are backs to the wall or lost complete touch with reality make these arguments.
All you Windows folks, I hope y'all like your paid for spyware, that's all I've got to say.
Optimism kills secure, competitent programming. (Score:4, Interesting)
Nadella's comment is a clear example of whats wrong with modern feature creep not only at Microsoft, but just about every major software company these days. There's no boss anymore like Bill Gates telling programmers that their feature idea is the "Stupidest fucking thing he's ever heard" and instead of features getting scrutinized, more stupid, useless features get shoved in as the product swirls down the toilet.
I swear no one thinks features can be exploited for harm anymore because its' stored locally and encrypted until the obvious happens and they realize that yes, the laws of computer stupidity [slashdot.org] are real and 99% of computer users do not know what they are doing and run stupid things on their PC bypassing encryption (since you need access to your data to read it and if you can access it, so can the virus) and safeguards (because screw you I'm a virus! I do what I want!) and get hacked or exploited. I can guarantee that Scam Call Centers and Spammers will have a field day convincing old people using Quick Assist (which is an actually useful feature that I'm sure MS is going to screw up or remove trying to stop scammers) that they recorded every private thing they did, and it will cost a small bitcoin or two to keep it from being sent to everyone they know.
I'm convinced all modern UI and Program designers work like this now:
1) Add useless feature or design element because if someone tells them no it hurts their fragile ego and/or feelings.
2) Watch feature get hacked, exploited or hated.
3) Shit Pants in disbelief that Feature got hacked, exploited or hated.
4) Release New Revision of Feature that fixes current hack, exploit or hate
5) Watch feature get hacked, exploited or hated in a different way.
6) Shit Pants again.
7) Repeat step 4, never realizing that the useless feature or design element was indeed useless.
It'll be hilarious a few years from now when I reference this post and illustrate what step MS is on when it comes to this feature. That is, if it gets implemented.
Simple solution (Score:3)
Dump Windows.
Re: (Score:3)
>"Simple solution. Dump Windows."
Simple for you. Simple for me, I haven't used MS-Windows in decades, on anything. Simple for others who have control over their equipment and are willing.
Not so simple for others who are tied into it by their employer or due to some application they MUST run that isn't available for Linux/whatever, especially if no suitable alternative exists.
As for the latter, if there is motivation, things will get ported. But that takes consumers willing to DO something- complaining
GenAI 1.0? (Score:2)
The arms race for features and billion dollar infra spend is reminiscent to me of web 1.0. Things like security and actual customer utility are taking a back seat to releasing quickly and licking all the cookies. A big difference from web 1.0, though, is that it's not a bunch of wacky startups but like 5 giant corporations.
Specific to Windows Recall, it seems like they didn't do thorough threat modeling prior to release. Domestic abuse, government surveillance, identity theft, and credit card fraud are jus
Not the recall ... (Score:2)
"Bring your Windows system back to the point of sale and receive a copy of DOS 3.11."
Re: (Score:2)
Yeah, drop the MS crap, only to replace it with their older crap... A winning strategy for sure.
What does the NSA think? (Score:2)
Given the recent public outrage [arstechnica.com] over Microsoft utterly broken security, maybe it's time for the federal government to switch as much computing as possible to Linux.
Yes, I know that the blow-back was about the Azure cloud, but even so the way Microsoft sucks up information and sends it back to the mothership mea
Re: (Score:2)
Re: (Score:1)
There's no conceivable outcome where Microsoft wouldn't just trick them into installing their spyware on Linux too.
Buy more storage (Score:5, Informative)
"The principle is simple. Windows takes a snapshot of a user's active screen every few seconds and dumps it to disk."
Way to eat up my disk space, you fuckers.
So an elaborate scheme to enforce Edge? (Score:2)
Yep, makes sense. Only MS would do something this stupid.
Demanding ownership of everything (Score:3)
A searchable record of everything ever done on your computer: That's great for work, possibly but it doesn't take long to see the bad side. Your computer never forgets your browser history, never forgets your rants of outrage, even when a moment of lucidity resulted in their deletion. But the real problem is copyright: When using a web-browser, Microsoft is taking a photo of a third-party's property and using it without a license.
Turning Windows into an advertising platform is causing outrage, so Microsoft needs a new way to create daily revenue: Microsoft is doubling-down on "All your browser-histories are belong to us." History that can be sold to others, such as the government.
This is like shops selling shovels demanding a share of what-ever you shovel. It's been in EULA contracts for years: There's a limit to the "all your data are belong to us" clauses but photographing everything, is also demanding ownership of everything. I doubt that subscription-based services like Adobe and VMware want the (photos of) files created by their services, to become the property of Microsoft.
You're right Mozilla and... (Score:2)
Apple, Google and Microsoft are walled gardens! (Score:2)
I like the idea, but can't trust the implementor (Score:2)
There a thing that happens to me constantly. I read something on the internet or watch it in a youtube video and then a few days later something related comes up in conversation and then I try to remember where on earth I saw that thing but search engines are useless nowadays and image/video content isn't properly searchable anyway. Having something that's screen grabbing and indexing everything I'm doing would scratch that particular itch, but since it's microsoft I just assume it's going to cause all my d
free alternative (Score:1)
It's one of those features (Score:2)
It's one of those features. You know the kind of feature that's useful but also has a dark side. Like how AirTags and such can be used to help find lost items, or to stalk people. Or how guns can be used to catch food, or kill people.
I mean, there are times I do wish for a feature like this - plenty of times I've gone and said "I recall reading about X, but I can't figure out how to get it back again" and no amount of history searching or other things will let me remember it. I might stumble around and figu
The concerns are overblown (Score:1)