Is the New 'Recall' Feature in Windows a Security and Privacy Nightmare? (thecyberexpress.com) 140
Slashdot reader storagedude shares a provocative post from the cybersecurity news blog of Cyble Inc. (a Ycombinator-backed company promising "AI-powered actionable threat intelligence").
The post delves into concerns that the new "Recall" feature planned for Windows (on upcoming Copilot+ PCs) is "a security and privacy nightmare." Copilot Recall will be enabled by default and will capture frequent screenshots, or "snapshots," of a user's activity and store them in a local database tied to the user account. The potential for exposure of personal and sensitive data through the new feature has alarmed security and privacy advocates and even sparked a UK inquiry into the issue. In a long Mastodon thread on the new feature, Windows security researcher Kevin Beaumont wrote, "I'm not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC."
In a blog post on Recall security and privacy, Microsoft said that processing and storage are done only on the local device and encrypted, but even Microsoft's own explanations raise concerns: "Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry." Security and privacy advocates take issue with assertions that the data is stored securely on the local device. If someone has a user's password or if a court orders that data be turned over for legal or law enforcement purposes, the amount of data exposed could be much greater with Recall than would otherwise be exposed... And hackers, malware and infostealers will have access to vastly more data than they would without Recall.
Beaumont said the screenshots are stored in a SQLite database, "and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.... Recall enables threat actors to automate scraping everything you've ever looked at within seconds."
Beaumont's LinkedIn profile and blog say that starting in 2020 he worked at Microsoft for nearly a year as a senior threat intelligence analyst. And now Beaumont's Mastodon post is also raising other concerns (according to Cyble's blog post):
The post delves into concerns that the new "Recall" feature planned for Windows (on upcoming Copilot+ PCs) is "a security and privacy nightmare." Copilot Recall will be enabled by default and will capture frequent screenshots, or "snapshots," of a user's activity and store them in a local database tied to the user account. The potential for exposure of personal and sensitive data through the new feature has alarmed security and privacy advocates and even sparked a UK inquiry into the issue. In a long Mastodon thread on the new feature, Windows security researcher Kevin Beaumont wrote, "I'm not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC."
In a blog post on Recall security and privacy, Microsoft said that processing and storage are done only on the local device and encrypted, but even Microsoft's own explanations raise concerns: "Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry." Security and privacy advocates take issue with assertions that the data is stored securely on the local device. If someone has a user's password or if a court orders that data be turned over for legal or law enforcement purposes, the amount of data exposed could be much greater with Recall than would otherwise be exposed... And hackers, malware and infostealers will have access to vastly more data than they would without Recall.
Beaumont said the screenshots are stored in a SQLite database, "and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.... Recall enables threat actors to automate scraping everything you've ever looked at within seconds."
Beaumont's LinkedIn profile and blog say that starting in 2020 he worked at Microsoft for nearly a year as a senior threat intelligence analyst. And now Beaumont's Mastodon post is also raising other concerns (according to Cyble's blog post):
- "Sensitive data deleted by users will still be saved in Recall screenshots... 'If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.'"
- "Beaumont also questioned Microsoft's assertion that all this is done locally."
The blog post also notes that Leslie Carhart, Director of Incident Response at Dragos, had this reaction to Beaumont's post. "The outrage and disbelief are warranted."
Yes. (Score:5, Informative)
Re:Yes. (Score:5, Insightful)
It's the exception that proves Betteridge's law.
And inefficient... (Score:2)
Instead of creating an underlying data store that all programs could and would want to use, let's pretend we can understand one way the programs talk with users and extract information from it.
No, this is not a privacy issue (by stealing anything you can see). No this is not a security issue (by copying visible information that might have been segregated in other ways like by VM).
It's a feature!
Re: And inefficient... (Score:5, Insightful)
I've been in IT since the 1970's, and this is the biggest wtf by far.
I'd rather have a mandatory goatse wallpaper than this feature .
But speaking as a BOFH, I know who does want this for the other people, and that is corporate management. The kind that requires people to have monitoring software and webcams on the computer.
Re: (Score:2)
I'd rather have a mandatory goatse wallpaper
Shit, I feel old remembering accidentally stumbling upon Goatse back in the dayt.
Re: (Score:2)
Most people forget that ever since win10, you already gave all your passwords and such to Microsoft. And only morons like myself protested by not downgrading to it, while everyone else moaned for a bit and then accepted it.
Congratulations, you're getting even more of the shaft in your rectum. What, you kept believing they wouldn't go deeper when they said "just the tip" and then shoved it half way in?
Re: And inefficient... (Score:4, Insightful)
ITs the first part of their increased scamming of people to milk more money out of them.
This all started when Microsoft decided to sell us fixes to their shitty OS by forcing us to buy the next iteration. Want Windows Vista fixed? Buy 7... want Windows 8 fixed, buy 10.... same shit different style.
Re: (Score:2)
Pretty sure that's not it and they just want to slowly ease people into the brave new world where all your data is accessible to them.
Re: (Score:2)
Re: (Score:2)
I really, REALLY wish Linux people would get their shit together and make a competitive distro for desktop. Instead of the shit show that is countless distros that have questionable interoperability with each other, much less popular windows software.
Not to mention the troubleshooting needs. If I want to go back to windows 95 era of having to do a lot of things in command line, I'll just get that.
Re: (Score:2)
I find it's more of an application accessibility issue then anything else. Been on Linux exclusively for about 5 years and my only "issue" is really certain programs written for Windows don't work. Well, gee, of course they don't, they weren't compiled for linux.
With that said, it's getting a lot better but it's also the exact same problem I'd have if I went Apple.
The platform doesn't really matter so long as the software you want to run is available. A lot of business software is very much windows only. Ma
Re: (Score:2)
You're probably at least partly right.
But it really doesn't help that a lot of functionality on linux still requires command line. It works fine for experienced admins who have to do that shit for a living. Your typical home power user that is stuck on windows and would love to move to something that doesn't need to be castrated to not be out of box malware and spyware would love an OS that's good enough at emulating his/her favourite software, while being fully configurable and troubleshootable through men
Re: (Score:2)
I've been "playing" with Linux for a decade or more prior to actually using it as my full time, exclusive OS. These days, I almost never NEED to use the commandline to get things done. Sure, I do because it's usually faster to find and edit a config file but I'm not usually doing that. The system just works.
Day to day operations literally is just clicking icons on the desktop to launch programs. That's no different on Windows, Mac, IOS or Android.
The #1 thing that piqued my interest in Linux was in fact the
Re:Yes. (Score:4, Informative)
How could it not be? Next question.
Because you're running Windows. You have neither security or privacy left to destroy.
Re: (Score:2)
Because you're running Windows. You have neither security or privacy left to destroy.
Says person unironically whilst using social media.....
Re: (Score:3)
Yes, some person or bot called Computershack might know what some person or bot called thegarbz thinks about security! OH THE INSECURE HUMANITY!11!1!!
Re: (Score:2)
I would hardly consider Slashdot to be any form of "social media".....
Re:Yes. (Score:4, Funny)
Politicians have been denouncing it for decades -- "I don't Recall"
Re: (Score:2)
Here's the next question.
Is it *more* invasive than Windows already has been? Your every move has been tracked for years already. What specifically is worse about this Recall feature? Help me understand!
Re:Yes. (Score:5, Insightful)
By default, yes, but in reality, no.
Edge marketshare is puny. OK, Chrome, you say.... well Google is tracking you now. OK-- Firefox!!! If you use enough plugins on Windows, yes; most plugins are disabled on Firefox on Android. Don't get me started about Apple.
But let's say you disabled telemetry and for added assurance, downloaded readily-available hosts files with the DNS names and IPv4 and 6 addresses where MS tracks you.
Well, yes, you can effectively turn off Windows tracking and the apps and machine work-- unless you made the mistake of using Microsoft apps, including games.
Empirically, Recall is even worse, and there is your misunderstanding,You have other choices; some of us must put nose clips on our nose and use Win11/10. But we'll be damned if we're going to wittingly feed our assets-- our data! to Microsoft, Google, whomever we choose to deny it. It's OUR information.
Re: (Score:2)
There is much truth in what you say, a sort of anarchist's approach to the malaise of bloated tech. The Powers That Be have no real interest in stopping it, because they use it all themselves.
I's like Spy vs Spy in Mad Magazine, but with data transports and highway robbery thrown in for props.
My worry is that AI is a gateway drug. Once you're hooked, you won't think on your own. Then you'll start goose-stepping to the new new rhythm. Cue various apocalyptic and/or dystopian outcomes.
When the offshores becom
Re: (Score:2)
There have long been alternatives to TCP/etc build out. Nothing new there. Some are fast, some are genuinely goofy.
Nonetheless, where the scope of reference is Windows, it's true you can't get much telemetry theft without TCP or 802.2 or x.25.
The rest of the world is largely cut off from you, that being L2-4 of *their* connectivity. You need not be an island; there are ways of using TCP without getting "dirty". Sadly, it does require a bit of work and knowledge of DNS, TCP/IP, and some of the innards of rou
Re:Yes. (Score:5, Interesting)
> What specifically is worse about this Recall feature?
https://en.wikipedia.org/wiki/... [wikipedia.org]
When you have a local database of everything you have looked at, including secret project work (I have worked in secret IT, government etc, they use windows and I had to ADMIN them and consider the security) that becomes a new attack surface.
As an admin who must think about security threats, simply this code existing as a standard part of windows is insane. We would usually want something taking regulat screenshots to be blocked from doing so, detected as a virus and the machine automatically isolated from all network connections.
This feature better be fully controllable by pro and enterprise as it is a true treasure trove for anything that installs itself onto the machine and can lift the encrypted database for cracking attempts. We all know that there will be flaws and bugs, so malicious code may simply be able to hijack the correct rights and gain access legit!
For home users, using lower versions of windows this might be a useful feature, but employees on enterprise and pro installs must have this UNINSTALLED by default. I dont want any part of the code to be in the filesystem. Windows is full of uneeded crap already, I have servers that have Xbox crap installed I mean WTF.
Anyway, do you remember the security advice about never taking a photo that incluses a shot of your credit card, say in the open on the table? Well, there was malware able to lift your card details from such photos, installed on your phone when you sideloaded a game or... installed a valid game/app from the app store that had been hijacked. Now your PC is automatically screenshotting your card numbers.
The problem is invisible to those who think security is possible. The fact is. IT ISNT. Security isnt possible, we dont have the OS' or the hardware architectures to make security possible so all we do, to "have security" is to patch bugs when they are found. YOu dont have security unless it's been patched and it only gets patched wen nice, kind people, the right people find it.
The best security of all is to not have access to random code thrown at you by compromised websites. That means to be offline, all the time. To install the OS from read only media confirmed to have a known good copy of the OS code (which could have been compromised before the media was made), like from good old read only CD-ROM etc or read only flash media manufactured as such.
But that offline system would only be usefull for offline purposes.
Once you plug anything into the net, Yeeehaww, you are in the wild west.
So it's better to remove unwanted code and features, stop or even uninstall unneeded services that you don use. This reduces the attacj surface, it wont save you but it will make you a harder target.
This new featre is a golden goose laying golden eggs for anyone who can lift the data... Even though "you can turn it off", it could be turned on again by the attacker. Why do you have a webcam privacy sheild? Because of just that, webcams are turned back on, the little light made not to light, and snappy snappy.
Iphone cracks sell for loads-a-money on the dark web... There wil be loads of cracking going on with this feature.
Do you get it now?
PC Decrappifier (Score:2)
Re: (Score:2)
Re: (Score:3)
The default settings are to use 25 GB, so, never?
Re: (Score:2)
CCTV does this all the time.
A 1fps video takes up barely any room.
A png screenshot of by dual monitors = 540KiB
271,056,869KiB / 540 = 501,957 seconds = 139 hours = 5.7 days
However, seems like the service is limited to using 25GiB so it deleted the oldest stuff which assuming the file size is 540KiB and nothing smaller, gives this feature a 13 hour memory.
Re: (Score:2)
Microsoft will probably back this up for you in their cloud and will give this feature more hours of screen time. It will be sold as a "feature" and premium tiers will exist. Personally it sounds like a horrible idea for all the reasons people have already mentioned.
But if you run Windows, you don't really own your own data or privacy and you never really had security so this seems par for the course.
I do know this in businesses... (Score:5, Interesting)
I do know that in businesses, this will be a bonanza for attorneys seeking motions of discovery. It will be at beast a headache, at worst pure hell for sysadmins.
Then toss in data exfiltration issues, if, as mentioned, this data does go outside of the PC or network.
Re:I do know this in businesses... (Score:5, Interesting)
It will be at beast a headache, at worst pure hell for sysadmins.
I imagine this can be readily disabled via Group Policy*. I'm frankly more worried about data theft from home users.
*Although I won't be surprised when we start hearing stories about remote threat actors socially engineering their way into critical networks and quietly re-enabling this feature, then using the snapshots to steal sensitive data.
But users may revolt, too... (Score:2)
Even if it likely can be disabled company wide... I'll bet users will get used to it at home, and then start to require it at work. With enough pressure and lack of publicly reported issues, IT may have to support something they know is a terrible idea.
Wonder what could be done to narrow the problems? Like switching to a whitelist instead of blacklist, or scheduling/flagging time as work versus otherwise (only record 9-5, or when active meetings are happening from calendar, or 'calls' to business contact
Re:But users may revolt, too... (Score:5, Interesting)
Corps already do surveillance on their users for legal reasons. They will either control the surveillance or they will block it.
Re:But users may revolt, too... (Score:5, Interesting)
MS has not a great track record for stuff getting disabled and staying disabled. Telemetry, disabling apps, disabling upgrade paths, adding hurdles to using another browser other than Edge... even if a GPO does happen, it may not get applied.
What is needed is for this feature to just go away. Can you imagine the hell of a legal hold? As a sysadmin, I'd have to pull machines from users, undo BitLocker, so forensics guys can attach a write blocker and make a forensic image for the opposing side.
Even without the legal issues, this is a gold mine for attackers who are looking to exfiltrate data. Even if files are erased and browser history is cleaned, this would allow a bad guy to find anything the user worked on.
MS just needs to kill this, just like they did with Private Folders. If they can't kill it, they need to do have a "permanently disable" option, where even on reinstall where Windows runs a PC serial number check, it would block Recall from being installed or enabled.
This is something that can get businesses to move to Red Hat for their desktops... or even Macs, because Macs with a solid MDM can be well managed, and even if someone reinstalls them, the Mac can be blocked from reactivating.
Re: (Score:3)
Go ahead and require it, peons. The BOFH has the final word here, and he says NO! All sensitive documents must be stored on the corporate file server on pain of instant dismissal for cause, and the file server doesn't run Windows.
Re: (Score:3)
> With enough pressure and lack of publicly reported issues, IT may have to support something they know is a terrible idea.
IT departments need to grow backbones in this day and age. Where I work security is more important than anything so we simply say NO. Users can’t even plug in wireless mice and keyboards, they are banned.
Where I used to work (a pub company) it was very different. IT was seen as a bunch of computer people who should work to make IT work for the user. I once had an argument wi
Re: (Score:2)
And the editor can be installed by the user I believe - though certainly most won't.
Even when users sign away all rights? (Score:2)
Maybe a government (the EU?) has protections like how they struck down 'non-competes' in the US recently. But hasn't the EULA has always been the solution for software when it comes to legal issues. To force arbitration in secret, and to take what they can. Or do what they can get away with until caught.
Hide the problems in deep legalese, and force users to agree before they can do even basic work. We've been indoctrinated to click 'I agree' for decades now (assuming people are that old).
Wish AI was poi
Re: (Score:3)
Re:I do know this in businesses... (Score:4, Interesting)
if, as mentioned, this data does go outside of the PC or network
This isn't even an "IF". It will. And for all the folks affected they'll get a $5 gift certificate to Dunkin Doughnuts, but only AFTER all the data leaking has become public knowledge. Because we don't live in a society that wants to act smart, they want to make buck and then when they've destroyed way too much in the process, they'll just tell everyone they're very sorry they were caught. This will absolutely get exploited and massive amounts of data will be flying out of people's computer at alarming rates.
There are zero other ways this is going to go down. This will absolutely be a privacy nightmare in the near future.
If it worries you (Score:5, Informative)
If it worries you (AND IT SHOULD) switch to a different operating system. You have a so-so alternative, Apple, or an excellent alternative, Linux. The so-so alternative unfortunately will be an easier switch. Stop bitching and start switching.
Re:If it worries you (Score:4, Insightful)
Don't forget about *BSD, Haiku, and ReactOS.
Re:If it worries you (Score:4, Insightful)
Of those only a *BSD is vaguely realistic for day to day work, and even then you're electing for a whole bunch more hassle doing stuff that works easily on Linux.
Is 2025 the year of Linux on the Desktop? Microsoft seems to be doing all they can to make it so.
Re: (Score:3)
Apple will do it too, because it's a pretty good idea. It will also be local and suddenly everyone will clap.
Re: (Score:2)
And systemd too, right after Apple.
Re: (Score:2)
Then how do I run Altium Designer, TurboCAD, Solidworks, Simtrix, TinaTI, PSOC Creator and the list goes on and on.
Re: (Score:2)
You don't. You and others that use the software need to make requests to the companies to start looking into Linux, or other alternate OS, versions. State the obvious to them, trust in Microsoft has eroded.
Re: (Score:2)
Clean out your current Windows drive, fill it with nulls for compressibility, and make a copy of your disk. Install Linux and use your disk image to build a VM to run those things, maybe just during your workday.
I haven't done this yet, so I don't know what problems you might run into. Maybe using a VM has too much performance cost for those heavy applications.
Re: (Score:3)
Most users can’t/wont switch due to the fact that they are used to windows.
They either moan about how unusable Linux is (I started on 2000 or just before and trust me, I found it pretty usable back then (once set-up and installed) so I can’t tell why they have a problem today).
They always complain on reddit that X or Y doesn’t run or work. The drivers for A or B are not there etc. One guy thought that editing /etc/fstab was too much.
Thing is, if they just stick to it, all that goes away.
Re: (Score:2)
I'd argue that outside of nerdom, those normal people expect the computer to be an appliance. Like a toaster or a tv.
Most people seem to be perfectly content with the hell they know then some unknown, even if that unknown has the potential to be so much better.
Would you hire NAMBLA to run your daycare? (Score:5, Insightful)
Putting this in another prospective, would you hire NAMBLA or a pedophile to run your daycare? Even if nothing bad happened, you still made a decision so dangerous, that you have no defence. Running Windows is like hiring those people, and proving safety is easy, they just refuse to do it.
Open the OS completely, get it third party independently audited, provide build / feature keys, and the logs to every interaction. Making this problem worse, this feature is on by default, not off, and even if it's entire isolated and safe, Microsoft's track record is terrible, so the faith this is safe is non-existent. This feature is a big enough issue, that no competent tech person can run Windows, it's over, it's dead, Microsoft hired the pedophile.
Re: (Score:2)
This feature is stupid on a new level of overdrive, never seen before. Microsoft can claim what ever they want, but the OS is closed, and we know they have abusive privacy practices.
So on this basis why is Recall a stupid feature? No seriously you've already said you have no privacy running their OS. Why choose this specific hill to die on? All your base are belong to them already, so you may as well run the privacy destroying feature since you don't have privacy in the first place.
Re: (Score:3)
Those same people refuse to use professional operating systems, because they think they're experts, but in realit
Re: (Score:2)
Windows till take a picture for anyone to use, abuse, and violate
This is my point. Microsoft says it doesn't. If you believe Microsoft you're safe. If you don't believe Microsoft then why do you think people can't already abuse and violate what is on your screen? Precisely what do you know about "telemetry" being sent to Microsoft? You don't trust what they tell you about Recall, so why trust them about Windows?
Re: (Score:2)
Maybe this is safe, b
Re: (Score:2)
Because, as the summary says, it will store secret data that is currently not stored.
Re: (Score:2)
The summary falls under the same trap. Either they trust Microsoft in the way this data is stored (encrypted and locally accessible only to the logged in user), or they don't trust Microsoft and therefore have zero basis to say that data isn't currently stored.
It's like having a killer in your house threatening to murder you holding a gun, but you being afraid that he *may* have a knife. You've already lost the privacy game by running an OS from someone you don't trust.
Re: (Score:2)
I see where you're coming from but that's an extreme hypothetical.
-knowing- all your data is stored in a database is different than -maybe- they're storing it behind my back. And maybe they're not.
There are degrees of risk. It isn't a zero vs 100 game.
Re:Would you hire NAMBLA to run your daycare? (Score:4, Informative)
encrypted and locally accessible only to all system processes and any process running by the logged in user
FTFY.
I'm not sure I want that extra attack vector available.
Re: (Score:3)
I find that argument... weak... and unconvincing. I personally liked it better before getting raped.
Ok seriously here's 1 good reason. They need to make data to feed to their AI's. As ludicrous as that sounds. The data you "generate" becomes monetizable. They won't stop.
Re: (Score:2)
What are the supposed benefits of this software, anyway? All I can think of are all the ways this could go wrong. How does taking screenshots of my computer every few seconds and making that searchable possibly empower the user?
I could see if this was strictly something for businesses to use to keep tabs on their workers. It's a benefit to management.
A home user though, how would they find usefulness out of this shit?
Furthermore, MS search isn't anything to write home about. Will searching of this new datab
What if that part was open source/swappable? (Score:2)
I hadn't even considered it until reading the first bit of your post, but what if Microsoft made the interpreter (or whatever tries to extract data from the visuals) an option. Like the browser.
Sure they can make it hard to change away, but if it's really that important then maybe the government can/will force them to allow competition there too. And people could choose an open source, likely worse in some ways, alternative. Guess you need to suggest it to the EU and maybe they can tweak a law in a few y
Re: (Score:2)
I'd say just turn it off (Score:5, Insightful)
Re:I'd say just turn it off (Score:4, Insightful)
Remember that torrent of some application or game you downloaded last night? Yeah, it contained malware. Now this Windows feature is enabled again with no way to disable it and once in a while all those screenshots are uploaded behind your back to some server on the internet which is ran by a ransomware gang or some sicko looking to harass you.
YOU will probably not be stupid enough to get into such situations, but there are hordes of idiots out there who are.
Re: (Score:2)
No, most of them really are idiots. You can explain this shit to them with crayons and they still won't care or see the problem. That makes them idiots.
Re: (Score:2)
Problem solved. BUT Microsoft has a history of turning stuff back on (updates, whatever). This is just a nightmare all the way around.
So you don't trust Microsoft with a setting, why is recall a privacy problem? You shouldn't be running their OS period if you don't trust them. You haven't vetted windows. That would be impossible.
Re: I'd say just turn it off (Score:2)
Re:I'd say just turn it off (Score:5, Insightful)
Citizen. You have turned off your Windows recall. This is prima facie evidence that you have something to hide.
Only Inner Party members may turn off their telescreens.
Obviously (Score:5, Insightful)
One of the fundamental principles of the GDPR is "Datensparsamkeit", i.e. do not collect data unless you have to. The "recall" violates this on steroids. With it, an attacker gets everything, including habits, friends, pictures, political leanings, religious and philosophical views, porn-habits, etc. And, worst of all, it is enabled by default, so a lot of people will not even know that there now is a creep in their PC that watches everything.
Remember those extortion emails where some asshole claims to have watched you via webcam and you better pay him now? Apparently, Microsoft thinks this guy is not making enough money and needs some help.
The only good thing is that such a software is illegal to be active by default in the EU.
Re: (Score:2)
They'll argue it's fine because they're not collecting it, it's still on your hard drive, like a log file or something
Re: (Score:2)
Well, I doubt that. A default-on recording feature runs afoul of more things than just the GDPR. But let's wait and find out.
"Questioned Microsoft" (Score:5, Insightful)
If you have questioned Microsoft you have already lost. You are running their OS, one that is widely known to transmit all sorts of untold data to them, which they can modify code at a whim, which you most certainly don't know how it works. If you don't trust Microsoft, you shouldn't be running their OS. If you do trust Microsoft, why question?
The mental gymnastics people are going to about Recall as if *THIS THING* is suddenly the problem is insane. If you consider this a problem you shouldn't be touching Windows with a 10ft pole anyway. Recall isn't the issue here, we're not talking about trusting code, we're talking about trusting a company. All or nothing is the correct approach to take.
Re: (Score:2)
The mental gymnastics people are going to about Recall as if *THIS THING* is suddenly the problem is insane. If you consider this a problem you shouldn't be touching Windows with a 10ft pole anyway. Recall isn't the issue here, we're not talking about trusting code, we're talking about trusting a company. All or nothing is the correct approach to take.
What is even funnier is they bang on about privacy whilst posting on a social media platform that tracks you.
Internet Security (Score:3)
Bill Gates the Terrorist (Score:2)
So after trying to engineer the next population-reducing pandemic and trying to eliminate agriculture, Bill Gates is _ALSO_ trying to turn every PC into government spyware. I'm especially glad now that we never "upgraded" to Windoze 11.
And now that I've stopped playing World of Warcraft, there is no longer anything holding me to Microsoft, so I can switch to Linux. Perhaps not "with ease", but it'll be possible.
Re: (Score:2)
Re: (Score:3)
Bill Gates has not had any role in Microsoft in the last 10 years
WOMP WOMP [businessinsider.com]
Re: (Score:2)
Re: Bill Gates the Terrorist (Score:2)
I'm sure there are lots of services that can read it to you if you need help with the big words.
Re: (Score:2)
Bill Gates has no position at all in Microsoft
He has not been in charge for more than 10 years now
Is Recall a security and privacy nightmare? (Score:2)
>
And the ability of which to send the contents back to the mother-ship can be secretly enabled anytime.
Where are the hackers when you need them (Score:3)
I'd bet that Cupertino are already working on breaking into this tool, even if (especially if!) Redmond claim it is impossible or useless. It may be their "black-ops" department ... so, Tel-Aviv? not Cupertino ... instead of undeniable assets. But they're doing it, I bet.
Will Microsoft enable it on their corp computers? (Score:4, Interesting)
Re: (Score:2)
Sure, why not. It's management spyware. It's not meant to benefit the user in any way I can see.
Re: (Score:2)
Even if privacy/security wasn't an issue.... (Score:3)
What is the purpose of this 'feature' anyway?
Ignoring all the obviously horrific doors it opens for a moment, what is the alleged benefit to the user?
I see none for my circumstances. Maybe in some high security military lab or bank or something they might want this in a super controlled no public net environment. But for anyone e else? Why?
I don't understand (Score:2)
How is this any more invasive than Windows already is? Pretty much everything you do is tracked already. Very certainly every website you visit is tracked, and that's most of what you do on a computer these days.
Serious question; What makes this any more invasive than what's been happening for years?
Re: (Score:2)
They have presumably not been collecting your image data regularly because that would have cost them money. That means they couldn't actually see what you were seeing, so the contents of e.g. zoom conferences were still your business — any meaning you chose to convey visually was yours alone. Now your system will be taking snapshots, and in order to meet Microsoft's current requirements for all of the functionality they "offer" you will have to have enough processing power lying around that those imag
Re: (Score:2)
Ah, I see. Well your company's IT department will no doubt have policies (including Group Policies) to make sure the contents of your Teams meetings don't leak.
Re: (Score:2)
Ah, I see. Well your company's IT department will no doubt have policies (including Group Policies) to make sure the contents of your Teams meetings don't leak.
My job requires broad access to the PII of millions of people including health-related data, most of which is displayed unobscured.
In a prior position I had full read access to all databases in a casino, as I was doing database reporting.
I'm quite sure that everything you do is that trivial, but some of us have a need for security.
Re: (Score:2)
My job requires broad access to the PII of millions of people including health-related data, most of which is displayed unobscured.
It sounds like your company's security practices are already compromised. No one person requires access to that many people's unobscured PII. One at a time, yes, if you are dealing with specific claims or patient calls. But broad-spectrum access, no. And I'm very familiar with the healthcare world, having managed the software team for multiple companies in that space. Security is often lax, to be sure. In that case, it's not Microsoft Recall that's the problem, it's your security policies and implementation
Re: (Score:2)
My job requires broad access to the PII of millions of people including health-related data, most of which is displayed unobscured.
You're saying that you have to millions of people's PII on the screen? Really?
I'm pretty sure that for anything that requires bulk access to PII or PHI, you don't need to display all of it on the screen. For example, if you're verifying a insurance claim submission, you can almost certainly do what you need to do with just the last 4 digits of the SSN, without revealing the whole number for each person. Same for just about any other PII you might "need" to display.
Now, if you need to drill down to a specifi
Re: I don't understand (Score:2)
I don't see millions of SSNs at once, but I do see multiple SSNs, and what's more, it is absolutely necessary as I am looking those people up in multiple databases in which that is the primary search criteria and having to click through additional pages would significantly increase the necessary effort.
Even if I were only seeing one at a time, however, a screenshot every three seconds would still capture ALL of them, so that's a really dumb point to try to raise.
People Don't Care (Score:2)
I forget the exact story, but there was this story a few years ago about a mother suing Ring because hackers had gotten into her account and were talking to her kid and stuff, watching them over the mics. It was a prank, but creepy.
But you read the details, and I think it was the third time something similar had happened. And she still hadn't just removed the damn cameras from her house.
Do you trust Microsoft? (Score:2)
Copilot and Recall are completely managed Device Side.
It would have been simpler for microsoft to roll it out "in their cloud" instead of insisting on a 40TOPS NPU on each machine, requirement that neither Intel nor AMD can reach.
So, the only way for your data to leave the machine (a machine with a TPM 2.0, SecureBoot and Bitlocker) is for either Microsoft exfiltrating it, or a hacker getting it.
So, the question is: Do you trust microsoft to not exfiltrate your copilot and Recall data?
Re: (Score:2)
Is this a trick question? As I recall we aren't allowed to know that that data Win10 and later constantly uploads form out private laptops to M$ is.
Reminds Me... (Score:2)
Utilities that "help" you by keeping copies of, or records about, stuff you do not want to have preserved (and without telling you).
OS's like MacOS and Windows have long been annoying about not actually deleting stuff you want to delete. The MacOS lets you "trash" stuff, but a separate action unsing a different part of the UI is needed to actually delete it so that it does not take up space and does not come back. Windows has copied stuff you are trying to get rid of, so that it has back-up of it (or someth
Affirmation (Score:2)
Affirmation that I made the right choice to punt on using Windows (or MacOS) for anything of consequence.
F them all.
We should all be following the dollars back to the advertising Voldemorts and just not do business with companies that are empowering that noise.
no real issue here. (Score:2)
Love the idea... (Score:2)
...and hate the implementation.
If I could actually have this, secured, in an OS not built around collecting my data and sharing it to pretty much the whole world...sure. For years I intentionally ran a local keylogger on my own system. Handy for look-back and various other things. But now that everything is internet-based *aaS so they can needlessly charge a monthly fee I've got zero interest in that level of data ever existing again.
From a business perspective this is DOA. Heck, it's beyond DOA - it wi