Windows Won't Take Screenshots of Everything You Do After All (theverge.com) 81
Microsoft says it's making its new Recall feature in Windows 11 that screenshots everything you do on your PC an opt-in feature and addressing various security concerns. From a report: The software giant first unveiled the Recall feature as part of its upcoming Copilot Plus PCs last month, but since then, privacy advocates and security experts have been warning that Recall could be a "disaster" for cybersecurity without changes. Thankfully, Microsoft has listened to the complaints and is making a number of changes before Copilot Plus PCs launch on June 18th. Microsoft had originally planned to turn Recall on by default, but the company now says it will offer the ability to disable the controversial AI-powered feature during the setup process of new Copilot Plus PCs. "If you don't proactively choose to turn it on, it will be off by default," says Windows chief Pavan Davuluri.
Weasel words (Score:5, Insightful)
Look, I know words are hard, but "offer the ability to disable" is not the same as "proactively choose to turn it on". If it's disabled by default in the installer (lol, yeah right) THEN it's a choice to turn it on.
Re:Weasel words (Score:5, Insightful)
Look, I know words are hard, but "offer the ability to disable" is not the same as "proactively choose to turn it on". If it's disabled by default in the installer (lol, yeah right) THEN it's a choice to turn it on.
I'll do you one better...add it to the list of Windows Features in the enable/disable list, along with .NET 3.5 and SMB 1.0.
It takes less than a minute to perform, and it's also undeniably opt-in. If it's really that good of a feature, then the green pastures of "how to enable Recall" tutorials will show up in less than a day, and everyone who wants in will take less than a minute of their lives to show clear, informed consent. ...but what'll likely happen is that MS is doing a disable-by-default for the initial deployment, but the 25H1 update to Windows 11 will have new functionality that will depend on Recall, and *will* be enabled by default, so Recall will just be a 'necessary dependency' that's a part of the new feature set.
I swear, Nadella is overpaid on the sole basis of how predictable the moves are.
Re: (Score:2)
"It's their product, they can do whatever they want" does not apply to monopolies, de jure or de facto.
uninstall, disable, enable, or never install (Score:2)
Spyware like these should have options to never be installed, be uninstalled, disabled, installed or enabled.
Each of these 'surveillance capitalism' and IT controls tools always seem to default to install and collect data by default.
My guess is this is the IT departments of 'large countries' will require it to be always enabled or remotely enabled by a local police office without a judge's signature.
"opt-in" (Score:2)
"opt-in" as the same way that colonoscopies are technically opt in?
With parallel catastrophic results for failure to do so?
But on the colonoscopy that's nature, while here it would be the engineered dependence upon the snapshots for "full functionality" of the other security features.
Re: (Score:2)
I swear, Nadella is overpaid on the sole basis of how predictable the moves are.
It sounds like if anyone should be replaced by AI, this would be a great start.
Re: (Score:3)
So, in other words, they'll probably keep pestering you to enable it after every major Windows update until you either comply or you find the Windows setting to disable that obnoxious "Let's finish setting things up for you" wizard.
People are getting pretty lazy about customizing Windows settings at this point, so they'll probably pull off a 90% compliance rate. Thanks, Microsoft, for continuing to provide the illusion of user choice.
Re: (Score:3)
Maybe. Or maybe in a "security update" they'll just sort of silently enable it "for your convenience".
Re: (Score:2)
Re: Weasel words (Score:2)
Re: (Score:2)
I've been thinking the same thing but thought I must be missing something. A screenshot every five seconds, at ... let's say 2 MB each adds up to 24 MB per minute, approximately 1.5 GB per hour, 36 GB per day ... Does it ever get deleted? Probably not. And that's not even including whatever searchable metadata they also want to store.
Re: Weasel words (Score:4, Interesting)
We really need some consumer friendly laws for what any OS should and should not have as default..
- no using bandwidth without user consent
- no tracking behavior without consent
- no ads
- no screen recording or keylogging
- ability to work completely offline if desired
- full user/admin control over update process
- full documentation over what the OS is doing when it decides to randomly thrash the hard drive or spike CPU/GPU usage
Anyway.. so basically Microsoft would be banned by law in my perfect world.
Re: (Score:2)
Ah, interesting. Obviously, it still needs to be completely off by default in Europe, no recording at all, or sales of MS Windows may well be outlawed completely. The GDPR is no joke and any type of data recording the user (even locally) is only permitted with informed consent and explicite permission.
Re: (Score:2)
If MS actually wanted to really give peace of mind, this should be binned like Private Folders, or by default be un-installable on Windows unless someone jumps through a number of hoops to enable it. At the minimum, a visit to the MS website and a manual download. This should never be something that is included with the OS, even as an option.
It also needs an explicit GPO entry to forbid it, where if it is present, it gets uninstalled, and all data from the Recall app erased with extreme prejudice, and thi
Window Update (Score:2)
Remove the god damned functionality, root and stem.
Re:Window Update (Score:5, Funny)
Opt-out by default is good... (Score:1)
But now it will be a target by trojans to turn it on. Whee. How about an entirely optionally installed component, MS? No? Thought not...
Re: (Score:2)
For definitions of "trojan" that amount to "the next big update that will change it to on."
And a lot fewer people will even notice that, including the "news" media.
In short, it's standard Microsoft practice:
1. Announce some change that nobody in their right mind would want.
2. Public is outraged, with pitchforks and torches.
3. Announce that, due to feedback, the new feature won't be on by default.
4. Public outrage dies down, everybody forgets.
5. Minor (but necessary, security) update coincidentally turns sai
Re: (Score:2)
I have to wonder whether the data will all still "helpfully" be quietly collected even when the feature is off, but just not accessible to you - so that, if you turn it on, it can "helpfully" let you access your past activity history.
Misleading title (Score:2)
But why? (Score:5, Insightful)
So what is the upside to this because I see zero upside and huge downsides?
Re: (Score:1, Redundant)
So what is the upside to this because I see zero upside and huge downsides?
"Hey Copilot, open that Excel file I was working on at lunch time last week."
"Hey Copilot, tell me how long I spent talking to Roger in Teams yesterday."
"Hey Copilot, e-mail Roger the Youtube link about the reunification of Germany I watched earlier today."
"Hey Copilot, list out all the people who attended the Zoom meeting last Tuesday."
Those are the sorts of AI requests that Recall is *supposed* to be able to handle. Whether 1.) people want them badly enough to justify using Recall, 2.) Recall delivers on
Re: (Score:3, Insightful)
"Hey Copilot, open that Excel file I was working on at lunch time last week."
"Hey Copilot, tell me how long I spent talking to Roger in Teams yesterday."
"Hey Copilot, e-mail Roger the Youtube link about the reunification of Germany I watched earlier today."
"Hey Copilot, list out all the people who attended the Zoom meeting last Tuesday."
...and not a single one is an example of something that would require a screenshot to answer.
Re: (Score:2)
And how else is it going to get the information? I mean, without requiring all the apps (including the non-MS ones) to log everything they're doing. About the only reasonable way to know what the user is doing (not just what apps they're running, but what they're doing in those apps) is to look over their shoulder and see what they see.
Copilot is designed to gather information without cooperation by the apps. If
Re: But why? (Score:2)
Re: (Score:2)
I have a gamer friend who uses Alexa for random numbers when he can't find his dice. :)
Re: (Score:1)
The point is that a lot of data that you (for different definitions of the user "you") may want to have access to text or images you were reading yesterday or two months ago. AI is now pretty good at exfiltrating text and images and being able to match it up against prompts: "Hey, was on a page last week and there was an image of a cat riding a bicycle, can you show it to me."
Many applications that download data from online have caches. Userland applications that open files from local store do not. But this
Re: (Score:2)
*analog hole for information
I'm actually quite surprised that apparently - from what I read - these images will not be encrypted on disk, but I assume you can probably ensure this stuff is on a bitlocked drive if it matters that much to you.
It's basically impossible that the developers at Microsoft who worked on this have thought about the implications, although the decision to have had it enabled by default in installs without user choice smacks of a marketing or product development department "getting the
Re: (Score:2)
*have not thought about the implications
Re: But why? (Score:2)
The bit locked drive is basically leaving the safe unlocked an hoping the deadbolt on the front door is 'good enough'. And most people will have those drives auto decrypted on log in. So anything running as the user, like a virus... still has access
Re:But why? (Score:4, Interesting)
The point is that a lot of data that you ... may want to have access to text or images you were reading yesterday or two months ago
But that's not even correct. It takes screenshots every 5 seconds. I often scroll past images, glance at emails, close chats, etc.. way faster than that. It may catch a lot, but it will certainly miss a lot as well.
"Hey, was on a page last week and there was an image of a cat riding a bicycle, can you show it to me."
Not found unless it happened to take it's periodic screenshot as you were scrolling past the bicycle cat.
Many applications that download data from online have caches. Userland applications that open files from local store do not.
In the first case, there is a filesystem write. In the latter, a filesystem access. In both cases, a filesystem hook would be far better suited to capture the access time and log that and either a copy of the file or the path to it and install an inotify-style trigger on the file (if it is deleted, stash a backup for recall to use later... if that sub-feature is enable).
IE: this could be implemented, in large part, by the IO layer in the kernel logging what's needed via a userland module. If done that way, every image you view online would end up in the recall DB with a timestamp, as well as every file you touch in any way, and that's just with a naive filesystem monitor.
I know you weren't arguing it was a good idea, but even these contrived examples have much better alternatives that don't require 17,280 screenshots a day.
Tangentially, I'm also curious about the disk usage estimates, but not enough to look it up cause I'm extremely unlikely to every come in contact with a system using Windows Recall.
My desktop is 5440x2560. A quick PNG screenshot is 3.7MB.
86400 seconds in a day / screenshot every 5 seconds = 17280 screenshots a day.
17280 * 3.7MB = 63,936MB/day = 63gb/day
I'm sure they're employing some deduplication and maybe different compression, and maybe expecting smaller screen sizes, but that's quite a lot. It's even more significant considering that everyone has moved to SSD's that are significantly smaller than the HDD's they were shipping in systems. Did W.D. and Seagate sponsor recall? lol
Re: But why? (Score:2)
Re: (Score:2)
Obviously because Microsoft wants to steal all your data to feed the magical AI, especially data that it is a crime for them to purposely copy.
Re: (Score:2)
It's not so much using a sledgehammer to crack a nut as a small nuclear warhead: in both cases the fallout is going to utterly dwarf the almost negligble benefit.
Re: (Score:2)
Re: (Score:2)
Re: But why? (Score:2)
Re: (Score:2)
Been baked in for decades. The only new part is forcing to home users and AI to analyze the images. Corp computers have had this for decades.
Please name the Windows component that has been there for decades that takes a screenshot of my computer every 5 seconds and records it.
Re: (Score:2)
This is basic corporate surveillance stuff. It exists.
Re: (Score:1)
The benefit is it will feed your local language model so that your computer has personalized "AI" features.
Re: (Score:2)
What I have failed to understand in any of these discussions about recall is what is the benefit of having it take a screenshot at all? WTF do I want a picture of my screen? I can completely understand the advantage of taking filesystem snapshots on a regular basis to act as backups and, for those that what the functionality, having a search index for file contents but screenshots contain zero useful backup information while, at the same time, raise an absolute ton of privacy issues. So what is the upside to this because I see zero upside and huge downsides?
Have you ever used Ctrl+Z to go back to see what was a previous version of a document? I do, often, and would love to have it a more universal+dependable part of my workflow. When we code using git we can go back to see previous snapshots. People often wonder what would it be like if git could scale to one commit per keystroke even, so we could have an arbitrary slider to go back and see everything we'd written at any point in time. (Often people wish for the same about real-world stuff too, e.g. go back to
Re: (Score:2)
Fucked around and found out (Score:2)
Re: (Score:2)
Well, MS is a known threat and enemy of all its users. They only thing they have (had?) going for them is that many people do not care.
Re: (Score:2)
Re: (Score:2)
Well, the decision to oppose the spying is not really a "personal risk" decision, even if often framed that way. What it is is caring about what direction society is going and spying on everybody has a number of extremely bad precedents. This is a moral decision and high intelligence has little impact on morals unless the questions involved are complex. They are not here. That is not to accuse your friends. The older I get, the harder I find it to care as well.
Corpos will enable it... (Score:4, Insightful)
... and use with AI to monitor and evaluate employees...
Re: (Score:3)
Re:Corpos will enable it... (Score:4, Insightful)
What's stopping them already? How do I know my domain attached, Group Policy controlled work PC isn't capturing things already? I've used it under the assumption that is already happening, it's not my machine at all, it's effectively a black box.
Re: (Score:2)
What's stopping them already? How do I know my domain attached, Group Policy controlled work PC isn't capturing things already? I've used it under the assumption that is already happening, it's not my machine at all, it's effectively a black box.
Keylogger? Possibly. Capturing a screengrab periodically or on demand, and/or webcam snap? Maybe. Capturing a full screenshot every 5 seconds? You'd be daft if you didn't realize something was happening. You're still right to operate with the assumption everything you do on the work PC is logged, but this is (IMNSHO) a garbage way to do the logging.
Re: (Score:2)
Definitely not arguing on the efficacy point, just the idea that for a user with a corporate machine thins changes nothing about how you should interact with it.
Hopefully it plays out where they dump a bunch of money into this, get tons of flase positives, go on a bunch of wild goose chases, get in a couple lawsuits and pretty much end up right back where they started and realize no amount of technology will protect without the foundations of good management policies and fostering an environment where your
Re: Corpos will enable it... (Score:2)
Re: (Score:2)
What's stopping them already?
Cost. It takes expensive software and some mildly expensive personnel to get that sort of thing working... but Microsoft has changed that equation now.
Recall lives up to its name (Score:3)
I guess Recall will eventually be Recalled.
Re: (Score:2)
Totally.
removed off (Score:3, Insightful)
I want that functionality removed, not just turned off.
Re: (Score:2)
I am with you even thought I do not use Windows.
But, how would we know it is really disabled ? For that matter, how would we know it was never installed.
I think with Microsoft's track record, this opt-in announcement has no meaning. Best to dump all things Microsoft.
Re: (Score:2)
I think to be anything by suspicious would be insane this day in age, but are there really any other good options? This isn't unique to Microsoft.
There are plenty of people who use other operating systems but rely on google or some other privacy abusing infrastructure, whether that's something like google, the ISP you access it with, or the commercial VPN software you pay for.
I point out the recent xz backdoor fiasco, which perhaps ironically in this case, was discovered and reported by a Microsoft employe
Re: (Score:2)
What I find most interesting about the xz case though is, anybody could have checked ... I'm more concerned though, about what hasn't been brought up. =)
Yes, that is my concern too. At least with Linux and the BSD*s, the option to check is there, but to check the whole system is difficult, almost impossible in Linux due to how big it now is.
Re: (Score:2)
Indeed. This stuff is toxic on an incredible level and will be very easy to turn on again for an attacker or MS itself.
The peepington window (Score:2)
When publicity dies down they'll quietly change it back to an ever forgetful opt-out when nobody is looking.
Re: The peepington window (Score:2)
I see what you did there...
Raises hand. (Score:2)
I didn't see a "wink-wink" anywhere in TFA when MS talked about privacy and security. Did I miss it?
More seriously, I'm still not sure why anyone would want this in a personal-use situation. I mean, what will people want to remember doing (recall) that would require screenshots every few seconds and "AI" analysis of those? In a business situation, sure, I can, unfortunately, imagine companies using this to monitor (aka "spy") on their employees every action. In any case, this still seems like them test
Many people seem to think it's just screenshots (Score:2)
But it's apparently much more than that - the actual text characters currently being typed or displayed, your mouse position, which windows of which applications are open, etc. etc. And, for what MS claims it can do, it would HAVE to be more than just a picture of the screen.
Kill it with great prejudice.
until the next update (Score:2)
I won’t be caught dead using Windoze! (Score:1)
Bluntly? (Score:2)
I don't believe it. And frankly, I would have no reason to believe it.
We'll only spy some of the time (Score:2)
I predict (Score:2)
Within a year will see Ubuntu announcing a similar feature.
Re: (Score:2)
I think the uptake of systemd in the early 2010s should have taught everyone that the various distros are not your friend, and if you want control of your system you'll need to find one that lets you take that control. Something like Arch or a Gentoo derivative. I suppose Devuan also. Otherwise you're going to get whatever shitty features marketing decides you must have.
Re: (Score:3)
Indeed. I currently run Devuan or Gentoo for new installation and I will move the remaining non-systemd Debian installations to Devuan on the next version update. The systemd-adoption was a major disgrace for all of the Linux community and remains so.
Still not addressing the elephant in the room (Score:2)
How it should have been from the start (Score:2)
So the looked at the GDPR, after all? (Score:2)
Because making that opt-out would be flat illegal in Europe.
It's still there (Score:2)
It's still there and will be abused at some point either through an update that quietly enables it or by enabling it remotely when they want data. The days of trusting Microsoft have long since passed. They showed their true colors when manipulating software to operate incorrectly in non MS versions of DOS. Microsoft is shady and despicable and always will be ... it's in their DNA. Satya Narayana Nadella is a product of that DNA at work.
"We did't burn him!", Tubbs (Score:2)