Skip to content

Microsoft’s Recall feature is still threat to privacy despite recent tweaks

Technology
75 39 0
  • This post did not contain any content.

    This is just a thinly veiled ad for AdGuard.

  • Funnily enough, Signal has circumvented the issue by marking their chat window as DRM content, making it invisible to Recall.

    They didn’t circumvent the issue - they did what Microsoft tell developers to do in regards to their programs and recall lol.

  • I'd argue that this is way more nuance than the public in general puts into the issue. In fact, the goalposts have moved quite a bit. "The big difference" used to be the local encription of the data, but it became not it once Recall implemented that. Or the opt-in, which went the same way.

    That's not to say I don't think it's a better idea to have per-app support (which is incidentally how Microsoft implemented the feature in Windows 8 the first time), but I will say that's not why people are mad at one and not the other.

    I don't actually know if you can selectively erase specific screenshots from the database because I, again, can't find any traces of Recall on my supported PCs for the life of me. Coverage had made it seem that they could, since presumably the much criticised side effect of having a local, freely accessible database with just a bunch of pictures is that you could... you know, access those. Did they obscure it further in the reimplementation?

    And also, I think people believe I'm being argumentative, but I'm not. Can somebody point me at the Recall opt-in and/or some explanation why my Copilot + device running 24H2 would not seem to have it available anywhere? I'm confused about the rollout here. I don't want it on, but I'd like to try it and see what the practical implementation is for myself (and be double sure I have it turned off once I'm done with that).

    After the heavy criticism they changed it from default on to (opt out) to default off (opt in).

    In theory you could modify it's database, but they did mention applying stricter security (but what good does that do when the frontdoor access remains via the prompts)

  • This post did not contain any content.

    What I don't understand, is what I would need and use it for? Never in my life I thought "damn if only I had a screen recording of everything I did 1 week, 1 month or 1 year ago". Like I don't get the use case, ignoring anything else. There is no use case.

    I can view my terminal history and my recently accessed files. I have version control with git where I want and need it.

    There is no use case.

  • What I don't understand, is what I would need and use it for? Never in my life I thought "damn if only I had a screen recording of everything I did 1 week, 1 month or 1 year ago". Like I don't get the use case, ignoring anything else. There is no use case.

    I can view my terminal history and my recently accessed files. I have version control with git where I want and need it.

    There is no use case.

    So you’ve never wanted to find an article/headline that you vaguely remember seeing? Or a product that you looked at? Or a picture that you looked at?

    There absolutely is a use case for full reachability of everything you’ve done on your computer. Git commits and terminal history and “recent” files list don’t even come close to providing the same thing lol

  • Apple dropped a whole lot of vague shit that they “promised” would have some sort of holistic and on-device/private benefit to users if they pulled a full data profile of you together, kept it on-device, kept it secure, etc, etc.

    Windows stealthed an update onto PCs that suddenly started capturing and processing unsecured screenshots of everything that users were doing without ever telling anyone why or what it’s for or how it would work. People found out that it was unsecured by looking in its unsecured folder. It wasn’t the same thing.

    That said, obviously, Apple Intelligence is bullshit and doesn’t work or do anything of any use other than making Siri slightly prettier.

    Windows “stealthed” recall onto people’s machines? What? It was a hugely advertised feature, exclusive to only the new copilot+ machines, and was an opt-in test feature lol

  • One could argue that it's a feature that could be done on-client without sending to a server. Or with its server component doing nothing more than syncing with E2E encryption.

    Recall is done on-client.

  • I'll admit I've not looked into it. My computer won't even upgrade to Windows 11 if I wanted it to, thanks to MS's artificial restriction on compatibility. Maybe it is all on-device. But if so, whence all the privacy complaints? And does it not allow syncing between devices?

    So you don’t even know and didn’t bother to check if it is on-device before attacking it for not being on-device?

  • Part of why i knew so-called "digital rights management" was fucking bullshit was because very little software ever came out that empowered me to manage MY OWN rights in the digital space.

    I need there to be FOSS applications that allow me to root-level BLOCK applications from perceiving what I'm doing, to just fucking SANDBOX ABSOLUTELY EVERYTHING BY DEFAULT and let me whitelist what specific things are allowed to directly access the hardware.

    Sadly I am not as tech savvy as I used to think I was. I might've been technologically clever twenty years ago but I hadn't managed to keep up... I think what I've described might be referred to as a "hypervisor"? And I'm told it's an overbearing, clumsy, heavy-handed overkill measure that would be difficult to implement and make everything a pain in the ass to do. So ... shit, man, I dunno... i'm just so damn tired of my hardware being bossed around by people I didn't authorize.

    Write your own OS and software then. Your hardware is running someone else’s software otherwise, so no you don’t get to control every aspect of what it does.

  • OK, so... where the hell is Recall?

    I have a Copilot + device. I am typing this in one, in fact. Recall does not seem to be anywhere to be seen. They added a deployable Google Lens-style "highlight a thing for us to review" thing. It was so intrusive and easy to deploy by accident I got a pretty good notification that I should go turn it off. Maybe that was part of the Recall rollout?

    Incidentally, this piece is... a bit weird. Not only is it an ad, but the concerns they seem to flag as still existing (presumably to sell you their security subscription) seem to be that there is no biometric unlock and just the system PIN and that they don't trust Microsoft on principle. The second is up to you, but the first doesn't really work for me. Not only is the PIN a valid override to biometrics across the board in general (Windows defaults to that when biometrics fails), but it's more secure on principle, since it can't be entered by accident or by force.

    I just don't think the featue is particularly useful for how much potential it has for accidental misuse (even if they never see the data and they keep it entirely secure). It's not the only one of this class, or even Microsoft's first attempt at this (a similar feature shipped with Windows 8). It's certainly become more of a meme than anything else at this point.

    Yeh the entire article is just an ad for AdGuard, using FUD to sell their product.

  • Well:

    1. MacOS is not malware
    2. Apple doesn't make a habit of blatantly lying about their security
    3. As you said, it doesn't actually exist
  • Well:

    1. MacOS is not malware
    2. Apple doesn't make a habit of blatantly lying about their security
    3. As you said, it doesn't actually exist

    Ah, so Apple just happens to be one of the good massive megacorps routinely deploying anti-consumer practices. Gotcha.

    See, it's that gap in perception I'm interested in. Microsoft wants nothing more than having the closed ecosystem Apple has. From their Surface line to their much maligned store to their subscription-forward, always signed-in account environment.

    Why they suck so much at selling that where Apple can get away with murder is much more interesting to me than the perceived differences between the implementations, which I would argue in a number of cases are worked backwards from the brand perception anyway. Part of it is the implementation and the execution rakes Apple chooses not to step on, but certainly not all of it, and that's fascinating.

  • Ah, so Apple just happens to be one of the good massive megacorps routinely deploying anti-consumer practices. Gotcha.

    See, it's that gap in perception I'm interested in. Microsoft wants nothing more than having the closed ecosystem Apple has. From their Surface line to their much maligned store to their subscription-forward, always signed-in account environment.

    Why they suck so much at selling that where Apple can get away with murder is much more interesting to me than the perceived differences between the implementations, which I would argue in a number of cases are worked backwards from the brand perception anyway. Part of it is the implementation and the execution rakes Apple chooses not to step on, but certainly not all of it, and that's fascinating.

    M$ is trying to take an open system and forcibly close it - after driving their user base by force into an unstable OS

    Apple were smart enough to start locking their shit down before home computers became an absolute necessity ...and do it with a functional OS

  • so Apple just happens to be one of the good massive megacorps

    No they're just a different type of shitty.

  • Programs ran through Flatpak can only access permissions and directories that it has explicit permission for. This is perfect for a very small program that only does one thing, it can get rather awkward when you need it to access multiple storage volumes. For example, I wanted to have my Steam games stored on different hard drives, but they were never visible through Steam. I had to override the Flatpak permission to give access to my mounted disks for it to work.

    The fact that we can choose to enhance the permissions beyond their default scope on a case by case basis is powerful.