Q. Is this really as harmful as you think?

A. Go to your parents house, your grandparents house etc and look at their Windows PC, look at the installed software in the past year, and try to use the device. Run some antivirus scans. There’s no way this implementation doesn’t end in tears — there’s a reason there’s a trillion dollar security industry, and that most problems revolve around malware and endpoints.

  • @[email protected]
    link
    fedilink
    English
    1586 months ago

    They OCR the entire screen and store it in plaintext?! There is no way… I know it’s Microsoft we’re talking about, but are they really this stupid?

    • @[email protected]
      link
      fedilink
      English
      106
      edit-2
      6 months ago

      It’s encrypted; the author is pointing out that it has to be decrypted to be used, and then the data can be obtained.

      Security and privacy concerns aside, I saw someone commenting on the use case, asking who would ever want something like this.

      One problem I hadn’t appreciated for a long time was that some people apparently have real problems with dealing with the Windows UI in terms of file access. They don’t know where their data is being saved. This, in my opinion, is in significant part a Microsoft UI problem induced by various virtual interfaces being slapped on top of the filesystem (“Desktop”, “My Documents”, application save directories, etc) to try to patch over the issue that the filesystem layout was kinda organically-designed in a kind of cryptic way back in the day.

      But if you can remember a snippet of text in what you were working on, you can find that thing again even if you have no idea where you stored it. Like, it’s content-keyed file access.

      That’s not very useful to a techie. They know how to navigate their system’s filesystem, and even if they lose track of a particular thing, they know how to use the system’s filesystem search tools to search for filenames or content. They can search for recently-modified files. They know how to generally get ahold of stuff.

      But for the people who can’t do that, reducing their interface to a single search box might make file access more approachable.

      Now, let me reiterate that I think that a whole lot of this is Microsoft repeatedly patching over UI problems they created in the past rather than fixing them. And they’ve done this before over the decades with stuff other than document access. It’s hard to navigate the filesystem to find an installed program a la the MS-DOS era, so they stick stuff in a Start Menu to make it more accessible. That gets too crowded, installers start slapping shortcuts on the desktop. That gets too crowded, installers start adding system tray icons. That gets too crowded, the Start Menu becomes searchable. Each interface just becomes progressively less-usable and the solution each time is to stick a new interface in on top of the old one, which in turn contributes to the complexity of the system as a whole.

      But that doesn’t mean that they aren’t trying to address a real problem.

      I think that they’d do better with something like having a rapidly-accessible log of recently-accessed files (like, maybe have the filesystem maintain a time-based doubly-linked list of those) and be able to rapidly search the content of documents based on mod time so that recent stuff gets hit quickly, then trying to make their existing search tools more accessible. That doesn’t replicate data across the system and produce some of the problems here. It also permits for fully-searching content, rather than just the stuff that was on a screen when the Recall system grabbed a screenshot and OCRed it. Maybe they’ve done something like that in recent years; I’m many years out-of-date on Windows.

      I’d also add that I think that personal computer systems in general would benefit from giving users better control over where their data is replicated to. It’s kind of confusing…you’ve got swap (well, encrypted swap probably helps somewhat with this). Browser history. Any clipboard manager’s retention. Credentials stores. Application-saved copies of in-progress files. Various caches. If you use some kind of cloud-based storage, you’re pushing data out to other computers. Backups. Just a lot of state that can be replicated all over the place and is hard to go back and track down and remove. That’s even before stuff like issues with doing secure deletion on existing filesystems (which we had a conversation about the other day, everything from log-structured filesystems to wear-leveling on SSDs inducing data replication). If you want something definitely gone, be able to manage your data’s lifetime, something that I think that a lot of people – even non-techies – would like, you really have to have a lot of technical knowledge of the system’s internals as things stand today. This Recall thing is egregious, replicates data all over, but it’s far from the first feature that makes it harder for people to understand and control the lifetime of data on their computer.

      I don’t think that the software world has done a great job of letting people control that data lifetime. And I think that it’s something that a user should reasonably be able to expect out of their computer.

      • @[email protected]
        link
        fedilink
        English
        466 months ago

        There was an article going around a while ago that was arguing most users these days, including the youth we often stereotype as “digital natives” who “get computers”, don’t understand file systems. They might not even know they exist as a concept.

        Which makes sense if you’ve only ever really used modern UIs. You don’t have to know anything about files and folders. I bet a lot of people don’t even know they exist in any meaningful way.

        Most users are shockingly ignorant, and a lot of them are not really paying enough attention or interested enough to learn much.

        • @[email protected]
          link
          fedilink
          English
          166 months ago

          I remember reading an article a few years back about physics undergraduates who didnt know how to use a computers file system. They could learn, but these are smart likely at least fairly tech inclined kids and they didnt know how to navigate folders on a computer at 18.

          • @[email protected]
            link
            fedilink
            English
            116 months ago

            When I studied Computer Engineering, I met several other students who had a lot of trouble using the Windows file system, and navigating a file system through a terminal was a Herculean task for them.

            Most people growing up now, and since over a decade ago, are only tech savvy in the sense they know how to use smartphones, tablets, and social media; none of those require any understanding of file systems, and even using desktops doesn’t really require it that much for most people.

            • @[email protected]
              link
              fedilink
              English
              136 months ago

              I’m simply baffled that someone going into a computer engineering major at a university doesn’t understand a hierarchical file system as a matter of course. It’s a tree. The file system is a tree. A tree is one of the most basic computer science logical constructs. How exactly is a filesystem confusing? How is navigating directories from a terminal - any terminal, in any OS - a Herculean task?

              • @[email protected]
                link
                fedilink
                English
                66 months ago

                Someone going into the subject may not have any pre-existing knowledge of the subject (like what a tree is) and may be intending to learn it from their classes. Unless we require everyone to take a class that covers it first, you can’t really guarantee that people have that knowledge. While people may have known it by necessity before, computers, for better or worse, have gotten easier to use for the average person and it’s no longer essential knowledge. Or they may not have even be using a traditional desktop/laptop OS that has those concepts.

                As for how it’s confusing, have you seen the default UI for Google Docs/Sheets/Drive or Microsoft Office recently? Google’s products default to a file view listed in most recently used order with a search bar at the top, no folders. The Microsoft Office suite defaults to saving to OneDrive without any folders. If this is all people have needed to use when growing up, is it any wonder why they never learned about hierarchical folders in a filesystem?

            • @[email protected]
              link
              fedilink
              English
              16 months ago

              I can use file systems on terminal with my eyes closed, as long as it’s not windows because every release they change everything around. You’re victimising the victims.

              • @[email protected]
                link
                fedilink
                English
                36 months ago

                Eh? Nothing significant has changed about the windows file system in over a decade, at least not from a user standpoint.

                Most people don’t need to muck about in ProgramData, Program Files vs Program Files (x86) is pretty minimal, though admittedly you may need to check both if you’re unsure which the app you’re using is. I suppose %appdata% has changed, and one could argue it was significant, but in all honesty the concept of local vs remote should get you where you’re going, and worst case you check both.

                But the base directory structure has been pretty static for a long while now.

                • @[email protected]
                  link
                  fedilink
                  English
                  16 months ago

                  Makes sense, I haven’t booted windows since 2013 and couldn’t be happier

                  I still stand by my statement: windows filesystem changes too often.

        • Flying Squid
          link
          fedilink
          English
          56 months ago

          My daughter certainly doesn’t have a good understanding of file systems even though I’ve been trying to teach it to her.

          • A Phlaming Phoenix
            link
            fedilink
            English
            56 months ago

            We recently went through a nuke-n-pave on my kids desktops. I plugged in an external drive for them to do backups, and we walked through the process. This was in Fedora with pretty much default Gnome tools. They came away understanding the process and how to track it, but I think they still don’t really understand file organization.

            • Flying Squid
              link
              fedilink
              English
              76 months ago

              These kids grew up with tablets and smartphones where they don’t even see the file system, so I’m not shocked.

        • Kushan
          link
          fedilink
          English
          36 months ago

          I don’t think any of the UX problems you’re describing have been solved on any platform. If anything Windows is one of the better examples here, because I’ll be fucked if I can ever find a file on Android and don’t get me started with Linux.

            • Kushan
              link
              fedilink
              English
              46 months ago

              No, neither is easy to use. The second you have to use a terminal or command line you have completely lost the vast majority of people.

              • @[email protected]
                link
                fedilink
                English
                16 months ago

                I agree, but are you then implying that the windows explorer file search is good? Have you ever used anything else?

                • Kushan
                  link
                  fedilink
                  English
                  16 months ago

                  I didn’t say it was good, but it is easy to use compared to a terminal. It won’t help you find your file, but it’s somewhat intuitive to a novice user - you click around and open folders until you find something that looks like what you’re after. It’s not efficient, it’s downright tedious, but it’s at least easy to do.

                  It’s all about the barrier to entry to novice users. Most users are novices, they’re the majority of the market so they’ll decide what the market leader is.

            • @[email protected]
              link
              fedilink
              English
              16 months ago

              With the tab-completion in Powershell, for someone who doesn’t know all the grep flags by heart, it might be easier to stumble through the options to find the ones you want without looking it up.

      • astrsk
        link
        fedilink
        English
        25
        edit-2
        6 months ago

        Yeah this is why Apple has been slowly peeling away traditional file / folder features from front and center. The user doesn’t care where or how they get their files, they just want them at any given time. Spotlight being the most successful at obfuscating where anything is yet allowing access to everything. Microsoft has started to pick up on that and attempt to solve the same problems.

        • @[email protected]
          link
          fedilink
          English
          266 months ago

          The bizarre thing is, they have solved it. PowerToys Run is the Spotlight omnibar of everything and they bizarrely haven’t chosen to bake it into Windows proper. I can’t use Windows without it now. Search files and folders everywhere faster than the start menu search, search running processes, execute commands, do maths, calculate hashes, open web pages. It’s fantastic.

            • @[email protected]
              link
              fedilink
              English
              86 months ago

              Both. I’m one of those weird people that uses Linux, macOS, Windows, Android, and iOS on a daily basis (Android probably less than daily now as I’m not travelling as much as I used to). My job necessitates it but also I just enjoy having mixed estates at home to stay fresh. I am, however, eager to stop using Windows at home as the overall security health and conscience of Microsoft these days seems to be trending downwards.

              • @[email protected]
                link
                fedilink
                English
                16 months ago

                Windows hasnt quite felt as risky as it does now, that I can remember at least.

                Luckily my company outsourced the IT security department to India and have since had a handful of breaches and zero remediation efforts. I’m sure this windows stuff is firmly in the “care later” bin.

        • @[email protected]
          link
          fedilink
          English
          26 months ago

          With recall you can search for a website you saw once, a link in a discord channel, an email all at once in one place.

      • @[email protected]
        link
        fedilink
        English
        166 months ago

        I completely agree with this. I work as a User Experience researcher and I have been noticing this for some time. I’m not a traditional UX person, but work more at the intersection of UX and Programming. I think the core problem when it comes to discussion about any software product is the people talking about it, kind of assuming everyone else functions the same.

        What you mentioned here as a techie, in simple terms is a person who uses or has to use the computer and file system everyday. They spend a huge amount of time with a computer and slowly they organise stuff. And most of the time they want more control over their stuff, and some of them end up in Linux based systems, and some find alternative ways.

        There are two other kinds of people. One is a person who uses the computer everyday but is completely limited to their enterprise software. Even though they spend countless hours on the computer, they really don’t end up using the OS most of the time. A huge part of the service industry belongs to this group. Most of the time they have a dedicated IT department who will take care of any issue.

        The third category is people who rarely use computers. Means they use it once or twice in a few days. Almost all the people with non-white collar jobs belong to this category. This category mainly uses phones to get daily stuff done.

        If you look at the customer base of Microsoft, it’s never been the first. Microsoft tried really hard with .NET in the Balmer era, and even created a strong base at that time, but I am of the opinion that a huge shift happened with wide adoption of the Internet. In some forum I recently saw someone saying, TypeScript gave Microsoft some recognition and kept them relevant. They made some good contributions also.

        So as I mentioned the customer base was always the second and third category. People in these categories focus only on getting stuff done. Bare minimum maintenance and get results by doing as little as possible. Most of them don’t really care about organising their files or even finding them. Many people just redownload stuff from email, message apps, or drives, whenever they need a file. Microsoft tried to address this by indexed search inside the OS, but it didn’t work out well because of the resource requirements and many bugs. For them a feature like Recall or Spotlight of Apple is really useful.

        The way Apple and even Android are going forward is in this direction. Restricting the user to the surface of the product and making things easy to find and use through aggregating applications. The Gallery app is a good example. Microsoft knew this a long back. ‘Pictures’, ‘Documents’ and all other folders were just an example. They never ‘enforced’ it. In earlier days people used to have separate drives for their documents because, Windows did get corrupted easily and when reinstalling only the ‘C:’ drive needs to be formatted. Only after Microsoft started selling pre-installed Windows through OEMs, they were able to change this trend.

        Windows is also pushing in this same direction. Limiting users to the surface, because the two categories I mentioned don’t really ‘maintain’ their system. Just like in the case of a car, some people like to maintain their own car, and many others let paid services to take care of it. But when it comes to ‘personal’ computers, with ‘personal’ files, a ‘paid’ service is not an option. So this lands on the shoulders of the OS companies as an opportunity. Whoever gives a better solution people will adopt it more.

        Microsoft is going to land in many contradictions soon, because of their early widespread adoption of AI. Their net zero global emission target is a straightforward example of this.

      • @[email protected]
        link
        fedilink
        English
        96 months ago

        As a species we have invented something called “indexes” that solve exactly that kind of problem. We actually have an entire field of science called information retrieval, that doesn’t require screenshotting your whole life to produce the same result.

      • @[email protected]
        link
        fedilink
        English
        66 months ago

        I don’t think that the software world has done a great job of letting people control that data lifetime. And I think that it’s something that a user should reasonably be able to expect out of their computer.

        That’s true.

        I once thought about this, that maybe it’s a good idea to use a tagged and maybe log-style filesystem, where 1) every directory name in file path becomes a tag for it, other than the user-added tags (which can be searched separately), 2) there are temporary and permanent files, where temporary ones are deleted once their lifetime passes or that plus once the space is required, while permanent ones are stored indefinitely, 3) with hardlink functionality transparently available to the user, from the GUI, 4) the GUI itself should drop the bullshit and return to DOS times in the sense of control - with this thing I describe it may well be that the casual user won’t feel as lost as they do now.

        Maybe (again, transparent and user-accessible) filesystem overlays for every application are a good idea too here, like with Docker, chroots, MacOS DMG images, etc.

        In addition to that indexing file contents may make sense too, like you said.

        Frankly there are so many good things one can do which haven’t been done, before just OCR`ing everything on the screen and storing it.

        About “why MS chose this” - because they consistently choose the dumbest and ugliest way to deal with any problem. The heaviest artillery available, to look relevant.

        Offtopic - the searchable start menu problem is what scares me off Gnome every time I try it. You just get that tablet-like one-level place with a search field and icons. A frigging lot of fscking icons for every dot-desktop file Gnome found. Then I panic and get back to FVWM.

    • @[email protected]
      link
      fedilink
      English
      136 months ago

      They’re a surveillance capitalism corp first and foremost. All other considerations, including security, are secondary.

  • deweydecibel
    link
    fedilink
    English
    135
    edit-2
    6 months ago

    Are Microsoft a big, evil company?

    A. No, that’s insanely reductive. They’re super smart people, and sometimes super smart people make mistakes. What matters is what they do with knowledge of mistakes.

    I have no doubt there are smart employees, but they don’t call the shots. Case in point.

    The dude set up a strawman argument, then didn’t even bother to burn it down properly.

    • @[email protected]
      link
      fedilink
      English
      426 months ago

      Being super smart and super evil are NOT mutually exclusive. Intelligence =|= morality.

        • @[email protected]
          link
          fedilink
          English
          8
          edit-2
          6 months ago

          Why reach for a fictional example when so many real world examples exist? Just curious because I think of Bezos, Musk, and to a lesser degree Gates as examples of smart people doing bad things. I mean there’s several very smart people that have done good things as well but those are harder to come by. Even people like Alfred Nobel created something he thought would save the lives of miners only for his invention to be used for war. Einstein also did a lot for the advancement of theoretical physics and his work was subsequently used as the foundation of the atomic bomb. It’s actually way harder to come up with a Tony Stark type smart “good guy” in the real world for me because reality is often far more grey.

          • @[email protected]
            link
            fedilink
            English
            116 months ago

            I don’t think of Bezos, Musk, or Gates as exceptionally intelligent. They are lucky and influential, sure. Intelligent? Musk is automatically out just because of his Twitter feed. The other two haven’t shown themselves to be particularly intelligent, just ruthless and efficient when it comes to generating profit.

            As far as the other side of that coin, I tend to agree. Most of the really intelligent people that have existed have been pretty grey morally speaking.

            Hence why I went with fictional examples. At least with Lex Luthor, there’s very little grey area in his moral stances.

            • @[email protected]
              link
              fedilink
              English
              10
              edit-2
              6 months ago

              Gates is insanely intelligent, like demonstratably so. Musk and Bezos are also very highly intelligent people. Do they have terrible, awful, even downright despicable views? Absolutely. But don’t be fooled, all three of those people are incredibly smart with actual high IQs (not in the braggart, “I have a very high IQ.” sense either).

              Intelligence doesn’t translate to empathy or wisdom. Some of the least book smart people I’ve met have been profoundly wise at times, and some of those same people were incredibly empathetic. Unfortunately, I think all three of those people (Musk, Bezos, and Gates) are lacking in those traits, but saying they aren’t in fact measurably intelligent is only fooling yourself.

              I say this as someone who was raised by a measurably very highly intelligent person who could be, and was, a complete monster at times, and had some really twisted views on the world/other people. Lucky for me I didn’t inherit that innate Intelligence I guess!

              • @[email protected]
                link
                fedilink
                English
                106 months ago

                Is musk really intelligent? He’s not dumb but honestly seems like most of his success is from buying things and or getting smart people under him who are able to succeed despite his medlling. The ideas he forces through tend to be bad. Giga factory was largely a disaster and he had to relearn manufacturing. Giga casting? Dead. A lot of the super heavy stuff he’s directly influenced failed or are drawing out the timeline as the struggle to address. Cybertruck and semi…

                • @[email protected]
                  link
                  fedilink
                  English
                  66 months ago

                  Musk and Jobs are/ were highly effective psychopaths. Not geniuses in an academic sense but incredibly shrewd and calculated.

                  Gates, Bezos, Zuck, Page and the likes are very intelligent and very confident. Like I wouldn’t be able to one up any of them in a debate, but I wouldn’t be afraid of them trying to destroy my life out of spite.

                • @[email protected]
                  link
                  fedilink
                  English
                  46 months ago

                  Hiring smart people and seeing market opportunities and executing on those opportunities absolutely are skills. It’s the same sort of skills Hitler had, where most of the genius lies around organising people around a common goal.

                  A lot of companies either get the smart people, time market opportunities perfectly, or execute perfectly on a clear vision, but very few do all three at the same time and tend to fail. The first (lots of smart people) run out of money, the second is the “too early” group and their ideas get taken by someone else, and the third spends their resources going in the wrong direction.

                  Elon Musk wasn’t successful because he knows a lot about electric cars or rockets, he was successful because he saw an opportunity, secured enough funding, hired the right people, and focused those people in the right direction.

                  You can be incredibly smart in one area and incredibly dumb in others. Elon is great at pitching an idea to get funding, and using that funding to hire the right people. He fails when he overrides those smart people.

              • Promethiel
                link
                fedilink
                English
                26 months ago

                These totally normal human beings you sound like you deify…are you their psychiatrist, psychologist, therapist, counselor? Short of those professions or a former tutor who happened to treat all three…

                Well, interesting thing to devote anecdotal brain power to, I’ll tell you that.

                • @[email protected]
                  link
                  fedilink
                  English
                  2
                  edit-2
                  6 months ago

                  Yeah totally that’s why I said they were basically morally corrupt and used them as an example of smart people doing bad things… Maybe your judgement is a bit clouded?

        • @[email protected]
          link
          fedilink
          English
          66 months ago

          As we get older, I tend to agree with the supervillains.

          Lex Luther wants a weapon to counter this insanely strong, invulnerable Superman that can destroy the planet … I’m like: Yes we should

          Magneto considers mutants superior and if humans wage war, then mutants have the right to wage war back, and win. Survival of the fittest. If I was a mutant, I would be on Magnetos team.

          • @[email protected]
            link
            fedilink
            English
            66 months ago

            Magneto wanted supremacy, not equality, and was willing to use genocide of non-mutants to get it. And Lex Luthor was a narcissist who was jealous of Superman’s power and popularity; he wasn’t acting for the benefit of humanity, he was acting in his own interests.

            Every good villain has mostly justifiable motivations, they just take it too far. Magneto would be justified if he sought equality, and Luthor would be justified if he developed but didn’t use the weapon until Superman did something evil.

            The only justifiable amount of force is just enough to neutralize an active threat, and no more.

    • Praise Idleness
      link
      fedilink
      English
      56 months ago

      If this is a mistake that they made, they’re not smart. If anything, they super dumb.

      They’re evil.

  • Snot Flickerman
    link
    fedilink
    English
    129
    edit-2
    6 months ago

    Unpopular Opinion: This is why Microsoft were such assholes about making sure Windows 11 required a modern TPM and this is also why they are forcefully rolling out Bitlocker encryption turned on by default on all Windows 11 PCs.

    Is Recall still a fucking stupid idea? Yes, resoundingly so. But they’ve half-ass considered the risks, it seems. The forceful rollout of Bitlocker is dumb and short-sighted in its own right, and it wouldn’t make a person completely secure from outside attacks rooted in a Recall exposure.

    • @[email protected]
      link
      fedilink
      English
      696 months ago

      Hardware controls are meaningless if an attacker gets you to click on a dodgy link in a phishing email or you fall for a social engineering scam when “Microsoft” calls you because your computer has a virus.

      • GreyBeard
        link
        fedilink
        English
        206 months ago

        Theoretically, Microsoft could protect against most attacks. Apple has done it by making it increasingly impossible to touch kernel level stuff without an MDM. Every release they lock up more of the system. It means they are drifting toward iOS on their Macs, where the user doesn’t own their device, but it is an effective blocker to stuff like this, baring zero day kernel issues.

        I think that is where Microsoft is headed, but they also aren’t able to let go of backward compatibility, so they really aren’t getting any closer to a system that is secured enough to handle such sensitive data.

        • @[email protected]
          link
          fedilink
          English
          446 months ago

          Most compromises live in user space. Locking down the kernel is great and all but “most attacks” are running as the logged in user doing operations that user is permitted to do.

          • @[email protected]
            link
            fedilink
            English
            20
            edit-2
            6 months ago

            I am shocked there is even a single downvote on this comment. parent is 110% right. a kernel level compromise in the vast majority of exfiltration events its just needless (but nifty) icecream on top of the pain pie being served to the user.

          • GreyBeard
            link
            fedilink
            English
            16 months ago

            Even on userland stuff Apple controls tightly. If they want to require a user to manually click, they will get that. If they want it to be a physical mouse and keyboard doing it, they will get that too. They own the device, and have complete control, not the user or “owner”.

    • @[email protected]
      link
      fedilink
      English
      636 months ago

      Umm, no. Just…yeah, no.

      The main problem with this theory is that Microsoft is absolutely abysmal at user end security, and they always have been. Frankly, they do not understand the issue.

      But, more to the point, the whole TPM/secure boot stuff is a compromise; originally (I think this was about the time of Vista), they partnered with OEMs to have them include a DRM chip that made it literally impossible to install any non-windows OS on your laptop. They’ve managed to still get an implementation of TPM that makes switching your OS too confusing/difficult for the average user.

      Anyway, bottom line is they only care about money, and they neither care or even understand the security needs of the end user.

    • @[email protected]
      link
      fedilink
      English
      20
      edit-2
      6 months ago

      Nah dude. TPMs have always been about implementing DRMs. These companies hate that they can’t control our PCs, they want to be sure we can only run their approved apps. Like it works in iOS and (to a lesser degree for now) in Android. And even there they are pushing hard for even more restrictive DRM.

      For example, some years ago I worked with a SaaS that implemented and sold some security products. One of our customers was a big retailer (for specialized products, not going into more details to avoid doxxing) that was having a problem with scalpers buying all their inventory as soon as they released it. So they were trying to put a show for regulators about stopping scalpers because their customers were complaining. We suggested that the only real solution was to have some real life verification of purchases. But in the end they went with the awful attestation APIs offered by Apple and Google to “fix” this. And in case you are not familiar, these APIs are just TPM based DRMs. So now, if you have a rooted/jailbroken phone you can’t even buy with this retailer anymore.

      Note that this company wasn’t trying to fuck customers directly, they were just lazy and incentivised to not really fix the problem (a sale is a sale, even if to a scalper). But even then the end result is that their customers got their digital freedom rights restricted. It’s just a terrible technology IMO, the incentives from companies are all terrible. And that’s before we start considering the real intentions of awful companies like Microsoft, Apple and Google. IMO they are actually pushing for techno feudalism, but that’s my conspiracy theory hahaha.

      So no, I doubt they were thinking about security with this recall bullshit. As other people have explained in their comments it doesn’t really protect much in practice. Plus this whole AI push has just been a stupid scramble from these companies to grab a big piece of the stupid AI pie from other companies hahaha, there is no long term plan here, don’t lie to yourself and us.

    • @[email protected]
      link
      fedilink
      English
      206 months ago

      Because Windows not only encrypts the system disk (C:) but also all connected hard drives

      And they’re gonna just enable it without asking if i want all my hard drives encrypted first?

    • @[email protected]
      link
      fedilink
      English
      26 months ago

      That’s not an unpopular opinion, it’s an outrageously stupid and uninformed one and you should keep it to yourself.

  • @[email protected]
    link
    fedilink
    English
    856 months ago

    As much as I lean to hate this despite it not even affecting me as a Linux user…

    I’m going to structure this as a Q&A with myself now, based on comments online

    What is that? “I’m going to pretend to ask questions that I’ll then answer myself the way I think it’ll outrage that most people do I’ll get a lot of clicks on this shitty article”? What crappy excuse for content creation is this? I hate it.

    • @[email protected]
      link
      fedilink
      English
      506 months ago

      I follow Kevin on Mastodon. He’s the real deal and is absolutely not interested in the clicks or outrage. He’s trying to make it accessible.

      • JackFrostNCola
        link
        fedilink
        English
        226 months ago

        Agreed. The way i took it was “i am going to write ‘questions’ based on the concerns people are commenting online and give the answers to those things people are interested/worried about”

      • @[email protected]
        link
        fedilink
        English
        196 months ago

        Yeah, I gotta say that I read the article and it seemed pretty reasonable in terms of content. The fake-Q-and-A thing wasn’t quite my cup of tea either, but eh, I don’t think it was all that problematic.

    • Ephera
      link
      fedilink
      English
      196 months ago

      Eh, they could have written it differently, each time hypothesizing that someone might wonder XYZ, but I appreciate the brevity of this format. And I do not think that the questions or answers are unreasonable.

    • @[email protected]
      link
      fedilink
      English
      106 months ago

      Do you mind calling out the questions you think are inappropriate or exist for rage clicks? What constitutes a good article for you if this is a shitty one?

    • @[email protected]
      link
      fedilink
      English
      96 months ago

      I rather liked it. I mean he was just re-phrasing questions he’s seen without having to bother with direct quotes and making sure the questions were articulate.

      It’s pretty important to get this info out there and make sure everyone and their 2nd cousin knows about it. If Microsoft can’t make this absolutely infallible on a security front it will almost be laughable at how many people could get completely fucked over by this. Every hacker and country in the world are going to be poking at the security of this feature. It would be the holy grail of infosec penetration.

    • @[email protected]
      link
      fedilink
      English
      86 months ago

      You may not but the customer support rep at a company that had your info uses windows. Same for the insurance companies, various government agencies local with limited it experience as well as national.

    • capital
      link
      fedilink
      English
      66 months ago

      I saw that as anticipating the questions they’ll get regarding this article and pre-answering them.

  • @[email protected]
    link
    fedilink
    English
    806 months ago

    I get the security issues, sure, those are valid, but the privacy ones are even worse. Imagine a teenager trying to search information on being gay, or possible intrusive thoughts on their family computer, only for their super maga right wing parent to find it in the screenshots.

    Or someone being abused at home and searching for support facilities, deleting history and being outed by recall.

    Wait, how about credit card fraud as a result of EVERYONE who has access to this computer can read your cc data?

    Or, my husband was looking at jewelry online yesterday and he hasn’t told me, he must be cheating, right? Oh sorry, I forgot, our anniversary is next week… Hahahaha, don’t be upset babe.

    Best one ever though, imagine your search history, your porn watch history accessible to anyone with access to your computer? The fucking horrific existence of having an employer process this data at scale using fancy staff monitoring program 7, and run stats on the fact that you had a toilet break while working from home, and they want to know if it was a number 1, or a number 2 so they can work a mean time to shit metric into your KPA/scorecard.

    Guys, whatever benefit you think this is. It’s not worth it.

    • @[email protected]
      link
      fedilink
      English
      156 months ago

      Ultimately privacy is part of security so, if anything, everything you mentioned is just more reinforcements that this is a major security concern.

      As someone that has been obsessed with tech since being a kid in the 90s I think the tech side of this is super cool and very exciting stuff. As a user, though, I only like this if I’m the one implementing and using it. I do not trust a mega corporation (or really any company) to “leave it locally on my computer and totally not use that data for other purposes”. Right now it’s supposed to be (as far as I last heard) only on your machine but we’ve seen EULAs and TOS’ etc change many times over the years but especially over more recent years as data continues to be king and data like this is a literal bottomless diamond mine.

      I know this isn’t your point but it’s just worries I have in addition to your points. And let’s not even start about what this means for law enforcement abuse. No thanks, I’ll wait for a FOSS equivalent that at least gives me and the community the opportunity to evaluate how it works.

    • @[email protected]
      link
      fedilink
      English
      7
      edit-2
      6 months ago

      Not that it solves the problem, but since I’m not the King of M$ this is about all I can do: you could easily get around all that by turning off secure boot and booting into a persistant live-usb containing a linux distro of your choice (Tails for extra privacy/ease, if you can use Tor) to do all your secret agent computing needs. The host PC can’t see shit of what happens on Tails.

      Edit: lol you downvoted me because I can’t singularly change an entire corporation’s mind and instead offer workable solutions that you could make within the next 30 minutes to mitigate the problem until such time as your plan for Microsoft domination comes to fruition and you can change it back?

      Ok I guess, “chump don’t want no help, chump don’t get no help. Jive ass fools ain’t got no brains, anyhow.”

      -Barbara Billingsly

  • @[email protected]
    link
    fedilink
    English
    586 months ago

    Couldn’t you use a separator to make it one line of code? That way it’d be even more dangerous

    • @[email protected]
      link
      fedilink
      English
      116 months ago

      I did an interview where the candidate said that if it’s one line, it runs in constant time. And they were completely serious. And this was in the context of Python list comprehensions.

      They claimed this ran in constant time:

      new_list = [value for value in my_list]
      

      Whereas this ran in linear time:

      new_list = []
      for value in my_list:
          new_list.append(value)
      

      We asked clarifying questions, like what happens to the runtime if the list gets really large, and they doubled down.

      And this was for a senior Python dev position… No, they didn’t get the job.

        • @[email protected]
          link
          fedilink
          English
          16 months ago

          No, constant time means it’ll take the same amount of time whether you have 10 items or 10,000.

          A list comprehension will take roughly the same amount of time as a for loop, it’s just syntactic sugar.

          • @[email protected]
            link
            fedilink
            English
            16 months ago

            Thanks!

            Not sure why you needed to downvote my honest question, maybe the candidate dodged a bullet there, he he he.

            • @[email protected]
              link
              fedilink
              English
              1
              edit-2
              6 months ago

              I didn’t downvote.

              If this was a junior candidate or something, I may have let it slide. But this was a senior candidate, which means they are supposed to be a technical leader for the team. I can’t have someone in that role with such fundamental misunderstandings. There were more red flags than just that one, I also don’t fail people for one gaff (e.g. I just passed a senior that bombed the coding challenge, but it was obvious they were over-thinking it).

      • @[email protected]
        link
        fedilink
        English
        5
        edit-2
        6 months ago

        Ever since those Aliens brought us their ancient and mysterious line separator tech, we have all we need to do just that!

        • @[email protected]
          link
          fedilink
          English
          56 months ago

          Independence day was indeed a great movie. Who would have thought they also use X86 architecture?

    • @[email protected]
      link
      fedilink
      English
      406 months ago

      Not just enterprise. Some organizations handle extremely sensitive information of victims of crimes, survivors of wars, potential political targets, just to name a few. A feature taking a screenshot and registering all of that data is a nonstarter. MS will have to prove that the feature doesn’t run with certain gov clients, the privacy risk is way too high.

      • deweydecibel
        link
        fedilink
        English
        22
        edit-2
        6 months ago

        On the other end of the spectrum, the vast majority of home users have no idea how to disable this or that it’s even activated. There will be folders of Recall shit filling up everywhere, waiting for someone who knows it’s there to access it.

        If any of them access their work data on the Microsoft 365 web apps, it’s now sitting in that folder, and they will not know.

        This is honestly the biggest evidence yet of a need for some sort of regulation that certain privacy related things should not be allowed to be activated by default. They should always be opt-in, period.

    • @[email protected]
      link
      fedilink
      English
      34
      edit-2
      6 months ago

      Enterprise will love it because it will allow them timestamped access to everything their employees are doing during the day.

      They will have it set up to alert on a various things…

      “So, Bob, you were playing Minesweeper from 9:45 to 9:53, was that a scheduled break for you?”

      “Jane, your screen showed no substantive changes from 1:03 to 4:15, you weren’t in a meeting, what were you doing?”

      • @[email protected]
        link
        fedilink
        English
        226 months ago

        The surveillance would be a double edged sword. If they were to be hacked, all sensitive information that was going through their PCs could be compromised.

        • @[email protected]
          link
          fedilink
          English
          386 months ago

          They will convince themselves it can’t be compromised. Never under-estimate the stupidity of middle management.

          • Flying Squid
            link
            fedilink
            English
            46 months ago

            And no one was able to stop the White Star Line executives by saying, “maybe you shouldn’t be 100% sure the Titanic is unsinkable?”

    • @[email protected]
      link
      fedilink
      English
      196 months ago

      It won’t.

      All the crap from MS only affects ignorant home users. (I say that with no criticism - home users often lack significant expertise in this stuff).

      Corporate has an IT team dedicated to image building, based on requirements gathering, which is well documented and well tested before it’s deployed to even a small test group (usually us fellow IT geeks get to be Guinea pigs first).

      Once it’s been certified, then they’ll deploy to a second, larger group, test and verify.

      Wash, rinse, repeat.

      Plus they’ll probably start with new hires and anyone with a machine that is falling off lease/aging out. This gives them a little room, in that new hires don’t have any local data (no one should have much in the first place), and people with aging machines can hold onto the old machine for a couple weeks as a fallback, just in case.

      I’ve seen it several times, been part of deployment and upgrade teams.

      Additionally, they deploy policies to redirect any MS network services to their own internally hosted services - windows is designed to do this, there are specific policies for everything, such us Windows Update services, even the MS App Store. Because no company wants machines pulling random crap from outside the company (they probably even block the access at the network level - I would).

      • @[email protected]
        link
        fedilink
        English
        206 months ago

        Everything you’re describing is how it should be done. Realistically it isn’t done properly, all the time, and that’s why breaches happen.

    • capital
      link
      fedilink
      English
      46 months ago

      Just like telemetry, this can be disabled on enterprise version of their OS.

    • @[email protected]
      link
      fedilink
      English
      2
      edit-2
      6 months ago

      It already exists in the corporate environment. Teams is a keystroke logger, it stores everything you do down to the microsecond in a plain txt on the C drive. This just expands that to everyone that uses Windows.

      Windows is spyware now.

  • @[email protected]
    link
    fedilink
    English
    356 months ago

    Even supposing I didn’t care about the security implications of this, why on earth would I want this functionality? I can barely keep up with all my activities in the present moment, let alone the past. It’s like a morbid and pathological unification of nostalgia and hoarding.

  • beefbot
    link
    fedilink
    English
    346 months ago

    THIS IS NOT CURRENTLY RUNNING ON MY WINDOWS COMPUTER, right?

    This obvious first question hasn’t been clarified (maybe by one comment in this thread, but not in the article)

    • beefbot
      link
      fedilink
      English
      43
      edit-2
      6 months ago

      From The Verge’s obsequious article:

      Recall won’t work with every Windows 11 computer. You’ll have to buy one of several fresh new “Copilot Plus PCs” powered by Qualcomm’s new Snapdragon X Elite chips, which have the neural processing unit (NPU) required for Recall to work.

      • @[email protected]
        link
        fedilink
        English
        156 months ago

        And from the article in the OP:

        I got ahold of the Copilot+ software and got it working on a system without an NPU about a week ago,

        • @[email protected]
          link
          fedilink
          English
          46 months ago

          They are using that to sell NPU bullshit to the stupid people crazy enough to be excited by it.

          Then down the road they’ll push it in an update for everyone, I wager.

          • @[email protected]
            link
            fedilink
            English
            46 months ago

            Most of the newer CPU’s have an NPU already, Microsoft just set a higher performance requirement for NPUs to be officially labeled an “AI PC” which they are pushing hard.

    • @[email protected]
      link
      fedilink
      English
      10
      edit-2
      6 months ago

      You’ll have the icon on your taskbar if it is. You can also hit Meta+J to check

  • @[email protected]
    link
    fedilink
    English
    29
    edit-2
    6 months ago

    I cant believe they are including this in enterprise edition too.

    They usually keep their dirty spyware out of the enterprise editions to avoid losing corporate clients who dont want their secrets easily pluckable.

    • sebinspace
      link
      fedilink
      English
      126 months ago

      My hospital will be freaking the fuck out about this right… about…. Now.

        • sebinspace
          link
          fedilink
          English
          46 months ago

          They may not have a choice, depends on how aggressively they want to push this crap.

    • ಠ_ಠ
      link
      fedilink
      English
      106 months ago

      Maybe in the future it can be used by managers to keep an eye on what their underlings are doing at all times. I suggest calling the manager’s remote version Microsoft Panopticon.

    • EzTerry
      link
      fedilink
      English
      5
      edit-2
      6 months ago

      Ask yourself what this feature is actually useful for. Ignore the concerns of privacy just what can this really do.

      Its not really needed for copilot, if it wanted to capture what you were doing it would directly update the internal model, no reason for the slide show of your action.

      No besides wasteing disk space this is for:

      1. Gaming youtubers to get a screen shot of something when they were not recording
      2. Some screen shots of history when searching not better than the file/website preview really
      3. Tracking and logging what the end user is doing so when audited by the manager/it they can use it as proof you are not doing it right/are inefficient /should ve fired

      By all means a company can disable this in policy im sure, but its for the enterprise not the end user. (and yes stored locally, but if you delete the laptop when they want to inspect it that likely is all the excuse they need)

      • @[email protected]
        link
        fedilink
        English
        16 months ago

        Benefit to my org is getting billers to look for untracked time, which would equate to some percentages of revenue increase in my opinion.

        Just need to balance it with security concerns…

        • EzTerry
          link
          fedilink
          English
          16 months ago

          enable for roles with more locked down PCs and tasks the companies hope to automate, and disable on more core mission critical IT…

    • @[email protected]
      link
      fedilink
      English
      26 months ago

      At least in the Enterprise versions, companies will have the option to exclude it from their installations – if they want.

  • @[email protected]
    link
    fedilink
    English
    276 months ago

    The full article is well worth reading. It’s good to find a lucid, logical deconstruction of why, precisely, this will be a complete disaster.

  • Mossy Feathers (She/They)
    link
    fedilink
    English
    206 months ago

    I’m really hoping valve does a public steamdeck OS release. I’d like to replace windows on my PC with Linux and have windows as a backup, but the Linux distro I’m the most familiar with is the steam deck’s distro, and that’s not available outside of steam decks yet.

    • @[email protected]
      link
      fedilink
      English
      266 months ago

      SteamOS is arch based and uses KDE Plasma as the default DE, so you could probably run Endeavour OS and be pretty darn close

    • @[email protected]
      link
      fedilink
      English
      116 months ago

      Check out bazzite.gg

      It is a very beginner friendly, gaming focused distro that essentially aims to be steamOS on PC. It even has rollback functionality if you accidentally break something.

    • Billiam
      link
      fedilink
      English
      116 months ago

      You’re gonna get lots of suggestions, lol.

      I’d say look at Zorin. It’s a Ubuntu-based distro so it has lots of support, and also has several baked-in themes to customize your desktop the way you want it right out of the box. You can make it look like Windows 7/10/11 or macOS without any other apps or themes, which might help your transition.

    • @[email protected]
      link
      fedilink
      English
      86 months ago

      Bazzite has been designed to be an out of the box SteamOS distro. It’s not based on Arch, so if that’s what you’re familiar with then that’s not the same, but give it a try.

  • Bappity
    link
    fedilink
    English
    18
    edit-2
    6 months ago

    thanks Microsoft

    pleasetellmeyoucaninferthesarcasmfromthispost

  • @[email protected]
    link
    fedilink
    English
    18
    edit-2
    6 months ago

    We should have let the government actually break up microsofts monopoly long ago. Now they will abuse it to force millions of Americans to use their spyware.

  • Hello Hotel
    link
    fedilink
    English
    16
    edit-2
    6 months ago

    Microsoft, stop giving me Red Star OS flashbacks. (If im not mistaken, it records your screen and stores it in a police-only folder)