Q. Is this really as harmful as you think?
A. Go to your parents house, your grandparents house etc and look at their Windows PC, look at the installed software in the past year, and try to use the device. Run some antivirus scans. There’s no way this implementation doesn’t end in tears — there’s a reason there’s a trillion dollar security industry, and that most problems revolve around malware and endpoints.
deleted by creator
The damage is mitigated by the fact it only recalls last 3 days by default
deleted by creator
“By default” meaning it can be changed.
Then someone in the company gets their device compromised, and security starts looking what happened on the device that time. “We’d have that data, but it was deleted yesterday because of the retention policy on recall” -answer from that new guy in IT dept. Security then reminds that the company policy requires minimum 30 days retention for all logging of security events.
Forensic data recovery. How many 500GB drives ship to PCs that never use more than 20% of that?
They OCR the entire screen and store it in plaintext?! There is no way… I know it’s Microsoft we’re talking about, but are they really this stupid?
They’re a surveillance capitalism corp first and foremost. All other considerations, including security, are secondary.
Are Microsoft a big, evil company?
A. No, that’s insanely reductive. They’re super smart people, and sometimes super smart people make mistakes. What matters is what they do with knowledge of mistakes.
I have no doubt there are smart employees, but they don’t call the shots. Case in point.
The dude set up a strawman argument, then didn’t even bother to burn it down properly.
Being super smart and super evil are NOT mutually exclusive. Intelligence =|= morality.
Wasn’t Lex Luthor supposed to be Tony Stark levels of intelligence?
Why reach for a fictional example when so many real world examples exist? Just curious because I think of Bezos, Musk, and to a lesser degree Gates as examples of smart people doing bad things. I mean there’s several very smart people that have done good things as well but those are harder to come by. Even people like Alfred Nobel created something he thought would save the lives of miners only for his invention to be used for war. Einstein also did a lot for the advancement of theoretical physics and his work was subsequently used as the foundation of the atomic bomb. It’s actually way harder to come up with a Tony Stark type smart “good guy” in the real world for me because reality is often far more grey.
I don’t think of Bezos, Musk, or Gates as exceptionally intelligent. They are lucky and influential, sure. Intelligent? Musk is automatically out just because of his Twitter feed. The other two haven’t shown themselves to be particularly intelligent, just ruthless and efficient when it comes to generating profit.
As far as the other side of that coin, I tend to agree. Most of the really intelligent people that have existed have been pretty grey morally speaking.
Hence why I went with fictional examples. At least with Lex Luthor, there’s very little grey area in his moral stances.
Gates is insanely intelligent, like demonstratably so. Musk and Bezos are also very highly intelligent people. Do they have terrible, awful, even downright despicable views? Absolutely. But don’t be fooled, all three of those people are incredibly smart with actual high IQs (not in the braggart, “I have a very high IQ.” sense either).
Intelligence doesn’t translate to empathy or wisdom. Some of the least book smart people I’ve met have been profoundly wise at times, and some of those same people were incredibly empathetic. Unfortunately, I think all three of those people (Musk, Bezos, and Gates) are lacking in those traits, but saying they aren’t in fact measurably intelligent is only fooling yourself.
I say this as someone who was raised by a measurably very highly intelligent person who could be, and was, a complete monster at times, and had some really twisted views on the world/other people. Lucky for me I didn’t inherit that innate Intelligence I guess!
Is musk really intelligent? He’s not dumb but honestly seems like most of his success is from buying things and or getting smart people under him who are able to succeed despite his medlling. The ideas he forces through tend to be bad. Giga factory was largely a disaster and he had to relearn manufacturing. Giga casting? Dead. A lot of the super heavy stuff he’s directly influenced failed or are drawing out the timeline as the struggle to address. Cybertruck and semi…
Musk and Jobs are/ were highly effective psychopaths. Not geniuses in an academic sense but incredibly shrewd and calculated.
Gates, Bezos, Zuck, Page and the likes are very intelligent and very confident. Like I wouldn’t be able to one up any of them in a debate, but I wouldn’t be afraid of them trying to destroy my life out of spite.
Hiring smart people and seeing market opportunities and executing on those opportunities absolutely are skills. It’s the same sort of skills Hitler had, where most of the genius lies around organising people around a common goal.
A lot of companies either get the smart people, time market opportunities perfectly, or execute perfectly on a clear vision, but very few do all three at the same time and tend to fail. The first (lots of smart people) run out of money, the second is the “too early” group and their ideas get taken by someone else, and the third spends their resources going in the wrong direction.
Elon Musk wasn’t successful because he knows a lot about electric cars or rockets, he was successful because he saw an opportunity, secured enough funding, hired the right people, and focused those people in the right direction.
You can be incredibly smart in one area and incredibly dumb in others. Elon is great at pitching an idea to get funding, and using that funding to hire the right people. He fails when he overrides those smart people.
These totally normal human beings you sound like you deify…are you their psychiatrist, psychologist, therapist, counselor? Short of those professions or a former tutor who happened to treat all three…
Well, interesting thing to devote anecdotal brain power to, I’ll tell you that.
Yeah totally that’s why I said they were basically morally corrupt and used them as an example of smart people doing bad things… Maybe your judgement is a bit clouded?
As we get older, I tend to agree with the supervillains.
Lex Luther wants a weapon to counter this insanely strong, invulnerable Superman that can destroy the planet … I’m like: Yes we should
Magneto considers mutants superior and if humans wage war, then mutants have the right to wage war back, and win. Survival of the fittest. If I was a mutant, I would be on Magnetos team.
Magneto wanted supremacy, not equality, and was willing to use genocide of non-mutants to get it. And Lex Luthor was a narcissist who was jealous of Superman’s power and popularity; he wasn’t acting for the benefit of humanity, he was acting in his own interests.
Every good villain has mostly justifiable motivations, they just take it too far. Magneto would be justified if he sought equality, and Luthor would be justified if he developed but didn’t use the weapon until Superman did something evil.
The only justifiable amount of force is just enough to neutralize an active threat, and no more.
deleted by creator
I get the security issues, sure, those are valid, but the privacy ones are even worse. Imagine a teenager trying to search information on being gay, or possible intrusive thoughts on their family computer, only for their super maga right wing parent to find it in the screenshots.
Or someone being abused at home and searching for support facilities, deleting history and being outed by recall.
Wait, how about credit card fraud as a result of EVERYONE who has access to this computer can read your cc data?
Or, my husband was looking at jewelry online yesterday and he hasn’t told me, he must be cheating, right? Oh sorry, I forgot, our anniversary is next week… Hahahaha, don’t be upset babe.
Best one ever though, imagine your search history, your porn watch history accessible to anyone with access to your computer? The fucking horrific existence of having an employer process this data at scale using fancy staff monitoring program 7, and run stats on the fact that you had a toilet break while working from home, and they want to know if it was a number 1, or a number 2 so they can work a mean time to shit metric into your KPA/scorecard.
Guys, whatever benefit you think this is. It’s not worth it.
Not that it solves the problem, but since I’m not the King of M$ this is about all I can do: you could easily get around all that by turning off secure boot and booting into a persistant live-usb containing a linux distro of your choice (Tails for extra privacy/ease, if you can use Tor) to do all your secret agent computing needs. The host PC can’t see shit of what happens on Tails.
Edit: lol you downvoted me because I can’t singularly change an entire corporation’s mind and instead offer workable solutions that you could make within the next 30 minutes to mitigate the problem until such time as your plan for Microsoft domination comes to fruition and you can change it back?
Ok I guess, “chump don’t want no help, chump don’t get no help. Jive ass fools ain’t got no brains, anyhow.”
-Barbara Billingsly
Couldn’t you use a separator to make it one line of code? That way it’d be even more dangerous
I did an interview where the candidate said that if it’s one line, it runs in constant time. And they were completely serious. And this was in the context of Python list comprehensions.
They claimed this ran in constant time:
new_list = [value for value in my_list]Whereas this ran in linear time:
new_list = [] for value in my_list: new_list.append(value)We asked clarifying questions, like what happens to the runtime if the list gets really large, and they doubled down.
And this was for a senior Python dev position… No, they didn’t get the job.
Runs in constant time doesn’t ring a bell to be honest…do you mean instantly?
No, constant time means it’ll take the same amount of time whether you have 10 items or 10,000.
A list comprehension will take roughly the same amount of time as a for loop, it’s just syntactic sugar.
deleted by creator
Thanks!
Not sure why you needed to downvote my honest question, maybe the candidate dodged a bullet there, he he he.
I didn’t downvote.
If this was a junior candidate or something, I may have let it slide. But this was a senior candidate, which means they are supposed to be a technical leader for the team. I can’t have someone in that role with such fundamental misunderstandings. There were more red flags than just that one, I also don’t fail people for one gaff (e.g. I just passed a senior that bombed the coding challenge, but it was obvious they were over-thinking it).
Are you… Are you saying EVERYTHING can be hacked with one line of code?
Ever since those Aliens brought us their ancient and mysterious line separator tech, we have all we need to do just that!
Independence day was indeed a great movie. Who would have thought they also use X86 architecture?
Even supposing I didn’t care about the security implications of this, why on earth would I want this functionality? I can barely keep up with all my activities in the present moment, let alone the past. It’s like a morbid and pathological unification of nostalgia and hoarding.
Nah…. Just… just nah. This will never fly in enterprise environments
Not just enterprise. Some organizations handle extremely sensitive information of victims of crimes, survivors of wars, potential political targets, just to name a few. A feature taking a screenshot and registering all of that data is a nonstarter. MS will have to prove that the feature doesn’t run with certain gov clients, the privacy risk is way too high.
On the other end of the spectrum, the vast majority of home users have no idea how to disable this or that it’s even activated. There will be folders of Recall shit filling up everywhere, waiting for someone who knows it’s there to access it.
If any of them access their work data on the Microsoft 365 web apps, it’s now sitting in that folder, and they will not know.
This is honestly the biggest evidence yet of a need for some sort of regulation that certain privacy related things should not be allowed to be activated by default. They should always be opt-in, period.
Enterprise will love it because it will allow them timestamped access to everything their employees are doing during the day.
They will have it set up to alert on a various things…
“So, Bob, you were playing Minesweeper from 9:45 to 9:53, was that a scheduled break for you?”
“Jane, your screen showed no substantive changes from 1:03 to 4:15, you weren’t in a meeting, what were you doing?”
The surveillance would be a double edged sword. If they were to be hacked, all sensitive information that was going through their PCs could be compromised.
They will convince themselves it can’t be compromised. Never under-estimate the stupidity of middle management.
And no one was able to stop the White Star Line executives by saying, “maybe you shouldn’t be 100% sure the Titanic is unsinkable?”
It won’t.
All the crap from MS only affects ignorant home users. (I say that with no criticism - home users often lack significant expertise in this stuff).
Corporate has an IT team dedicated to image building, based on requirements gathering, which is well documented and well tested before it’s deployed to even a small test group (usually us fellow IT geeks get to be Guinea pigs first).
Once it’s been certified, then they’ll deploy to a second, larger group, test and verify.
Wash, rinse, repeat.
Plus they’ll probably start with new hires and anyone with a machine that is falling off lease/aging out. This gives them a little room, in that new hires don’t have any local data (no one should have much in the first place), and people with aging machines can hold onto the old machine for a couple weeks as a fallback, just in case.
I’ve seen it several times, been part of deployment and upgrade teams.
Additionally, they deploy policies to redirect any MS network services to their own internally hosted services - windows is designed to do this, there are specific policies for everything, such us Windows Update services, even the MS App Store. Because no company wants machines pulling random crap from outside the company (they probably even block the access at the network level - I would).
Everything you’re describing is how it should be done. Realistically it isn’t done properly, all the time, and that’s why breaches happen.
Just like telemetry, this can be disabled on enterprise version of their OS.
This will fly for corporations wanting to use it themselves against their employees.
deleted by creator
I cant believe they are including this in enterprise edition too.
They usually keep their dirty spyware out of the enterprise editions to avoid losing corporate clients who dont want their secrets easily pluckable.
My hospital will be freaking the fuck out about this right… about…. Now.
deleted by creator
They may not have a choice, depends on how aggressively they want to push this crap.
deleted by creator
The full article is well worth reading. It’s good to find a lucid, logical deconstruction of why, precisely, this will be a complete disaster.
We should have let the government actually break up microsofts monopoly long ago. Now they will abuse it to force millions of Americans to use their spyware.
thanks Microsoft
pleasetellmeyoucaninferthesarcasmfromthispost
Microsoft, stop giving me Red Star OS flashbacks. (If im not mistaken, it records your screen and stores it in a police-only folder)
It’s basically the same shit at this point
Does anyone yet know how to break stuff like Copilot?
I don’t have Win11, but I also never really trust that MS won’t surreptiously push this kind of thing in the background to legacy systems, and I don’t trust UI toggles within Windows to actually do anything.
Do we know if there are services or files that Co-pilot needs to function?
I keep hearing all the rabble rousing about this from a security perspective, but is there not an incognito mode to the Recall capability?
There cant be.
It literally screenshots what you’re doing every few seconds, and builds a plain text database of any and all text it captures.
Incognito mode is not having it installed.
Hmm that didn’t sound right so I had to look it up. Microsoft says there’s a way to pause the recall snapshot functionality for a set amount of time, like an incognito mode:
Pause or resume snapshots To pause recall, select the Recall icon in the system tray then Pause until tomorrow. Snapshots will be paused until they automatically resume at 12:00 AM. When snapshots are paused, the Recall system tray icon has a slash through it so you can easily tell if snapshots are enabled. To manually resume snapshots, select the Recall icon in the system tray and then select Resume snapshots.
I don’t understand why there’s so much FUD around this product…
You don’t understand why there’s so much fear, uncertainty, and doubt about an on-by-default program that records everything you do? Are you being serious right now?
I find it hard to take seriously anyone who throws the term FUD around with no sense of irony.
Yeah not to be obtuse here, but I think the fear is over sensationalized. I haven’t seen it in person, but it seems like this is a totally new product that is similar to idea of browser history, but adds in some modern features. I would like to check it out.
on-by-default
That’s not correct. Based on the documentation, Windows Setup has an option to enable/disable the feature on first boot.
The documentation also says it doesn’t capture incognito windows and I mentioned in my other comment that you can turn it off temporarily and permanently. It doesn’t run all the time no matter what, like some of the comments have suggested.
Here’s a screenshot of the config page with a simple toggle to turn off:
Windows 11’s Recall feature is on by default on Copilot+ PCs
Disabling the AI snapshotter requires a trip into Settings for ordinary users
Over the weekend, The Verge’s Tom Warren posted (on twitter) screenshots showing Microsoft’s latest Out-of-Box Experience (OOBE), in which the Recall feature can’t be turned off unless the user opens Settings after completing setup.
Now, it’s possible things have changed in the last few days, but I wouldn’t really expect them to based on the last time I used windows. I also didn’t know this before I tried looking it up, so I’ll admit I’m a little biased against microsoft.
But the real question is, what documentation are you looking at where you’re pulling all this information from? Can you provide a link?
As reasonable the concerns are… it seems like there’s quite a bit of fearmongering over software and hardware that haven’t even really gotten into the mainstream yet.
I heard this same argument from people all the time. Until it affects you in a meaningful way to change your mind, it’ll be too late.
