the company says that Recall will be opt-in by default, so users will need to decide to turn it on
Too fucking late. I’ve already installed Bluefin on two machines and Bazzite on my gaming machine. I’m not going back.
Already installed Bazzite on my Legion go with my laptop and desktop next. No reason for me not to continue putting it on my devices just because they are going to rework it. Recall is always going to be a major security risk despite a few extra measures. They have definitely shown they can’t think about these things. At least there was a heads up on this one for people to point out obvious issues, but that won’t always be the case.
So, between the inherent security nightmare that is this feature and the myriad of other things in Windows that push ads, steal user data, and generally make the simple act of using the computer less secure, when do we give Microsoft an APT designation and start treating them as the world’s largest vendor of malware on the planet?
I think you should take a calm and sober look at what Microsoft actually does.
You may be right, I don’t know, but what I do know is any time I ask people for facts I get “read the end user license agreement” which is typically the furthest from factual a lawyers will get (it’s filled with claims that are designed to not hold up, but give a legal leg to stand on for other moves) or “remember candy crush!?!?” But few things in the realm of concrete facts.
The candy crush thing, or more generally the fact that since Windows 8 they preload third-party applications, is a relatively speaking small problem. However, the fact the specific applications that get preinstalled are based on a targeted advertising profile for the user signed into the PC, assuming you sign in with a Microsoft account is a bigger problem. While I’m sure they take every possible effort to make those profiles anonymous the data in aggregate is impossible to anonymize. There is a setting in Windows to disable that data collection, at least for advertising purposes, but it gets toggled back on “accidentally” after some updates.
They also have a number of features, like copilot (the chat bot), previously they had Cortana, that do similar kinds of data extraction. Mostly, in order to actually process the user request, but also to be used to train the model. They store it in an anonymized form, but again, it’s impossible to actually do that in practice.
That’s just two things that are installed and enabled by default that: collect user data for, what I and many others find to be unwanted purposes, don’t give the user the option to disable that data collection (only limit it), and seemingly doesn’t even consistently respect the users choice in that matter. That is by definition spyware.
They also place advertising on the desktop for things like OneDrive subscriptions, MS Office, and other paid Microsoft services. Those preinstalled apps I mentioned before are effectively ads for those applications, many of which are paid apps or have paid components to them. That is by definition adware.
Spyware and adware are forms of malware. Which makes Microsoft a malware vendor.
And when you make hyperbolic comparisons between people who actually make malware that actively destroys people data or is used for identity theft etc and a company advertising it’s own products within it’s own product, I think that makes you a bad faith actor.
Do I think either of the things you listed are good? Absolutely not, I only still use Windows because I’m technical enough to disable most everything I find objectionable and that level of effort is less than making Linux work for me as a daily driver. But this is like when the Linux nerds started calling Ubuntu spyware. If you accept a definition so broad most companies fall into it it becomes useless and so bereft of nuance it actively damages the efforts of those who want change for the better.
“It’s not spyware if the spying isn’t criminally used” is one school of thought, I suppose.
Frankly I agree with the other individual that spying for reasons legal or otherwise constitutes spying enough to say the ware that does it fits the description of spyware. Idgaf if it was only spying on me in order to give me free ice cream and it just wants my favorite flavor, that is still intrusive and I don’t like it. If they want to know something they can ask and if I want to tell them I will.
still dont understand why you would ever want to save screenshots of your desktop and also waste disk space
The AI scans all those screenshots visually and tags them for search later so, for example, an artist could open a file they don’t remember the location of from thousands of folders by typing text describing it. That’s actually awesome. I imagine lots of people could come up with really useful ways to use something like that. I mean, if it wasn’t an Orwellian nightmare.
Yeah, it sounds like it might actually be a useful feature if it wasn’t impossible to do it securely and in a privacy respecting way.
I don’t know about impossible. I could see this working on a Linux distro with a local model doing all the work and storing it encrypted locally. Buuuuuut, it still feels risky! That’s a giant traunch of juicy, searchable data that just begs to be stolen.
To be fair to Microsoft, this was a local model too and encrypted (through Bitlocker). I just feel like the only way you could possibly even try to secure it would be to lock the user out of the data with some kind of separate storage and processing because anything the user can do can be done by malware run by the user. Even then, DRM and how it gets cracked has shown us that nothing like that is truly secure against motivated attackers. Since restricting a user’s access like that won’t happen and might not even be sufficient, it’s just way too risky.
Features like this can almost never be privacy-friendly because they’re developed expressly to violate your privacy. The value it provides you , as cool as that could be, is just how it’s sold.
I can definitely see the utility in the feature, it’s just that it, conceptually, is such a security risk that it’s simply not worth it, even ignoring the data harvesting/storage penalty.
You enter a discussion and you need to refer to an article you know you’ve read but can’t find? Now you can find it. You want a backpack and remember seeing one you liked but can’t remember where you saw it? Ask it to show backpacks you looked at - great now you’ve tracked it down in seconds rather than spending half an hour.
But yeah, the security and privacy implications of this are so bad that it’s really not worth the tradeoff.
To get the idea of always being watched into your head !
Literally 1984. No, like, literally literally.
Sounds more like a way to push Microsoft accounts and Windows Hello than consumer oriented.
The Microsoft accounts are already required (without resorting to increasingly convoluted methods) and I think the hardware for Hello might be too now for OEM built computers, I’m not sure.
I mean, technically Windows Hello also includes signing in with a PIN or passkey. It doesn’t require biometrics, although it does support them.
Why would anyone opt in to this? What is the point of it?
It’s like an automated tipofmytongue but for everything you do on your computer.
So that you can find that one porn video you watched six months ago that really got you off but you don’t remember how you found it.
Oh, yeah, thanks for these researchers to have provided insightful feedback such as “don’t record private activity”, “don’t store data in a plaintext user-accessible sqlite database”, and “don’t do that automatically to everyone elligible, what are you thinking no stop”. No way anyone could ever figure these out beforehand. Microsoft was totally stumped when these showed up and most certainly is very honest when they say they’re reworking it now, and not at all abusing the PR outrage to slip us something as bad in the meantime.
they needed researchers to tell them that?
Well . . . the smart people they ignored when CoPilot was first proposed.
Internally people probably talked about how there were huge issues. Others probably said those issues are over stated and it’s no big deal. They decided to release it and the press says there are issues. Then, the company decides there are issues. That simple.
Having been the guy in an org shouting not to do something only for it to come back to us this way, the finger-pointing that begins is nuts. Often the people who tried to stop the “feature” from rolling out are the first to get blamed for it being shit.
Classic CYA, make sure everything you said is in writing somewhere.
I have as well. I won’t pretend I’m always right - I’ve thought some ideas that worked out incredibly were horrible. Also had the situation you describe happen. It’s okay when you’re working with reasonable people. Show them the slide deck, the email, the analysis, whatever… “Look you didn’t approve this”. "Here is an alternative ". That can work.
Just telling folks “I told you so” isn’t usually a great form of communication.
It’s PR bullshit to give an excuse for backtracking basically
That’s just what we call people spending some time to figure something out. Security research is basically just trying to learn the technology and then trying to break it.
it did not take me long to figure out that maybe spyware that takes screenshots of what you’re doing is a bad idea
Agreed but someone actually tried it - did the research.
“the company says”? and you believe them? why?
Opt in just like Microsoft accounts…right
Something something cake day.
I feel for the hundreds of engineers at Microsoft who have been yelling about these security issues since day one, but cannot say “I told you so” because they’d get fired.
I survived a similar incident, telling our CEO at the time “you know our product can’t do that, right?” I had to show my receipts, present usability studies, and faced incredible pressure, but 2 CEOs later, I’m still here… :)
Document everything. Keep good notes. You never know when it will be useful.
Sure but at Microsoft they fire people based on dice rolls
Or no dice rolls! “Bad luck, you! Bye!”
Cave Johnson intensifies
This is exactly what I was thinking. There are plenty of smart people that work there that would have said something before release. They were told to not rock the boat by the yes men and now Microsoft has to backpedal and pretend no one there thought about THOSE implications.
I can never again log into my email or other private account on someone else’s computer.
I mean, it could always have been compromised and had some kind of keylogger or something installed.
But with Windows 11, you are sure it’s compromised.
To be fair the possibility of compromise was enough not to do it. Being sure of compromise doesn’t change that math all that much.
That’s the Microsoft™️ Guarantee!
The damage to their reputation is already done.
Don’t be so sure. This forum is a bubble, 99% of Windows users have never heard of this feature in the first place let alone any of the details about how it works.
99% of windows users don’t update anyway.
Windows Update is automatic by default.
Normies noticed when MS took away the start menu in W8, but didn’t notice when W10 shipped with a ton of spyware “features”.
With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.
I doubt they can do much with last-minute changes. It being opt-in is better, at least.
our review units of the new Surface hardware are being delayed by a week or so, presumably so Microsoft can update them.
GROAAAAAAAN. I just want to see proper benchmarks of Qualcomm’s new chips and they keep delaying it despite the laptops releasing later this month.
Yeah, right? The biggest bummer of this entire stupid thing that should never have existed is that it’s overshadowing perhaps the most exciting hardware launch on Windowsland since the original Surface. I am VERY interested in seeing if Windows on ARM is viable this time, and as a longtime Windows 2-in-1 user I am incredibly excited about the prospect of a similarly performant version that doesn’t need to be plugged in basically at all times.
But because MS can’t come up with a feature without shooting itself in the foot with a bazooka we’re all here talking about the stopgap they had to implement to save face while they wait to be able to quietly kill this dumb thing for good. I swear, they are incredibly bad at this.
The average person doesn’t even know that new hardware is coming because the only thing MS is advertising is “AI AI AI AI AI AI AI”. Is that seriously more appealing than saying “hey our new laptops have better performance and 2x more battery life than older laptops”? Because I’m feeling the latter is what they should’ve leaned on.
I’m torn about the marketing, because a) MS clearly wants to own “AI”, and they do have the cheapest, best version of multimodal chat at the moment, and b) I do think to normies it’s more marketable than “we did the MacBook Air, finally”.
On the other hand, I 100% agree with you that I give zero craps about their stupid certification for 40 TOPS on laptops. I already own things with GPUs in them and I use very little in the way of LLMs or image generators, and certainly not offline, so the battery life and the matching improvements in weight are THE feature for me.
I mean, it doesn’t really matter either way, the market is what it is, and I get to use the devices the same way regardless of how they’re marketed, so sell whatever you have to sell. It’s still fascinating and kinda sad to witness the self-sabotage, though.
Best Solution is to not use Microsoft, i just setup an old Laptop with Linux Mint to see if it can work for my requirements.
If all goes well ill just use that for my main pc.
Good luck! If you need any help typically there’s a stackoverflow somewhere out there with the answer to your problem and if not, linux communities are typically decent about helping these days. Welcome to the club!
Anyone who trusts Microsoft for anything anymore will get what they deserve.
