The fact that it ensures to not take a snapshot of DRM content but also explains that it doesn't hide PASSWORDS in snapshots is INSANE to me!
God forbid it takes a screenshot of Bridgerton but my bank account password, that's fair game!
I don't understand why people have such a big privacy issue with this. It all happens on your device.
I understand being concerned about Microsoft using it to target ads or moving it off device in the future But the four scenarios laid out in the article don't seem like a problem.
You're using a public computer
You're using a work computer
You're using a shared family computer without a password protected profile
Your computer gets stolen
You shouldn't expect privacy on public or work computers. For all you know, they could already be doing this.
Ditto for a PC where you share an account with other people.
And if your laptop is stolen and they have your passwords, you're fucked anyways.
"It's already bad, I don't see why making it worse is a problem. It's just one more thing to worry about."
There's more at stake here than passwords. These repeated screenshots are essentially a slow, silent video of all computer activity. That has far more information than you may think it does. It compromises HTTPS content, it records data that otherwise would only be in RAM, ...I could go on.
Please do go on, I am curious - what exactly is the threat you are seeing here?
Total, constant, omnipresent surveillance feeding an AI model of every single individual that is so powerful that it can persuade us deeply and without our knowledge.
Note: this is basically already happening.
It's just the sad tripling down on advertising technology being our most advanced technology.
advertising technology being our most advanced technology.
This is a huge distinction I want to point out: Nothing anyone has done in the past twenty years has been to make advertising more effective, though that is what is often claimed. The system however, only works towards making advertising more profitable to Google and Facebook. Everything else, including advertising effectiveness, has been slaughtered at the altar of "Gotta make line go up" inside Google and Facebook.
Both companies benefit greatly if the amount you spend on advertising goes up because it's not as effective as it used to be.
They also run most advertising as explicitly adversarial instant auctions, meaning the ad that runs before your Youtube video isn't the one most likely to get you what you want, or fix a problem you have, or even please your dopamine system, but rather the ad you see is primarily driven by who spends the most. This means that every midsized company that is so stupid as to misconfigure their advertising run will run a lot of ineffective ads, while the lean company doing innovative things locally who can only afford a "reasonable" ad spend will end up running far fewer ads.
The system empowers those with deep pockets and silences those without. Intentionally. This also makes it pretty easy to keep your new competition from getting any oxygen in a market.
I believe Google says that they include other things in the bidding process, including a specific claim that if you run a shitty ad that nobody every clicks on, it will be down-ranked in the ad auction, but they have billions and billions of reasons to not do that as effectively as they could. They are financially motivated to make advertising less effective and more expensive for consumers and producers alike.
Everyone who has ever worked on ad-tech has made the world a worse place to live.
Project Wonderful was alright.
The worst part is that this is our best and brightest, the ones who could have done so much more.
Okay. Let's talk specifics.
I log in to an end-to-end encrypted chat with a family member. We talk about life and the subject drifts to plane tickets we already bought for next month and how the neighbor across the street isn't going to be home until the end of this month.
The thief who stole my laptop now has also stolen a recorded conversation along with my passwords. Now they know when two houses will be empty. This would not have happened without pictures of my screen being taken frequently.
So this thief has access to your filesystem, therefore your machine's passsword? You can't just pull out the hard drive and put it in another system, at least not with even just decent practices.
But the thief will also have your browser history, any saved passwords, and so on?
Obviously Microsoft isn't going to sell their profile of you to petty thieves. But they probably will sell it to at-scale-grifters looking for marks or fascists looking for dissidents.
Thanks for coming up with a specific scenario for me.
I do agree that the outcomes in this case might be worse than an alternate universe without the recall feature.
That said, if someone steals my laptop and can log in, I am already pretty fucked. There are so many other ways they could get this or other information, from email, calendars, etc.
I don't suppose you know any survivors of domestic abuse. If you do, ask them.
Even without everything else, a big threat vector is people not knowing better who have it on, and then give access to their machine not realizing what they've done.
Getting your doors kicked in because you posted "disinformation" on the internet, or said something "unpatriotic" to a rando on the street and got reported to the cops. You won't have time to lock your computer, or if you do, the password will be pulled out of you with pliers, along with a couple of teeth. It's a daily reality in some parts of the world, including my own country and another one where I have many friends.
I don't understand why people have such a big privacy issue with this. It all happens on your device.
It's not hard to imagine situations where this complete and total information package can be exfiltrated or otherwise abused. Roommates, stalkers, one night stands, domestic govt, foreign govt, domestic hackers, foreign hackers, computer repair techs, employers (seizing a personal device), etc, etc etc.
There is no scenario in a free society where this should be allowed or tolerated.
What else should not be allowed because of it possibly being abused?
Should I not be allowed to use a password manager because it would be problematic if my roommate or one night stand copied it?
This isn't fundamentally different to any other feature.
Should I not be allowed to use a password manager because it would be problematic if my roommate or one night stand copied it?
You are free to use or not a password manager. What ms is doing is shoving things by force. It's not an opt in feature, their OS is becoming something ugly fast
This just pushes the question, what else should be opt-in because it could be abused by someone given full access to your laptop? Saving browser history? Persistent logins? Shell history? Document recovery? Spotify listening history?
This is why Windows has the "airtight hatchway" beyond which security against the user accessing their own data stops applying. Inside your login is by construction where your private data goes. Adding more of it shouldn't matter as it's all protected as the same. Like I agree that this feature is annoying but it's not a security risk, Windows promises no security against yourself.
This just pushes the question, what else should be opt-in because it could be abused by someone given full access to your laptop?
Everything? I don’t understand the question. It’s obviously everything.
There is no scenario in a free society where this should be allowed or tolerated.
yes there is, I think you're lacking imagination. such a vision does require re-imagining a lot of what society is, and even of how we undertand ourselves relative to our many groups and super-groups which we belong to
the only place where such a thing leads is authoritarianism.
Or a surge of competition from open source operating systems (to which I, for my part, have permanently migrated -- years before this new stride toward dystopia). :D
Does an open source OS have an AI watchman? You can check! If yes, you can fork and remove it.
All that's happening here is the lack of control over your hardware and software is being emphasized a little further. Put another way, you already live in totalitarianism. Microsoft or Apple have de facto totalitarian control over your computer. They always did.
Perhaps you have lived a charmed life. Stable government, never gotten on the nerves of power brokers, no former friends with abusive tendencies, never been a refugee of state actions. And you, nor those you care about, do not expect to be on the receiving end of any of that.
Then having less and less privacy is fine. And it's perfectly reasonable to trust Microsoft to implement this tool with honesty and care.
I do live a charmed life by those standards but my point is that it isn't a privacy issue at all to me.
Storage and processing happens on your device and it is encrypted, so I don't see how this feature makes my information less private at all.
It seems like the actual issue people have is that they don't trust Microsoft or they don't trust the government/people/everyone.
Which is fine and understandable, it just isn't related to privacy.
Storage and processing happens on your device and it is encrypted
Microsoft controls this entire process. They could easily send copies back to "the mothership" like they probably already do with the processed results.
It seems like the actual issue people have is that they don't trust Microsoft or they don't trust the government/people/everyone.
Whether or not this invasion of privacy is cause for concern depends on your level of trust. But it is still a privacy issue.
Microsoft controls this entire process. They could easily send copies back to "the mothership" like they probably already do with the processed results
Microsoft controls the whole operating system, they can already do whatever they want with your data. They could be sending screenshots back to the mother ship already.
I can understand why people may not trust them but they already have the keys to the kingdom. This new feature isn't any more or less private than Windows already is.
Person trapped in abusive relationship gets forced by abuser to show their computer activity which exposes their attempts to reach out for help. The fact that the recorded history exists means that it will be used for harm.
Should we throw out the browser history too then? And whatever logging your router might be doing.
And probably ban the software you can already install to monitor someone's computer activity.
Isn't this argument just the classic "think of the children" dressed up in new clothes?
or they don't trust the government/people/everyone. Which is fine and understandable, it just isn't related to privacy.
You can't possibly believe that. What am I missing here? Can you explain why this doesn't have everything to do with privacy? In order for it to not be relevant to my privacy, I have to trust the software spying on me and that Microsoft and the government won't use it against you if it benefits them in some way. I do not trust that, even though I also live a charmed life relative to most people in the world, I think. That doesn't mean I haven't read how, historically, government and other people of power are not to be trusted any more than absolutely necessary.
I don't understand why people have such a big privacy issue with this. It all happens on your device.
For now. It's not hard to predict that, sooner or later, Microsoft will want to send that information to be processed somewhere in the cloud (and of course, they will say that it's encrypted in transit, and will never be shared with anyone else...)
There's also a more fundamental issue: absent explicit recording, we treat everything that's output to the screen and speakers as ephemeral. Recording everything by default changes that paradigm. It's like having a hidden camera permanently recording on your bedroom: it's a place where we expect privacy.
You shouldn't expect privacy on public or work computers. For all you know, they could already be doing this.
They could, but they shouldn't. It's like a hotel room: for all we know, it could have a hidden camera permanently recording everything that happens in it, but we still consider it a serious privacy violation when that actually happens.
And if your laptop is stolen and they have your passwords, you're fucked anyways.
My laptop being stolen doesn't currently mean that the thief can know exactly what my screen was showing a couple of weeks ago.
It's not hard to predict that, sooner or later, Microsoft will want to send that information to be processed somewhere in the cloud
I really don't believe that. It reminds me of the hysteria about Windows 10 telemetry (remember when people called it a keylogger?). Putting it in the cloud would cause huge backlash and brand damage. But somehow they're getting that backlash despite not putting it in the cloud.
absent explicit recording, we treat everything that's output to the screen and speakers as ephemeral
Computer forensics experts would like a word. Your past activity has never been private from "yourself". The added privacy risk here is highly marginal. If I steal someone's laptop, I can Rewind and see what was in a PowerPoint slide they opened 2 weeks ago. But that PowerPoint is almost certainly still on the local drive anyway, so that makes no difference.
You can also rewind and see their whole banking workflow. Or you can rewind and see that they like people of the same sex and that's a death penalty in some place, etc....
You bring up a good point about making previously ephemeral activities recorded, I can see why people would take issue with that.
> There's also a more fundamental issue: absent explicit recording, we treat everything that's output to the screen and speakers as ephemeral.
This is very much like why it feels quite different to have automated license plate readers tracking and recording where your car has been - even though that is clearly public and visible by the fact that your car is driving down public roads.
I think it would be more likely that they would process it locally and let it extract lots of info at -your- expense and then upload that info,probably would result in 1000x less processing and storage expense. Also a lot of people are overlooking that we in the USA are facing an election in 6 months that could easily be the end of democracy in America and rise of an era of fascism where privacy means absolutely zero. Thus, we failed to think of the consequences of not voting/standing up for liberty and will pay a heavy price.
It’s trivially easy to turn this into an unprecedented surveillance mechanism.
If that happens, I wonder if future generations will believe us when we insist that wasn't the intention; We just wanted a helpful AI that takes pictures of what you're doing every 5 seconds in case we forgot what chinese food place we like.
"We" didn't want anything. Microsoft just makes decisions and most people have no choice but to go along with it.
Pick any word you want. I don't care and that's not the point of my post.
given the open source and proprietary implementations of this elsewhere, people actually do want this feature, even if you don't.
Can you explain, down to CPU instructions and network packets, what it is that "happens on your device"?
If the answer is anything else than "yes, I'm the absolute world authority on that" then you don't know how or whether Microsoft is respecting your privacy (same reasoning goes for Apple, for Google, for mobile phone radio stack, …).
Isn't this just a general argument against closed source software and nothing specific about this recall feature?
If you don't trust Microsoft then yeah I can see why you wouldn't want this feature but you probably aren't using Windows in that case anyways, so it is a moot point.
Up until recently, regardless of the source accessibility, certain things were just impossible. For example, a computer could not universally interpret and categorize what you’re using it for. Now it’s entirely possible, so naturally people’s attitudes change.
There are those of us who care about our spouses/children/family/friends and what this means for them, even it doesn't directly affect our daily lives. There is nothing wrong with our being concerned about that, and it doesn't make our opinions on the matter invalid.
It all happens on your device.
any garantee on that ? or that will not change one windows update or two down the line ?
Just depends on whether you trust Microsoft or not, and I already mentioned in my comment that I understand concerns about the on device part potentially changing in the future.
Files are stolen off of systems all the time.
There is an unknown, but not zero, number of zero day exploits available _right now_ to do precisely this.
This is very much "cart before the horse" corporate thinking.
It's easy, I don't trust them. They can promise that it's local all they want, I don't trust them.
If you get hacked, the hacker has a video record of the last 3 months of your life. Passwords included. Surely that can't be hard to understand?
If I trusted Windows's security. If I trusted (the competency or integrity of) Microsoft developers. If I trusted this to not get swept up in telemetry, or accidentally left in some never-to-be-cleaned tempdir. If I trusted Microsoft to be able to develop Windows features that were actually entirely disable-able or removable.
If all those things were true, then meh, fine. But for me, none of them are true, and it makes me truly happy to already be a happy Linux user.
There are some things that a small startup like Rewind can do, that a large company like Microsoft can never get away with.
It's more in the feelings space than rational space, just like privacy in general
“there are so many attack vectors, what’s several more?”
I wish we could fork windows 10 and put whoever’s working on vscode and half of OneNote in charge of it.
you shouldn't expect privacy on public or work computers. For all you know, they could already be doing this.
It might be something I should expect, but I'd still slap my laptop over the head of my superiors if I found out that there was scren recording on employee computers. Regardless of whether it's legal, and regardless of whether I signed a form saying I understood that this was within their right. Any manager or corporate IT person who doesn't understand that actually implementing that would mean severe risk of being slapped in the head with laptops is clincally insane.
I agree there shouldn't be much privacy outrage for this particular windows feature so long as this is a local-only feature and I can disable it.
It all happens on your device.
I am not at all confident that this is true. If we take Microsoft at their word, the raw data is stored on your device. But is processing ever done on Microsoft servers? Are the results of that processing ever sent to Microsoft servers?
Given that Microsoft is pretty aggressive about moving Windows to being an OS-as-a-service, it's hard for me to think that all the data Windows handles stays on-device.
I love how Windows Recall is essentially just a clone of Rewind that I’ve been successfully using to fight ADHD for a looooong time on macOS. If it’s remotely as useful…
Yeah, folks are so doom and gloom about a product that, if it was made by anyone other than Microsoft who attracts all the blogspam hate, would get articles like "How this startup is using AI to help ADHD sufferers." People really need to stop falling for "<Household Name> Does Thing, Here's Why It's Bad" outrage bait.
There's nothing hypocritical here. There are lots of things that are harmless/beneficial when you choose to do them which become sinister once they're enabled by default.
Well yeah, which is why you have to specifically go out and buy a "Copilot" computer that prominently advertises this as the reason you would want it. Does that meet the bar for disabled by default?
It seems really implausible that someone would find themselves using one of these PCs and not knowing it.
Given how heavily they’re pushing these AI features, I have to assume in a few years all mid to high end offerings from virtually every big brand will be a Copilot+ PC (MS is still the king at naming things btw). After all the only differentiator is a NPU.
Very plausible. I'm pretty sure the vast majority of purchasers have only a dim notion of what RAM beyond more==better is, let alone "Copilot". Especially if it is marketed as a feature, which it is.
I would also add scale matters.
Some minor % of the population doing what they want? Eh, who cares, thats called freedom.
A large chunk of the population having their experience changed in a very important manner by default is a whole other ball game.
See what the community thought of Rewind for yourself, then: https://news.ycombinator.com/item?id=37744213
That's about the Rewind Pendant which you're physically wearing, not Rewind the program.
The program was received no better.
If it were some random startup that was going to be gone in 2 years anyways I wouldn't have to worry about being opted-in without my knowledge.
It does matter more because it's Microsoft doing it.
Make absolutely no mistake, when the average startup has failed and investors come for its assets, they sell any user data they can.
The acquisition of valuable user data is frequently used as a bargaining chip during funding negotiations.
Blogspam hate has a higher quality than the advertising Microsoft shows on their Edge startpage. Sometimes trashy things deserve trashy criticism.
FWIW, "startup" is almost just as bad as "Microsoft" in this headline. Hell, I'd trust Microsoft more with my ADHD than a random startup, because the former is a large legal and media target and has a lot to lose, while many startups - including a lot of well-known ones - are glorified fly-by-night operations that, even if they won't screw you outright, will disappear in a couple of years (whether by shutting down or getting acquired), leaving you with sunk costs and no alternatives (well-funded startups tend to suck out air from the space they're operating in before disappearing themselves).
That it's Microsoft doing it is a big part of the objection, true. It's not unreasonable. Microsoft doesn't exactly have a great reputation when it comes to data collection and the like for good reasons.
you probably installed that and activated by choice. This will be installed, turned on by default, and most users won't be aware that it's running there spying on them without any notice for a hacker/spouse/cop/${bad_actor} to use against them.
To me, this actually sounds like a nice feature, if you have full control over it, i.e. you are sure all data stays on your device, it's a local AI, etc. And also, you can easily enable/disable it, and you can easily see its current state. E.g. maybe a small red dot in the corner which indicates that it is currently enabled, and clicking on it will switch it off to gray, clicking again enables it again. And of course, Recall should be disabled by default.
I actually did exactly this for myself for a while: A script took a screenshot every few seconds and dumped it into a DB. I had a few fun ideas and projects based on this:
* https://github.com/albertz/png-db: Store multiple PNG files more efficiently by sharing common data. This gives a compression rate of about 400-500%. (Maybe Windows Recall could use sth similar?)
* https://github.com/albertz/screenshooting: Scripts to analyze the screenshots. E.g. I wanted to collect the amount of time I was having coding in Eclipse. It was a reason to play around with OpenCV.
Regarding logging the time, I later developed a simpler solution: Some script which records the focused app window and its opened content URL: https://github.com/albertz/timecapture
I came here to post "Am I the only person who thinks this is a good idea?" I guess you do too. I like the idea that I can go back and see what was on my screen at some point in the past.
I think with the focus on passkeys, we can worry less about snapshotting passwords.
IMO, maybe they need a way for documents (that have passwords) and windows (for password managers) to flag that they should not be snapshotted.
How much do you like the idea of Microsoft having a copy of everything you ever display on your screen, in perpetuity, for their gain as they see fit? Does your stance change if you consider the probability of that data remaining secure on their cloud approaching zero over time?
They don't. It's stored on your computer. Go read the article.
(It's not like MS downloads everything on your hard drive.)
Yeah, and I've got a bridge to sell you.
Do you have any evidence of Microsoft doing similar spying tactics?
If you don't trust your computer's supply chain, (hardware, software, internet, services,) you shouldn't use it. I don't trust Microsoft any more or less than any other vendor, and that includes open-source.
With automatic updates, anyone (hardware vendor through drivers, software vendor) can backdoor you and grab all that information. We're even finding backdoors in (gasp) open-source software now.
I don't trust Microsoft and I don't use their software. When they say this data will be secure, they mean they're going to stream it to their servers and look after it with the industry standard security of "whoops, we left the door unlocked again".
The main issue is not that "Microsoft having a copy of everything you ever display on your screen", the main issue is that they will sell it to other companies and government agencies.
I like the idea that I can go back and see what was on my screen at some point in the past.
Never once I thought "Wouldn't it be nice to rewatch what I've done on a particular date and time?"
But I certainly have wanted a particular command I entered in a shell (solved by shell history), a version of a file (git, backups,...) a site I've browsed (bookmarks, history,...).
This is a non-solution for a problem that doesn't even exist. It's like asking for a camera to be pointed at you 24/7 in case you forgot where you put your keys.
Have you ever scrolled back in your shell window or looked at your browser history?
Heck, every once in awhile I dig into Google Maps to see where I was on a certain day. (You do know that Android phones track where you've been and you can look it up, right?)
It is an existing product also: https://www.rewind.ai/
Obviously it can be used for specific purposes. However this is a universal, omnipotent snapshot film of everything you do which will be readily available for hackers and hostile government officials, and there likely won't be a way to remove it easily if you hate that sort of thing. Probably have to write a script that monitors the files and deletes them, since MS has a knack for restoring things you delete by hand that they want you to keep for their benefit. Or they'll make it core to the system so you can't delete it without breaking the OS
Microsoft states that "Recall snapshots are kept on Copilot+ PCs themselves, on the local hard disk, and are protected using data encryption on your device and (if you have Windows 11 Pro or an enterprise Windows 11 SKU) BitLocker." From the wording here, that looks like your snapshots will only be encrypted if you have Windows Pro or a business Windows code.
I don't think that's what their main page is saying, but it is ambiguous enough to be confusing.
For reference, the quote being referenced is "How is your data protected when you use Recall?" on this page: https://www.microsoft.com/en-us/windows/copilot-plus-pcs?r=1...
The parenthetical after the "and" is throwing people off. My interpretation of the sentence is that recall snapshots are protected using data encryption on your device, no matter the version of Windows 11. However, if you have Windows 11 Pro or the enterprise SKU, you gain the additional level of protection of using Bitlocker - which could mean that the key to encrypt those snapshots lives in the TPM (or not). It's just too ambiguous and needs clarification.
The support page for Recall (https://support.microsoft.com/en-us/windows/privacy-and-cont...) provides some clarification in this area that drives the point home:
Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11. Recall doesn't share snapshots with other users that are signed into Windows on the same device. Microsoft can't access or view the snapshots.
The data is still being recorded and saved. For example, it could make my security weaker by recording a password briefly displayed on screen. Now there's a second copy stored elsewhere on my computer than the password manager.
Also, that only mentions the snapshots (the images) themselves. It feels like its leaving them an out for data pulled from the pictures or summaries of locally processed data.
I do not disagree with your sentiment - I am just pointing out that a lot of articles are misrepresenting some important aspects of the discussion
Fair. It's important to have the facts straight.
Yeah I have no doubt they would use the data gleaned from the images. All the data generated from processing the screenshots to be useful to the user would be just as useful to third parties. More useful than the screenshots themselves, in fact. I haven't heard anything about promises to keep the extracted information locally.
Why waste bandwidth to send snapshot when the local AI can detail user activity and send a report to Microsoft?
Exactly, few kilobytes here in there on your activities will not be felt on your end, all while building a profile on you. Fun stuff.
Device Encryption and BitLocker use the same encryption, BitLocker offers more options for key management.
If you login to a Windows Home machine as admin with a Microsoft account, then the key is stored in the TPM with a recovery key in the Microsoft account. Before that, the key is stored in plain text on the drive, meaning it's not really secure. There's no option to save the recovery key onto paper or a USB key.
So, they are really just saying the data is stored on your hard drive, which follows the usual hard drive format of Windows.
I had the same response and emailed the author.
Misinterpreting it does help your argument when you're against it though.
If we lived in a sane world we would've long since split these psycho-filled gigacorporations like M$ up into a trillion tiny little pieces, but alas we live in a world where gov'ts let them do whatever the fuck they want with no repercussions.
What depresses me the most is that many governments and corps are using M$ products. I recently got approached by a recruiter from one of the largest gov't agencies in the Netherlands, and they sent me a Teams link (itself horrible software that is barely functional), requires me to make an MS account to access some docs shared via 365, and as far as I could tell the machine you're given is a Windows machine without the possibility of using linux on it.
Splitting them up would demonstrably slow progress and leave us with less useful computers.
"Less useful" could also mean "more focused," which might just be a good thing.
I'm a big fan of "the bazaar," but it requires a lot more cognitive load and a lot more legwork to patch together how to do things.
Living in the Google ecosystem means a lot of your services are integrated, and that's actually pretty great. Docs knows about email. Email knows about photos. My mobile device knows about all this stuff.
Those ecosystems are not just the software units, they're the integration. And I've done enough decades of running my own bespoke GNU/Linux-derived distros to know that the integration is an extremely nontrivial lift.
There's a reason people keep checking into these software hotels instead of building their own shacks in the woods, even if they don't own the walls. I don't think users will be particularly happy with those who force them to live in the shacks, and the idea that they now own the peeling paint and malfunctioning floorboards will be cold comfort.
Right you are, shadow government
Check the profile.
demonstrably
Please do share the examples that demonstrate this.
slow progress and leave us with less useful computers
Given the way tech companies exploit all of us, I’m not convinced that would’ve been a bad thing. For all we know, that could’ve caused societal progress, which is considerably more important than the “innovation” we get of being able to watch 4 second ads in 10 second videos while sitting on the toilet.
Your username, that's the spirit.
WELCOME TO THE REAL WORLD
Super invasive IMO. Passwords, personal emails, banking information. Yikes!
But not DRM content. The system will recognize and avoid screenshotting that.
Banking details? Fine.
Passwords? A-OK!
Copyrighted content? STOP, YOU FOOLS, BEFORE YOU ANGER THE MOUSE!
This whole thing is dystopian, but making it a priority to avoid DRM controlled content is wild to me. The screenshots are ostensibly a cache, which is part of how video is displayed anyway. Is avoiding caching a 6 frame per minute cache really a higher priority than all of the privacy this undermines?
You haven't been able to take screenshots of DRM controlled content for as long as DRM controlled content has existed. That's what makes it DRM. This technology isn't doing anything special at all. If you wanted to develop it for Windows, you could, and it would work the same way.
This doesn't sound very likely. In order to show pixels on a screen, something has to write those numbers somewhere. Screenshot should be writing those pixels to a file as an image format, not consulting whatever programs are running to ask if there are areas that they don't want to draw.
The pixels are literally encrypted on PCIe on their way over to the GPU, it's quite draconian. Been this way since Vista ("Blu-ray is a bag of hurt" - Steve Jobs)
That is a crazy thing to do! Looks like it's windows specific at least.
This is rank populism. You're implying sinister intent, when the technical and legal constraints that resulted in that should be obvious. You already can't screenshot DRM content.
That might suggest that we have sinister copyright law. Aside from that I am pretty sure that this feature will threaten to violate a full battalion of privacy laws.
It's not only a privacy headache but will most likely impact performance as well. Especially on a low powered ARM device, I can imagine the user experience being pretty terrible. Strange that Microsoft is getting into hardware again, you'd think they'd have learned their lesson by now. Every tech company I've worked for that pivoted into hardware went bankrupt shortly after. It's not trivial navigating manufacturing and real engineering processes.
What do you mean "getting into hardware again"? They have been making surface laptops for quite some time. This is like the 10th iteration? Maybe more?
It's more accurate to say, going all in on hardware again. Surface laptops were not the primary focus, just a throwaway product to grab a small percentage of entry level laptop consumers. This is positioned as a direct ARM MacBook competitor.
I haven't brought one myself, but know enough about the lineup over the years[1] to know this creates a distinction where there is none. They certainly weren't only entry-level. Been a perfect mirror of Steve Jobs-era Apple of having 2 choices, consumer and professional.
I do agree they're excited to announce an ARM laptop, but there's not a commensurate bigger "bet"/investment in hardware.
I'd argue there's less investment: Internal Dell documents has Snapdragon at $145, versus $276 for i7.[2]
[1] Purchased two as gifts.
[2] https://videocardz.com/newz/snapdragon-x-series-chips-cost-o...
just a throwaway product to grab a small percentage of entry level laptop consumers
Yeah I don't think this take is accurate, my employer (state-owned, largest utility in my country) issues Surface laptops to many employees so I think there is likely significant enterprise use of these.
I do agree that this refresh seems like a renewed effort to compete in the consumer space though.
10th, 11th, or 12th depending on how you count.
It's also the third one that is just called "surface pro", along with the firs generation and fifth generation devices.
Strange that Microsoft is getting into hardware again, you'd think they'd have learned their lesson by now
They've been making surface devices for a decade, I am not sure what you mean by "again".
As for performance, there is a reason the feature is limited to laptops with 16 gigs of RAM or more and a dedicated NPU of a certain speed. I dont think there will be performance issues when they are controlling the hardware spec that tightly.
It's not going to be on low powered ARM devices.
On the surface, this sounds like a cool feature
It really doesn't. Not a single person I've spoken to likes the idea of this, at all, and I'm not talking just tech people. Every last person I've spoken to of all ages and from all walks of life at best is like, "I can turn that off, right?"
I have been using Rewind.ai on macOS and this company got a crazy investment. Many people like the idea. Many just don't trust Microsoft.
unless this startup manages to get OS vendors to bundle it with their OS install and turn it on by default, it's not a good comparison.
I'm gonna go ahead and invoke the Juicero Rebuttal -- the standard rebuttal to the idea that large VC investments into an idea mean it's a good idea.
I don't trust Microsoft or anyone else with unfettered access to my screen. 1-800-FUK-THAT
I for one built something like this on Linux. It takes a screenshot every few seconds, when there is recent mouse or keyboard activity. Then applies OCR on the screen shots and indexes them. It was fun, but I don't want the overhead of maintaining it long term.
Your computer, your software, your data, your freedom. Now imagine a stranger doing this to you and it's not that different from a rootkit.
My wife's jaw literally dropped when she first heard from me about the kind of fuckery-duckery Microsoft is trying to pull here. She's been an Apple girl since forever, no fan of Microsoft, and not particularly tech-savvy, but she knew exactly the implications of Recall and immediately figured out that it was a whole new level of awful, even for Microsoft.
To me, it's a really difficult name to accept upon first read. I was wondering how bad Windows had to be that Microsoft had to issue a recall, and then wonder what a software recall would actually look like.
Seems like a trip to a thesaurus might have been useful: Microsoft Evoke, Microsoft Conjure, Microsoft Hearken, Microsoft Summon. At least none of those has an immediate negative potential
Microsoft Recall: We Can Remember It for You Wholesale
But is it Microsoft Recall Home Edition or Server Edition or Enterprise Edition?
- N
- Home Starter
- Home
- Home Premium
- Standard
- Business
- Professional
- Professional Plus
- Enterprise
Are there really that many versions out there these days? I've been away from the windows world for 10+ years at this point. I do use the system occassinally but certainly not daily.
well they called their x86 to ARM translation layer Prism, just like the covert NSA program they were revealed to be part of by Snowden. I guess they don’t really care about naming…
Perhaps when increasing efforts in implementing spyware directly into your OS it would be good to dilute the namespace as to not find relevant information.
Either that or someone's giving a not so subtle hint.
I do think the program is probably far out of the consciousness of most people at this point (outside of older technical people), and the younger generation probably wouldn't know or care.
The already existing push to force everyone to log onto their local computer with an online Microsoft account (instead of a traditional local account), along side telemetry users cannot completely turn off already showed the company moving in a privacy hostile direction.
This move seems a lot like using machine local AI to feed additional user interest data into everyone's online profiles for Microsoft's growing ad business.
I'm also willing to bet that enterprise would value an additional way to track employees.
I'm also willing to bet that enterprise would value an additional way to track employees.
This is it, but also to put the framework in place to train models to do employee grunt work.
I don't know how far US companies (and their NSA) have to go to make EU companies go "wait, they're doing industrial espionage on us".
Just the fact that companies outside the US use Outlook and OneDrive for everything is mind boggling to me, but this recall thing is industrial spyware to the extreme.
US (and the NSA) is our best friend. Thanks to US we have the freedom to choose our best friend. Our best friend gives us everything we need and helps us to make good decisions.
Even if our best friend looks at what we are doing, this is just to help us further.
/s
The beatings will continue until privacy concerns actually influence a large proportion of customers’ buying decisions.
The problem is that there are endless huge incentives to invade privacy: ads, selling data, product telemetry, even the push for internal metrics. Nothing counterbalances this. Most customers just don’t care.
I think it could also end up addressed by legislation. If not direct legislation as in the EU, then just opening some avenues to litigation.
YES - and they hide their "syncing" spyware in so many places that tracking down all the settings to shut it off is such a chore. Including:
- OneDrive
- Windows Device Linking
- Edge
- Bing
- Cortana
- Copilot
- Outlook / 365
You'll never track down all the included Windows services that default to sending data to their cloud.
Welcome to micromanaging hell.
Imagine working remote with this and IT pulls your recall logs. Better yet us "AI" to determine how productive you were yesterday.
I was so hyped for these laptops, but this is just stupid.
There are two sides to this: investigations and monitoring. For HR and security investigations, this rewind capability would be very useful, is legal, and at least partially already performed using forensics tools.
Monitoring is where you run into moral and, in some places, legal problems. This would probably be a good topic for new legislation.
is legal
In any case, an overwhelming amount of Very Bad Things are legal due to corporate laziness, commercial propaganda and anti-education campaigns. "It's legal" cannot be the basis of an argument in favor of legally protecting predatory behavior.
I honestly think that in some legislations with stronger worker protections it'd be legally at least dubious to use something like that for HR or security investigations (in a broad sense) without employee consent.
This immediately came to my mind as well.
This will be abused. It’s not an “if” but a “when”.
It's already happening but it's 3rd party apps (which are relatively cheap, a couple bucks a seat), so it won't be a huge change.
Better yet us "AI" to determine how productive you were yesterday.
You can bet that's exactly where this is going for the corporate world.
It's puzzling to me that third-party apps doing the same thing were shared on HN just months ago and highly upvoted (500 points, for a submission about an app‽), but now Microsoft does it and the frantic media backlash takes over. It's a textbook moral panic. Amplified by media cynicism about tech, and by Windows's awful brand perception.
I think the main concern over this is that it's baked into the OS. That's a significant difference from "Here's a 3rd party app you can install if you want this functionality." Especially from an OS vendor who (a) dominates the desktop market, and (b) absolutely loves to hide or obfuscate the ability to disable such features (which are often enabled by default).
It's part of the Setup screen, where it can be enabled or disabled. Apparently the checkbox is checked by default, but I think most users would find it useful and would find the "security concerns" trivial
Most people don't understand how technology can destroy their lives until they are faced with the consequences. It's all in the name of convenience. This is why we have regulations, so that people do not pray on unsuspecting and trustful people.
The people who understand what it does and how it works are a minority. People will accept Microsoft’s recommended settings, often without even reading it. Enabling it by default is beyond irresponsible. Especially on desktops that are very commonly shared between household members. And so many other reasons.
I think most users would find it useful
For what? Most users won’t even remember that it’s enabled. This already exists as a niche product for specific tasks, it’s by no means a universally useful thing. Especially not at 25GB of disk usage and god knows what CPU/GPU/RAM.
Was the 3rd party app installed unbeknownst to users and running without their consent (other than hidden in 50 screen fulls of EULA in small text)? That's the big difference. It was installed by someone who needed/wanted to use it.
This could make for a good action scene in a movie. A hacker has to get access to data secretly, so they constantly minimize what they're doing every 10 seconds to avoid the AI monitor.
In the end, just as they breathe a sigh of relief and stretch their arms, a popup gives them away.
Then the scene cuts to a security guard getting an email. Then the scene cuts back to the hackers booking it.
in Cryptonomicon, Randy evades constant remote monitoring of his laptop screen by doing this, but even more so.
An apropos username for an informative comment about a Stephenson book. You're playing the long game.
have been for years.
Related threads:
"AI PCs are the final nail in the coffin of open computing", 52 comments, https://news.ycombinator.com/item?id=40436975
"How the new Microsoft Recall feature fundamentally undermines Windows security", 48 comments, https://news.ycombinator.com/item?id=40433884
it's funny if you think that it started with open ai...
"On Copilot+ PCs powered by a Snapdragon® X Series processor, you will see the Recall taskbar icon after you first activate your device.
Another Windows ARM push... If Recall is only available on these devices I think it's doomed to failure.
AMD and Intel powered "Copilot+" PCs are coming in the near future, it is only ARM specific for a little while.
If this goes live, the secondary PC market is an immediate security vulnerability.
It always has been.
This is literally the same feature as Windows 10 Timeline (Activity History); they're even using the same UserActivity API [1]. If it works like that, it's an unencrypted sqlite database in your %APPDATA% and a subfolder with jpeg screenshots.
The only AI-ness on top that I see is some OCR and some image captioning.
That begs the question: why resurrect the Activity History feature (that was deprecated just 3 months ago[2]) and add almost nothing on top? The "glass half empty" folks among us would probably say to get ready for what comes next (new "functionality" they can light up with the data).
[1] https://learn.microsoft.com/en-us/windows/ai/apis/recall#use...
[2] https://support.microsoft.com/en-us/windows/-windows-activit...
Well I mean it's also presumably likely that Microsoft is under pressure from investors / marketers to shove AI into everything just as much as the rest of us are.
Imagine the treasure trove of information that law enforcement will have access to, for free! they won't even have to infer your activity from online access wiretaps - it will all be laid out right in front of them. And may whatever deity you believe in help you if you live or work under a repressive regime, because they will have evidence of your nefarious activities immediately to hand (not that they actually need actual evidence, but you know ...)
You can bet this will be turned on by default and hard to find the off button, which will likely reset back to on every major update.
It's time to split Microsoft
better option: close its trading in financial stock markets and force it a sale to individual owners.
I switched my desktop to Linux full time a couple years ago when I saw start menu ads on an insiders build. Noticing me watching a video on this "feature" actually convinced my SO to switch as well on her laptop and desktop. The two games she plays are supported, as is everything else she uses regularly.
There is a real need for a tool like this for some people, in particular for those challenged with a short working memory. Perhaps it can be better pitched as an accessibility tool. Not everyone needs it, and it should be turned off by default.
Let the enshittification of AI products begin (if it hasn't already).
i wonder about the reception if apple were the first ones to introduce this concept, and emphasize the "on-device" nature. they have done this for other things in the past and did not get much backlash.
to not disregard the obvious oversight made here, m$ can still make some slight changes based on existing stuff to make this more palatable.
for one, android has a mechanism to prevent screenshots inside certain apps. (https://developer.android.com/reference/android/app/admin/De...) there should be a windows api that allows apps to use that. this, if implemented in browsers for certain websites, alone will take away a lot of nervousness around this.
trust issues against m$ is warranted and it is up to them to earn it back. since windows 10, however, the trajectory has been on the other direction. despite this, it does not take a lot to continue their boiling frog attitude with this.
Dude, everything is a "privacy nightmare". I couldn't give less of a fuck. It's going to be great.
There is not a single thing that isn't (on HN) a "privacy nightmare". Tor is a privacy nightmare, Signal is a privacy nightmare, Linux is a privacy nightmare. Everything is a privacy nightmare. You guys keep having your nightmares. Tell your therapist.
I'm going to be fine. Prediction: you'll be seeing your therapist within the year and I'll be mentally healthy.
What is windows actually for?
Computers are a privacy nightmare, so is the internet. Glad we all agree. Given that baseline, this is hardly noteworthy.
Afraid of Microsoft getting your data? According to Internet lore, Microsoft already scoops up every bit of data on your computer every nanosecond.
Afraid of the "gubment" snooping on you? According to that same internet lore, the government is like a vampire and can only enter your PC if you invite them in. But we all know that's not true. If they wanted screenshots of your desktop they would have them.
It's more of a performance nightmare IMO. Everything will become even slower, even more laggy, the battery will drain faster, the laptop will get hotter.
Microsoft is fighting a losing battle. When the ai starts using software, how are they going to keep track of what it’s doing ?
Microsoft's chutzpa lays down the ultimate "Trust Me Bro" years past the peak of trust.
I urge executives to stop losing their minds with the FOMO need to insert "AI" into everything.
Hell, I might write my own pw manager at this point
This kind of software has to be open source.
I've been taking a crack at it with a few other folks. Encourage others to join and/or build something similar!
Mac OS only (Swift):
https://github.com/jasonjmcghee/rem
Cross Platform (Rust):
Reminds me of this Robin Williams movie https://www.imdb.com/title/tt0364343/
MS, Apple's best ad firm ever!
They don't seem to have considered domestic abuse situations where this makes everything visible to the abusive partner.
This looks more targeted to bossware than actual users. "Recall" as far as I can tell will be relevant when you combine across a dataset in your organisation and identify common patterns, outliers etc. or train the AI to "do what you are doing".
As if we needed yet another excuse to migrate to Linux and forget MS once for all...
Owning a computer these days is just ... a lot of work. Hey, software updates - who and what and is trying to exfiltrate my data today? Microsoft of course, but also maybe an open source freaking terminal emulator? I mean, they're probably trustworthy, right? So don't worry about the telemetry. Or the AI integration. Or the screen recording. Now, check the other 20 programs that wanted to update today. Don't worry, it's all described in their 30 page privacy policies! Is it opt-in? Opt-out? Are they telling the truth? Will they face any consequences when we find out they were lying about it? Of course not!
Technically, how would Windows know what's a password and what isn't?
Now I'm wondering if people have outrage over OBS and Zoom capturing passwords.
If it's using AI I'm sure they can train the model to identify the word "Password" in close proximity to a textbox.
OBS and Zoom are screen recorders, not utilizing AI. That's an oranges to apples comparison.
Since when was Zoom not using AI to create transcripts and all of other crap they've added to "stay relevant"?
Usually people don't type in passwords in a way that's visible Zoom calls. Most password fields obscure their content.
But they keep the sound on while typing it on their keyboards.
That requires a little more effort than an employee casually browsing training data and jotting down passwords on a notepad.
> Most password field obscure their content
iOS device unlock password field _magnifies_ content as visible plaintext.
It may just be an audio model then, not a visual model.
Usually the text will be stars or something you can also train on that or exclude them based on type of text box
Lotus Notes for the win:
https://blog.codinghorror.com/the-dramatic-password-reveal/Now that every app is an electron app, you can just look for type="password".
God, the future really is stupid, isn't it?
it's probably going to get worse. Now that we have normalized using 2GB of ram for a text chat app because it's a bit easier to code, I bet it's only a matter of time before they go one abstraction level higher and start emulating an entire OS.
emacs does the entire OS thing in 8MB
Eight megs and constantly swapping
I mean,, the snapdragon laptops are still emulations.
It’s not like Windows Forms didn’t have password inputs
Well, it could capture only content of programs that ask to be captured, while they do.
Web browsers could not ask to be captured when sensitive content is on screen (perhaps the web server could communicate that in headers). So could code editors and other production software that deals with trade secrets and confidential information. As well as any government and armed forces, medical, legal and similar software.
SharePoint supports sensitivity labels for documents. These labels are synced to the device through OneDrive if my memory serves right. I think that could be (if it’s not already) extended to non-SharePoint documents. If an application deals with these documents, it could also not ask to be captured at that time.
Capturing for Recall should be opt-in per program, so no legacy software leaks info.
Even with visual captures, look at what Discord, Zoom and even PlayStation live streaming and captures do - they simply block out the parts of the UI that could contain sensitive info.
But bigger cross-program Windows API feature adoptions have been achieved, like dynamic DPI scaling, DirectX, multitouch support, UWP and similar.
They could do it, if they wanted to. But I think right now it may all be a half-baked executive idea. It will evolve into something though… there is an opportunity to do it right.
Indeed, it already won't capture Edge's equivalent to Incognito Mode because the OS already knows what that signal is shaped like. But there isn't an equivalent, general "This window should be private" OS-level signal because none was ever needed before.
try the native screen recording feature on iOS if you have an iPhone or iPad. go log into some website or app. the recording will show the keyboard come up, keypress animations, and the characters being entered into the username/email field, but when you focus the password field all of that disappears. I was surprised when I first saw it, but it totally works
Could that be used to prevent iOS on-screen display of magnified plaintext characters, during passcode entry for device unlock?
Local AI and/or OCR?
Haha, wow, I hadn't realized they'd finally moved ahead with blocking screenshots on my own computer. Anyone know what level that's happening at and how hard it is to circumvent?
The article says that the DRM block is "reassuring on the surface, but it's still far too vague for anyone to actually have any faith in it." I disagree--it's not reassuring on any level whatsoever.
When you play a video, you're (usually) sending the encoded video to the GPU for hardware-accelerated decode. The resulting decoded frames then live purely on the GPU.
However, rather than each video frame being decoded into a distinct VRAM texture with its own manipulable GPU handle, with hardware-accelerated decode, you just tell the GPU to allocate a single buffer — a mutable canvas, or "draw context" — and then tell it that, as the chunks of your encoded video stream are being played, decoded, and rasterized into frames by the GPU, the GPU should be writing each successive frame it's generating into this buffer.
In this setup, the only thing you can get a GPU handle for (besides the encoded video stream) is that buffer. That buffer is special, being the target of the GPU's own asynchronous hardware-accelerated rendering process; so that buffer is referred to as a "hardware-accelerated draw context."
(These days GPUs have enough VRAM that you really could get away with dumping each frame out to its own immutable VRAM texture buffer; but back in the early '90s when hardware-accelerated video decode was first invented, reusing a single buffer [or maybe a pair of them] for decoding was a practical necessity. Hardware-accelerated draw contexts have been core to how GPUs work since there were GPUs.)
In general, the GPU doesn't allow you to read directly from the VRAM backing a hardware-accelerated draw context (because doing so could block the GPU from writing to it, and also because doing so wouldn't get you a coherent single frame's state out.) The GPU locks that VRAM up and considers it to be "its to use" for as long as the draw context is the target of a hardware-accelerated pipeline. So the GPU will ignore any attempt to use any existing handle you had to the VRAM backing the draw context; only the handle to the wrapping draw-context ADT will work, and that handle doesn't have "read from" as part of its command-set.
So how does such a draw context even end up on the screen, then?
When a desktop window compositor sets up the GPU to display your windows, it takes various draw-contexts — some of which may be hardware-accelerated — and lays them out in 3D space, with a (usually orthographic) projection. The GPU itself is then told to take care of the rest (the final toplevel "get this scene out and onto a screen" part) internally. There's never a point under normal GPU rendering, where your entire screen-contents are rendered out to a single (externally-addressable) VRAM texture.
What happens when you take a screenshot, then? Usually, the compositor is pinged to ask it to render that screenshot; and it does so by allocating a screen-sized VRAM buffer, and then taking each GPU handle in turn and telling the GPU to copy the VRAM underlying that buffer, into the target buffer. But oh no — HW-accel draw-contexts don't have exposed VRAM handles!
It used to be (until... Windows Vista, I think?) that hardware-accelerated draw contexts in general (like videos being played using hardware decoding, or like 3D games) just weren't ever captured in screenshots, DRM or no. This was purely a question of GPU performance: a GPU with an architecture that could snapshot a frame of an HW-accel context, wouldn't perform as well as a GPU with an architecture that couldn't.
When this ability was later added, it was done so by adding a feature to the GPU: a command was added on HW-accel draw contexts, that would prompt them to stop whatever rendering is happening into the buffer for a moment, at a coherent point; to snapshot that coherent state of the internal VRAM state, copying it over into a non-HW-accelerated buffer; and to then get the accelerated rendering going again. The compositor therefore now had the ability to ask the such draw-contexts for such snapshots, to then be re-copied out into a WIP screenshot.
But I emphasize "ask" here — you really are just asking the GPU to do it. The GPU can always just refuse! (OSes had to support GPUs refusing to do it, because many GPUs were old enough that they couldn't manage to do it, even given updated drivers that allowed software to ask the GPU the question; even given newer firmware pushed to the GPU by said drivers.)
So DRMed video was implemented simply by telling the GPU that there are some HW-accel draw-contexts that are special, and so the GPU should refuse any requests to snapshot them. (And also, telling the GPU that the encoded video itself is also special — so the GPU should taint any draw-contexts it decodes that video onto with the same specialness.)
I believe that DRMed video streams get decrypted on the CPU before being sent to the GPU. So while you can't capture a screenshot of the decoded frame, you could in theory capture the (encoded) video in RAM. Sadly, that RAM is protected by the OS and the decoding happens using Intel SGX or something. So it's impossible to "get in under" the OS to grab the encoded video, either. (Unless you compile a custom kernel... but that's why these extensions have an in-kernel component that doesn't ship with the Windows or macOS DDKs, and why Linux doesn't even get DRMed-video support except in proprietary spins.)
This is a really awesome write up, thank you!
Question, what stops you from modifying the GPU driver to make it so the command to set a draw-context to be DRM'd is a no-op? That way the gpu would happily let you snapshot the context, and the OS would be none the wiser. Or is gpu driver tampering something nvidia explicitly designs against?
EDIT: oh wait, i bet the driver is signed and the OS checks it and only allows DRM content to play if the driver is signed by nvidia. That would make sense.
Correct.
I think at least the last bit is incorrect: DRM protected video is still often decoded by a hardware decoder built into GPU.
I am also in doubt about the claim that there's never a single VRAM texture that contains the entire desktop, because while I see potential ways for GPU during sending frame to the monitor to assemble said frame on the fly, it sounds implausible vs just reading it from a premade buffer.
I misspoke, sorry — the last paragraph is meant to say that the CPU "decrypts", not "decodes", the video (inside the Intel SGX enclave.)
Some GPUs do work this way internally, but my phrasing was specific — even when such a VRAM texture buffer exists, it's not addressible outside the CPU itself. You can't get a handle to it. (And even if you could, it'd just be another HW-accel draw context — and so would be DRM-tainted if-and-when any buffer being copied onto it is considered tainted.)
But why wouldn't you want a GPU work this way? What's the advantage of not having some kind of "final screen buffer"?
It mostly comes down to a quirk of history. Movies are 24FPS, while computer CRTs were mostly designed for 60Hz refresh rates (with no support for 24Hz modes.) And when people see "hardware-accelerated video playback" as a feature on the box of a video card, one of the primary things that people expect that to mean, is that you should be able to play back your 24FPS movie on the 60Hz display. In windowed mode. With the desktop being refreshed behind the 24Hz movie. Smoothly.
If videos were mostly 30FPS, this would be easy, because 30Hz divides 60Hz; each video frame could just be copied to the 60Hz "final screen buffer" twice with the same content. But 24Hz doesn't cleanly divide 60Hz — you'd need each video frame to appear for 2.5 "final screen buffers." (And just doing that naively — that's called 2-2-3 rendering — is very stuttery.)
If you're doing this by trying to render out a "final screen buffer" VRAM texture in lockstep with your display frequency, all in advance of sending that texture down the pipe to the display, then for each frame, you need to complete that rendering pass with enough time left to communicate it to the display. But what happens when it takes a really long time to send the signal down the wire, leaving you only a little time each frame to actually render everything? In fact, what happens when the display is analogue — like a CRT — where the timing of sending the data down the wire is directly related to the timing of drawing?
Well, certainly, you can pipeline this final rendering — i.e. make everything show up one frame behind, so that you can work on each frame for an extra entire frame-time. But gamers won't like you messing with their draw-contexts that way. And gamers are the core audience for your product.
And also, that still doesn't let you render the video in windowed mode "smoothly." It just means that you have now have slightly less than one full frame-time, each frame, to do the concurrent work of decoding... 2.5 (or some even worse multiple) frames of video, and then doing something with them to squeeze it down to one frame.
And also, how should an active hw-accel video-decode draw context react to the OS changing the display resolution to one that uses a different frequency? Or worse — though not invented at the time — to a Variable Refresh Rate monitor, that can be arbitrarily sent frames using FreeSync?
What the GPU vendors decided to do to make this work, was to require one of two things — either:
1. that the algorithm of the video codec directly support decoding of a fractional frame position; or
2. that the creator of the draw-context pass it a VRAM buffer with enough space for not just one, but several (usually specifically three) full extracted frames. This buffer gets used as a ring buffer, with each new frame becoming a source texture; and these frames are then interpolated together (with some GPUs offering fancy motion-interpolations, and others just doing a linear interpolation) according to the fractional time-between-frames that the timing for the center of the dest draw context lands on.
In either case, the goal was to make the video-decode process something that could be demand-driven — where at any point the GPU could say "I'm at the point where I'm drawing the video; give me what the video should look like now" — and get a result that cleanly maps to the frame the video lands on.
The whole toplevel render pass of early GPUs was designed to operate this way, with final VRAM buffers being "copied" not back into VRAM, but directly into the ring-buffer of the display protocol encoder; and with any final hw-accel passes — like interpolations — generating their output directly into that same display-protocol-encoder ring-buffer. (Or, in the modern day, executing the final compute shader that outputs video tiles only one line-of-tiles at a time, on a vastly sub-frame frequency, as signals like "scanlines matching tiles T50..T80 coming up, get them rendered so they can be read from" are sent by the DPE.)
This decoupled and demand-driven final copy to the DPE, has some interesting properties; it means that you can actually have two or more display-protocol encoders, rendering the same screen, or different parts of the screen — without that implying the need for a lowest-common-multiple frequency. In fact, GPUs are not only happy with multiple displays plugged into them at once — they're happy with those displays even when they have no supported refresh rates in common!
(This is in contrast to the old 2D video cards, which did operate on a single global base frame-raster clock. This meant that 2D video cards were always either single-headed, or only supported a set of monitors all running at the same refresh rate. And if anything wanted to draw to the screen at a different rate, it had to be full-screen, with all the heads switching to that rate.)
but who's telling it? Is it a driver? And if so, can a driver be made that just doesn't do it?
Yes, but then Microsoft haven't signed the driver, and it won't have the correct hardware root of trust to decode the key, so it will fail and the service will fallback to a less secure mechanism which is why services will normally limit the resolution of the content delivered via those mechanisms to 720p or less.
If I thought it would be appropriate, there’d be a :hands-clapping: emoji here thanking you for that infodump (and the reply). That’s a great and useful explanation that’s easily modeled mentally. (“easily” lol)
A bonus tangent:
...although there used to be, back at the dawn of GPUs. The first "3D acceleration cards" didn't do any 2D drawing — and so PCs would actually have distinct 2D and 3D video cards!
The oldest 2D video cards for PCs, were just persistent framebuffers — their "VRAM" being just for what was on the screen. They relied on the OS to find anything that had been uncovered, and tell the app to repaint it.
But the last and greatest 2D video cards, from before 3D took over, were masters of copying memory around. Each frame, they'd be doing all of these huge accelerated rectangular blits of windows and their controls — some VRAM-to-VRAM, some from main memory using DMA — to bake down a VRAM buffer. They were hardware-accelerated 2D compositors, and they were great at it.
When early 3D cards came along, all that changed at first, was that your OS would tell your 2D card that there was a certain region it was to avoid drawing anything on. The 2D card would leave a black rectangle there.
The 2D card would render and rasterize its VRAM to VGA — and the 3D accelerator card would then be passed this same VGA signal, along a cable, as if it was a display. It would mostly just repeat everything it saw. But when the signal hit the timings for where those black rectangles should appear, then it would instead emit its rendering of the 3D content. (In other words: early 3D cards were https://en.wikipedia.org/wiki/Genlock cards!)
A "hardware-accelerated draw context", in this very early conception of the term, was precisely the geometry, defined by your OS, that your 2D card knew to not bother to draw; which was also the geometry that your 3D card knew was its to draw on.
2D and 3D video cards later merged, and at first you just got one card that did both of these things, as separate phases, with the bridging now internal. But the concept of an HW-accel context lived on.
But later on, actual "GPUs" emerged — in the form of 3D hardware that was now sorta-okay at doing VRAM-to-VRAM copies, and also provided legacy VGA BIOS emulation. So people ditched their 2D cards.
But this change actually kind of sucked, because it meant that all the per-frame 2D blitting (which, again, GPUs were just barely passable at) was now contending for GPU time with 3D stuff. And modern OSes had grown highly dependent on being able to do lots of 2D blitting each frame.
This was why "full-screen mode" was, for the longest time, the way to get the best 3D performance out of a GPU, even at the same display resolution. If you tell the GPU that you want to cover the entire screen with a 3D hardware-accelerated draw context... then it will realize that it'd be pointless to keep drawing the "2D world", and so it will stop spending its time each frame doing 2D VRAM copies to render the 2D-composited layer. It takes the whole OS window-drawing VRAM-copy command-queue out of the loop.
(And also — once there was OS support for this — switching to full-screen mode would also cause the GPU to flush out all the VRAM textures for rendered windows, fonts, icons, etc — giving a 3D app or game far more VRAM to work with. Coming out of full-screen mode would likewise ping the OS to reload all the system brushes and textures into VRAM; and then ping all the running apps to redraw themselves.)
There was a simpler technique. Open a second video player, then screenshot to your heart's content. Windows hardware acceleration for video had only one gpu thread or something like that, I don't remember the exact details.
Operating systems have been doing this for... 10-15 years?
10-15 years ago was windows 7
Windows has been doing this since Vista, 17 years ago https://en.wikipedia.org/wiki/Protected_Media_Path
A bit like Linux, god forbid you were to read the syslog file, but your browser profile files are fair game for any running script/process.
That’s why I actually welcomed the change in mac os that requires prompting to read certain directories like Documents
Historical unix permissions are not really aligned with desktop use of a single user
I wish it were possible to enable a stricter mode that uses something like filesystem overlays to help contain known-unruly software like Adobe Creative Suite. Under this mode, any attempted filesystem reads outside of ~/Library/Application Support/<appname> that aren’t explicitly approved by the user would simply return nothing, and eliminating all traces of the software would be as simple as deleting its respective FS layer/sparseimage/etc.
This is actually one of the features I like in Android. You can strictly limit where an app can access. They are tightening the screws with each release as well.
Only if the same limitations were applied for Google services...
I'm torn about this feature. The case you describe is helpful, but I mostly notice this feature when it's preventing me from snooping in application-specific folders of third party apps. I hate the feeling of knowing that a lot of data my phone is processing is completely invisible and inaccessible to me, the phone's purported owner.
Yes, any such feature should be bypassable by the owner. I hate that on phone they've decided that the owner doesn't have complete rights to their own system.
Problem is again that these screws also do apply to the user and smartphone OS are the worst role models I can think of.
Smartphone OS now are neither particularly secure, nor very useful considering the relative power of what the devices could do in theory.
Sure, there are ways around it, but to me the ecology of phone OS is disastrous enough, that I just don't bother with it aside for doing calls and using it as a mobile router. Even if it is a shitty router that could be so much better.
And no, I don't want an OS that gives me an advertiser ID and gaslights me that that is for my best. And no, I don't care that I can randomize it with a press, it is designed to ID you and at some point you will be too lazy to care about your quite shitty operating system.
This is what SELinux provides though, is the thing. What we've really messed up on with desktop is not getting this to a state where it's reasonably manageable.
This is kind of how sandboxed apps on the Mac work - they can only see files or directories that the user has manually opened in the app though one of the OS facilities (double-clicking a file, drag & drop, or the OS-provided file open dialog)
It would have been nice if you could just force non-sandboxed apps (basically anything from outside the Mac App Store) to be sandboxed.
Firejail
System log files have the potential to contain all kinds of sensitive data from all users of the system. Your own processes only have access to your own data.
You meant your hacker's processes ...
Isn't that just most desktop OSes with non-sandboxed processes?
Solution? : make your desktop background a screenshot from a NetFlix movie
That won't do anything. Desktop images are not protected by DRM, and it's (at least mostly) not visible anyway if you're using the computer.
I have a wide monitor. I could have a Netflix movie playing in a side browser window when I want privacy. It'll be fun to mess with it.
I expect it would just blank out the movie window in the screenshots, leaving the rest visible. The way to get privacy is to turn it off or use another OS.
The only way is to use another OS. There are way too many other privacy leaks, many of which can't be turned off at all.
recall could come in handy as long as it has a "start record" and "stop record" button with an indicator like a red light when it is recording
Sooner or later only people who wear shirts with big brand logos and constantly sing music from the Beatles will be the only ones not permanently recorded by the system. Hell, add a photo of a topless woman somewhere in the mix and bam, instant privacy.
I've always been kind of interested in that idea. I'm not sure what to call it - a sort of civil resistance by selective non-palatability. Preventing commercial AI from being trained on your art by making sure there's some throbbing hard cocks in there somewhere, for example, or releasing source code that is explicitly NOT open source licensed, for the benefit of people who don't care about the license, and to the detriment of entities that do.
Malicious compliance is the best compliance.
It makes one wonder who the real Windows customer is.
All proprietary systems have been protecting the system from the user for a good while now. It's what they mean when they say "the system is more secure". It's not for your security, it's for securing their interests and their partners interests.
That was my implication, yes.
I was expanding on your comment, I'm sorry if I sounded a bit harsh and dry :(
The Business unit. This stuff will be sold as WorkFromHomeWare.
Microsoft’s primary customers have been businesses and government for decades. This includes PC OEMs. You usually have little to no relationship with them.
A company grows toward its customers like a plant grows toward light.
DRM on password forms, the next big thing
Already a thing on iOS/Android - banking apps have been blocking screenshots for a long time
You can't block a screenshot on iOS, can you?
You can't block one being taken but you can make it so the content isn't captured by the screenshot, and make the screenshot detectable, both of which are kernel level services provided by the OS or indeed even the hardware.
It's a built-in "feature" of the renderer/DRM they get "for free"
I used to work adjacent to screen capture at BigCo and advocated for enabling _some_ way to allow simple $STREAMING_VIDEO_PROVIDER screenshots. Turned out even with full source access and desire to prototype, you couldn't.
Air quotes mean "I hate this too", just posting to explain why the feature team would find ex. passwords capital H-hard versus DRM'd content.
This even happens with the iPhone, try taking a screenshot of netflix
Sailing the high seas continues to have a better user experience than paying for content. I suspect most media DRM causes lots of annoyance for legitimate customers while barely impeding pirates.
This is true, I don't even really know what this fuss is about or even what this "DRM" thing is except it's something the .nfo file says has been removed
I don't think it's that insane.
Print screen already doesn't work with DRMed content, so why would this be any different. On the other hand, how can you guarantee that it won't capture passwords? Even the passwords you enter into Firefox in a web page after clicking the "show password" button?
Yeah but a screenshot is an explicit action by the user where they have the opportunity to curate what is captured. That is not the case when it's just going on in the background.
What about Window's built in "Capture last 5 minutes" screen recording, as a part of their gaming features? Or the same feature that's just enabled from the nvidia drivers?
Also an explicit action. Look, most people don’t know anything about computers. If it says use recommended settings, they will go for it. Even an explanatory first-install screen with “consent” is just jumbo jumbo to regular folks. It’s not comparable to installing custom software or enabling a feature from the settings. It’s incredibly irresponsible.
Even so, such invasive features need to renew consent and/or periodically alert users. The risks with someone else enabling them to spy are too high.
So you can have some privacy by playing DRMed content in the background?
I believe it operates on a site-by-site basis since there's settings to tell it to ignore screenshots of certain webpages (at least they're doing that). So one window is blacked out but the other is visible.
Just gotta remember to set up all the sites you want blocked which I expect to be made as complicated as possible and a little nag window on the bottom left every time I visit a blocked site, i.e., "Recall isn't able to take a snapshot of this webpage" with a big "FIX NOW" button.
its the sites that produce some javascript bloatwarae that tells the browser to display a blank page when a screenshot/screencapture software is used.
in my opionion that is giving the javascript ecosystem way too much power, though that is life with DRMs ... pretty sad times when folks pay providers and allow the providers to disable a screenshot lol
It'll just block out the DRMed content and not the rest of the screen.
Reminds me of those serious warnings at the beginning of movies, like pirating is the worst sin imaginable in the world. They'll find you!
Oh but crimes affecting the common folk? That's too hard, sorry.
You wouldn't recall a car
With the added irony, that the warnings are shown only to people who paid to see the movie
I remember when DVDs started asking your language... so they could threaten you in that language. What a (profit-driven) world...
The article gives the impression that passwords will only be captured if they are displayed. So there are only three scenarios where I can envision this happening: the end user opens a document that contains their passwords, the end user opens their password manager and chooses to display their passwords, or the user chooses to reveal the password field.
Case 1 is bad practice, plain and simple. (Though I will acknowledge that people do it.)
Case 2 and case 3 can probably be fixed, provided the software doesn't define custom controls, since there is already the option to protect DRM content. Microsoft should have provided this functionality and given developers time to adopt it (not doing so is a bad move on their part).
On the whole I think this is just trying to rush things to market, rather than the product of any form of malice.
That being said, I am glad that I don't use Windows outside of the work environment. Something also tells me that my employer is also likely to disable this feature. (They have more to loose from a data breach of confidential data than they have to gain from tracking employee computer usage.)
The problem with the last example (show password in manager) are sites and applications that don't let you copy/paste a password. I've literally fought against those kinds of requirements as weakening security, not strengthening it.
I never needed to use that option. Still, based on what I read in the documentation about Windows graphics programming, I believe that option is only applicable to video, and is prohibitively complicated to use for a password manager. Read that article https://learn.microsoft.com/en-us/windows/win32/medfound/pmp... you can’t even play DRM video from your own process, it requires a special OS component called Protected Media Path, and that process can’t run arbitrary code only components signed by Microsoft which means you can't generate DRM-ed video frames from something else with your own code.
Aside from the very questionable direction Windows is going, with features nobody ever asked for (nope, businesses did not do so either), I believe this is heavily illegal in my country without a very active and clear consent of the user.
I wouldn't want such a feature in a 1000 years and I cannot see the supposed "casual user" that would profit from this.
Are you from Germany?
I'm sure you agreed to give them a non-exclusive, world-wide, royalty-free, un-fuck-with-able license (or some such) to any data saved to your hard drive when you accepted the terms of use for Windows. /s
But now I'm curious if there's case law around the question of passwords being copyrighted. That might be a decent avenue of protection but the aforementioned agreement probably supersedes it.
From a quick search it doesn't look like they are, and there's no explicit law on who "owns" a password. Consensus right now is to operate under the assumption that the maker of the software is the owner of the password, not the user.
Trust me, bro.
Windows keeps adding these anti-consumer features, ads, and other things. And people keep using it??? I used to work there and I can't believe they keep doing this stuff.
Windows is a business and school launchpad. If universities started putting Linux on everything, you might see some change, but from what I can tell, these features are for business concerns which are increasingly invasive.
Nah your password shows as asterisks.
No, it doesn't -
"Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry."
https://support.microsoft.com/en-us/windows/privacy-and-cont...
to be fair there is a mechanism for preventing drm content to be captured down to hardware level. it is much more trickier to implement a way to recognize sensitive info on the screen visually.
but the incentives are of course not aligned in consumer's favour.
You will own nothing and you will be happy… or else