return to table of content

Recall: Stealing everything you've ever typed or viewed on your own Windows PC

oefrha
56 replies
1d18h

Everything a user has ever seen, ordered by application. Every bit of text the user has seen, with some minor exceptions (e.g. Microsoft Edge InPrivate mode is excluded, but Google Chrome isn’t).

Microsoft was the company that used to add bespoke code to Windows to maintain compatibility with old third party software, patch explorer.exe to stop third party customizations from crashing it, etc. While the whole Recall thing is a pretty bad idea for most users, the lack of care extended to the third party browser with overwhelming market share among their users is just sad. Are they counting on people switching to Edge because “PSA: you’ll be recorded if you watch pr0n in Chrome!”?

Workaccount2
18 replies
1d18h

Watching users flock to Apple's walled garden, to the point where it's a social issue to not have an iPhone, has left Microsoft (and many others) wondering why the fuck they have been so accommodating to user choices for all this time.

leereeves
17 replies
1d17h

Outside of high school, where literally everything is a reason to ostracize people who are different, where is it a social issue to not have an iPhone?

lwhalen
12 replies
1d17h

I've been married for ages (so I can't speak to this first-hand), but my single friends in their late-20s to mid-30s say that NOT having an iPhone gets them rejected fairly often.

ryandrake
3 replies
1d17h

Seems to me like an effortless way for them to automatically filter out terrible, shallow partners from their lives before investing anything into a relationship. What a time-saver!

lwhalen
1 replies
1d17h

You and I are in violent agreement on this, but... the younger generation seems more interested in 'smashing' these days than 'partner-seeking'. Can't say I was MUCH different, but I certainly wouldn't change the daily-driver tech I use just to peacock for a hot date.

acheong08
0 replies
1d7h

Perhaps that’s more prevalent in the US and wealthier districts? I haven’t seen any of that in the UK (everyone here seems to use WhatsApp, Instagram, and Snapchat which I similarly dislike)

snapplebobapple
0 replies
1d4h

I think you are missing the first half the modern male reproductive lifecycle. What you are saying increasingly applies to 30's onward (when males are looking for long term family relationships) but for the 20 somethings many are looking for these shallow, vacuous women because they often can be convinced into meaningless sex. It's a pretty sad state but it appears to be this way now.

ramenbytes
3 replies
1d15h

Is there any possible steelman for this, or is it as shallow as it sounds?

operator2140
1 replies
1d3h

maybe women don’t want their sms/mms/phone calls being leaked unencrypted over the antiquated, legacy telephony network?

EasyMark
0 replies
20h7m

Great point. I will use this as a greater point in my Android vs Apple arguments in the future.

Cyphase
0 replies
1d15h

Possible steelier arguments:

- "iPhone's are generally more expensive, Android phones are generally cheaper", so having an iPhone signals financial "goodness". Same argument can be applied to lots of other products.

- "iPhones are generally better, so if you have Android you're compromising for some reason", e.g. lack of money to buy one, "weird" political/social/other beliefs, etc.

- Messaging systems are like accents; some people might prefer dating someone who speaks their language in a more similar accent, and others might prefer dating people who use the messaging system they prefer.

Also, a lot depends on your definition of "shallow".

thejohnconway
0 replies
1d17h

Sounds like your friends are dodging bullets without having to do anything. I say this as an iPhone user.

jay-barronville
0 replies
23h36m

I’m in that age range and I’m married. A few years ago when I was still a single man, I experienced this firsthand at least a few times. My primary device wasn’t an iPhone and I had women tell me they “don’t like texting with green bubbles”…it was pretty bizarre, to say the least. In hindsight, I’m glad those women filtered themselves out, but it’s definitely really rough out there for our society’s young men.

hammyhavoc
0 replies
1d16h

I would argue that not having an iPhone is behaving as a filter for likely incompatible pairings if not possessing a particular brand of phone is an issue to any prospective partner.

EasyMark
0 replies
20h9m

It can definitely be an issue on the dating apps to be a male looking for gf material if you’re using android. I think it’s because of the shallow tech knowledge of other people as to why android is as good as apple, but the heart wants what the heart wants. For those saying such people are “shallow”, it’s just as shallow to assume the same, as one data point does not tell the whole story in my experience.

throwaway22032
2 replies
1d17h

It seems to be an American thing, something to do with iMessage.

Here in the UK I've literally never encountered it.

janice1999
0 replies
1d16h

On this side of the Atlantic, not having WhatsApp installed has been far more of an issue for me.

brookst
0 replies
1d16h

Never seen it in the US either. It’s always these third-hand stories.

talldatethrow
0 replies
12h24m

I've been a serial date since 2001. Moved to Android after an iPhone 3S mishap. So at least a decade on android.

I have heard at least 10 women JOKE about my android. I'd say atleast 2 gfs in those years eventually made some snide remark.

Will you get dumped for having an android? No. Is it a small -1 mark for most women? I would say so.

And no these aren't totally brainless women. It's been doctors, MBA grads, women in tech, a writer.. I honestly think more regular woman are more sane about it actually and wouldn't care as much as 'fancier' women.

ajross
13 replies
1d18h

It was surely just schedule pressure. There's no system-visible API for "incognito mode" (nor should there be, obviously, as it would defeat the purpose) so they just skipped it.

I dunno, and I say this as someone who works for a competitor and has no love for MS... a lot of the responses here seem really uncharitable. This isn't bad faith, it's just a rushed product with some poor planning. If Apple had rolled this same feature out with glitz and a giant slideshow about privacy and explained how everything was encrypted and never left the device, we'd all be crowing about how great it is even if it too was screenshotting incognito windows.

klabb3
6 replies
1d15h

a lot of the responses here seem really uncharitable. This isn't bad faith, it's just a rushed product with some poor planning.

But it’s not the product people are criticizing, at all. Similar tools have existed for a long time and have not raised eyebrows except when it’s been forced by an employer or a school. It’s that it’s the OS putting an always on and enabled-by-default spyware on devices that are frequently shared by family members, when their average users who barely know what a web browser is and will just accept recommended defaults. Speaking of which, the whole spiel about Edge/IE is precisely their aggressive defaults. It’s the same here.

If you’re a startup building custom tools you can talk about rushed products and assume good intent. This software is built by a software company with some of the worlds best software engineers all the way up to the top. I mean, people trust them with everything from business secrets to payment details to mission critical services. This is clearly not a “rushed product oopsie”, it’s blatant disregard for privacy, and to a lesser extent, security.

I’m avoiding windows like the plague, but since seeing my mom get bombarded with “recommended Microsoft defaults” over the last decade or so, I’m convinced MS is deliberately exploiting uninformed users as much as they can get away with, while leaving hidden options for power users to disable the ads and the crapware so they don’t leave. This total recall debacle is probably a similar attempt at using their unknowing user base to train their new AI models, or similar. If it was a genuinely useful product it would not be enabled by default.

ajross
5 replies
1d3h

It’s that it’s the OS putting an always on and enabled-by-default spyware on devices that are frequently shared

And I have to repeat: if Apple Computer had pushed the same product, but with a slide talking about how it was all locally encrypted and unextractable and tied to both the device and the user account, HN would be celebrating the attention to privacy even though macs too are "frequently shared". And the reasoning would be how strong the security engineering was around the process, because we love that stuff and we love macs.

MS doesn't get the same benefit of the doubt, and it leaks into the technical content of the argument, and that's wrong. And FWIW I'm mostly just handwaving the technical details. I mean, do we know for a fact that MS is *not* encrypting this with a TPM-managed key tied to the user account? I bet they are, honestly.

klabb3
2 replies
1d2h

if Apple Computer had pushed the same product, […], HN would be celebrating the attention to privacy

I don’t believe so, at least not if it’s enabled-by-default.

MS doesn't get the same benefit of the doubt

Apple doesn’t rely on benefit of the doubt because they are very clear about how the privacy of new products work (say Touch and Face ID), and Microsoft is not. I mean just look at this very thread, it’s super unclear how it works and interacts with other windows feature (some of which are premium) like fde/bitlocker and whether there’s telemetry/training. That obviously contributes to the “harsh” response. As it should.

kstrauser
0 replies
1d

I mean just look at this very thread, it’s super unclear how it works and interacts with other windows feature

I agree with you, but that’s not great evidence for your point. Bring up any random Apple feature and people will be quick to warn you about their misunderstandings of it. “Face ID means Apple has all our pictures now!” “Apple Keychain shares all your passwords with them!” Etc.

jacoblambda
0 replies
11h20m

bitlocker

Windows is actually pushing for bitlocker by default now. I believe new Windows 11 installs either are already or will soon start defaulting to enabling bitlocker across the board.

telemetry/training

It's really just timer triggered screenshots + OCR + an SLM (small language model) running on device on a TPU/NPU, GPU, or other ONNX compatible device.

I'm generally super uncharitable about Microsoft since a lot of their stuff is a nasty black box with unclear security assumptions however with Recall, it seems like people are really jumping to conclusions without really even looking into what all it is.

This is a largely "unsophisticated" product made by bolting a bunch of more or less preassembled components and the bulk of which is open source.

- Screenshot + OCR is almost certainly Microsoft Powertoys Text Extractor (https://github.com/microsoft/PowerToys)

- The DB is sqlite but the system is probably just kernel-memory which is a local .NET application: https://github.com/microsoft/kernel-memory

- The SLM is Phi-3 which is open and designed primarily to run locally https://azure.microsoft.com/en-us/blog/introducing-phi-3-red...

- The actual underlying tech stack is DirectML (https://github.com/microsoft/DirectML) and ONNX (https://github.com/microsoft/onnxruntime).

----

So the data is intended to be encrypted at rest along with the rest of the OS, it's all run locally (which isn't a handwaivy thing, the tech is all very much capable of running locally) and if you don't have hardware capable of running it, it shouldn't be enabled in the first place.

My confusion with all of this is why Recall didn't start out as a PowerToys feature. It sounds like the exact type of internal "look at this cool little toy I built" thing that generally makes it into PowerToys but I'm assuming some exec ran with the opportunity and said "this is awesome, let's ship it with the OS and make it a highliner feature for our AI push" which is how we got here.

sleepybrett
0 replies
23h34m

Spotlight already indexes all the text on your disk.

fbdab103
0 replies
1d

Absolutely not would I give Apple a free pass either. They can say all the nice things they want about protecting my privacy, but I do not trust any commercial entity will act in my best interest. Especially when they all have government requirements to hand over my data when a cop asks nicely.

We are speed running into a neuromancer dystopia where tech companies control every facet of our lives. Why would I be ok with them making it easier to monitor my every keystroke?

oefrha
2 replies
1d18h

I thought about it for a minute, and sure, given a chrome.exe HWND, I can't think of a way to tell if it's Incognito.[1] But companies work with important vendors on major features all the time. If they think it's important enough to exclude private windows in Edge, they surely could have worked with Google to figure out something.

nor should there be, obviously, as it would defeat the purpose

No it doesn't. Incognito mode is about leaving no trace on disk, that's all. Recall is the one defeating that purpose right now, if TFA is accurate.

[1] Not saying it's impossible. Only that I can't think of a straightforward solution in a pinch with my limited Windows experience and hacking skills.

wizzwizz4
1 replies
23h15m

In Firefox, check for "Private Browsing" in the titlebar. In Tor Browser… default to "it's private". In stock Chromium, look for the string "Incognito" near the Chrome hamburger icon (e.g. via IAccessible2).

It's not hard to support this functionality in the major browsers: it'd take me all of 15 minutes.

reverius42
0 replies
16h6m

What about localization? What if a release of the browser changes the string?

twinge
1 replies
1d18h

It seems contrary to their docs[0]:

Recall won’t save any content from your private browsing activity when you’re using Microsoft Edge, Firefox, Opera, Google Chrome, or other Chromium-based browsers.

Without a system-level incognito mode feature I could see apps allowing users to denote their windows as DRM content to avoid Recall.

0: https://support.microsoft.com/en-us/windows/privacy-and-cont...

oefrha
0 replies
1d17h

apps allowing users to denote their windows as DRM content to avoid Recall

That would prevent user-initiated screen captures as well. Not a good idea for browsers at least.

patrick451
0 replies
3h36m

a lot of the responses here seem really uncharitable.

It's Microsoft. There no reason to extend any charity whatsoever when talking about this company.

cortesoft
11 replies
1d18h

How would this system know chrome was running incognito?

btown
5 replies
1d18h

For one, OCR’ing the word Incognito from the screen?

oefrha
2 replies
1d18h

That only works if you have the "New Incognito Tab" page active. Not when you're actually browsing something.

chuckadams
1 replies
1d15h

There's also the profile button at the top right, just to the left of the hamburger menu, that says "Incognito" on it.

oefrha
0 replies
1d15h

Yeah I forgot about that.

gitgud
0 replies
1d7h

What if it’s fullscreen? What if the title bar of the window is off the screen?

A better solution would be to just pause the screen capture whenever incognito is open anywhere

Terr_
0 replies
1d18h

So I just add a new custom toolbar to the bottom of the screen titled "Incognito" so that the text is always there, and suddenly nothing's being recorded anymore? :P

On one level that's convenient, but on the other hand I'm not sure it's a very robust design.

kccqzy
3 replies
1d18h

Develop an API in Windows. Contribute to the Chromium codebase to use this API.

willcipriano
2 replies
1d18h

We already have "Launch as Administrator"

add "Launch in private mode"

reverius42
1 replies
16h4m

So now the user has to remember to not only open a private window or tab in their browser, but also open the whole browser in private mode?

willcipriano
0 replies
15h19m

If you want to be really consumer focused, the OS could keep the browser (and other apps) honest about some of it's privacy guarantees by not affording it any persistent storage between sessions.

jacoblambda
0 replies
11h15m

While they seem to be adding an API for it, if you wanted you could just add a "block screenshots" API.

This is already basically in place with DRM since the windows screenshot utility won't screencap most DRMed content on win apps like netflix or even on firefox nowadays.

What MS is adding on top of this is an API to check which tabs/web pages are visible and selectively black out web pages that are added to a given user level blacklist.

oefrha
1 replies
1d17h

That's what they say in marketing materials, but TFA claims to have dumped their database and was speaking from experience dissecting that. Hard to say which should be trusted.

wilsonnb3
0 replies
1d17h

TFA is using a preview release of Windows modified to run on hardware that isn’t officially supported, I would lean towards trusting the marketing material on what will be supported at release.

hammyhavoc
1 replies
1d16h

"Thankful" for surveillance?

rezonant
0 replies
1d13h

Thankful for not pushing Edge if you decide you want this feature. This feature is something the community has been independently creating for years.

Personally I don't think people should actually allow this type of feature. It's too much of a risk. But my point stands on its own, that at least they aren't creating an even more perverse incentive to use Edge, which they absolutely could have done, and seems the MO of the Microsoft today who would sacrifice all else to be able to say there's 1 or 2 more Edge or Bing users.

NewJazz
1 replies
1d17h

This is not something to be grateful for. They are normalizing spying by default.

rezonant
0 replies
1d13h

I didn't say we should be grateful about that.

I'm saying that thankfully they are not using the threat of your guarded personal data being exposed because you want this feature but don't want to use Edge.

friend_and_foe
1 replies
1d15h

if you don't use our browser we will spy on you

Good god how more obvious could it be?

Anyone still using this software is a lost cause.

jmkni
0 replies
1d5h

Most people just don’t care that much about tech (they have other shit going on) and will use whatever is put in front of them.

I think the tech community is responsible for keeping companies like MS in check and pushing back against literal spyware being normalised in operating systems.

gigel82
0 replies
22h12m

Presumably there's work needed from the app side for this integration, the OS component won't know what the app / user wants captured or not.

bitwize
0 replies
1d17h

Microsoft is still fighting the browser wars of the 90s. They're not going to give third-party browsers any quarter if they can avoid it.

danpalmer
42 replies
1d9h

The privacy concerns here are real and massive, and I suspect this will get worse before it gets better.

However. This is the holy grail of computer usage. A good version of this could be the killer app for modern AI. Because of that, ripple are going to keep trying to make this feature happen. There’s already a popular implementation on macOS. I’m excited for the end-state, but apprehensive about getting there.

beretguy
14 replies
1d8h

Microsoft will probably encrypt that db or something to try to convince people it’s safe.

cududa
11 replies
1d8h

Please explain to me why an OS level signed and encrypted database isn’t secure

soraminazuki
5 replies
1d7h

Why is a padlock with the key stuck right into it secure? The encrypted data and the decryption key is on the same physical device.

Sure, memory isolation techniques may serve as a deterrent with extreme care. But if Microsoft increases the attack surface by sloppily integrating that feature everywhere in Windows, the yet-to-be-implemented-if-at-all encryption is going to be ineffective. And that’s going to happen more likely than not.

plonk
4 replies
1d1h

Maybe the learning and inference can happen in a VM and the apps can only have access to a query API. (Take the equivalents if it's not all ML.)

soraminazuki
2 replies
22h58m

That's exactly the kind of thing I was referring to when I wrote "memory isolation techniques." Even if you gate access with an API, you can still retrieve data from it and that's the problem.

Also, it should be clear by now that government agencies are going to demand access to this data once this becomes widespread. VMs aren't going to protect against further assault on our civil liberties.

k8svet
1 replies
20h18m

How does that work? Can authorities compell Microsoft to surreptitiously have only my computer randomly unencrypt and submit stuff? If so, couldn't the authorities just tell MS to activate a tool like recall anyway?

soraminazuki
0 replies
10h35m

Authorities compel tech companies to hand over data and place backdoors. They typically abuse secrecy laws to avoid public backlash, but their public demands have gotten bolder since the Snowden disclosures.

https://www.reuters.com/technology/cybersecurity/governments...

https://www.techdirt.com/2016/02/16/no-judge-did-not-just-or...

https://www.bloomberg.com/news/features/2021-09-02/juniper-m...

https://www.theguardian.com/world/2013/jun/06/us-tech-giants...

https://www.reuters.com/article/idUSKCN1241YV/

http://www.techdirt.com/articles/20130614/02110223467/micros...

https://hn.algolia.com/?q=encryption%20ban

They even also do it without the companies' knowledge too.

https://archive.is/2023.10.31-203648/https://www.washingtonp...

https://www.eff.org/deeplinks/2015/11/its-no-secret-governme...

Have you been living under a rock this past decade?

plonk
0 replies
1d1h

Also, Windows Store apps seem to have an identity and limited permissions, so you can probably have some kind of smartphone OS-like isolation.

verdverm
0 replies
1d8h

When has windows ever been a safe or secure OS environment? Seems to me, many an exploit has been installed by the user while trying to get device drivers working

plonk
0 replies
1d8h

Researchers on Twitter are saying that it’s just a plaintext SQLite.

pjmlp
0 replies
1d8h

The same reason banks get occasionally robbed, despite all security cameras, delayed openings, biometrics, armed security, and everything else put in place.

When there is a will, there is eventually a way, for anyone with enough resources.

page_fault
0 replies
1d8h

Because it needs to be decrypted at some point?

bravetraveler
0 replies
1d7h

People made it, people will break it

Please explain to me how anything achieved infallible nature. Consider the natural vacuum is space.

plonk
1 replies
1d8h

Doesn’t Windows already have a data store that’s encrypted with a key that doesn’t exist in RAM unless you’re logged on? And some kind of isolation of sensitive processes in a VM?

Malware can probably read most of the user’s data in RAM, but if OS components keep getting more isolated from each other, maybe that can be secure enough.

rzzzt
0 replies
1d6h

The Data Protection API makes this quite easy from a programming standpoint (it also makes relocating keys to another machine hard, but in this case this should count as another upside): https://en.wikipedia.org/wiki/Data_Protection_API

safety1st
9 replies
1d8h

I think I'll stay on Linux and let Windows users be the guinea pig for this particular experiment.

michelsedgh
8 replies
1d8h

I wonder what kinda data they will get cause most people who code and do heavy stuff I think are on mac/Linux so I wonder how good the data they gather be you know? Mostly moms and dads using their computers wrong this is what I imagine my head is the data they gather, like maybe 50-60% of it lol and heavy users with good data are nowhere to be found

mikro2nd
5 replies
1d8h

"moms and dads using their computers wrong"

What the hell is the "wrong" way to use a computer? Emails, social media and doing your banking?

And why attack "moms and dads"? Speaking as a grandfather, I find it insulting, having used and programmed computers since the 1970s.

smeej
4 replies
1d8h

What the hell is the "wrong" way to use a computer?

Searching for your bank's website rather than bookmarking it, and entering your credentials into the phishing site that's the top result.

Installing Anydesk or something for the "nice gentleman who called me from Microsoft to tell me my warranty had expired and he needed gift cards to pay for it."

Those are the two most obvious ones I can think of. There's a multi-billion dollar "industry" separating especially older people from their money using computers.

Frankly if you've even been around computers for 50+ years and haven't encountered the many and varied ridiculous ways people can use them "wrong," I have to wonder whether you've ever had to deal with regular people using them in the real world at all.

frde_me
2 replies
1d

Eh, I'm a pretty advanced user by any mean, and I still search for my banks website a non-trivial amount of time. I have a bookmark, but it's honestly just as fast to do it that way

stubish
0 replies
8h45m

Is not wrong because it is slower. It is wrong because it is a security problem. A typo in your search or a phisher who managed to SEO their results above the genuine one, and you end up on a malicious site identical except for a hard to spot detail in the URL. You enter your username and password, and probably even helpfully do the 2FA dance for them to let them drain your account.

smeej
0 replies
8h22m

If you set a bookmark, typing the bank's name into the browser bar should pull the bookmark up first.

matthewmacleod
0 replies
1d7h

Searching for your bank's website rather than bookmarking it, and entering your credentials into the phishing site that's the top result.

This isn’t wrong so much as a damning indictment of the tech industry’s inability to fix core issues despite having more money that god herself

talldatethrow
0 replies
12h30m

Almost every millionaire and billionaire you've ever heard about is a parent.

Don't take so much joy out of the fact that youre currently the only member of your thousands of years old generic lineage that hasn't procreated.

DandyDev
0 replies
1d7h

A lot of those moms and dads are software engineers, data scientists etc.

kmlx
7 replies
1d7h

However. This is the holy grail of computer usage

i’ve seen this often and i’m trying to understand the issue. i have never wanted to go back in history or have a comprehensive history of all my actions. the only exception is the terminal and for that ctrl+r/history is more than enough. i learn, apply and move on.

what’s the use case for this recall thing?

mmebane
2 replies
1d

As someone with ADHD, being able to have an assistant with perfect memory that I can ask extremely vague questions to about things I'm pretty sure I did some time between last week and 5 years ago sounds amazing. I'm skeptical Recall will actually be able to do that. I doubt its usefulness outweighs the legal and social concerns. But I can absolutely see the use.

dgellow
0 replies
21h11m

Yes that’s exactly my situation and why I was looking forward to trying out for myself

ChickeNES
0 replies
22h47m

This is honestly exactly why I'm (cautiously) optimistic about Recall.

danpalmer
1 replies
1d6h

I often have 100 tabs open so that I can find things I was looking at again. I regularly browse my browser history to try to find things I saw previously. I often remember seeing something in a chat session somewhere, but can't remember which person/channel/room it was...

Being able to search everything I've seen on my screen would address all of these. I think it would fundamentally change how we interface with computers, if we could do it reliably. Silos between applications can start to break down when you have sufficient intelligence about what's on the screen too, and that's a huge opportunity.

kmlx
0 replies
1d5h

interesting. thanks for the reply. i also used to have lots of tabs open till i realised i need to organise better. since then i keep a few tabs open at max and regularly close all my tabs. i also tend to open a tab, read what i need to and then close it. no more clutter this way.

mrangle
0 replies
16h52m

what’s the use case for this recall thing?

Surveillance, very obviously.

It'd be reasonable to see this as a waymark on a roadmap.

Which is why it makes little sense to users. Why it is counterintuitive in that it will drive people away instead of draw them to the product. And why it is being rammed out into the market regardless.

What's the waymark after this?

avarun
0 replies
22h8m

You don't see how having perfect / idempotent memory of every single thing you've seen on your computer would be useful? Half my day on my computer revolves around trying to dig up info I've seen previously that I didn't save/categorize properly. Not even having to bother with the categorization bit in the first place would be an amazing productivity improvement.

Slyfox33
3 replies
1d8h

"Holy grail of computer usage". Really...?

Dalewyn
1 replies
1d8h

One of the most popular features ever used on every computer is the Undo button.

One of the most common questions every computer user has at any given moment is some variant of "What/Where was it?".

I agree it's a holy grail, but it's also a road paved with good intentions.

Slyfox33
0 replies
1d3h

Recall isn't an undo button. It's just screenshots lol.

falcor84
0 replies
23h37m

I'm somewhat with the parent on this. Getting this right will probably take a long time but can eventually bring us something like J.A.R.V.I.S, whereby an AI agent can reason about all activities you've performed on the computer in the past and give you advice or perform full tasks for you based on that. We can argue whether we want to give the AI that level of trust, but I'm very interested in the potential.

flohofwoe
0 replies
1d8h

I would prefer if they get a simple search-in-local-text-files right first. That doesn't even need "AI", just some plain old 1970s-style coding.

everdrive
0 replies
1d8h

Further infantilization of the user, further resource requirements, enormous privacy concerns, and proprietary technology. It all seems bad to me.

bravetraveler
0 replies
1d8h

Snake oil salesman says: "Snakes Are Scary!"

Computers are the holy Grail of computers. Stop playing with fire. The tool is already here.

anthk
0 replies
1d8h

No. The holy grail of computing would be taking an instant snapshot as you do with emulators/vm's from anywhere, allowing you to rollback anytime, restoring the CPU and memory settings in the spot. With incremental snapshots, 'branches' and so on, switching back and forth seamlessly as you would do with save states under an emulator.

And with 'no time', with a delay of less than 5-10 seconds on creating/restoring a snapshot.

On search, as they stated, Recoll did it fine over 20 years.

015a
0 replies
23h2m

I strongly feel that the "this is the holy grail of computer feature" take is tech-industry mindbubble. This line in the article hits very hard:

A lot of Windows users just want their PCs so they can play games, watch porn, and live their lives as human beings who make mistakes

The vast, VAST majority of Windows users don't care about a feature like this. You might say "if we'd ask people what they'd wanted they'd have said a faster horse", but we've seen this play out time and time again since ~2014 where the tech industry believes some thing is going to be Next Big Huge, it doesn't stick, and Microsoft Office continues to make fifty billion dollars a year because, it turns out, we kinda solved PCs in the 90s and 78% of what We The Tech Industry has invented since then has a market 5% the size the hype would lead you to believe. Metaverse, VR, AR, Crypto, Decentralized Finance, AI, Voice assistants, tablets (what's a computer?), quantum computing, IoT (all consumers love our toasters connected to the internet, this is undeniable and people pay extra for this /s).

Sometimes people just want a faster horse; which in this case means "filesystem search that actually works". The techbro response to that is "well, you can have both" but there's fucking actually zero evidence of this, period, neither Microsoft nor Apple have demonstrated the capability to get the basics of their operating systems right anymore, We Their Customers should have zero faith in their ability to even get this right, as articles like this demonstrate.

I used Microsoft Defender for Endpoint — which detected the off the shelve infostealer — but by the time the automated remediation kicked in (which took over ten minutes) my Recall data was already long gone.

This isn't a Microsoft problem; well, obviously it is, but its really an industry problem. Sorry for waxing abstractly here, but we've literally actually forgotten how to build software [1]. The smart & dedicated people have either left the industry or have been marginalized by MBAs, and the kids are rewriting the Windows Start menu in javascript [2].

[1] https://www.youtube.com/watch?v=ZSRHeXYDLko

[2] https://x.com/Zeko369/status/1791141890106290670

fabiensanglard
20 replies
1d8h

For a moment my perception of Microsoft was that it has become a cool company (github acquisition, Linux Sub-sytem). I was impressed by how Satya Nadella turned the company around (at least in terms of image).

Between Recall and the mandatory account login to install Windows 10 I am progressively reverting to how I felt about them.

temp3000
6 replies
1d7h

This is another nail in the coffin for me, as a life long Windows user. My next install is Linux single boot.

richliss
2 replies
1d6h

I've just installed and configured KDE Neon Plasma 6 and I'm really liking it a lot. Feels closer to Windows than my other Ubuntu and Xubuntu installs.

Just my 2p

Halfwhit
1 replies
23h30m

Found a fellow Brit

not_really
0 replies
21h17m

^ probably one of the top 5 unsubstantial things fellow countrymen say to eachother on HN

sleepybrett
1 replies
23h37m

the coffin is nothing but nails at this point.

theodric
0 replies
21h56m

good, it'll be more likely to sink when we all collectively chuck it in the lake

WhackyIdeas
0 replies
1d7h

I said on HN just a few days ago:

“The only good thing about Recall is that it has been the definitive decider of moving away from Microsoft permanently because for them to create such a ‘feature’ shows a complete lack of care about people’s private data - they’ll be leaving a huge jackpot prize for anyone who breaks into a system.”

And only 4 days later, it is shown.

lukan
4 replies
1d7h

Tracking and ads integrated by default into the OS, who cares. But they did something with open source, they must have become nice!

And the linux subsystem, well, for me a textbook example of:

https://en.m.wikipedia.org/wiki/Embrace,_extend,_and_extingu...

So sorry, they were never cool to me. I still use them, but if I must switch to win 11 soon, I might take that as an opportunity to finally cut loose my last dependencies with windows.

nix0n
1 replies
1d

I don't think it's a good example of EEE

Not yet, they're still on the "embrace" step.

temac
0 replies
1d

With WSL they are absolutely at the "extend" step.

strictnein
0 replies
23h37m

Tracking and ads integrated by default into the OS, who cares. But they did something with open source, they must have become nice!

Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.

https://news.ycombinator.com/newsguidelines.html

Xeamek
1 replies
1d7h

I think 'parts of' microsoft really did become cool.

In developers world, pushing open source, or in gaming - xbox game pass is just best value that there is.

But for every cool department, there also exists one that still behaves as a predatory corpo. And it seems to me like their main target are 'normie' users.

SoftTalker
0 replies
1d

Microsoft is ultimately a for-profit publicly-owned company, and are motivated to increase shareholder value. Being perceived as cool by the open-source community might play into that in some ways, but ultimately there isn't any revenue there.

WhyNotHugo
1 replies
1d8h

For a moment my perception of Microsoft was that it has become a cool company

I think that they've been trying very hard to give out that image without really changing who they are.

It's not the first time that they try hard to look like they've changed, and it won't be the last.

fifteen1506
0 replies
1d8h

Yes. Marketing. In the end, they are working for decision makers who can spend money.

Typical IT guy (not head) cannot spend money without 3 approvals from different departments.

kenjackson
0 replies
23h51m

Why is Recall something that would revert your opinion? It’s a feature that provides value to the customer first and foremost.

dreamcompiler
0 replies
20h3m

Microsoft desperately wants those sweet, sweet recurring revenue streams they can get from advertising and selling personal user data. Forcing login was step 1. Recall is step 2.

WWLink
0 replies
1d8h

lol they never really sold me on it. WSL1 with its nano processes is neat, but Teams is a disgusting mess and MS has been rather consistent with treating their users like cattle.

29athrowaway
0 replies
1d8h

GitHub became the data source for OpenAI Codex and GitHub Copilot not long after it was acquired.

The #1 merit of Nadella is pushing for increased accessibility.

autoexec
17 replies
1d18h

Eventually they can just re-enable it as part of an "important update". They can even stop you from being able to disable it entirely. If you're using Windows, it's not really your computer. At least you aren't the administrator of that device. Microsoft can access any file, install any software, change any setting, or remove any access at any time for any reason with no notice or indication to you that it happened. They can even shutdown your computer. Any device which works like that is not one that's under your control.

Every internet connected windows computer is insecure by design and cannot be trusted to protect your privacy or security.

wilsonnb3
13 replies
1d17h

Microsoft can access any file, install any software, change any setting, or remove any access at any time for any reason with no notice or indication to you that it happened. They can even just shutdown your device. Any device which works like that is not one under your control.

Having this power is inherent in making the OS. Whoever is the vendor of your particular Linux distribution has the same powers, it is just that you trust them not to use them (or, in a very small theoretical minority of cases, you’ve audited the code and binaries yourself).

So yes, you shouldn’t use an OS from a vendor you don’t trust, I agree completely.

I don’t understand why people are acting like this is earth shattering news though, this has always been the case since people started using software they didn’t write themselves.

autoexec
7 replies
1d17h

Having this power is inherent in making the OS.

No, it really isn't. For decades I owned computers with operating systems which didn't have that capability. Once installed and configured, the OS was consistent and (reasonably) stable. Someone would literally have to break into my house or office to modify my settings or install software against my wishes.

Even after I started connecting my devices to the internet the OS itself had no ability to do these things and couldn't gain that ability unless I explicitly chose to install updates that enabled that behavior. That's entirely different from the situation today where MS forces updates and restarts, installs unwanted software on our computers, and has files and folders that we (even using administrator accounts) don't have access to.

Linux too is very different. Linux is transparent about what it does, adds, or changes. You have the power to choose which updates to apply or not. You have the power to modify any part of your OS so that it does what you want. I can't speak to all distros out there, but I've never seen a linux system force a restart in the middle of the day, or reinstall applications users removed without notice. Can't say the same for Windows. Unlike Windows, linux typically respects its users and their wishes.

You really don't have to write your own software in order to have software that respects you and leaves you in control of your own devices. It's kind of crazy that you'd think there could be no other way.

wilsonnb3
6 replies
1d17h

I can't speak to all distros out there, but I've never seen a linux system force a restart in the middle of the day.

My point is that there isn’t a technical reason that prevents Linus distros, or any other OS, from restarting your computer whenever it feels like it.

By definition the OS has control of the hardware and software and thus whoever writes the OS inherits that control.

I completely agree that there are good reasons to not trust Microsoft and people who don’t should not be using Windows.

I just dislike the framing of this issue as a recent development rather than an inherent problem of running software you didn’t write.

smaudet
2 replies
1d17h

My point is that there isn’t a technical reason that prevents Linus distros, or any other OS, from restarting your computer whenever it feels like it.

Wrong, the point of the operating system is to manage local state, hardware, etc.

The point of viruses, malware, and spyware is to exfiltrate data and control from a set of systems. This is getting to the point where Windows itself is a worse virus than just downloading the random shady program from the internet, with all anti-virus turned off...

And the technical distinction? You can turn off everything in linux, you can make it so the computer cannot update itself. The Operating System is unable to change itself in this configuration, the only way around this is for you to choose to update it.

This cannot be done with Windows, not without resorting to technical tricks that look at lot like what malware and viruses have to do. This a is pretty, and important technical distinction:

Operating Systems don't have built-in backdoors that you cannot turn off by design.

Malware and botnets, have built-in backdoors that you cannot turn off by design.

wilsonnb3
1 replies
1d17h

Wrong, the point of the operating system is to manage local state, hardware, etc.

Yes, and to manage local state and hardware it needs to be able to control the hardware and other software.

You can build an OS that doesn’t take advantage of those capabilities but you can’t build an OS that doesn’t have them. Hence why the key is trusting your OS vendor.

And the technical distinction? You can turn off everything in linux, you can make it so the computer cannot update itself. The Operating System is unable to change itself in this configuration, the only way around this is for you to choose to update it.

Sure you can do all that but what you can’t do is make it so your Linux based OS can’t control your hardware and software. At the end of the day, the key is still trust, either in your vendor or in your own audit.

You have presented a great many reasons why Linux is more trustworthy than Windows to many people but you cannot get around the problem of having to trust someone.

smaudet
0 replies
1d12h

but you cannot get around the problem of having to trust someone.

You still don't get it...

At the end of the day, I don't have to trust anyone with an OS that I fully control, with hardware that I fully control, because I can verify every bit of hardware, every bit of software, even stop the kernel from doing things if I want to (yes its possible, technically).

Sure, I can place some temporary trust in some components, but it doesn't matter really, because I can always swap/disable/remove audit/reaudit any component. You can choose to trust, as much or as little as you want. I don't have to use the kernel at all if I don't want to, I could swap in another one and still be good to go (more or less).

This is different from the case here, where by default, not of my choosing, actively and persistently nearly every aspect of a Windows computer is obfuscated, un-auditable, actively and without consent doing things that are not operating system things but spyware, bloatware, crapware, or just straight up malware. You can wave your hands around as much as you like waffling about "trusting someone" but there is a big big difference between someone acting reasonably, and choosing to allow them into your home, and "trusting" someone with a knife to your back not to shiv you.

One is reasonable, a choice, and low risk, the other is clearly none of those things. You don't have to "trust" low risk situations, they are just low risk, no trust involved.

ryandrake
1 replies
1d17h

Right. There is no technical reason why the OS vendor couldn’t attack you in the past, but software industry norms have changed over the years. What has changed is trust.

Today, you have to consider commercial OS vendors (and third party application developers) to be remote attackers in your threat model. More and more, they write their software to serve themselves rather than their users, and to make computers do what they want them to do, not what the users want them to do. This was not the case decades ago, even if the technical ability was there all along.

autoexec
0 replies
1d14h

More and more, they write their software to serve themselves rather than their users

Well said! I really miss when our products served us but I can't think of a recent purchase of anything internet capable that wasn't designed to work for someone else (and against me no less). I don't see "never own an internet capable product again" as a viable option here, and I'm not sure what else we can do to protest this besides push for government intervention. In the meantime, I try to firewall off whatever I can.

autoexec
0 replies
1d17h

My point is that there isn’t a technical reason that prevents Linus distros, or any other OS, from restarting your computer whenever it feels like it.

Go install MS-DOS 6.22 on a computer. You can leave that system up and wait your whole life and you'll never see it suddenly restart your computer without asking. The technical reason why it can't is because there is no code in that OS designed to check for and accept an order from someone at Microsoft to restart your machine without asking. It doesn't exist. You could choose to find or write and then install new software that gives that OS the capability to do it, but that capability just isn't there otherwise.

There's no rule that an OS has to include code to violate the rights and will of the people who install it on their devices. That's a choice that MS made. Far too many people have accepted that behavior from them so they keep pushing and pushing with new and increasingly user-hostile code and behavior but none of that is inevitable or unavoidable. That is what's a very recent development. For a very very long time no operating system would have dared to violate their users that way. None of them did.

Yes, at a certain level you have to be able to place some level your trust in your OS. Especially one with internet access. MS has shown themselves to be entirely untrustworthy, but they could still change all of that. They could strip out every line of code that allows them to remotely access your system without your explicit permission. They could be 100% transparent about what their updates will do to your computer if they are installed and they could give you the ability to not install any update you didn't like and revert to any previous state. They could give you full access to every file and directory and process and give you the ability to control every aspect of their OS. They could vow to never modify a setting after you've changed it. They just choose not to do those things, because they don't care about you or your privacy or your wishes, or your rights. As long as people continue to use windows, Microsoft stands to make a lot of money by ignoring those things.

gryn
2 replies
1d17h

I don't think msft will give you the code for windows to review it if you ask nicely, unlike linux where it's already available.

if you're paranoid about the distribution of your pre-built distro you can compile everything by hand and some do that for fun.

so putting them on the same pedestal is weird mind gymnastics.

wilsonnb3
1 replies
1d17h

Yes, if you compile your own binaries, audit the source code, and for good measure audit your compiler and the system you are using to compile it, then there is a meaningful difference*.

Since 99% of users don’t actually do any of that, then in practice there isn’t actually a difference.

* I am aware that there are shades of grey between the scenario I describe and proprietary software - I am just being hyperbolic for rhetorical reasons.

autoexec
0 replies
1d17h

Since 99% of users don’t actually do any of that, then in practice there isn’t actually a difference.

I understand the hyperbole, but in practice we have strong evidence that MS is willing to intentionally use their OS against you, while we don't for your typical linux OS. That really means a lot.

When linux distros disrespect their users even a little (see for example https://www.pcworld.com/article/436097/ubuntus-unity-8-deskt...) users really don't put up with it and they can switch to another distro with very very little effort/change and even have the ability to modify the source and fork the OS. That helps to keep people a little more honest.

The backdoored compiler problem is a bit harder. We can write our own, but it's turtles all the way down. Increasingly we also have to put a lot of trust in our hardware. There are only a small number of companies making CPUs and wireless chips. I imagine they're under enormous pressure from governments to compromise the privacy and security of the people using that hardware and we have less trust in our own devices the more we have "trusted computing" forced on us.

throwaway22032
0 replies
1d17h

Trust is earned.

Your partner always has the capability to screw you over, cheat on you, embezzle from the shared account, whatever.

Linux is like a nerdy guy who stays at home, plays with Warhammer figures and cooks you dinner.

Windows is an OnlyFans model who goes on vacations for weeks at a time and ignores your calls.

Terr_
0 replies
1d15h

There's still a big difference between "a surreptitious hack is technically possible with future development and getting you to accept a bad patch" versus "the company is actively using sketchy powers and trying to make them constant and socially normalized."

In one case, someone discovering sketchy secret backdoor code causes a huge flap and damage to the company's brand and stock price etc.

In the other, some corporate drone bafflegabs about it enabling superior customer satisfaction synergies, while pointing to a tiny clause in an enormous contract of adhesion to claim everybody knowingly agreed to it.

pcdoodle
1 replies
1d17h

Yes. This is why they renamed "My Computer" to "This PC".

It's finally here. It's been fun, I love windows but this is the end IMO.

autoexec
0 replies
1d14h

I know how you feel. I was a fan of DOS, Win89SE, Windows 2000 Pro, and Windows 7 Pro (until 7's updates started including Win10's invasive telemetry). The good news is that alternatives are better than ever and the few windows applications I still use can run using wine (or worst case a VM)

rgrmrts
0 replies
1d17h

Yeah this is my problem with windows. I’ll delete or disable things that were added to my machine only to have windows update restart my computer and those things show up again. I’m using a legit copy of Windows 11 Pro and it’s absurd that I’ve had to delete or disable random shit like social media apps multiple times.

cantSpellSober
0 replies
1d16h

Windows victims (self included) are used to this. Setup takes an hour, configuring settings takes a week

thierrydamiba
15 replies
1d19h

Am I missing something or is this as big of a disaster as I think? This is terrible news right?

ocdtrekkie
14 replies
1d18h

Sort of but AI PCs are going to be more expensive than normal PCs so most users won't and will continue to not have a PC that does this. Pushing it out to existing machines would be a very different tier of problem.

calgoo
6 replies
1d18h

I wonder if MS will then just make it a online processing version, so it just ships all your data "for free!!!!" to MS servers and then processed remotely for you!

I also wonder how "knowledge transfer" will happen when you get a new machine in the future? What about backups, do they sit in the cloud already? These all sounds like ways that this "local" AI PC will share data with the MS cloud in one form or another. With Apple doing similar things already on iPhones (I know there are differences, but its still analyzing your data etc), I wonder if Linux might actually become a more mainstream OS in the future.

Could also be that people stop using computers as much and just use tablets with docking stations + keyboard & monitors (again, there is work to be done, but its a possibility from a HW level). That would leave us with MacOS & Windows for business desktops (with some Chromebook & Linux sprinkled in there). Education would probably be more Tablet & Chromebook style compute, and gaming is already moving to the cloud (I guess the positive here is that we might finally be able to get rid of AntiCheat software:) ).

aleph_minus_one
4 replies
1d18h

I wonder if MS will then just make it a online processing version, so it just ships all your data "for free!!!!" to MS servers and then processed remotely for you!

I also wonder how "knowledge transfer" will happen when you get a new machine in the future? What about backups, do they sit in the cloud already?

Honestly, I guess this will become very expensive for Microsoft, and they won't find a good business case what to do with the collected data. So Microsoft is wasting a huge load of money, and additionally their AI spyware causes a huge reputation damage for Microsoft: a lose-lose situation. :-(

walterbell
2 replies
1d17h

Other use cases for on-device NPU silicon have been demonstrated, e.g. radio sensing of room geometry and human motion, breathing, gestures.

aleph_minus_one
1 replies
1d17h

Thanks for the clarification of other kinds of spying that this enables.

Nevetheless I still have difficulties seeing how this is supposed to make money for Microsoft.

walterbell
0 replies
1d17h

> how this is supposed to make money

No idea about this specific feature, but billions are being spent to train models in the cloud (including Azure), with the expectation that some models will be used for on-device inference. It remains to be seen whether those investments will return dividends. In the meantime, cloud and GPU vendors are making money on model training.

gryn
0 replies
1d17h

they won't find a good business case what to do with the collected data.

ads.

they've been clear about windows becoming more ads oriented.

guess they are testing the water to try and get a competitive edge over google in a few years with this new data trove.

aodonnell2536
0 replies
1d18h

This seems likely to me.

Considering the global market share of Windows, there would be a need to roll out such a grandiose service slowly, too.

walterbell
4 replies
1d18h

> AI PCs are going to be more expensive than normal PCs

The Qualcomm Oryon SoC is about half the price of an Intel CPU.

ocdtrekkie
3 replies
1d15h

Currently an Inspiron 7440 (non-Copilot+) starts at $849 and an Inspiron 7441 (with Copilot+) starts at $1,099. That's a $250 premium to get an "AI PC".

walterbell
2 replies
1d15h

12-core Oryon dev kit with 32GB RAM is $899, https://www.windowscentral.com/software-apps/windows-11/qual...

It's a brand new device family. OEM price competition should improve as more devices ship in Aug/Sep.

Oryon should run Linux with good performance-per-watt. Hopefully the NPU can be disabled to save energy.

ocdtrekkie
1 replies
1d12h

The part where you are pointing out a dev kit and about how well it runs Linux is really just admitting you don't understand the conversation we are having here.

Most users buy a cheap HP from Costco for $300. Businesses will buy the same standard line OptiPlex they bought last year. Very, very few people will magically end up with Windows Recall who didn't intend to.

walterbell
0 replies
1d7h

> how well it runs Linux

i.e. PC hardware for AI inference will not be limited to Windows.

> Most users buy a cheap HP from Costco for $300. Businesses will buy the same standard line OptiPlex they bought last year.

Both Intel and AMD announced upcoming chips with NPUs. Mediatek and Nvidia will likely join the Arm AI PC competition in 2025. Apple's 2024 OS updates are focused on AI features, both on-device and cloud partnership with OpenAI. Intel's Computex tagline a few weeks ago was literally "AI Everywhere".

In a few years, silicon for on-device AI inference will likely be pervasive in retail PCs, including Costco, HP and Dell Optiplex. It has been shipping in Apple Silicon Macbooks and iPads since 2020, mostly unused by software until now.

dmurray
1 replies
1d18h

If it works like any other electronics product I've bought in the last ten years, the "AI" version will soon be cheaper thanks to subsidies from advertisers, while the "normal PC" will be twice as expensive and the domain of tinkerers and cranks.

__loam
0 replies
1d18h

I just want to buy a screen guys.

jasonjayr
13 replies
1d19h

There was a movie about this exact thing. Antitrust (2001) was about a Microsoft-like company monitoring everyone’s computer and stealing code.

23 years later and here we are.

aleph_minus_one
6 replies
1d18h

When I watched this film, I immediately thought during the finale of this film that the story of this film is so "wrong" because the public will barely care about the misdeeds of NURV (or rather: those who do care basically already "know").

From todays's perspective, considering for example the Snowden and Wikileaks revelations that caused exactly these barely-nil reactions in the public, I know that I was right regarding this feeling.

accrual
2 replies
1d18h

I wouldn't say they caused barely-nil reactions. Maybe to the general public and to a random bystander if asked, but they still had implications for the public's overall trust in the government. And for users in the affected spaces (tech, security, etc.) the reaction was stronger and longer lasting.

vasco
0 replies
1d15h

Nobody votes for net neutrality or internet rights or privacy focused groups. I agree that there were almost no reactions. June 6th people will vote for European elections, lets see how many seats the pirate party gets.

aleph_minus_one
0 replies
1d18h

but they still had implications for the public's overall trust in the government.

In my observation it really was as I described:

- those who already deeply distrusted the government continued to do so

- the others (the huge majority) simply did barely care or even attempted to justify the crimes

Concerning your point about tech and security sectors: those who form the inner core of the people working in these sectors basically already knew what was happening since at least the 90s.

zer00eyz
1 replies
1d18h

> considering for example the Snowden and Wikileaks revelations

Every time someone points at this and acts like it was a revlation I shake my head.

https://en.wikipedia.org/wiki/Room_641A

https://en.wikipedia.org/wiki/Joseph_Nacchio (Every one screams about conspiracy's but the only people who told the Bush II government no went to prison).

https://www.politico.com/blogs/politico-now/2008/02/senate-p...

They did it, out in public people wrote about it, everyone shrugged and went on with their lives. All Snowden did was give it a face, some (program) names, but any one with any sense stayed away already.

The American public has been warned twice, and did not care. It's gonna take something major leaking for them to do anything about it.

pseudalopex
0 replies
1d15h

Klein said he is relieved another person -- Snowden -- could corroborate his story, but with actual government documents.

"When he first came out, I was delighted. It was, first of all, vindication for what I was saying," Klein said. "He also revealed the programs they were doing were vastly bigger than I ever understood at the time."

https://www.nbcbayarea.com/news/local/bay-area-whistleblower...

makeitdouble
0 replies
1d18h

It depends on what you see as an appropriate reaction to wikileaks and Snowden. It was a structural problem, and no governing parties ever tried to stop it so voting it out for instance wasn't a solution.

Perhaps Trump's support could be a far reaction to it, with no clear direction but just a strong wish to screw it all. We see the same in other countries where people go to the extremes as discomfort rises with no actionable way.

ch4ch4
5 replies
1d18h

That was an enjoyable movie, aside for the fact that the writers thought fiber optic cables are used for hidden cameras.

gravescale
3 replies
1d17h

In 2001, image sensors and the electronics to drive them were far larger then they are today, an endoscope-style fibre optic isn't necessarily ridiculous if you only had a tiny hole to sneak through a thick obstruction.

Even today, a non-CIA-grade camera head is probably 2-3mm across and the optics on a fibre optic can be far narrower.

You can only have a pinhole spy cam if you have a void directly behind the pinhole.

kjkjadksj
2 replies
1d15h

Whats the spec on the CIA grade stuff then?

thebruce87m
0 replies
1d11h

They probably don’t even have to bother, just hack the targets phone, tv, iPad, laptop to get every bit of content they consume and conversation they have.

gravescale
0 replies
1d15h

Well, I assume they can do better than a £10 USB endoscope from AliExpress!

But even if you have some ultratiny thing hot out of a classified lab, fibre optics also keep the active electronics further away and harder to detect.

ok_dad
11 replies
1d19h

This is something you have to specifically enable right? Right?!

I’m sick of brain dead execs and product managers. What world do these people live in?

LegitShady
3 replies
1d19h

First it's opt in, then it's on by default, then it's mandatory and what do you have to hide anyways?

The default progression of this sort of "feature" and business practice.

abracadaniel
1 replies
1d18h

There’s also the classic phase where it’s technically opt-out, but it magically gets reset to default every time Windows updates.

hansvm
0 replies
1d18h

There's a phase in between where it's reset every time you leave the settings menu and can't see them resetting it (I forget which privacy policy it was anymore, but that was the straw that kicked me over to Linux for good).

frizlab
0 replies
1d18h

And in this particular instance it did not even start with opt-in. They went straight to on by default!

lstamour
1 replies
1d19h

It’s enabled by default on a select number of laptops they sell, and no one else has access to it yet. But they plan to roll it out further. I’d personally hoped for some kind of “Secure Enclave” such that only certain processes could be run, but this is about what I would expect of someone shipping a minimum viable product because AI is a hot buzzword. Weirdly, even AI could theoretically solve some of the privacy issues simply by looking for PII and removing them. Extra weirdly, this would have been more secure if they uploaded screenshots to the cloud, because access could be better monitored there and exfiltration limited.

ocdtrekkie
0 replies
1d18h

If anything, it's likely they imagine the PII being useful. Imagine being able to ask your computer for your bank account number instead of digging it out of a website or file. Obviously useful... but also obviously exploitable.

TheRoque
1 replies
1d18h

First it's gonna be an obvious setting, then it's gonna be a setting deep in the "features" of windows, then it's gonna be a register you have to edit, then it's gonna be an obscure powershell script you have to execute, and in the end, it will be a default feature that you have no control on :)

Zuiii
0 replies
1d14h

Don't forget them requiring an online Microsoft account to change the setting. Don't have internet or can't set up an account? Well, tough luck.

colechristensen
0 replies
1d19h

What world do these people live in?

Getting promoted by other execs based on the visibility of delivered features.

NekkoDroid
0 replies
1d18h

This is something you have to specifically enable right? Right?!

lol, lmao even. Some might even be so inclined to say rofl.

It is actually kind of depressing the state in which Windows is and is going. For me personally the only actual "advantage" Windows has over my homegrown Archlinux install is app/game support. And basically all of the ones that don't work, don't work by design because they don't want the user to own their hardware/software.

0x_rs
0 replies
1d18h

Regardless of the new Recall feature, the Windows Timeline already collects vast amounts of data and is enabled by default, and I've seen the database file grow even when disabled. A trove of information for any forensic analysis.

https://kacos2000.github.io/WindowsTimeline/WindowsTimeline....

zuminator
10 replies
1d18h

That was very well written and reasonable, neither minimizing the risks nor succumbing to hysteria.

The idea behind Recall, universal, machine-assisted search, is a good one but it's embarrassingly clear that in terms of implementation, this ain't it, chief. Microsoft should do what Google has done with Sky -- withdraw the product, take the hit, and hope that something can be salvaged from this debacle, both in terms of an improved product, and better company-wide testing and rollout practices.

lostmsu
5 replies
1d18h

This is poorly written and completely nonsensical.

Also a clickbait: nobody is stealing anything.

If you get malware or you have other admins on your computer, they can already record anything you do at their will.

The data is NOT uploaded to M$.

The whole fuss is stupid and I am impressed 90% comments here seem to think otherwise.

kccqzy
4 replies
1d15h

If you get malware, these malware will only begin to record things once they are installed. They do not automatically get years of computer use history. Until Recall.

It seems like you live in the same kind of detached echo chambers as the people at Microsoft who approved this feature. No wonder you find this nonsensical. I bet the product managers responsible for this also find this article nonsensical.

lostmsu
3 replies
1d13h

Right, the malware will only able to get all the documents you wrote during the years of using the computer, all the emails you ever got or sent, all your chat conversations, your bank account details, photos and videos you made, complete browsing history, access to your work account(s).

Of course it is critical that it does not also know what porn you watched in incognito, or what you had in snapchat messages.

Wait, scratch the snapchat. I don't think they have desktop client.

eviks
2 replies
1d4h

You ignore this basic computer operation called delete

lostmsu
1 replies
10h25m

Majority of people only ever delete bad shots from a set of N identical photos or random stuff by accident or because they run out of space.

eviks
0 replies
3h14m

Why do you think it makes sense to only care about the majority?

Also, majority is using voice/video calls which aren't stored anywhere

emmelaich
1 replies
1d18h

What's this Google Sky that was withdrawn?

zuminator
0 replies
23h8m

Sorry, my flub, I meant OpenAI's Sky of course!

shostack
0 replies
1d18h

I think the idea is a good one, I just have zero trust in Microsoft to have my interests in mind so it becomes a question of when, not if, it becomes abused, if not by them then some bad actor.

ambicapter
0 replies
1d17h

In practice, that audience’s needs are a very small (tiny, in fact) portion of Windows userbase — and frankly talking about screenshotting the things people in the real world, not executive world, is basically like punching customers in the face. The echo chamber effect inside Microsoft is real here, and oh boy… just oh boy. It’s a rare misfire, I think.

I think it’s an interesting entirely, really optional feature with a niche initial user base that would require incredibly careful communication, cybersecurity, engineering and implementation. Copilot+ Recall doesn’t have these. The work hasn’t been done properly to package it together, clearly.

Definitely needed some copy editing however.

jiripospisil
8 replies
1d8h

2017: People are willingly buying a spy device to put into their homes.

2024: People are willingly activating a key logger.

tetris11
3 replies
1d8h

2017: People are forced to swallow spy devices in order to continue to interact with their work/life communities

2024: People are forced to swallow keyloggers in order to continue to use their desktop PCs.

Most don't know what they're agreeing to, because most people don't have the time to be experts in tech despite it affecting every factor of their lives, much in the same way that tech people don't have the time to be be farming and agriculture experts in their free time despite it affecting every factor of their lives.

Dalewyn
2 replies
1d7h

Most don't know what they're agreeing to, because most people don't have the time to be experts in tech

I used to think this maybe 20 years ago, but I think it's about time we shift gears to the realization that the reality is people don't care about tech privacy and security.

We have to remember: The internet as most people know it (the World Wide Web) is 33 years old, personal computing is even older. The 30- and 40-years olds literally grew up with all this. The 10- and 20-years olds are living all this from the moment they were born. Even legislation like GDPR came into force. The result is still nobody cares.

Lack of awareness isn't a problem anymore. Everyone knows, nobody cares.

<Insert "Am I out of touch? No, it's the people who are wrong." The Simpsons meme here.>

skydhash
0 replies
12h43m

Lack of awareness isn't a problem anymore. Everyone knows, nobody cares.

I strongly doubt that based on what I've seen. People install random apps on their phone just because they wanted to crop a picture and frame it or trim a video and compress it is because they ultimately think that nothing will happen to them. Like you don't expect your fridge to blow just because you open the door.

Another issue is that people are trustful. They trust their government to have laws for that. And even if a few accidents happen, they shrug because for them, the system generally works. And they don't care, just like you don't care a business having security cameras while you're shopping. Because you trust they will be sensible with the recording.

Tech privacy and security is nebulous for people and we have hordes of companies marketing that it does not really matter and the government not doing anything. And most people don't feel the impact. Getting them to understand is hard. Because they think that when they click delete, it's gone. Or if they've not posted, only they have the only copy.

Beldin
0 replies
1d4h

That's a vast oversimplification. Try flipping it to anything outside your personal scope of skills and knowledge to see how wrong this position is.

Example: tap water quality (assuming you live where tap water is safe to drink). Do you know how it works? What steps are being taken? Could you fix that yourself for your house if things break down? And yet, you probably care.

Another example: car safety features. Could you add a crumple zone to an 80s car? A cage construction? Yet you probably care that any car you're in has those properly engineered and no part of your body will be crumpled in case of a collision.

TiredOfLife
1 replies
1d8h

2600 BCE: People are willingly writing their thoughts and experiences on papyrus

tetris11
0 replies
1d8h

2600 AD: People are willingly writing their thoughts and experiences on papyrus

WhyNotHugo
0 replies
1d8h

I question the usage of the word "willingly". People aren't really aware of the consequences of their actions.

The people of Troy didn't "willingly" bring in a huge wooden horse full of enemy soldiers. They "unknowingly" brought in a horse full of enemy soldiers.

Shank
0 replies
1d8h

I actually think that was 2023 with Rewind. At least with Rewind you’ve gotta download the app yourself and run it. The in-progress OOBE setup for Recall does not even have an opt-out. Instead, it offers to open the settings panel after you’re done with setup, rather than just giving you an off switch: https://x.com/tomwarren/status/1796681578984182066

999900000999
8 replies
1d17h

Recall needs to ship as a completely separate application. In fact Microsoft should also charge a nominal fee for it so no one accidentally installs it.

Still this is the worst spyware ever made. Have a telehealth appointment, lawyer conference, loan application, now Recall will store all that like it or not.

This made me decide to go with a non Snapdragon Laptop since I want nothing to do with this. Gonna dual boot with Fedora ( sorry Debain, but it looks like Stable is a bit behind what I need hardware support wise).

Microsoft is making a serious argument for going full Linux + maybe a PS5 for competitive gaming ( since anti cheat is Windows only by design).

aaronmdjones
4 replies
1d15h

sorry Debain, but it looks like Stable is a bit behind what I need hardware support wise

bookworm-backports has kernel 6.6, which is the very latest LTS series. Is this not new enough?

999900000999
3 replies
1d8h

I don't understand how to install backports.

I'm generally not a hardcore Linux person. Fedora seems to be more up to date out of the box.

tremon
2 replies
18h58m

https://backports.debian.org/Instructions/

  echo deb http://deb.debian.org/debian bookworm-backports main | sudo tee -a /etc/apt/sources.list.d/backports.list
  sudo apt-get update
  sudo apt-get install -t bookworm-backports linux-image-amd64
Season to taste, of course.

(and backports currently has kernel 6.7, not 6.6)

999900000999
1 replies
17h37m

This is why I love Hacker news, you actually provided a solution to the problem. I'm probably going to think a bit on this, how about just using Debain Testing?

tremon
0 replies
5h4m

Probably not the best option for people unfamiliar with the Debian ecosystem. Debian testing is mostly fine (I've run it on my desktop for more than ten years), but apt WILL occasionally choose the wrong solution in the midst of mass package migrations and it requires vigilance from the user not to accept package upgrades/removals that could render parts of the system unusable.

There's about a year left in the Trixie development cycle so some mass migrations might still happen. If you choose to run testing anyway, make sure that all entries in sources.list refer explicitly to trixie and not testing -- because once trixie is released, testing will automatically point to the next Debian release and you'll get all the joys of the package transitions and mass migrations for trixie+1.

As they say, the greatest thing about Debian testing is that when it breaks you get to keep all the pieces.

pkossum
2 replies
1d17h

Oddly enough I game on windows, and have been considering your last sentence, though I'm mostly waiting out Arm Linux for battery life considerationz.

999900000999
1 replies
1d17h

I also use Windows for music.

I really really don't want to switch to OSX here since a 4TB drive is literally a 1200$ upgrade for Macs. Compared to 200$ when you can upgrade it yourself.

Music production isn't great on Linux.

tim333
0 replies
1d5h

There are always external drives with macbooks. I guess neither system is perfect.

jstummbillig
7 replies
1d7h

I think, roughly, having good access to information is a super power (good being a mix of mostly: quick, simple, easy, accurate, free). My personal information is most valuable to me, so having access to that is specially powerful.

The only way to make that happen is to store that information somewhere. The best way to do anything, that I just want the benefits of, is automatically.

And now we are here. It feels monstrous but, to me, the above still stands. How to connect the dots to get to a place that feels good, I do not know. I would not be shocked if it turned out to be mostly about adjusting ourselves to it over time.

But I am almost 100% positive we will all* want this super power, in some much better and much more complete form, in our future lives. And not being able to have it will feel absolutely silly, from there on out forever.

temp3000
2 replies
1d7h

The tradeoff is security and privacy. Important things. If you click the eye icon next to a password, or paste a secret to an env var you are now exploitable. If you have something you want to keep private or shred this is another place to delete (or forget to do so). So there are plenty of anti-benefits to this superpower.

jstummbillig
1 replies
1d7h

I understand. Nobody* will care.

People already have traded privacy and a comprehensive personality profile for silly streams of video, photos and text on social media for the past 20 years. Imagine what happens, when you get something immensely useful out of it.

Today, nobody will work with you, if you are unable to manage E-Mail. In the future, nobody will work with you, if you can't properly use the time information dimension that this technology enables. You will simply look demented by comparison.

temp3000
0 replies
1d6h

If that is the case then like anything else let’s make it, well… good. And that includes making it safe, secure and privacy focused.

A good delineation is your work PC will be spied on (assume anyone in the org can see what you are doing, even before this tech).

Opting out of it on personal devices is fine. You wont look like an idiot or be refused work I am sure.

timeon
0 replies
1d7h

I prefer personal discipline and memory over this 'super power'.

poisonborz
0 replies
1d7h

That is the saddest truth I've read for some time

bravetraveler
0 replies
1d6h

How to connect the dots to get to a place that feels good, I do not know

With an eraser, entirely not interested.

I'm willing to make the bet on this FOMO that while people risk this, I'll still be just as employable by living like it's 1999

I provide the value, not what I did before

apantel
0 replies
23h50m

It’s only a superpower if you have full control over the data and no one else has access. If someone else has control and access, it’s THEIR superpower over you.

datahack
7 replies
1d18h

Let me be clear: I will literally burn any computer equipped with this technology I am forced to use and post the aftermath online.

This is societal cancer. Total information monitoring is the death of any semblance of human independence and should be violently resisted.

I have never been more disgusted by a management team. How clueless can you be? Combined with digital intelligence, this technology is profoundly dangerous to anyone who works with a computer or technology (which is almost everyone).

NegativeLatency
2 replies
1d18h

“Someone else will do it”

datahack
1 replies
1d18h

What happened to the punk in cyberpunk?

aleph_minus_one
0 replies
1d18h

What happened to the punk in cyberpunk?

It began to wane as soon as programming and in particular working in big tech became an opportunity to get rich.

wilsonnb3
1 replies
1d18h

Who do you anticipate forcing you to use a computer with this functionality?

Skunkleton
0 replies
1d16h

Work, school, or ignorance.

CoastalCoder
1 replies
1d18h

I think that kind of sabotage would only work if a very large number of persons joined you.

You might want to consider an alternative plan, as doing that to an employer's / government's computer could get you in a lot of trouble.

datahack
0 replies
1d18h

OBEY.

Grimeton
7 replies
1d

What a lot of people are missing in all this is that Microsoft is coming from one, dialing it up to eleven to then dial it back to 9.

By pushing this onto people in a hard way they open the door to come up with a mitigating solution that later is far beyond what we had before recall but not as bad as what they pushed onto people in the first place. So they will reach their goal, as it was never 11, it was always 9.

dancemethis
5 replies
18h23m

maybe not 9, to avoid breaking compatibility...

TheAmazingRace
3 replies
15h24m

I understood this reference.

lencastre
2 replies
10h32m

I didn’t… is because of Windows Nein?

bravetraveler
0 replies
8h44m

Hand wavy fears about the 9th version poorly string matching with 95 or 98 I guess

Liquix
0 replies
8h41m

back in the day there was a healthy blend of win95, 98, ME, XP, and vista in the wild. it was common for devs to check for older versions with something like `if str(os.version)[0] == 9`. according to legend enough (internal?) software kept breaking that the solution became "don't put a 9 in the version number".

iirc they officially stated it was because of how much people disliked win8.

Grimeton
0 replies
6h31m

Gnihihihihihihi

ThePowerOfFuet
0 replies
9h19m

Deliberate manipulation of the Overton window is, unfortunately, nothing new.

labrador
6 replies
22h16m

When Steve Jobs said Microsoft had "no taste" to Bill Gates during an interview, I think one aspect of that is that Jobs had high EQ as well as high IQ. Jobs understood how people felt about products. Microsoft doesn't. When I worked at Microsoft I don't remember any conversations about how people would feel about a feature. That was awhile ago, but it looks like nothing has changed.

paulryanrogers
4 replies
18h54m

I think one aspect of that is that Jobs had high EQ as well as high IQ.

Doubt. Jobs was a deadbeat dad for many years, refused to acknowledge his daughter or even admit that he named a computer after her, treated employees and cofounders like crap, etc. I think Jobs had a very low EQ, perhaps even a sociopath. He was just lucky, shrewd, and ruthless. Accounts of his last days indicate that even he regretted his behavior.

labrador
2 replies
17h31m

I was speaking to what Steve Jobs had that made him successful, not to his messy behvior and personal life. A lot of great artists were borderline or full on terrible people. We still appreciate their art.

paulryanrogers
1 replies
15h16m

Even professionally he doesn't seem "high EQ" to me. Often taking undeserved credit and shoving coworkers under buses when it was unnecessary, just for his own greed and ego. He may have even been emotionally manipulative.

A lot of great artists were borderline or full on terrible people. We still appreciate their art.

Speak for yourself. Whenever I learn that an artist is a monster, I think appreciate their work much less. Thankfully much of Apple's success is due to the work of hundreds and thousands of others, not solely this "great man" whose worshipped among the faithful.

labrador
0 replies
14h37m

Steve Jobs led teams to innovate in several industries, such as computing, music distribution, film making, mobile computing etc... I don't worship him or Elon Musk but I recognize their talents. To do less would be to deprive myself of learning from their good qualities. I would like to emulate those. Of course I would trust myself to implement them in a better way that doesn't hurt other people.

talldatethrow
0 replies
12h35m

What do you think made a wealthy person be a 'deadbeat dad' and not want to acknowledge the child?

Wondering you can imagine a scenario you'd be ok with.

I for one know of a guy that was told by his gf she was on birth control. Turns out she purposely wasn't so that that she could have a baby with him. This isn't someone's guess. This was told to my sister by her best friend.

loa_in_
0 replies
19h42m

I think it's beyond the point when M$ makes "IQ choices" that are invasive. It's not a feeling, it's borderline rights violation, if not explicitly waived by EULA.

mikehearn
5 replies
1d18h

I'm trying to square the claims in this article with what Microsoft says.

Article: "This database file has a record of everything you’ve ever viewed on your PC in plain text"

Microsoft: "Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11."

https://support.microsoft.com/en-us/windows/privacy-and-cont...

The article is a little bit hand-wavy about how exactly the database comes to be decrypted and remotely exfiltrated. The headline says it takes "two lines of code" but unless I'm missing it, I don't see those lines discussed in the article.

walterbell
0 replies
1d18h

From the article:

  Q. Have you exfiltrated your own Recall database?
  A. Yes. I have automated exfiltration, and made a website where you can upload a database and instantly search it.

  I am deliberately holding back technical details until Microsoft ship the feature as I want to give them time to do something. I actually have a whole bunch of things to show and think the wider cyber community will have so much fun with this when generally available.. but I also think that’s really sad, as real world harm will ensue.

teraflop
0 replies
1d18h

BitLocker encrypts the hard drive contents at rest, but while the system is booted, the drive is transparently decrypted. So what Microsoft says is technically true, but doesn't necessarily present any kind of barrier to the database being exfiltrated by malware. It only protects against somebody stealing your hard drive.

rezonant
0 replies
1d18h

Well bitlocker (ie device encryption) is only protecting you from offline attacks, ie when someone pulls your hard drive to examine it. Code running on the machine itself wouldn't be affected by it.

jmprspret
0 replies
1d17h

1. It is encrypted at rest, once you login its decrypted with the rest of the stuff running+on your drive. All this stops is someone with physical access and that's it.

2. The article says that they are not releasing PoC (my words not theirs) because this feature isn't out, and they want to give M$ a chance to fix it:

I am deliberately holding back technical details until Microsoft ship the feature as I want to give them time to do something.
MiguelHudnandez
0 replies
1d18h

The database is not encrypted while the system is running. Microsoft's claim that it's encrypted is due to the machine being encrypted at rest with Bitlocker.

The databases are plain-text sqlite files within the current user's %appdata% folder.

So, literally anything that can grab those files and put them somewhere else can qualify as exfiltration. Any backup product worth its salt would be covering these databases.

ternus
4 replies
1d18h

I'm confused. According to the article, several days working results in a 90kb compressed DB. If that's the case, it can't be capturing all the text you see, including web pages - perhaps "working" here doesn't involve general web browsing? What am I missing?

gigel82
1 replies
1d18h

Text compresses very well. Also, it wouldn't be capturing the entire web page, just the text you actually see on screen.

Obviously that 90kb doesn't include the separate folder with all the jpegs.

xcv123
0 replies
1d17h

The full screen OCR will capture the jpeg file names

wombat-man
0 replies
1d18h

Yeah I'm also wondering what kind of perf drag it would be. I'd probably just turn it off. Like when would I ever want this?

tsujamin
0 replies
1d18h

Presumably the snapshots it takes and summarises are periodic, but at what interval I'm not sure. Alternatively (and this is a technical possibility) it could be hooked into WebViews and HWNDs to get notified when it's worth taking a screenshot.

Given that you can exempt particular website (in addition to private browsing modes in "supported browsers" already being exempted [1]), that implies some integration between a browsing context and Recall.

[1] https://support.microsoft.com/en-us/windows/retrace-your-ste...

steelframe
4 replies
19h48m

I used to work on Windows at Microsoft, prior to Windows 10. I've always kept some Windows machines around because I felt that Windows was actually not that bad of an operating system, having personally reviewed a good amount of its source code and seen what the engineering culture was back at the time I was there.

I gave ChromeOS a try for some machines I might otherwise have run Windows on, but I kept the Windows machines around for gaming and for the occasional oddball proprietary software package that some family member just had to have. About the time Google dropped its unofficial motto "Don't Be Evil" I started moving away from ChromeOS and back to trusty old Debian.

I've recently purchased a Framework 16 with an AMD Radeon RX 7700S GPU and installed Arch Linux and Steam on it. All the games I care about playing at the moment, including Elden Ring and Baldur's Gate 3, run phenomenally well on it. It's 100% stable driving a 2560x1600 display at 60+fps with high graphics settings. I can plug in a PS5 controller and it "just works."

With that I now feel truly free of anything Microsoft, in the sense that I don't feel like I'm making any compromises at all with how I want to use my computers by using Linux rather than Windows. I'm going to be installing Arch or Debian Linux on my remaining Windows boxen over the summer.

So this is my final adieu, my old friend Microsoft. How far our paths have diverged since we first parted ways. Hit me up again when you've extricated your OS from your cloud and stopped showing ads and integrating privacy-hostile features. I won't be holding my breath though.

WWLink
3 replies
17h7m

I used to work on Windows at Microsoft, prior to Windows 10. I've always kept some Windows machines around because I felt that Windows was actually not that bad of an operating system, having personally reviewed a good amount of its source code and seen what the engineering culture was back at the time I was there.

I'm curious how the culture was though. I always get the vibe that Microsoft has never been "end user oriented" if that makes sense. They always seemed to be making a product for other businesses. To this day, Windows, Office, and especially stuff like MS Teams feel like they were designed from the ground up for a heavily managed business environment with heavy surveillance and tight controls.

Stuff like Telemetry and requiring MS accounts for logging into Windows 10+ seem more of a nod to employers. It's really amazing how much MS has been able to convince users to give controls of their own devices to MS/employers/others. Stuff like using Outlook on a personal phone giving the employer the ability to wipe the employee's phone.

Like I don't think they have ever, in their years, seen end users of their products as "customers". I think they see businesses, sometimes independent developers, and advertising firms as their real customers.

skydhash
1 replies
13h12m

I'm curious how the culture was though. I always get the vibe that Microsoft has never been "end user oriented" if that makes sense. They always seemed to be making a product for other businesses.

I started on Windows XP and left on Windows 10 (skipping Vista and Win 8.0, and part of 8.1). Windows was always a tool to get things done. Buy a software license and you can be pretty sure you can run things indefinitely on it. Everything (almost?) was accessible by clicking, so ultimately discoverable. No need to learn arcane commands, just follow and imitate. And you mostly have to do the training once. Linux was an expert tool and macOS (I used it since Mojave) always felt like it's for people who compute, but mostly as a secondary activity (shiny and pleasant, but always lacking the remaining bit).

I've never thought of myself of being a Microsoft customer, just like you don't think of being a Dell customer or HP customer when using their monitors or printers. You need to get something done and Windows was the bedrock for that. Especially if you were hiring people to do it.

But now it's like seeing your workbench animating and contorting itself in new shapes every time you come close. Insulting your intelligence all the while.

utensil4778
0 replies
1h43m

Clippy: I see you keep your #2 Phillips screwdriver in a dedicated slot on your workbench. We've replaced that slot with an ad and moved your screwdriver into a box in a drawer in a closet in the shed. Aren't we so helpful?

pipes
0 replies
46m

Since getting a steam deck and discovering for myself how well proton works, I think I'll be parting ways with windows on my next round of upgrades of computers at home. In fact I'm thinking of getting rid of my windows workstation tower and just using a docked steamdeck deck instead. The privacy and advertising nonsense is just ridiculous. I'm primarily work as a c# dev, but now that dotnet is properly supported on Linux the only reason for not leaving windows is full fat visual studio. I find vscode to be a bit shit in comparison.

thrownawaysz
3 replies
1d8h

because malware can now target a single file with huge amounts of valuable information

By that logic password managers are also no-no.

usrbinbash
0 replies
1d7h

Excuse me, when did password managers collect information about everything their users do on a massive scale?

isomorphic-
0 replies
1d7h

At least the password manager I use has solid encryption. I can control where the file lives and what file permissions it has. For instance, I can keep it on a USB stick that I only insert when I need a password and then remove the stick afterwards.

I do not remotely whatsoever trust Microsoft or Windows to keep their Recall database secure and offline. Attackers will know exactly where the file is, unlike with my password manager. There's no shortage of Windows privilege escalation exploits to gain TrustedInstaller status to read any file on the system.

exe34
0 replies
1d8h

do you think there's a difference of scale here?

technion
3 replies
1d18h

My hot take on this has been that although the tech community universally hates this - the sales and management types that drive these decisions will love it, and recall will go down as a resounding success for Microsoft. You're also going to find disabling it reduces your 'azure score' which is absolutely used by such types as a measure of their sysadmins skills.

Take8435
1 replies
1d18h

WTF are you on about? Lol

technion
0 replies
1d13h

I am "on about" the fact that HN is frequently a bubble that doesn't reflect business. As an example, there has been many threads full of assertions that no good manager would ever deploy "bossware", and yet companies selling these products are reporting sales going through the roof.

not2b
0 replies
1d18h

The management types who think they love this, because they can monitor their employees more effectively, will change their minds in a hurry when a competitor sues them, discovery starts, and the competitors' lawyers get to go through everything that Recall saves.

userbinator
2 replies
1d18h

Meanwhile, features like "secure" boot will stop you from patching this spyware out when it inevitably becomes impossible to disable completely via ordinary means, and even if you manage to find an exploit to "jailbreak" through, remote attestation will ostracise your machine from all the services that will eventually use the "telemetry" gathered to grant or deny you access based on how "human" you are.

20after4
1 replies
1d17h

To anyone who thinks this sounds far fetched, check back in a couple of years. I can only think of one alternative future, in which things are not headed in this generally Orwellian direction, and the alternative may be even worse (complete or nearly-complete social collapse)

temp3000
0 replies
1d7h

In a system where everyone breaks the law (because there are so many) and everyone is spied on (so you can prove anyone did some sort of “ crime”) you can now coerce anyone you like if you get to make the decision of who to charge (like governments do) which is useful for silencing descent or opposition.

jmkni
2 replies
1d8h

The domestic abuse point is a chilling one

An abuser being able to access their partners/kids computers and go and see every thing they have done is terrifying

Can we just not do this at all?

fragmede
0 replies
1d7h

nannyware has existed for decades before this, just like tracking devices existed before Apple air tags.

WhackyIdeas
0 replies
1d7h

Yes, my ex would have loved to have used this to see everything I was doing on a computer… then dox all my private data to Facebook for a laugh.

gigel82
2 replies
1d18h

As far as I can see based on the data already posted online, this is literally the Windows 10 Timeline feature, it even (re)uses the same API from that feature (that was deprecated just 3 months ago) and apparently shares the implementation as well (that feature also used a sqlite DB in your AppData and a subfolder with jpegs).

They just put a little AI lipstick on that old pig in the form of OCR and some image classification.

The Windows 10 Timeline feature has been around for 6 years. It is a bit surprising there is so much pushback this time around for effectively the same thing. I wonder if it's because Microsoft has been burning away people's trust through ads and dark patterns and all that bullshit, and this is the direct result of that.

rezonant
0 replies
1d17h

Actually Timeline was a semantic store from what I understand-- it didn't store screenshots of what you were doing, instead apps that used the Microsoft Graph API could contribute information about what you were doing to be included in the Timeline.

As far as I know, nothing used it except for MS' own apps. This new solution bypasses that problem by having no requirement for apps to use the Graph API-- it will just use an AI to deduce what the tasks were, and provide a search-like conversational experience on top of the collected images.

ooterness
0 replies
1d17h

Windows Timeline stores a list of recently opened apps and documents, not screenshots.

fifteen1506
2 replies
1d8h

I don't see Recall being axed.

Disabled by feature flag? Sure.

Disabled by default? Sure.

Once Windows stops having administrator accounts, they'll enable it by default.

As Smith would say, "it's inevitable".

Xeamek
1 replies
1d7h

wym by

"Once Windows stops having administrator accounts"?

fifteen1506
0 replies
23h2m

I may have dreamt this since I found no evidence online, but I thought "Windows 12" or similar would have only regular accounts. I assumed they would redirect filesystems calls for that, similar to the mechanism Windows Vista introduced and since has had no visible improvements.

delta_p_delta_x
2 replies
1d17h

I genuinely like Windows. I was raised on it, and have used every consumer version since 98, and have programmed on it since Windows 7. I believe that from a purely technical, systems programming, and even UI/UX perspective, it is superior to the competition—both commercial and free/libre open-source. I will be very happy to defend this statement as factually and reasonably as possible, because I also program on 'the competition OSs' at work, and every time I do so, I want to go back to a cohesive platform like VS 2022 which, for me, is unparalleled in terms of productivity.

But this sort of tone-deaf move from Microsoft is irritating me. I already dislike Windows 11's UI and UX flow because it is so reminiscent of macOS; this is why I haven't updated to it on my personal main computer yet (which is running Windows 10 Education, courtesy of my alma mater's Azure subscription). I've seen rumours that Microsoft hired a bunch of UI designers who used nothing but macOS and decided it was a good idea to port macOS UI designs to Windows. What a terrible terrible thing. UI responses that are instant even on Windows 10 now have a jelly-like lag to them on Windows 11, for no good reason. Also consider the regression of the right-click context menu, the ads and Copilot everywhere, a preference for unlabelled icons over text, amongst many others.

As another comment says, Windows Recall appears to be an AI evolution of the already-present Windows Timeline feature. The privacy outcomes of this are concerning and I really really wish we didn't have 'AI' and 'Copilot' stuffed down our throats all the time. I would like to opt-in to features I want, rather than have them all pre-enabled. Some of them are very useful, like clipboard history with Windows-Ctrl-V; some less so and are flagrant privacy violations.

I have already disabled almost every tracking, phone-home and auto-update feature possible using group policies; this is just another thing to add to my list of disabled 'help' features.

That being said, if Recall doesn't phone home—which appears to be the case here—I don't buy the argument that 'it's stealing everything you do and hackers can access it if they have physical access'. I believe that the moment a computer's physical access record is compromised, the entire computer is compromised, regardless of security theatre like disk encryption in the form of BitLocker/LUKS, Secure Boot etc. It doesn't matter whether Recall is present or not.

Skunkleton
0 replies
1d16h

It doesn't matter whether Recall is present or not

Yes it does. Consider getting some malware that is detected a few minutes later and removed. For most people there would be no harm. With recall, you would be instantly screwed.

20after4
0 replies
1d17h

if Recall doesn't phone home—which appears to be the case here—I don't buy the argument that 'it's stealing everything you do and hackers can access it if they have physical access'

The risk is not physical access, the risk is malware installed on the machine, or a security hole in some browser feature enabling malicious actors to covertly uploading the recall database to a remote server.

wavemode
1 replies
1d18h

I thought this concept sounded familiar. I remember Rem being relatively well-received.

I guess people trust Microsoft a lot less.

zuminator
0 replies
1d14h

Those third party apps are not enabled by default, won't modify their functionality without your permission, and two of the three are open source.

And for me it's not so much that I trust Microsoft less than any other company. It's that using their services require so much trust, yet they give so little trust in return.

MarkMarine
2 replies
1d18h

I just assumed windows work computers were doing this already.

smaudet
0 replies
1d17h

Work computers are like this, a bit, but typically they don't exfiltrate their own data outside their own corporate borders. That's a big deal/difference.

The other issue, the vendors tend not to leave glaring security holes in their software, both because of IT desire to maintain control of the operating environment, but also because there is intense awareness that corporate espionage is a constant, real, and ongoing threat.

It sounds like the MS folks rushed out a "feature" and wanted to pretend we all live in some utopia where nobody does anything bad, ever. Possibly all snorting coke or something...

aleph_minus_one
0 replies
1d18h

I just assumed windows work computers were doing this already.

In most sectors the installed corporate spyware is from a different company than Microsoft.

pkilgore
1 replies
1d18h

Holy shit, when I was doing litigation these databases would be my wet dream.

I might seriously quit my job and start a discovery consulting / tech company just for targeting these databases.

twobitshifter
0 replies
1d17h

The new text messages / browser history

mercurialsolo
1 replies
1d8h

Beyond the technology community I doubt that the loss of personal privacy is being discussed at large. Ad trackers had already made internet privacy a myth for the vast majority of the world; we now are seeing this permeate onto personal devices and subsequently to our environment with these always on, silently tracking devices - in the name of convenience.

Perfect recall, no need for memory, available at your fingertips - with T&C that completely disregards your need for personal privacy.

The challenge though is the "better" alternatives where a mix of privacy and convenience is there is not always convenient. We have and continue to be marketed convenience at the cost of privacy.

What we need is consumer data privacy to really become a societal and government concern and for devices which infringe on this to really go through the same scruity as say a drug going thru FDA approval.

lencastre
1 replies
10h33m

I am not sure about this, but this new feature requires a dedicated AI chip (or maybe even a decent enough GPU), so,… here’s to hoping the guys behind shutup10 can integrate a patch to disable this.

rafaelgoncalves
0 replies
1d1h

Thanks for the video. Like someone commented, i think too that this sketch will not get old so soon, more with all "AI" getting pushed.

bee_rider
1 replies
1d18h

The only silver lining on this is that, previously, the idea that your computer might visually spy on everything you do and index it for easy searching was the domain of paranoid conspiracy theorists.

So I guess at least marketing that as a feature now makes it obvious that it is possible, I guess.

EGreg
0 replies
1d18h

It was always possible.

But now they will claim you have a way to turn it off. Who knows ! There is so much telemetry being recorded anyway.

This is like people preferring Macbooks from 2016 because it was pre-touchbar. I honestly consider good tech from previous years to be far more secure than what’s around now. Who knows what’s in your products now?

andersa
1 replies
1d8h

The real question is why the hell can said infostealer malware access the file.

Can we PLEASE have proper per-process file access restrictions on Windows already - like MacOS has had for a decade now ????? Why is win32 app isolation still not done?

xyst
0 replies
1d15h

This is so wild. What kind of a-hole in the C-level suite of MS thought this was a good idea?

xbmcuser
0 replies
1d15h

Considering how stupid/unsophisticated an avg computer user is. The worlds scammers income is going to sky rocket in the next few years as more people get new computers with built in recall.

xbar
0 replies
1d14h

Well, we've got the next 6 months to make 2024 the year of the Linux desktop...

wkat4242
0 replies
1d7h

During testing this with an off the shelf infostealer, I used Microsoft Defender for Endpoint — which detected the off the shelve infostealer — but by the time the automated remediation kicked in (which took over ten minutes) my Recall data was already long gone.

Yeah... This is a BIG issue with the modern generation of antimalware solutions.

The old signature-based detection is great and immediate. But it has drawbacks. It only detects already-known malware. Not tailored stuff used only on one specific target. Also, malware can change its own signature adaptively. and hook into known-safe binaries.

So, a modern antimalware uses AI learning and behavioural analysis. Why is notepad.exe suddenly logging all your keywords? Ban it. The problem is: This takes a while. The tool can be configured to block it before someone looks at it, but it still takes a while. At the point that this happens, the damage is often already done.

At an enterprise level this is not a huge problem because it does mean the problem is detected, and by the time it is investigated it's possible to stop the source of the malware and ban it from all the other 100.000 PCs by using signature detection or other mitigations. On personal PCs this is more of an issue because they don't have a dedicated SOC (Security Operations Centre) jumping on to these things.

Also, the noise level is an issue in the enterprise, set the detection threshold too high and your SOC gets overwhelmed by all the detections and becomes ineffective.

Anyhow, this is indeed a good argument against Recall. When it was first introduced last week, people stated that it wasn't a big deal because malware can install its own key/screen logging. However a repository of the last 6 months of activity is indeed a very juicy target to exfiltrate quickly before detection.

walterbell
0 replies
1d19h

Related threads:

"Giving Windows total recall of everything a user does is a privacy minefield", 41 comments, https://news.ycombinator.com/item?id=40470806

"AI PCs are the final nail in the coffin of open computing", 60 comments, https://news.ycombinator.com/item?id=40436975

"How the new Microsoft Recall feature fundamentally undermines Windows security", 50 comments, https://news.ycombinator.com/item?id=40433884

"Windows Recall sounds like a privacy nightmare", 298 comments, https://news.ycombinator.com/item?id=40443682

walterbell
0 replies
1d18h

  The idea other people with access to the device could see a photographic memory is.. very scary to a great many people on a deeply personal level. Windows is a personal experience. This shatters that belief.
How did we get here? A 20-year lifelog.

2003, https://en.wikipedia.org/wiki/DARPA_LifeLog

>The objective of the LifeLog concept was "to be able to trace the 'threads' of an individual's life in terms of events, states, and relationships", and it has the ability to "take in all of a subject's experience, from phone numbers dialed and e-mail messages viewed to every breath taken, step made and place gone".

2007 Microsoft Research, https://www.microsoft.com/en-us/research/video/the-microsoft...

> The SenseCam is a personal, wearable camera developed by Microsoft Research in Cambridge, UK, and used as a lifelogging device in projects like MyLifeBits.. is based on wearing the SenseCam for lifelogging of ‘events’ during your day, and generating a fast-forward movie of the event as the memory recall interface.

2010 Microsoft Research, https://www.microsoft.com/en-us/research/publication/now-let...

> Lifelogging technologies can capture both mundane and important experiences in our daily lives, resulting in a rich record of the places we visit and the things we see.. Previous work has demonstrated that Lifelogs can aid recall, but that they do many other things too. They can help us look back at the past in new ways, or to reconstruct what we did in our lives, even if we don’t recall exact details.

https://www.microsoft.com/en-us/research/project/mylifebits/ & https://en.wikipedia.org/wiki/MyLifeBits

> MyLifeBits is a life-logging experiment begun in 2001. It is a Microsoft Research project inspired by Vannevar Bush's hypothetical Memex computer system.. The "experimental subject" of the project is computer scientist Gordon Bell.. For this, Bell has digitized all documents he has read or produced, CDs, emails, and so on. He continues to do so, gathering web pages browsed, phone and instant messaging conversations and the like more or less automatically. The book Total Recall describes the vision and implications for a personal, lifetime e-memory for recall, work, health, education, and immortality.

Lifelogging was referenced by 10,000 academic papers over two decades, https://scholar.google.com/scholar?q=lifelogging

torginus
0 replies
5h11m

It's a thinly veiled ploy to get training data to train their generative AIs in user activity with the hopes of teaching AI the workflows of people, so it can replace them.

thsksbd
0 replies
1d18h

Ahhh, I knew it was important to keep my 20 year old SGI fuel. :P

throwaway22032
0 replies
1d18h

Remember when we used to warn about software that phoned home?

Malware?

Keyloggers?

Adware?

Rootkit DRM?

Turns out they changed what "it" is, and I'm not even halfway to my pension yet...

thebeardisred
0 replies
1d17h

I find the irony that I keep getting advertised the podcast* by some VP of Security ding-dong at Microsoft *delicious*.

(* I am intentionally not stating the name because they don't deserve the attention or free advertising)

rswail
0 replies
3h33m

Can't wait for the first corporate legal case where discovery requires them to present the entire history of a person's computer usage, not just their communications.

If you're capturing screen shots, then how is something like using Signal or some other encrypted service still possible?

rakoo
0 replies
1d7h

I had to make it through 3/4 of the article before realizing that "Copilot+" is not, in fact, Copilot, or an enhanced version of it, but a line of computers. The marketing department also has some work to do.

probably_wrong
0 replies
1d8h

I regularly get spam claiming that a hacker has compromised my device, has been filming me jerking off through my own webcam, and will send screenshots to my friends and family if I don't send them bitcoins. You know, the usual.

Once Recall is out the story will go from laughable to worrying - all they'll have to do is change their text to include instructions to open Recall (the same way old websites would open 'file:///' to show they 'knew' what's on your PC) and regular people will lose their minds (and money).

And then there's the age-old adage "if you can see it you can exfiltrate it" - it didn't work for DRM and it won't work here. Malware will steal this data.

pizzaknife
0 replies
6h44m

when is this ever going to end? computing is so promising but we use it for activities like this....

matt3210
0 replies
1d18h

Hackers can't get it

Same as

The Tesla will never crash in FSD

Same as

out platform is hacker proof
makkesk8
0 replies
1d7h

I used to use Manictime[1] to achieve something similar, although, that was for time tracking purposes. But I can admit I've used it multiple times to find websites and documents that I forgotten the name of using the screenshots. But in essence, It suffers from the same flaws as Recall.

[1] https://www.manictime.com

gmerc
0 replies
1d17h

“the future of windows is cloud”.

dreamcompiler
0 replies
19h57m

Seems to me like Microsoft probably sees Recall as

a. A way to capture more personal data and sell it to advertisers, or

b. A way to make Windows even more attractive to enterprise customers so that managers can snoop on employees, or

c. A handy feature that most users will want.

What Microsoft is saying publicly is c, which in itself is a red flag that suggests it's probably not true. The other red flag is that even as tone-deaf as Microsoft is about user wants and desires, even they can't be stupid enough to believe most users want this. So it's gotta be a or b or both.

dgellow
0 replies
21h15m

Welp, I said before I would wait and see instead of directly dismiss the feature, and now I have my answer. That will be another of these feature to hard disable after windows install…

dankobgd
0 replies
1d8h

Imagine using windows in 2024

cududa
0 replies
1d8h

Neither these two paragraphs or the source they’re paraphrasing (https://doublepulsar.com/recall-stealing-everything-youve-ev...) indicate anything matching the headline at all.

The source article is a QA with himself. There’s 1 tweet references, that shows a screenshot of a truncated SQLite db that shows a log of the applications opened via the user UI shell: https://x.com/gossithedog/status/1796218726808748367?s=46&t=...

Whoopty doo. There are many, many sources throughout Windows that can give you a list of recently opened applications (that have existed for 10-25 years)

croes
0 replies
1d6h

Q. Are Microsoft a big, evil company?

A. No, that’s insanely reductive. They’re super smart people, and sometimes super smart people make mistakes. What matters is what they do with knowledge of mistakes.

Never attribute to malice that which can be adequately explained by neglect, ignorance or incompetence.

But

Q. Did Microsoft mislead the BBC about the security of Copilot

A. Yes.

Q. Have Microsoft mislead customers about the security of Copilot?

A. Yes. For example, they describe it as an optional experience — but it is enabled by default and people can optionally disable it. That’s wordsmithing.

Maybe at some point we should reconsider.

counterpartyrsk
0 replies
1d18h

Another great reason to use Linux.

chx
0 replies
1d7h

The real harm in Recall and I so much wish there was an authority who stepped in and slapped Microsoft into next week because of it: abusive relationships. Now your abuser can see everything you've done on your computer so if you try to get out your situation will worsen and also because of this you might not dare to seek help on said computer.

chx
0 replies
1d7h

The real harm in Recall and I so much wish there was an authority who stepped in and slapped Microsoft into next week because of it: abusive relationships. Now your abuser can see everything you've done on your computer so if you try to get out your situation will worsen and also because of this you might not dare to seek help on said computer.

chewz
0 replies
1d

I haven't typed or viewed anything on any Windows PC in like 15 years. And I think anyone shouldn't....

Keep pushing chaps...

autoexec
0 replies
1d18h

Windows already had a built in keylogger with Window 10 (https://www.pcworld.com/article/423165/how-to-turn-off-windo...) but all that data was only going to Microsoft and couldn't be accessed by you or anyone with access to your device.

Law enforcement, attorneys, and three letter agencies must be extremely excited about Recall. Now they won't have to hope that MS has records of everything you've typed while using your device, because with Recall all of that evidence will be stored on the device itself.

"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." imagine could be found using everything a person ever types on their computer.

at_a_remove
0 replies
1d17h

I am trying not to be reactionary but I swear, my usual response to the announcement of a new Windows feature is often "... and how do I turn that off?"

Still, sqlite ... tempting. Sometimes, if I am missing something I read months or even years ago, the right query to the sqlite files Firefox keeps can give good results.

andrewstuart
0 replies
1d18h

It should be called "Clean Sweep".

akomtu
0 replies
1d17h

This feature isn't for individual users, it's for corporations that want to control their employees.

If a corporation was a man, it would be a tyrant that demands to know everything its subjects do and think, and wants to control what they do and think.

L-four
0 replies
1d18h

Recall will track every you do this would be a massive invasion of privacy if Microsoft didn't already track everything you do.

JakeTehPwner
0 replies
22h56m

Time to stick to only gaming on windows. I’ll use a dedicated and locked down Linux box for everything else.

FerretFred
0 replies
1d8h

The overwhelmingly negative reaction has probably taken Microsoft leadership by surprise. For almost everybody else, it won’t have.

I sometimes (always) wonder which planet Microsoft leadership live on - it's certainly not the real world that you and I live on.

DarkmSparks
0 replies
1d7h

I dont even need to read beyond the title for a change, its been more than 10 years now since I have used windows in a business environment (linux on my main machine, mac for my second) and there is already no way I would go back to it.

But good grief wtf. I was mostly joking when I said before MS was intentionally trying to kill windows, but is there actually any other explanation for implementing this "feature"?

Animats
0 replies
1d18h

Is there a law enforcement analysis tool for this yet?

6510
0 replies
1d7h

Why stop there? It should also transcribe videos and everything said around the computer. Then, since it becomes possible to deduct the users opinion about just about everything if need be failing back on friends, family and coheard association it can also do our shopping and autofill the voting ballots silently on the background, without bothering me.

I mean, I have no idea how to stop laughing inappropriately at the moment but I know the product exists, that it can be delivered to my doorstep and that I can afford it.

29athrowaway
0 replies
1d17h

1. Turn user activity into data

2. Turn data into AI that replaces users