It's interesting to compare this to the Chrome/Safari/Edge browsing history, which is stored in an unencrypted SQLite database, and tracks what you do for the last 90 days. It's just a bit less visual, Incognito/Private modes work, and some users clear it more often.
But a whole lot of the surveillance attacks people imagine about Recall apply just the same to the browser. I think it's the "little brother" casual attacks that are so well enabled by Recall - it makes it faster, easier, and way more visual.
Your browsing history is unlikely to contain personal information, secrets, porn images etc. And if you use Chrome, they get your full browsing history by default.
I get your point, but Microsoft's Recall can capture anything onscreen - emails, personal info, porn, passwords and the like. And it feels, bizarrely for 2024, that little thought has gone into privacy or security.
I think the thought is proportional to the amount of thought a non-tech customer will put into it. Nobody seems to care about or understands privacy these days. Everyone knows they're being tracked everywhere they go physically and on the web. People use their real names, address, etc for every junk service they sign up for, without seeing any reason not to. If you tell people that their TV is tracking and taking screenshots of what they watch [1], they say "yeah, Netflix knows too".
It's literally, "how it's always been" for any non tech person under 30.
[1] https://themarkup.org/privacy/2023/12/12/your-smart-tv-knows...
Part of me wonders if this is the consequence of how accessible tech has become, and the prevalence of increasingly non-technical product managers. I'm a former PM, and I'm not here to denigrate the PM role, but the fact that a product like Recall got shipped says a lot about the makeup of the product org that shipped it.
While I get that younger people tend to see privacy differently, I'd argue this isn't really a privacy issue, it's a security conversation, albeit with obvious privacy implications. Leaking what apps I use or what sites I visit is mostly a privacy issue. Leaking what I type into the boxes on those sites is a security issue. If the end result of leaking this info is the attacker can pwn all of my bank accounts, we're solidly into security territory.
The fact that this got shipped means that multiple levels of leadership either didn't think about the consequences or didn't care about the consequences. I hope it's the former, because that means they can learn from the backlash and hopefully recalibrate.
Microsoft is in a position of power that IMO requires a significant duty of care and responsibility to their customers, and lapses like this need to be judged through that lens, i.e. it is their entire business to make sure features like this are safe.
There was probably from lower decks, where they are closer to reality. However, people are scared for their jobs in this economy and likely didn’t take it farther.
I think it’s a good point - these are still privacy issues, and being fatigued with the impossibility of defending privacy is indication of a power imbalance, not an acceptable default for humanity.
It's how it's always been, always.
Many here may be too young to remember when many consumer products came with a "product registration" card. This was basically a postcard that asked for all sorts of information, such as your name, address, phone number, birthdate, sex, SSN, marital status, annual income, interests, other products owned, whether you own or rent your home, etc.
People willingly filled these out and sent them in. All the info went into databases that were merged with other sources and traded around various marketing agencies on 9-track tape reels. Advertisers could get mailing lists segmented by age, sex, income level, geographical region or specific zip codes, etc. for their campaigns.
It's all much more pervasive and invisible now, but it's basically what has always been done.
I don't know, I don't think sending in product registration cards could/would often result in your bank account being drained...
So you admit it is far worse today than it was before? But the second half of your sentence seeks to disingenuously pretend that it has "always" been bad.
I can be sick with a cold or I can have stage-four brain cancer. People have "always" been sick but one is serious (terminal cancer) one is not (a non persistent cold).
Basically is doing a lot of work here, the level and degree of how much data is vacuumed, processed, and used for targeting nowadays is orders of magnitude of difference from these primitive ways.
A tent and a house are basically the same: a shelter.
That sounds good to some people. But if I mentioned it to most people in my family they would probably be rather weirded out by it. They probably also would have no idea of the scope of the size of it and how it is being used against them.
Do you listen to music only with earbuds? Do you cover your face when going outside? Do you transform your voice for each person you’re talking to? Are you buying only with cash that you handled with gloves?
Privacy is not a binary concept. There are actions and information that some people are ok being public, and there are some they prefer to remain private.
What is not OK is spying and exploitation. I should know what data you’re collecting and preferably specify which I’m ok with. I also should know what is intended for and preferably for most of it to be anonymized.
Most people expect reasonable privacy policies from companies and they believe that there’s some regulation in place.
Of all the places on your computer that might contain porn images, that would be one of the very top candidates.
Nope - links to porn sites (but who browses porn without Incognito Mode! :), but it's not going to contain actual images.
As far as metadata versus data, the URL of a static image automatically discloses the image itself. The only way to claim that the history doesn't actually contain the image is if you assume that the site has gone defunct.
Unless, of course, you're willing to argue that a porn image stored on the local hard drive isn't contained in any folders on the same PC that soft-link it. You might have an interesting time trying to justify why it is contained in folders that hard-link it.
I always joked around that Firefox made the incognito shortcut CTRL-Shift-P for Porn mode
(I really wish they followed the “standard” keyboard shortcut)
No, the browsing history isn't likely to (data URLs I guess make it technically possible, but...); your browser cache might.
It's analogous to phone call metadata vs. the contents of the phone calls.
Perhaps. A key difference though - history files can include the individual pages I requested from the same host. Right now I have like 50 entries for the various posts I read just from HackerNews, all as separate line items etc etc.
In the case of the phone, one simply sees recipient of call, duration etc, regardless of how much information was exchanged. The phone I'm calling is arguably analogous to the server I request a page from, in the metadata context.
I'd argue browser history is significantly richer in some regards due to this. It's not unheard of for user identifiers to appear in URL paths either - try visiting https://news.ycombinator.com/user?id=<HN user name>... In my Chrome, that's instantly in the history file with my username.
Yes, it's a good way to put it. Though it's worse in some respects, since AI will add "context" to the "contents" too.
No, no. They thought about the privacy and security aspect. They decided that it's better for their bottom line if Windows users don't have privacy from the mother ship. Really, they already decided that way back when Windows Vista first came out and periodically asked Microsoft HQ if you should continue being allowed to use your computer.
I mean, you can't even install Windows 10 without it telling you several times that unless you opt out (again and again), it's going to send just about anything you do to Microsoft…
No thought at all. Just by default auto exclude private browser windows and password managers. No thought at all.
It's a turn of phrase; it doesn't mean literally no though at all!
On a more relevant note, how can it know when a private browser window is open in anything other than Edge? Same question with the password manager - is there going to be some new API that apps have to "opt in" to to enable Windows to recognise them?
I think they actually did consider that - that's why they emphasized it was all on device. They thought about it, they just didn't think about how little we would trust that promise.
I'm perplexed that anybody thinks Microsoft were being dumb. They know exactly what they are doing and putting the pieces in place to violate users' security is the point.
Theyre just boiling the frog slowly. It'll be turned on by default soon enough and then theyll start looking for excuses to upload it.
This can be used to make them a shedload of money one day.
What about the browser cache? And isn't there some capability in many browsers to store form field contents when navigating back/forward too?
on the contrary, i think a LOT of thought went into privacy and security. specifically, how to ignore and bypass it.
Yeah, I think this entire debate is uninformed hysteria and manufactured outrage. "If an attacker has administrator access, they can see everything you have done on your computer!". OK? That has literally always been the case? "Attacker is root" is game over and always has been. The original writeup from DoublePulsar tried to justify that Recall is somehow different from other such scenarios, but I found it totally unconvincing.
I think it's the right move to have it off by default, but I'm just not convinced by the outrage here.
Browser history doesn't show my passwords, everything I typed out and did on the machine.
In comparison browser history is nothing.
You’re missing the point. An attacker can only see the passwords in your Recall database if they have root, but if they have root there are (and always have been) a thousand other ways they can get your passwords. There is no new attack vector being introduced by Recall.
It is possible to access to Recall database without admin access.
https://x.com/GossiTheDog/status/1798832390070276500
RTA, Microsoft announced changes to the security model to prevent that.
I did read the article. The person I'm replying to claims the entire debate was "uninformed hysteria", which means they thought the previous security model already required admin.
Another big, big difference, anybody, not just some black-hat pro with a long kill chain of zero-days, has a fantastic source of data to exfiltrate.
Perhaps you didn't note before, or are one yourself, but this includes e.g. abusive spouses. Sure, maybe the abusive spouse could hire a black hat, but this is very different to a drunk low-life wife-beater casually snooping through "recall".
It might not be a "new" attack vector, but its absolutely a complete degradation to any computer security.
One difference is that you can get root access after the fact and get however much prior data Recall recorded vs only going forward.
If an attacker got root with recall they might not need to wait the user to type their password and risk detection. The information they want to know might be already in the recall database.
You can get cookies/tokens from chrome databases so its the equivalent to passwords in alot of cases
Recall FEELS like being watched. Your browser history does not.
To be clear, I am not in favor of Recall or dismissing its intrusiveness. However, the correct comparison is not just "browser history". Google is also tracking your search history, passwords (built-in password manager), location history (Google Maps), ad clicks, and more. All-in, it's a LOT of data.
I'm with you -- I avoid Google products for the reasons you listed and am staunchly anti-surveillance capitalism. I just meant to say that even for a person with my very plugged-in perspective on these topics, Google's violations of my privacy still don't feel quite as invasive as Recall feels, even if on paper it's just as egregious and dangerous.
In a typical bigcorp environment, laptops are loaded with silently installed spyware. Certainly equivalent to taking a screenshot every second or an always-on keylogger.
The horse is out of the barn for many people during work hours. But in the OS and on by default is a different story!
Except that before today you didn’t even need admin for access to the database, any process that is allowed to read things could access the Recall database.
Browsing history doesn't contain what's displayed on the page, and what you input into the input boxes, or POST requests. It's sorta like telephone metadata.
On the other hand, I am always freaked out by Chrome extensions that "can read and change your data on all websites". Can't they have more granular permissions? You gotta have a lot of trust for those extensions LMAO. They can read your bank passwords, probably!! And if they are ever sold...
To be fair for me the extensions that get that are uBO, Privacy Badger, and Tampermonkey.
I trust gorhill and the EFF to not fuck me over on my data, and Tampermonkey kinda needs those sorts of permissions to work. My password manager has read access to every website but I'm already trusting it with all of my passwords so...
Seems like a very juicy target.
These extensions should not store any data without a master password that you input every time.
What if someone stole the signing key, and submitted an update to Chrome store, even for a little? Oh wait that is only for Chrome Apps. For extensions, they can literally update themselves anytime. Someone would just have to steal the certificate.
If an extension that reads all data uses a CDN (like CloudFlare) that CDN can execute a MITM attack against it and download new code, that would he catastrophic even if it was caught 1 day later.
Mozilla reviews signed extension updates. Something tells me uBO is one of the most scrutinized given how very many users it has.
My threat model doesn't include state actors targeting me specifically. Not sure much of anything works against that threat model besides maybe iOS in Lockdown Mode as your only device.
I have an extension like that called uBlock. If that ever gets compromised or sold, I will have much bigger problems ...
Exactly - knowing the content of each webpage is pretty easy if you're "big brother" surveilling millions of people, even more so if you have a Chrome extension to help.
It's "little brother" that benefits a lot here: bosses, spouses, parents, etc., who otherwise wouldn't click on 1000 links in your history.
Does Recall run entirely locally? I don't think your browser history gets sent out
I expect it does, if you're using Chrome outside of Incognito Mode. Iirc, there is an opt-out about "web history" on the google account - which then disables some other things so that it annoys enough people into keeping it on.
It does, that's why it needs an NPU to run.
It does, but who's to say insights in gains won't ever be sent back and used/sold?
no it isnt the same, you may know I went to my health care provider's website, maybe even to make an appointment depending on the url, but with recall, everything that is on the page will be stored, not just the url. It's totally different. So the message I sent my healthcare provider that is discussing some of my most sensitive medical issues will be available to read and a record is kept of it... not just the url. Do you not see the difference?
Yes, but one product cycle and there's metadata (like a background texture) that tells the OCR to skip this page. Or ask your local LLM if the user is talking about medical conditions? If you like the feature at all you can make these things work.
"If you like the feature at all you can make these things work."
It's not on the individual users to take steps to preserve their basic human dignity. It's not Microsoft to not take that dignity away by default as was their plan before this fiasco predictably blew up in their faces just like the Xbox One always-online Kinect requirement before it.
1. Browsing history doesn't show what the user is doing on the page. There is a big difference between logging "user visited his e-banking app", and logging his actual credentials as they are entered.
2. Browsing history watches one app. Screenshots watch everything across the entire OS.
Not just credentials - account balances, account numbers, etc. There's a big difference between your browser history recording that you opened your bank or healthcare provider's web site and Recall recording everything that appeared on the screen while you did.
People might use Incognito mode to browse porn, but I imagine it's a lot less common when looking at other sensitive sites.
This is a horrible comparison. Browsing history doesnt show the contents of the page. It doesnt show you what you were doing on that page. It doesn't reveal anything other than you went there and maybe how long.
Well, on old school sites where there are static pages each pointed to by an unique url, yes it does show the contents of the page :)
They're quite obviously very different, as browser history doesn't tend to include things like financial details or information subject to an NDA.
Their is a very different scope at the OS level.
Most of us know that the public Internet is based on surveillance capitalism, no matter if we hate it or are just complacent or ignorant.
OS wide is far more problematic and of low value to the user.
One difference is that Web browser history has been there 30 years, since before most people at the time had even touched a Web browser.
At the time, it wasn't very thinkable that someone would have the audacity to take and abuse that information.
It dates from when Internet people overall were more savvy about privacy than users overall today are, but it was also when the Internet was closer to a trustworthy environment, and before Wall Street sociopath types took over the tech and the culture.
Lots of kinds of abuse that today are routine and almost universal, for even startup tech companies, (e.g., embedding third-party trackers into Web site, and getting even worse from there), I think would've gotten them ostracized, and outraged demands for criminal charges.
During the dotcom gold rush, there was such a flood of totally new, posturing people, and so much money being thrown wildly at everything, that any remaining outrage was lost in the noise.
And now virtually no one knows any different.
But if you're trying to push some new abuse today, I think ordinary people are starting to have some awareness of what vicious sociopathic buttholes tech companies have become, and so acceptance might not be a slam-dunk.
The ickier parts are on the unintended capture side, like enabling "show password" on a site doesn't affect browser history but Recall may capture it in the clear.
Or from history you may see that you accessed a site, but not what you did on it (what comments you typed for example).
Talk on zoom to the wife while bathing the kid, stored on recall. VC the girlfriend, stored on recall.
Does your browser history store pictures of your family?
Your browser history doesn't contain screen recordings of what you do on websites
If there's AI involved, everyone's panic level skyrockets.
No one retweets "Attacker gaining root access reveals all user information", but instead "Attacker gaining root access reveals all user information collected by AI program" will go viral for sure.