return to table of content

Microsoft Will Switch Off Recall by Default After Security Backlash

herf
65 replies
3h24m

It's interesting to compare this to the Chrome/Safari/Edge browsing history, which is stored in an unencrypted SQLite database, and tracks what you do for the last 90 days. It's just a bit less visual, Incognito/Private modes work, and some users clear it more often.

But a whole lot of the surveillance attacks people imagine about Recall apply just the same to the browser. I think it's the "little brother" casual attacks that are so well enabled by Recall - it makes it faster, easier, and way more visual.

GordonS
25 replies
2h57m

Your browsing history is unlikely to contain personal information, secrets, porn images etc. And if you use Chrome, they get your full browsing history by default.

I get your point, but Microsoft's Recall can capture anything onscreen - emails, personal info, porn, passwords and the like. And it feels, bizarrely for 2024, that little thought has gone into privacy or security.

nomel
8 replies
2h50m

that little thought has gone into privacy or security.

I think the thought is proportional to the amount of thought a non-tech customer will put into it. Nobody seems to care about or understands privacy these days. Everyone knows they're being tracked everywhere they go physically and on the web. People use their real names, address, etc for every junk service they sign up for, without seeing any reason not to. If you tell people that their TV is tracking and taking screenshots of what they watch [1], they say "yeah, Netflix knows too".

It's literally, "how it's always been" for any non tech person under 30.

[1] https://themarkup.org/privacy/2023/12/12/your-smart-tv-knows...

haswell
2 replies
2h39m

I think the thought is proportional to the amount of thought a non-tech customer will put into it.

Part of me wonders if this is the consequence of how accessible tech has become, and the prevalence of increasingly non-technical product managers. I'm a former PM, and I'm not here to denigrate the PM role, but the fact that a product like Recall got shipped says a lot about the makeup of the product org that shipped it.

While I get that younger people tend to see privacy differently, I'd argue this isn't really a privacy issue, it's a security conversation, albeit with obvious privacy implications. Leaking what apps I use or what sites I visit is mostly a privacy issue. Leaking what I type into the boxes on those sites is a security issue. If the end result of leaking this info is the attacker can pwn all of my bank accounts, we're solidly into security territory.

The fact that this got shipped means that multiple levels of leadership either didn't think about the consequences or didn't care about the consequences. I hope it's the former, because that means they can learn from the backlash and hopefully recalibrate.

Microsoft is in a position of power that IMO requires a significant duty of care and responsibility to their customers, and lapses like this need to be judged through that lens, i.e. it is their entire business to make sure features like this are safe.

xattt
0 replies
2h14m

The fact that this got shipped means that multiple levels of leadership either didn't think about the consequences or didn't care about the consequences. I hope it's the former, because that means they can learn from the backlash and hopefully recalibrate.

There was probably from lower decks, where they are closer to reality. However, people are scared for their jobs in this economy and likely didn’t take it farther.

intended
0 replies
1h33m

I think it’s a good point - these are still privacy issues, and being fatigued with the impossibility of defending privacy is indication of a power imbalance, not an acceptable default for humanity.

SoftTalker
2 replies
1h50m

It's how it's always been, always.

Many here may be too young to remember when many consumer products came with a "product registration" card. This was basically a postcard that asked for all sorts of information, such as your name, address, phone number, birthdate, sex, SSN, marital status, annual income, interests, other products owned, whether you own or rent your home, etc.

People willingly filled these out and sent them in. All the info went into databases that were merged with other sources and traded around various marketing agencies on 9-track tape reels. Advertisers could get mailing lists segmented by age, sex, income level, geographical region or specific zip codes, etc. for their campaigns.

It's all much more pervasive and invisible now, but it's basically what has always been done.

smaudet
0 replies
1h29m

It's how it's always been, always.

I don't know, I don't think sending in product registration cards could/would often result in your bank account being drained...

It's all much more pervasive and invisible now, but it's basically what has always been done.

So you admit it is far worse today than it was before? But the second half of your sentence seeks to disingenuously pretend that it has "always" been bad.

I can be sick with a cold or I can have stage-four brain cancer. People have "always" been sick but one is serious (terminal cancer) one is not (a non persistent cold).

piva00
0 replies
22m

It's all much more pervasive and invisible now, but it's basically what has always been done.

Basically is doing a lot of work here, the level and degree of how much data is vacuumed, processed, and used for targeting nowadays is orders of magnitude of difference from these primitive ways.

A tent and a house are basically the same: a shelter.

sumtechguy
0 replies
2h24m

Everyone knows they're being tracked everywhere they go physically and on the web

That sounds good to some people. But if I mentioned it to most people in my family they would probably be rather weirded out by it. They probably also would have no idea of the scope of the size of it and how it is being used against them.

skydhash
0 replies
2h23m

Do you listen to music only with earbuds? Do you cover your face when going outside? Do you transform your voice for each person you’re talking to? Are you buying only with cash that you handled with gloves?

Privacy is not a binary concept. There are actions and information that some people are ok being public, and there are some they prefer to remain private.

What is not OK is spying and exploitation. I should know what data you’re collecting and preferably specify which I’m ok with. I also should know what is intended for and preferably for most of it to be anonymized.

Most people expect reasonable privacy policies from companies and they believe that there’s some regulation in place.

thaumasiotes
4 replies
1h40m

Your browsing history is unlikely to contain [...] porn images

Of all the places on your computer that might contain porn images, that would be one of the very top candidates.

GordonS
2 replies
1h23m

Nope - links to porn sites (but who browses porn without Incognito Mode! :), but it's not going to contain actual images.

thaumasiotes
0 replies
53m

As far as metadata versus data, the URL of a static image automatically discloses the image itself. The only way to claim that the history doesn't actually contain the image is if you assume that the site has gone defunct.

Unless, of course, you're willing to argue that a porn image stored on the local hard drive isn't contained in any folders on the same PC that soft-link it. You might have an interesting time trying to justify why it is contained in folders that hard-link it.

adamomada
0 replies
27m

I always joked around that Firefox made the incognito shortcut CTRL-Shift-P for Porn mode

(I really wish they followed the “standard” keyboard shortcut)

dragonwriter
0 replies
1h20m

No, the browsing history isn't likely to (data URLs I guess make it technically possible, but...); your browser cache might.

axus
2 replies
2h55m

It's analogous to phone call metadata vs. the contents of the phone calls.

giobox
0 replies
1h11m

Perhaps. A key difference though - history files can include the individual pages I requested from the same host. Right now I have like 50 entries for the various posts I read just from HackerNews, all as separate line items etc etc.

In the case of the phone, one simply sees recipient of call, duration etc, regardless of how much information was exchanged. The phone I'm calling is arguably analogous to the server I request a page from, in the metadata context.

I'd argue browser history is significantly richer in some regards due to this. It's not unheard of for user identifiers to appear in URL paths either - try visiting https://news.ycombinator.com/user?id=<HN user name>... In my Chrome, that's instantly in the history file with my username.

GordonS
0 replies
1h21m

Yes, it's a good way to put it. Though it's worse in some respects, since AI will add "context" to the "contents" too.

ragnese
1 replies
2h33m

And it feels, bizarrely for 2024, that little thought has gone into privacy or security.

No, no. They thought about the privacy and security aspect. They decided that it's better for their bottom line if Windows users don't have privacy from the mother ship. Really, they already decided that way back when Windows Vista first came out and periodically asked Microsoft HQ if you should continue being allowed to use your computer.

Sharlin
0 replies
1h34m

I mean, you can't even install Windows 10 without it telling you several times that unless you opt out (again and again), it's going to send just about anything you do to Microsoft…

TiredOfLife
1 replies
1h11m

No thought at all. Just by default auto exclude private browser windows and password managers. No thought at all.

GordonS
0 replies
56m

It's a turn of phrase; it doesn't mean literally no though at all!

On a more relevant note, how can it know when a private browser window is open in anything other than Edge? Same question with the password manager - is there going to be some new API that apps have to "opt in" to to enable Windows to recognise them?

SketchySeaBeast
1 replies
2h22m

I think they actually did consider that - that's why they emphasized it was all on device. They thought about it, they just didn't think about how little we would trust that promise.

pydry
0 replies
1h50m

I'm perplexed that anybody thinks Microsoft were being dumb. They know exactly what they are doing and putting the pieces in place to violate users' security is the point.

Theyre just boiling the frog slowly. It'll be turned on by default soon enough and then theyll start looking for excuses to upload it.

This can be used to make them a shedload of money one day.

shawnz
0 replies
55m

What about the browser cache? And isn't there some capability in many browsers to store form field contents when navigating back/forward too?

INGSOCIALITE
0 replies
1h47m

on the contrary, i think a LOT of thought went into privacy and security. specifically, how to ignore and bypass it.

Analemma_
14 replies
3h17m

Yeah, I think this entire debate is uninformed hysteria and manufactured outrage. "If an attacker has administrator access, they can see everything you have done on your computer!". OK? That has literally always been the case? "Attacker is root" is game over and always has been. The original writeup from DoublePulsar tried to justify that Recall is somehow different from other such scenarios, but I found it totally unconvincing.

I think it's the right move to have it off by default, but I'm just not convinced by the outrage here.

Tool_of_Society
8 replies
3h6m

Browser history doesn't show my passwords, everything I typed out and did on the machine.

In comparison browser history is nothing.

Analemma_
6 replies
3h0m

You’re missing the point. An attacker can only see the passwords in your Recall database if they have root, but if they have root there are (and always have been) a thousand other ways they can get your passwords. There is no new attack vector being introduced by Recall.

sgent
1 replies
1h37m

RTA, Microsoft announced changes to the security model to prevent that.

fh9302
0 replies
1h26m

I did read the article. The person I'm replying to claims the entire debate was "uninformed hysteria", which means they thought the previous security model already required admin.

smaudet
0 replies
1h14m

Another big, big difference, anybody, not just some black-hat pro with a long kill chain of zero-days, has a fantastic source of data to exfiltrate.

Perhaps you didn't note before, or are one yourself, but this includes e.g. abusive spouses. Sure, maybe the abusive spouse could hire a black hat, but this is very different to a drunk low-life wife-beater casually snooping through "recall".

It might not be a "new" attack vector, but its absolutely a complete degradation to any computer security.

morder
0 replies
2h44m

One difference is that you can get root access after the fact and get however much prior data Recall recorded vs only going forward.

Benedicht
0 replies
2h50m

If an attacker got root with recall they might not need to wait the user to type their password and risk detection. The information they want to know might be already in the recall database.

sanktanglia
0 replies
2h46m

You can get cookies/tokens from chrome databases so its the equivalent to passwords in alot of cases

mostlysimilar
2 replies
3h15m

Recall FEELS like being watched. Your browser history does not.

listenallyall
1 replies
2h35m

To be clear, I am not in favor of Recall or dismissing its intrusiveness. However, the correct comparison is not just "browser history". Google is also tracking your search history, passwords (built-in password manager), location history (Google Maps), ad clicks, and more. All-in, it's a LOT of data.

mostlysimilar
0 replies
44m

I'm with you -- I avoid Google products for the reasons you listed and am staunchly anti-surveillance capitalism. I just meant to say that even for a person with my very plugged-in perspective on these topics, Google's violations of my privacy still don't feel quite as invasive as Recall feels, even if on paper it's just as egregious and dangerous.

shermantanktop
0 replies
2h27m

In a typical bigcorp environment, laptops are loaded with silently installed spyware. Certainly equivalent to taking a screenshot every second or an always-on keylogger.

The horse is out of the barn for many people during work hours. But in the OS and on by default is a different story!

amusingimpala75
0 replies
2h33m

Except that before today you didn’t even need admin for access to the database, any process that is allowed to read things could access the Recall database.

EGreg
5 replies
3h17m

Browsing history doesn't contain what's displayed on the page, and what you input into the input boxes, or POST requests. It's sorta like telephone metadata.

On the other hand, I am always freaked out by Chrome extensions that "can read and change your data on all websites". Can't they have more granular permissions? You gotta have a lot of trust for those extensions LMAO. They can read your bank passwords, probably!! And if they are ever sold...

ls612
2 replies
3h9m

To be fair for me the extensions that get that are uBO, Privacy Badger, and Tampermonkey.

I trust gorhill and the EFF to not fuck me over on my data, and Tampermonkey kinda needs those sorts of permissions to work. My password manager has read access to every website but I'm already trusting it with all of my passwords so...

EGreg
1 replies
1h37m

Seems like a very juicy target.

These extensions should not store any data without a master password that you input every time.

What if someone stole the signing key, and submitted an update to Chrome store, even for a little? Oh wait that is only for Chrome Apps. For extensions, they can literally update themselves anytime. Someone would just have to steal the certificate.

If an extension that reads all data uses a CDN (like CloudFlare) that CDN can execute a MITM attack against it and download new code, that would he catastrophic even if it was caught 1 day later.

ls612
0 replies
10m

Oh wait that is only for Chrome Apps. For extensions, they can literally update themselves anytime. Someone would just have to steal the certificate.

Mozilla reviews signed extension updates. Something tells me uBO is one of the most scrutinized given how very many users it has.

If an extension that reads all data uses a CDN (like CloudFlare) that CDN can execute a MITM attack against it and download new code, that would he catastrophic even if it was caught 1 day later.

My threat model doesn't include state actors targeting me specifically. Not sure much of anything works against that threat model besides maybe iOS in Lockdown Mode as your only device.

red_admiral
0 replies
2h50m

I have an extension like that called uBlock. If that ever gets compromised or sold, I will have much bigger problems ...

herf
0 replies
3h11m

Exactly - knowing the content of each webpage is pretty easy if you're "big brother" surveilling millions of people, even more so if you have a Chrome extension to help.

It's "little brother" that benefits a lot here: bosses, spouses, parents, etc., who otherwise wouldn't click on 1000 links in your history.

ydnaclementine
3 replies
3h11m

Does Recall run entirely locally? I don't think your browser history gets sent out

toyg
0 replies
3h8m

I expect it does, if you're using Chrome outside of Incognito Mode. Iirc, there is an opt-out about "web history" on the google account - which then disables some other things so that it annoys enough people into keeping it on.

juancn
0 replies
2h58m

It does, that's why it needs an NPU to run.

al_borland
0 replies
26m

It does, but who's to say insights in gains won't ever be sent back and used/sold?

russdpale
2 replies
3h8m

no it isnt the same, you may know I went to my health care provider's website, maybe even to make an appointment depending on the url, but with recall, everything that is on the page will be stored, not just the url. It's totally different. So the message I sent my healthcare provider that is discussing some of my most sensitive medical issues will be available to read and a record is kept of it... not just the url. Do you not see the difference?

herf
1 replies
3h0m

Yes, but one product cycle and there's metadata (like a background texture) that tells the OCR to skip this page. Or ask your local LLM if the user is talking about medical conditions? If you like the feature at all you can make these things work.

entropicdrifter
0 replies
2h38m

"If you like the feature at all you can make these things work."

It's not on the individual users to take steps to preserve their basic human dignity. It's not Microsoft to not take that dignity away by default as was their plan before this fiasco predictably blew up in their faces just like the Xbox One always-online Kinect requirement before it.

usrbinbash
1 replies
1h33m

1. Browsing history doesn't show what the user is doing on the page. There is a big difference between logging "user visited his e-banking app", and logging his actual credentials as they are entered.

2. Browsing history watches one app. Screenshots watch everything across the entire OS.

kenny11
0 replies
51m

Not just credentials - account balances, account numbers, etc. There's a big difference between your browser history recording that you opened your bank or healthcare provider's web site and Recall recording everything that appeared on the screen while you did.

People might use Incognito mode to browse porn, but I imagine it's a lot less common when looking at other sensitive sites.

byteknight
1 replies
2h51m

This is a horrible comparison. Browsing history doesnt show the contents of the page. It doesnt show you what you were doing on that page. It doesn't reveal anything other than you went there and maybe how long.

nottorp
0 replies
1h56m

Well, on old school sites where there are static pages each pointed to by an unique url, yes it does show the contents of the page :)

torstenvl
0 replies
2h56m

They're quite obviously very different, as browser history doesn't tend to include things like financial details or information subject to an NDA.

nyrikki
0 replies
2h59m

Their is a very different scope at the OS level.

Most of us know that the public Internet is based on surveillance capitalism, no matter if we hate it or are just complacent or ignorant.

OS wide is far more problematic and of low value to the user.

neilv
0 replies
2h49m

One difference is that Web browser history has been there 30 years, since before most people at the time had even touched a Web browser.

At the time, it wasn't very thinkable that someone would have the audacity to take and abuse that information.

It dates from when Internet people overall were more savvy about privacy than users overall today are, but it was also when the Internet was closer to a trustworthy environment, and before Wall Street sociopath types took over the tech and the culture.

Lots of kinds of abuse that today are routine and almost universal, for even startup tech companies, (e.g., embedding third-party trackers into Web site, and getting even worse from there), I think would've gotten them ostracized, and outraged demands for criminal charges.

During the dotcom gold rush, there was such a flood of totally new, posturing people, and so much money being thrown wildly at everything, that any remaining outrage was lost in the noise.

And now virtually no one knows any different.

But if you're trying to push some new abuse today, I think ordinary people are starting to have some awareness of what vicious sociopathic buttholes tech companies have become, and so acceptance might not be a slam-dunk.

juancn
0 replies
2h55m

The ickier parts are on the unintended capture side, like enabling "show password" on a site doesn't affect browser history but Recall may capture it in the clear.

Or from history you may see that you accessed a site, but not what you did on it (what comments you typed for example).

epanchin
0 replies
1h3m

Talk on zoom to the wife while bathing the kid, stored on recall. VC the girlfriend, stored on recall.

Does your browser history store pictures of your family?

biftek
0 replies
3h0m

Your browser history doesn't contain screen recordings of what you do on websites

andrewmutz
0 replies
3h13m

If there's AI involved, everyone's panic level skyrockets.

No one retweets "Attacker gaining root access reveals all user information", but instead "Attacker gaining root access reveals all user information collected by AI program" will go viral for sure.

SavageBeast
30 replies
2h47m

In all the MS Recall drama, I've yet to hear or read one single person utter something to the effect of "Wow - great!!! - I've been waiting for something like this for years! This will solve at least one of the major issues I face regularly!". In fact, it seems to me the only people that really want this feature are the ones trying to push it down everyones collective throat. Why is MS pushing something so hard when nobody asked for it?

rvense
3 replies
2h11m

For tech savvy people, it's a bewildering feature. Why would I want some weird unpredictable AI thing when I've already got filesystem search, browser bookmarks, the neatly categorized PDF collection, and my Zettelkästen/2GB Org.mode doc/Joplin notes?

But for non-technical people, of course, computers are already unpredictable. They routinely (appear to) misplace files and overwrite them with previous versions, and if the URL falls out of autocomplete the site might as well not exist. For people who google to find the Facebook login page, this would simply be how computers should work. You tell it to give you the thing and it gives you the thing. How that happens is immaterial.

chuckadams
1 replies
1h41m

I’m plenty savvy and I’d like that AI thing. I’d just like it to be more discerning about what it records, and managed in a way that’s not a pinkie-swear promise to protect my privacy. MS has a track record both long and recent that shows they’re not the appropriate stewards of this data. I don’t even see MS as mustache-twirling villains in general, just incompetent at an organizational level to stand up to whatever scheme any individual mustache-twirling marketing middle manager comes up with.

usrbinbash
0 replies
1h27m

I can, and am, using a locally running LLM with RAG on my personal wiki already.

The difference between that and Recall: I decide what goes into the wiki.

doug_durham
0 replies
1h22m

Why are you conflating being tech savvy with being organized? Only a subset of people in tech that I know have the type of organization you describe. I personally rely on local search for everything.

rchaud
3 replies
2h41m

I've heard Microsoft wants to do away with on-device Windows entirely for consumer devices, and go with a "dumb client" form factor that is always connected to a remote Windows server.

I'm not sure who at the org is pushing for this as it would essentially hand the PC games market to SteamOS. I suppose they saw how well it's worked for enterprise customers that essentially already use a Windows VM through Citrix or some other provider, and think this would solve the virus/malware problem once and for all.

nottorp
0 replies
1h44m

as it would essentially hand the PC games market to SteamOS

... or they will just stop developing windows games and do only xbox/playstation games ...

dabbz
0 replies
52m

It's because there's a huge cloud first push internally. Leadership is trying to find any way they can find to leverage Azure and recurring revenue.

cesarb
0 replies
1h36m

I'm not sure who at the org is pushing for this as it would essentially hand the PC games market to SteamOS.

PC games can already be played on a remote server, using services like Stadia, so it would not necessarily hand the PC games market to local Linux-based devices running SteamOS (like the Steam Deck).

delecti
2 replies
2h30m

Security nightmare aside, it seems like it would be handy all the time. Surely everyone has had trouble finding a website or document or email again, days or weeks later?

roywiggins
0 replies
2h21m

Most or indeed all of that doesn't need screen-scraping though.

ragnese
0 replies
2h24m

Documents and emails are probably easier to find via old-school text searching, though.

vondur
1 replies
2h29m

It could be handy if the data was stored locally and was managed by the users.

wvenable
0 replies
45m

It is.

wing-_-nuts
0 replies
2h39m

When this was announced I actually saw a post by someone who used a similar tool for time tracking in OS X and they claimed it was really helpful.

To be frank, I would not mind having this feature on linux provided it was entirely local, and encrypted.

usrbinbash
0 replies
1h29m

Why is MS pushing something so hard when nobody asked for it?

Because they bet big on AI, and hardware suppliers bet big on AI-enabled hardware, and so they are trying to find use cases for it.

rurp
0 replies
1h58m

This applies to most AI features that have been released recently. It feels like almost every business that wants to think of itself as a tech company has been desperate to throw out as many new features as possible that they can slap an AI label onto.

Most of those features are garbage and make the product worse, either because they don't address an actual problem or because they are implemented poorly. But of course improving the product is at best a secondary concern, chasing the hype is far more important, both for the company itself and the individuals building this stuff.

ragnese
0 replies
2h27m

In all the MS Recall drama, I've yet to hear or read one single person utter something to the effect of "Wow - great!!! - I've been waiting for something like this for years! This will solve at least one of the major issues I face regularly!".

There were definitely some comments in a previous HN post about it that attempted defend it and to paint everyone else as overreacting. Several of them even said that they thought it would be useful for something they might hypothetically like to remember or search for... I don't really remember, because the whole thing is crazy to me and I think it's crazy for any tech-savvy person to be running Windows in 2024.

Why is MS pushing something so hard when nobody asked for it?

I assume this is a rhetorical question, but just in case it isn't: this is not a feature/product for Windows USERS. This is a feature to help train/test MS's AI stuff- YOU are the product, not the customer.

pjmlp
0 replies
2h30m

Just go to Windows Central, and you will get a couple of editors shouting exactly that.

pdntspa
0 replies
2h36m

Honestly this whole thing reeks of some sort of data grab dressed up as an "innovative" new feature. They probably wanted a bunch of new training material for their AI projects, and this is what they came up with.

mikehearn
0 replies
2h32m

I can be that guy. I use Rewind for Mac, which is almost identical to Recall in functionality. I love it, and I've used it frequently to find things that otherwise would have been lost forever.

Most recently I used it to refresh my memory on a particularly convoluted way to authenticate with a third-party oauth system (it involved using an online oauth debugger and curl commands). I had gone through the process once successfully weeks ago, but by the time I had to do it again I'd forgotten every detail. Rather than have to go through the process of figuring it out again, I went back to my successful attempt, watched it, and basically retraced my steps. Rewind probably saved me an hour or two.

My take on Recall is that, like with almost everything, it's a trade-off of security for convenience. I find it valuable enough that I'm willing to make the trade-off, but others might not.

haswell
0 replies
2h14m

If I knew that the data could be absolutely kept safe and private to me, I’d love a feature like this. Keeping track of my work over time would be so much easier.

The natural next step is to have a local model trained on everything I’ve ever done, and for all of my computing tasks to be contextual to that history.

I could see this transforming how we use computers.

But I wouldn’t go anywhere near Recall.

I suspect Microsoft is pushing this so hard because they want to do what I just described, and they want to start collecting the data necessary to enable it ASAP.

I can easily see a future capability that people might love that they wouldn’t have even known to ask for. But the way they’re rolling out Recall is certainly not a good foundation.

gnuser
0 replies
7m

All the replies ignoring the elephant in the room: three letter pressure. To me such large moves could indicate an event is in the near/medium future.

chucke1992
0 replies
2h18m

Has the new Copilot devices even launched? Because I don't think that aside journos anybody else has even tried to play with the Recall yet.

chrisjj
0 replies
2h37m

Why is MS pushing something so hard when nobody asked for it?

Here's the thing. When no-one asks for it, hard push is the only way to sell it.

:)

barbazoo
0 replies
2h33m

when nobody asked for it

It's easy to say if you aren't one to benefit from this, but that doesn't mean no one will or that no one asked for it.

al_borland
0 replies
21m

I've heard some people say this, but those people either don't understand what's going on, or they have to start off by staying, "security issues aside," which is basically saying that they'd like it in a magical world where they could have the feature without anything the system is doing to enable the feature.

WorkerBee28474
0 replies
2h41m

I use the search inside Windows all the time. To me, this seems like a 2% improved version of that. Probably useful, mostly mundane, something I would use but not get excited about.

I assume they would push it for the same reason they would push any other mildly-useful feature improvement.

Terretta
0 replies
2h37m

On the contrary, executives at the office have been coming to me about various such tools for months now. It really picked up last fall.

Microsoft was last to the party.

LordKeren
0 replies
2h42m

Rewind.ai is the Mac version of this and many is the same talking points apply. However, it’s a third party tool, and as such isn’t enabled by default.

I think most, if not all, of the overwhelmingly negative feedback is tied to this being enabled by default, and shipped by default

Daedren
0 replies
2h37m

As long as stockholders think it'll be good, that's what matters. Perceived value is easier to create than real value.

atribecalledqst
23 replies
1h31m

Maybe a bit off-topic, but I sure wish they'd do this for OneDrive! I installed Windows for personal use for the first time recently (although I use it exclusively at work) and it drove me ABSOLUTELY BONKERS that my home drive was mapping to C:\Users\atribecalledqst\OneDrive.

What I hated the most was that the File Explorer just calls the folders in there e.g. "Documents" and "Pictures" without showing the full path. So it was hard to figure out just where in the file system you were looking -- a major annoyance if you do any work in the command-line!

Even after switching OneDrive off and doing as much as I can to try and get rid of the OneDrive folder structure, I haven't been completely successful. You can make some -- but not all -- home folders (like Downloads, Documents, etc.) point directly to their place in the local user folder, but others, particularly Pictures, don't seem to be movable. Additionally, some programs still seem to want to use the OneDrive folder by default, like I think Office programs still do their best to use them.

In the grand scheme of things it's a small annoyance but god it annoys the shit out of me! I didn't ask for cloud backup and it drives me nuts they tried to force it on me!

jandrese
6 replies
1h20m

Dear OS writers:

Internet access is not always guaranteed or reliable. Please do not assume that the cloud is a viable solution for every user.

I ran into this on my phone awhile back. I knew I would be out of service for some time but had some PDFs I needed to reference. So I downloaded them to "files". Que surprise when I later go to look up a value and there's a little cloud with a down arrow button next to the PDF in the files app, which of course fails because I'm nowhere near any internet access. Even more fun: turning off the cloud integration in files just causes the files to disappear, even if you are currently connected. It's allergic to local storage.

gleenn
3 replies
1h7m

This is the number one thing that annoys me about so many apps, especially apps with clear use-cases for offline use like listening to music, reading, and learning apps. I don't understand how so many app writers have never gone for a run through a canyon or flown on an airplane. I specifically pay money to SoundCloud for instance just for the "feature" to cache the music locally and somehow it regularly gets stuck clearly from lack of internet. It's probably some metric collection or some other spyware to make sure all the bean counters get their money at the huge expense to usability. Pimsleurs language learning app, and many book reading apps all suffer and all I want to do is not be bored to tears on flights that don't have internet.

pocketarc
1 replies
52m

I don't understand how so many app writers have never gone for a run through a canyon or flown on an airplane.

In the UK, every time I got on a train, I'd experience that. And it was worse than not having internet; you had internet, but with extreme packet loss and instability, meaning that every app out there would simply stall, even if it already had the data to do whatever it is I wanted it to do, because it was waiting on some background request to complete. And because I had internet, the request didn't just fail, but it also wouldn't complete in any reasonable amount of time.

Very frustrating.

torstenvl
0 replies
14m

Audible recently started doing this, to the point where I had to revoke its permissions to use cellular data just to get it to work right.

szundi
0 replies
53m

They just want live data on your activities and update without sync and stuff however expensive that is even for them, easier to be lazy too

Also every <35 years old person is a js/web dev, so that’s what they do on cloud

rezonant
0 replies
9m

Yeah, my machine connects over WiFi on an external USB 3 adapter because I'm too lazy to finish my Ethernet project. The adapter requires drivers, which are handily included on the device itself as a mass storage device. But there's seemingly no way to get those drivers installed in the captive environment, I even tried using the "launch cmd" key shortcut and manually running the executable, but Windows wouldn't have it. And there's no option to install drivers so you can proceed with Microsoft Account sign in...

Literally my only option was to use the local account bypass. How long before they fully remove that, though, remains to be seen.

jl6
0 replies
27m

If this is the place to complain about broken patterns in Microsoft software, I wonder if anyone can fix this:

1. Create new office document (Word/PowerPoint/etc) and hit save.

2. No, the default location in OneDrive isn’t right so you click the down arrow to see more.

3. No, none of the other recent locations in the (short) list are right either, so you click “More locations”

4. Now you have to click Browse to see an actual Save As dialog that finally lets you navigate through folders. Even then the actual folders are right down at the bottom of the left hand “tree” pane, below a bunch of virtual folders, below OneDrive (aside: if you navigate “up” from here you get to “Desktop”, but it’s not the same “Desktop” that appears lower down in the list; that one is inside your OneDrive), below Music, Videos (you get no hint as to where these actually are), finally near the bottom there is This PC and Network which you can navigate sanely through. Oh, and right at the bottom there is “Microsoft PowerPoint”, as a save location. You can click on it and try to save a document in there, wherever “Microsoft PowerPoint” is. Just kidding, you are stopped by a dialog box telling you this isn’t a valid location.

JFC. No wonder people prefer the “everything is an app icon” approach. Windows is diabolical for managing files.

wannacboatmovie
1 replies
52m

The proper way of doing it is to use the API calls that have existed for decades to get the paths of well-known folders. It is because they are known to move and in fact having a roaming profile on a server location dates to the mid 90s with WinNT.

If you're hard coding paths you're doing it wrong.

smaudet
0 replies
30m

The proper way of doing it is to use the API calls that have existed for decades

A user doesn't want to do this though.

I tried casually using a windows 11 machine for something the other day (I think I was fixing game folders for my girlfriend), using just explorer, and it was pretty obscenely bad how overly confusing it had gotten. I say this, and I fairly routinely debug old build systems with complex nesting file structures, I know my way around a file system.

This wasn't a case of "oh you're just a power user", this was a case of the system had broken, and the simple advice of "backing up your files" and "copy your files over here" wasn't working.

Telling everyone they need to use API calls is just ridiculous, the filesystem is just broken for the average user.

mrandish
1 replies
1h21m

Yes, Onedrive started out as a pretty useful tool but has turned into a deceptive trojan that tries to force whatever growth metric MSFT managers are currently chasing through a combination of dark patterns (like hiding true file paths from view) and also simply refusing to operate in obviously useful ways which many users want and expect (like not having a built-in way to back up only specific sub-folders on different drives (forcing paying users to trick it by using junctions)).

RajT88
0 replies
1m

There used to be no option to uninstall it - now there is.

You will still get it reinstalled during a major OS update, but at least it can easily be removed. Before it was a chore to clean up.

I would speculate there is even some way to prevent it from reinstalling during those major updates. That seems like the kind of capability they would build in because a huge Windows customer complained (i.e. realistically, the major check against dark patterns in Windows).

isoprophlex
1 replies
54m

Hang around kids and even though they can be pretty good at using a computer, they have no clue how the thing actually works. They don't know what a file is anymore. Everything is a shiny little icon in a shiny little magic folder.

Not trying to make this sound like a value judgment, more an observation. But it makes you wonder, what do we lose by excessive abstraction.

cjk2
0 replies
31m

Yeah my 82 year old mother knows more about files than my kids do.

whutsurnaym
0 replies
47m

I recently tried to fully rid myself of OneDrive and it took me over 48 hours to accomplish. The only working method I found involved fully enabling OneDrive, signing in, and waiting for a full sync. Only then was I able to tell it to stop syncing and finally remap Documents, Downloads, Pictures, etc.

The fact that I needed to log in, wait 24 hours for my account to unlock due to inactivity (!!!), and enable sync in order to disable it was enough for me to finally decide that Windows 10 will be my last Microsoft product. It may be a small annoyance, but to me it was the straw that broke the camel's back.

tkuraku
0 replies
48m

It is infuriating when I open the file explorer and it takes many seconds to populate the side bar. This wasn't the case wit windows 10. Everyting in one drive really makes things take a long time. OneDrive is great, but I want a OneDrive folder where things are sync'd, not transparently transforming the file system into OneDrive.

soared
0 replies
1h21m

I just got a new PC and went through the same thing! Incredibly frustrating that in something Godot I have to manually traverse through folders to get to where I want to actually save a file (like.. Documents)

scrlk
0 replies
1h2m

Always set Windows up with a local account to avoid this nonsense. Used to be relatively straightforward in Windows 10, but MS made it a lot harder to dodge in 11.

rezonant
0 replies
20m

Interesting, our experiences are different here. I suspect it's because I installed Windows 11 (23H2) using a local account using the OOBE bypass (not because I particularly hate the Microsoft account thing, but because this machine uses an external WiFi adapter and requires drivers in order to work, so I could not have done it even if I wanted to). The drivers are actually included on the device, but there's not a clear way to accomplish a driver installation while in the captive OOBE, even given the ability to launch a command line.

I did later connect my Microsoft account. In my installation the OneDrive folder is empty and the entries in Explorer map to the normal places (C:\Users\X\Pictures etc). If I open one of the default folders, it does show a "Start backup" entry in the address bar that is referring to OneDrive, though. If I open the OneDrive folder, it asks me to sign in (entering password) and set it up-- which is funny, because the Windows user is signed in using a Microsoft account already- so seems like they haven't connected those dots properly yet. In theory this might be their way of implementing a security check for uploading all your files, but if so it's an awkward way to do it.

Additionally, some programs still seem to want to use the OneDrive folder by default, like I think Office programs still do their best to use them.

If I remember correctly, there is an API that programs can use to locate common folder locations for users (such as Documents, Pictures, etc). My guess is that your account still points to the C:\Users\X\OneDrive\Pictures instead of C:\Users\X\Pictures. If you could adjust those directly (maybe in the registry?), I would imagine that it will work correctly in these programs, especially since I doubt those programs would break on my setup, where there is no OneDrive subfolders (though I don't use Office so I can't check). And in case you wonder if there really are no subfolders in OneDrive since I can't open it in Explorer without signing into it- it shows nothing when viewed via PowerShell.

neogodless
0 replies
11m

This is especially obnoxious for Desktop and Remote Desktop Connection.

The former because my desktop is... where I want things just a certain way for THIS computer, not across the cloud. And because it's a PITA to undo and set it the correct way.

The latter because of course I use Remote Desktop on multiple computers, but it keeps saving a "default" file in the same place across computers, and throwing errors left and right because they conflict. So stupid.

fourteenfour
0 replies
1h24m

Yes, my company just went through a merger and for quite a while we had two OneDrives showing up and it was difficult to tell where the default folders were in addition to being a huge mess any time a file dialog opened. I've actually reverted to creating folders in C:\ to store files so I know where they are.

emeril
0 replies
1h11m

you just have to use dopus as a file explorer replacement and just use dropbox (with cryptomator of course...) to yield (in most respects) best in class file management and sync

diego_sandoval
0 replies
23m

I unfortunately had to use Windows last year, and the whole mix up between local folders and OneDrive folders meant that the only way to not go insane was to avoid using those folders altogether, create a C:\MyStuff folder and store everything there.

I like this video of Jonathan Blow ranting about the file explorer: https://www.youtube.com/watch?v=le6dvr95Z2Q

cjk2
0 replies
32m

If you think this is bad, there was a period last year that my documents folder would suddenly rename itself to "Documents" but in a different language. This would religiously change every few days. Other people have reported it as well.

I have disposed of my last PC now and have nothing to do with the infernal things, or onedrive, or any of that crap ever again!

nerdjon
19 replies
3h49m

Will have to wait and see if the extra security measures actually improve anything or not.

However regarding it being opt out… what would prevent a virus from just enabling it on a bunch of machines silently. Sure it would be caught but the damage done and most won’t be bothered to go in and disable it after.

Or Microsoft just decides they need to really market the hell out of AI and it gets turned on my default anyways.

cybrox
8 replies
3h47m

It will be re-enabled accidentally by an update anyways.

Rinzler89
5 replies
3h26m

Please stop with these kinds of made up fantasy scenarios.

There's no such thing as "accidental enablement" for stuff like this, as if it's a switch every employee at Microsoft has access to, and one of them one day can end up flipping by accident with their elbow and it ends up in production without anyone else noticing.

Either they decide to intentionally enable it or not. There are no accidents , when stuff like this needs to go through a committee of people for approval before it makes it into production.

tetha
1 replies
39m

Either they decide to intentionally enable it or not. There are no accidents , when stuff like this needs to go through a committee of people for approval before it makes it into production.

Absolutely. And all of them decided to screw largely defenseless non-technical consumer to make short-term profits. That's not a fantasy, that's our reality.

Rinzler89
0 replies
38m

Yeah, but like I said, that's by intention, not by accident. How does your comment disprove my point which is exactly yours?

meowster
0 replies
2h51m

I think OP forgot the quotes around "accidentally". You're right it won't be a true accident; it will be intentional and just called an "accident".

i_s
0 replies
3h19m

I'm not sure the use of 'accidentally' was sincere. But I like this choice of words in your post in your first version:

unmercenary assumptions
Tool_of_Society
0 replies
3h5m

Yet despite all that I've witnessed accidents still make it in production...

ragnese
0 replies
2h25m

"accidentally"

dv_dt
0 replies
2h58m

Or by intent - it seems I was reading about an early proof of concept attack that turned Recall on and hid a systray indicator that it was on.

paxys
6 replies
3h33m

What would prevent a virus from directly stealing the data it wants without going through this feature?

ndiddy
3 replies
3h13m

Without Recall, an attacker needs to get a program to stay resident in memory to log keystrokes, screen contents, etc. for an extended period of time without getting detected. With Recall, they can get the same end effect by exfiltrating the Recall database file whenever it's convenient (i.e. an infected version of a text editor could send it while pretending to check for updates). This significantly lowers the barrier to entry for getting a victim's data, while also making it much easier to avoid detection.

drexlspivey
2 replies
2h46m

Without Recall, an attacker needs to get a program to stay resident in memory to log keystrokes, screen contents, etc

Or it could just steal your cookies which are out there in the open.

haswell
1 replies
2h21m

Cookies are of relatively low value compared to a database of everything the user has typed and seen.

wvenable
0 replies
12m

What value is that? My auth cookies are far more valuable than anything I typed out in the open today.

djmips
1 replies
3h27m

Just like in biology a virus can be simpler if it can co-opt existing machinery.

buildbot
0 replies
2h52m

I agree, the ability to take screenshots is unsafe and should be removed. A virus is just a PRT SCRN away from stealing everything! (/s)

strictnein
0 replies
3h32m

what would prevent a virus from just enabling it

If that occurs, the malware won't have access to months or years of data to sift through.

ragnese
0 replies
2h26m

Or Microsoft just decides they need to really market the hell out of AI and it gets turned on my default anyways.

This is what will happen. And when you turn it off again, it'll be turned back on by the next update. Enjoy.

downrightmike
0 replies
1h14m

They can't even do their own infra securely, or did you forget a advanced persistent threat entity was in their system and minting certs to access all of azure recently?

modeless
15 replies
3h12m

It is puzzling to me that so many people seem to think this concept has no value. To me the concept is obviously good and something I have wanted for a long time.

Of course the security of the implementation is important and I agree with some of the criticism there. But I see a lot of people arguing that the feature is worthless, or that it doesn't make sense at the OS level, or that Microsoft specifically should not be allowed to add it to Windows, and I have to strongly disagree.

A4ET8a8uTh0
8 replies
3h5m

Hmm. I think I can respond here.

No one is really saying this feature has no value. For a user, there is value to being able to get to a previous point in time. That feature, however, is clearly not very well designed and implemented if it took days for it to be cracked on the internet for everyone to see. If I could trust that it STAYS local, maybe I would be less paranoid. But this is MS we are talking about.

Personally, I am glad this thing was created. It may be finally make people hesitate over the evolution of PCs.

sseagull
5 replies
2h47m

clearly not very well designed and implemented if it took days for it to be cracked on the internet for everyone to see

I really don't understand this line of thinking. What was cracked? That the database is readable, unencrypted? How could it be encrypted and usable at the same time?

If I could trust that it STAYS local

This I agree with. While it's local now, not trusting MS is a valid belief, given their past behavior. If they feel sending some of the info to the cloud could get them $$$, then they will do it. Although I feel regulators might be pretty quick on this one...

A4ET8a8uTh0
4 replies
2h28m

<< I really don't understand this line of thinking. What was cracked? That the database is readable, unencrypted? How could it be encrypted and usable at the same time?

I am admittedly mildly confused by this response. Do online portals typically use unencrypted passwords? Do they let data flow unecrypted? Are those portals somehow unusable?

Could you elaborate a little bit? It is possible I am misunderstanding your point.

sseagull
3 replies
2h17m

I have only been somewhat paying attention, but there were lots of stories about someone "cracking" the implementation of Recall and getting access to the locally-stored database. The criticism is that it is easily accessible, but it's hard for me to imagine it any other way and have it still be useful. It's still encrypted at rest, but must be unencrypted for data to be written to it.

There is plenty to criticize about Microsoft, but that one seems manufactured.

As far as I know, the database is local, and Recall does not use the cloud at all. That also means that you can't view the history from one computer on another. But I agree that trust that it will stay that way is not particularly wise.

A4ET8a8uTh0
1 replies
2h7m

<< "cracking" the implementation of Recal

I think you have a point there. Would you accept reverse engineering[1] as a more accurate term instead of cracking?

<< I have only been somewhat paying attention

We are in the same boat. I saw the thing pop in my feeds in the past weeks. I skimmed it, thought it was a bad idea, but since I don't have a PC that would be affected, mostly ignored it. I think I only pay more attention today, because it is the weekend and somehow my testing is not ready for me..

[1]https://en.wikipedia.org/wiki/Reverse_engineering [2]https://www.wired.com/story/microsoft-windows-recall-privile...

sseagull
0 replies
1h47m

Ah I see. I guess that came across as criticizing your terminology, but it was more aimed at the general hype around those reverse-engineering articles, which seemed a bit over the top to me :)

Either way, I'm holding off on buying one of these PCs until some real-world info comes out (no one really has this capability yet, so it's all largely speculative).

musictubes
0 replies
1h18m

I have also only been skimming the info but the issues seem to be:

1) Recall takes snapshots of user’s activity and then copilot analyses it and keep the info in a plain text database.

2) The database is accessible to other accounts in the same computer.

3) The database is kept very small in order to save storage space. The trouble is that it is so small that it takes no time at all to upload it. One researcher infected his machine with a know piece of malware. By the time the AV software recognized it the database had already been sent.

4) Oncenthe database is in hand it is trivial to see whatever the person was working on and what information was involved. Apparently you can literally see some things.

So yeah, collecting large amounts of sensitive data makes for a very juicy target.

modeless
0 replies
49m

No one is really saying this feature has no value

Oh yeah?

I have a really hard time understanding the use case for something like this. Stuff that I want to remember I just write down https://news.ycombinator.com/item?id=40612277

the only people that really want this feature are the ones trying to push it down everyones collective throat. Why is MS pushing something so hard when nobody asked for it? https://news.ycombinator.com/item?id=40611263

It really doesn't [sound like a cool feature]. Not a single person I've spoken to likes the idea of this, at all https://news.ycombinator.com/item?id=40445335

i have never wanted to go back in history [...] what’s the use case https://news.ycombinator.com/item?id=40544521

etc.

Tool_of_Society
0 replies
3h2m

Indeed since this is MS you can guarantee this is just a another step in them expanding their ability to monitor your habits for further monetization.

mschuster91
2 replies
3h10m

The concept itself has value, but the ethical and legal concerns are severe, not to mention the issue of Recall also capturing sensitive stuff like passwords.

Microsoft, Google, Apple - everyone is scared shitless of some AI startup kicking their nutsacks, and is launching products that should have gone through extensive ethics discussions beforehand in a matter of weeks.

russdpale
1 replies
3h6m

passwords are the last of it, think about women inquiring about abortions in states where they aren't legal. Or people trying to get away from an abusive partner, on and on it goes.

mschuster91
0 replies
1h9m

Agree on the "abusive partner" scenario, but regarding abortions, local police already can abuse dragnet orders on Google Maps [1] - even though they promised to auto-delete anything regarding abortion clinics, there are more than enough other ways for police to target pregnant people.

[1] https://www.npr.org/2022/07/11/1110391316/google-data-aborti...

cesarb
1 replies
1h51m

It is puzzling to me that so many people seem to think this concept has no value. To me the concept is obviously good and something I have wanted for a long time.

The issue is not that the concept has no value. The issue is that the risks and drawbacks are so severe, that they override any value the concept would have.

It's like asbestos, or leaded fuel; these have several useful properties, but their drawbacks are bad enough that they have been banned in many places.

modeless
0 replies
47m

That's your opinion, but you can't deny there are a lot of people arguing that the concept essentially has no value. Even on this very page.

I have a really hard time understanding the use case for something like this. Stuff that I want to remember I just write down https://news.ycombinator.com/item?id=40612277

the only people that really want this feature are the ones trying to push it down everyones collective throat. Why is MS pushing something so hard when nobody asked for it? https://news.ycombinator.com/item?id=40611263

It really doesn't [sound like a cool feature]. Not a single person I've spoken to likes the idea of this, at all https://news.ycombinator.com/item?id=40445335

i have never wanted to go back in history [...] what’s the use case https://news.ycombinator.com/item?id=40544521

etc.

LegitShady
0 replies
3h6m

the concept is valuable but so ripe for abuse that even it existing at all is a threat to everyone's privacy.

I have been a windows user basically my whole life. 3 years ago I got an ipad pro (2018, 12.9") for drawing and I hate the operating system. 7 months ago I got a steam deck and its fine for games but doing anything in the OS is confusing and annoying.

Microsoft announced recall and suddenly I'm using a spare computer to test linux distros, and I suck at everything to do with linux and I'm doing it anyways.

It's too dangerous, to much an invasion of privacy, and too easily enabled completely outside of my control.

vinyl7
13 replies
3h53m

Then they'll enable it by default once people forget

wongarsu
8 replies
3h45m

People will opt-in to it during setup the same way people opt-in to logging in via a Microsoft account instead of a local account.

cybrox
7 replies
3h42m

Local accounts are almost impossible to set up for the normal user in win11

nerdjon
4 replies
3h38m

It is pretty easy now if you use Rufus to create your installation usb.

It will prompt you (and select by default) to disable the need for an online account. I installed the Pro version and then just said I was setting it up for work or school, chose domain and then I set it up just fine as a local account.

I don't know for sure how much of this is rufas or the pro version. But I just installed Windows 11 within the last hour.

g15jv2dp
2 replies
3h35m

normal user

use Rufus to create your installation usb

Pick one. "Normal" users don't use specialized software to create installation media. They boot the laptop with the OS already installed and go on from there.

nerdjon
1 replies
3h31m

I mostly agree, but installing Windows is not as daunting of a task as it used to be.

It is also not uncommon for 'normal' gamers to use a custom built PC which would require installing Windows.

Maybe normal is the wrong word, but it would be a pretty quick and easy to understand guide to do this.

jachee
0 replies
3h18m

Normal gamers aren’t representative of normal users on a whole. Gamers are just a tiny fraction of the overall user base. Normal users buy cheap-ass laptops with their manufacturers’ opinionated Windows installation, including boatloads of bloatware. And they don’t ever change any of the defaults.

hobo_in_library
0 replies
3h35m

if you use Rufus to create your installation usb.

You've already scared away all the normal users

wongarsu
0 replies
3h5m

That's the hidden joke. In early Win10 it used to be a simple dark-pattern screen with a prominent button "use a Microsoft account" and a text link in the corner "use a local account". Then they made it increasingly ridiculous with subsequent updates until the current point where you need a tutorial on how to even make the option visible.

ngneer
0 replies
3h28m

Normal user, agreed. You can find tutorials online, though, for those of us who still remember that the PC was something the user used to own.

aeurielesn
2 replies
3h50m

Doubting they'll even disable it at all.

nerdjon
1 replies
3h47m

It’s one thing to be critical of the feature.

But this is a pretty cut and dry announcement. There isn’t any ambiguity they could stand behind if they are lying.

I would fully expect it will be disabled by default (for now)

bonton89
0 replies
2h57m

They'll just say it is a bug when it is turned on.

LegitShady
0 replies
2h57m

"game pass is only available with Recall enabled!"

"microsoft office features y and j require Recall! please click here to enable it"

etc etc

organsnyder
9 replies
3h42m

I still don't understand how this got this far. Enabling this in any corporate setting would be a compliance nightmare.

Terretta
2 replies
2h35m

The corporate settings that care already do this to the employee screens ...

Compliance doesn't say "company can't watch employee" -- in many cases it mandates surveillance.

This just lets the employee leverage that too.

organsnyder
0 replies
2h30m

Depends on the compliance. If this monitoring sucks up any personal data (I don't mean employees' data here—personal data owned by anyone) there are erasure and data subject access requirements, for instance.

karaterobot
0 replies
2h25m

Security compliance generally does not require a third-party company, unaffiliated with the corporation, to be sent a copy of everything shown on a user's screen.

Rinzler89
1 replies
3h33m

Corporate is never on the bleeding edge of Windows feature updates. They bring security updates first, but feature updates are at least one generation behind, maybe more waiting for Microsoft to fix bugs and doing their own regression testing, plus they get to choose wich features employees receive or are enabled by default via group policy. In other worlds, recall was never making it into any corporation anyway.

oldpersonintx
0 replies
2h32m

maybe 50% of US business users have an admin of any kind who oversees their IT ops

everyone else just gets a laptop, unboxes it, turns it on, uses it, does whatever they want to it

see: any retail location in a strip mall, any mom/pop business, etc etc

rchaud
0 replies
2h39m

Corporate clients get whatever they want. I am certain that their Windows 10 support won't be pulled in Oct 2025 as MS has threatened for everyone else. And when they migrate to Win11, it will almost certainly be a separate OS image free of the garbage bloatware and ads that the consumer devices are plagued with.

dbish
0 replies
1h26m

I think on the product side it’s pretty straight forward. They saw RewindAI talking up a bunch of traction and people seemingly interested. Someone assumed customers wanted this because of that data, and it’s a pretty easy thing to build, so they went ahead. I am surprised it got past security reviews but I can understand how it came to be from the product side.

They’ll probably think twice before jumping into the fray again with the Microsoft branded Informant Wire (I mean AI wearable) ;)

LegitShady
0 replies
3h4m

I bet there are a trillion companies and governments who want to know what all of their employees are doing every second of the workday. compliance won't stop them from trying.

3qmtacr674qac
0 replies
3h11m

With Chat Control[1] coming up in EU, it would be awfully convenient to have the technological capability readily available to deliver a solution.

Once you have the Recall capabilities, it doesn't take much to start collecting and searching the data.

[1]: https://www.patrick-breyer.de/en/posts/chat-control/

malshe
7 replies
3h48m

On LinkedIn someone in my network pointed out that, apart from the security and privacy disaster, the name Recall was a bad choice because of negative events like product recall.

jonny_eh
3 replies
3h21m

"Total Recall", aka "We Can Remember It For You Wholesale"

dylan604
2 replies
3h8m

"Total Recall" in quotes makes me think you're trying to get your ass back to Mars and that you're trying to remember something because you had your memories wiped. It makes me think of nothing about a friendly service being offered forcefully upon you from your friendly and malevolent OS provider.

jonny_eh
1 replies
3h3m

It's a story about false memories, and how that can change your identity. Regardless, it's the first thing I thought of when I heard about the feature.

unpixer
0 replies
1h13m

The Philip K. Dick short story was a direct inspiration for the Paul Verhoeven movie starring Arnold Schwarzenegger, as it happens.

leprials
1 replies
3h47m

They should take note and recall Recall.

permo-w
0 replies
2h51m

this is one of the first things mentioned in the article

bee_rider
0 replies
2h28m

It would actually be a fantastic name if this were a real concern. Imagine, a well-known feature to mask any searches of a product recall. The only problem with this theory is that computer QA is so incredibly shit that the concept of a recall more or less doesn’t exist in the first place.

terrut
6 replies
3h30m

I've been a Windows user since 3.1, but this was the straw for me. They have always provided an OS that just worked for my home needs, even with the creeping privacy invasions in the last update.

I've been dual booting for a while and last weekend I went full Linux at home. My day job revolves around being truly good at solving Windows issues, and I will happily continue doing that, but at home I'm still just liking for something that "just works" I hope I'm part of a trend, and that 2024 is the year of the....

lawlessone
3 replies
3h27m

Any Recs? i've just gotten a Kubuntu image. I am thinking if i dual boot that and SteamOS i should have everything i want covered.

tapoxi
2 replies
3h21m

No reason to use SteamOS, it's just immutable Arch with an A/B partition scheme. Modern SteamOS is designed specifically for the Steam Deck and they only ship it as a recovery image for the Deck.

You can install Steam on whatever distribution you want, I use the Flatpak, and just enable Proton in the compatibility settings.

exitb
1 replies
2h39m

And if someone’s after that console-like functionality, ChimeraOS is the right choice in this area. It behaves like SteamOS, but is more compatible with PC hardware.

lawlessone
0 replies
1h48m

Ok awesome suggestions.

I got set on SteamOS as i was contemplating buying an SBC with similar hardware and giving it a custom case.

But this looks better!

jug
0 replies
2h27m

Yes, it's a really tough thing to manage this whole Recall thing philosophically and it makes me concerned about this OS. Even if MS is backtracking somewhat, they have shown their cards now and how they prioritize positioning themselves as an AI company above even rudimentary privacy. It's hard to just regain trust as if nothing happened.

I'm considering Linux with a Windows VM for Visual Studio. I've had my Linux detours in the past and it honestly works pretty well for me. I personally enjoy Fedora with Gnome which I think strikes a good balance between stability, security, and freshness. But if being stable and worryfree is of top importance (like where you are "unpaid tech support", haha), why not just go Debian. :)

al_borland
0 replies
1m

If you want Linux isn't "just working" over time, give macOS a look. My dad was a lifelong Windows user and sung the praises of Microsoft's monopoly over the industry. As much as he was disappointed and upset with Borland Software dying off, he thought the benefit of a single document format everyone used was a huge benefit for the industry early on when Word started to take over, and by extension all of the standardization through a single player rather than through actual standards. He always said it worked great and didn't see why he'd ever want to change, or why anyone would want anything different.

He ended up switching to Apple around 15 years ago after a series of bad experiences. He was very nervous about it, and really hedged his bets early on. It took him some time to get used to how the OS worked, to find new apps to replace some that he had used since the Windows 3.1 days, and sort out his workflows. He eventually gave up his Windows VM when he realized the only thing he ever used it for was to run Windows Update.

I grew up on Windows, with the views from my dad instilled in me. In college I tried Linux and ultimately moved to the Mac about 21 years ago. I still used Linux on and off for the past 22 years (and currently have a music server running it). I do find Linux to still be much more finicky than macOS. No system is perfect, but macOS is more of a "just works" operating system than Linux (imo), likely due to the focus on polishing that last 10% of the user experience, that never seems to get the attention it needs in Linux. While I am excited to see what Cosmic has to offer later this year on Pop OS, I'm always ending up having to deal with some level of nonsense, even my most recent install of Mint just last week had a few annoying things where things didn't work, and they should have worked.

pixelpoet
6 replies
2h0m

What makes my blood boil is that they are just going to keep pulling shit like this which they KNOW everyone (with zero exceptions) intensely HATES, and it's up to everyone to push back ferociously (very high threshold) every damn time. It's up there with "not now" instead of "get rekt and never ask me again" choices in terms of user-antagonism.

I'm aware that other OSes exist, but I happen to hate Windows least on the whole :/

csdreamer7
2 replies
1h50m

I'm aware that other OSes exist, but I happen to hate Windows least on the whole :/

Have you given Linux a try? Unless you have an Nvidia card or an Adobe workflow; it is usually good. The Nvidia issue may go away in a year.

pixelpoet
0 replies
1h36m

Yeah, a few times. Got burned very early on installing Slackware from about 10 billion stiffie disks, and have kept up reasonable effort to be a responsible nerd and keep trying it, but every time there's some roadblock; when I was younger gaming was one example, being an MSVC dev has been a constant throughout, and yeah the ordeal with drivers is also more or less a constant.

I'm an OpenCL guy, not even using CUDA, and have had a decent enough experience with AMD's drivers, but that wasn't enough. I still think MSVC, again with all its flaws, is the best C++ IDE (I've similarly tried them all, repeatedly over decades).

causal
0 replies
1h48m

What do you mean about NVIDIA? I find their drivers have become pretty good. Especially so if you're using them with containers.

fleshmonad
1 replies
1h48m

I'm aware that other OSes exist, but I happen to hate Windows least on the whole :/

Would you like to share what you like about windows that you don't have on other operating systems, or what puts you off about other OSes? Not trying to be passive aggressive, just curious

pixelpoet
0 replies
1h39m

Sure; originally it was about having the best graphics and OpenCL drivers for my development needs, and that I've been an MSVC user since version 5. My hate for Windows pales in comparison to things like CMake / the overarching philosophy that every bit of software needs its own configuration language and cmdline arg convention, things like that.

Around the time of Windows 7 for example, to me there was just no contest whatsoever in terms of ease of use, no shaming / cargo culting (Apple can piss right off telling me that my scroll direction is "unnatural" and pushing me to use Apple-everything, users putting stickers on their cars etc), ... Windows is just the default for people coming from a gamedev and graphics background from the 90s, for better or worse. I'm painfully aware of its shortcomings, and I don't want to champion Windows, it's just what made me hate my life least on average :)

causal
0 replies
1h49m

I'm glad that it's shining a light on the reality of Windows 11 as a subscription and data collecting vehicle.

If you still hate Windows least, that's almost certainly because it's what you know best. I work with Windows, Linux, and OSX on a daily basis and Windows is easily the most user-hostile of the three.

Edit: All you know -> What you know best

danielcampos93
6 replies
3h29m

This seems to be a feature that execs wanted, and people find creepy, and no one has the gumption to push back on the exec request.

dylan604
4 replies
3h6m

How can you have the number of employees they do and not have a single non-sychophant employee?

salt-thrower
0 replies
26m

Non-sycophant employees are shut down and ignored once the whole corporate culture has bought in to the hype du jour. If you are the sole dissenter, it can even make you look like a “bad” employee for not recognizing the “opportunity” that the new hyped thing will supposedly bring.

riscy
0 replies
2h45m

The layer of management reporting to leadership are yes-men.

pluc
0 replies
2h4m

Because you get fired when bringing dissenting opinions

fingerlocks
0 replies
2h29m

Company-wide internal push to shoehorn AI into every product and service. All recognition and rewards are given to the sychophants, no matter how ludicrous their proposals. Even Principal and Senior developers are dragged into meetings with senior leadership to provide suggestions on how AI can be used in their microcosm. Whether it should be used is completely out of the question.

It’s a complete circus right now. Plenty of us just ignoring it and opting-out but it might reflect on our bonuses.

al_borland
0 replies
24m

As someone who has tried to push back against what execs ask for many times, if they want it bad enough, it doesn't matter. They will push forward no matter what the objections are. And if the person objecting won't give in, they'll find someone else to do it.

chx
6 replies
2h18m

This is nothing.

An abusive spouse will easily switch it to on. It's very likely Windows will downright push you to do so anyways.

How does Microsoft intend to mitigate that harm?

Because AirTags worked out just fine:

AirTags have been a tool for stalkers and domestic abusers since Apple launched them in 2021. Police records show that this is a problem, and the legal system has failed women who were targeted by stalkers using AirTags. There have been several instances where AirTag stalking has turned violent, and in at least two cases, resulted in the tracker murdering their target.

https://www.404media.co/email/ce4cec4d-51c3-4101-b2b4-2c9a64...

How many women will beaten and murdered because of Recall? Why is it that Microsoft reacts to software security concerns but not to the concerns of women?

skazazes
2 replies
1h57m

Knowing you could turn on recall to spy in this way implies an individual with the technical know how to grab a freeware keylogger anyways.

Similarly with airtags, you have been able to buy cheaper cellular based GPS trackers for years prior to airtags existing.

In the airtag case, those GPS tags also do not alert the individual that there is a beacon following their person, and as such most likely go unnoticed and under reported.

pessimizer
0 replies
35m

Knowing you could turn on recall to spy in this way implies an individual with the technical know how to grab a freeware keylogger anyways.

Strange that you were able to discover this. Has anyone asked you for your research? Does knowing how to grab a freeware keylogger imply that you know how to code up a keylogger for yourself, or did your study not go that far?

chx
0 replies
6m

There is a massive difference between switching on your new laptop and having a flaming big "look how cool recall is, do you want to switch it on? No? Are you sure" versus finding recall.ai or openrecall.

It is much the same with airtag.

bigstrat2003
2 replies
2h7m

This is sheer moral panic. Of course tools can be misused by bad people, but that doesn't make it the tool's fault ("how many women will be beaten and murdered because of Recall"). It is the fault of the person misusing the tool to do bad things.

pessimizer
0 replies
39m

Thank god. I've been selling front door locks that don't actually work, and I'm glad that when people are robbed, it will be the criminal's fault, not mine. Instead of me selling locks that work, what needs to be done first is that all potential criminals should be made not to be criminals.

chx
0 replies
7m

Yes, much as airtag was sheer moral panic.

Techbros never admit their myopic view.

workfromspace
5 replies
2h41m

It's sad that Microsoft (or any big company) wouldn't take a step back from such privacy intrusive or anti-user behavior unless there's a public backlash.

Can't we just have a peaceful life without wasting time on constantly following and analyzing every single move from these companies?

ragnese
1 replies
2h20m

Can't we just have a peaceful life without wasting time on constantly following and analyzing every single move from these companies?

Not if you're using Microsoft products, no.

People continue to get irritated when "we" do this, but here I go: you should be running Linux exclusively on your personal computers. You should also stop buying "smart" shit.

Workaccount2
0 replies
1h44m

I've been running linux (ubuntu) for last 2 years, for the 3rd time in my life.

All I can say is:

Linux does just about everything more efficiently than Windows, but Windows does just about everything better than Linux. What makes Linux so great is also what keeps it perpetually at ~5% adoption.

I'm probably going to go back to Windows again soon. I'm just not interested in needing to learn a bespoke computer language to get the most of of my PC.

chinathrow
1 replies
2h40m

Have you not seen Windows 11 lately?

I have, and I am still happy to be on Linux as my daily driver for over 20 years now.

bee_rider
0 replies
2h26m

I almost want to start using Windows as a daily driver just so I can leave again.

grugagag
0 replies
2h35m

Microsoft will go ahead with Recall, will temporarily make it opt-in. Eventually, when weather is good they’ll default it to opt-out. If new backlash ensues they’ll PR that it was a a bug and turn it off only to bundle it later with something that can’t be turned off.

At this point MS is a toxic company that you’re better off, as a user, to steer away from.

lordofgibbons
5 replies
3h36m

Doesn't Microsoft have a long history (and present) where they just enable privacy invasive "features" after a windows update even though the user has disabled or removed the "feature"?

7thaccount
1 replies
3h29m

Yeah. You tell everyone you learned your lesson and then just go back and do it anyway a year later.

lawlessone
0 replies
3h25m

It must be the year for all this. Bethesda are basically trying again to make paid mods stick with their Fallout 4 update.

Softwar never changes.

resource_waste
0 replies
3h26m

Yes.

Windows is soo low quality. It feels cheap. It feels like you are at a car dealership.

Fedora, feels like you are at some futuristic office that has buttons that do multiple steps. I was literally angry last year that it took me so long to learn about up-to-date linux. Canonical's marketing of debian-family linux gave Desktop Linux a bad name.

giancarlostoro
0 replies
2h53m

Yeah, which is why I'm over on Linux now.

ceejayoz
0 replies
3h28m

Twitter used to do this all the time; they'd make the notification email options more granular and opt you in to the three new options that used to make up the one option you already unchecked.

nerdix
4 replies
3h28m

I only have a windows partition for games. I would occasionally use it for other stuff because it's sometimes inconvenient to switch back and forth. After recall, I'm only using it for gaming and nothing else.

pipes
3 replies
3h24m

I'm surprised by how good proton is at running windows games on steamdeck. Because of this and nonsense like recall and the adverts in windows I'm considering just getting rid of windows all together, I'll just run mint Linux probably.

ryukoposting
1 replies
3h2m

I run Ubuntu on nearly all of my machines, but I build it up manually from the Ubuntu Server installation to reduce bloat. If anyone was going to have problems with Proton on an Ubuntu machine, it's me. Yet, every game I've tried works fine. Everything from Among Us to Metro Exodus runs great.

Some games require a little fiddling, sure, but I've never had an issue that couldn't be resolved using some copy-pasting from ProtonDB. As you may have surmised from the way I set up my machines, I may have a higher tolerance for fiddling than most folks. YMMV.

0cf8612b2e1e
0 replies
38m

I am curious about your Ubuntu setup. Any particular technical reason? Any especially thorny bits? Do you see improved performance or fewer background processes? I am well past the point of enduring this kind of OS pain, and will use the path well trodden by others.

I have always assumed that distros layer on so many extensions, customizations, etc that Gnome or KDE would be alien if naively installed.

Novosell
0 replies
3h1m

Can't play League, TFT or Valorant on Linux though sonce they started enforcing Vanguard for League as well.

AlexandrB
4 replies
3h19m

All I can say is LOL. Off by default for Windows 11 24H2, on by default in Windows 11 25H2, impossible to disable in Windows 11 26H2 (except in enterprise versions of course). Microsoft's history with respecting the user's wishes speaks for itself.

bonton89
1 replies
3h12m

Not to mention all the dark pattern lying nag dialogs that will trick you into turning it on, or just wear you down.

the_snooze
0 replies
3h4m

I saw a yellow dot alert next to the restart/shutdown button on my Windows machine the other day. Those historically indicate a request to restart to apply critical updates. But no, it was a message recommending I sign into a Microsoft account.

That was the last straw for me when it comes to Windows BS---designs that only serve Microsoft, and disrespects all the other times I've said no to their crap. I switched everything over to Linux the next day.

wishfish
0 replies
1h39m

I'm a little more optimistic. Cortana was mandatory at first. Not easy for the average user to disable. Then Cortana was optional. Easy to turn off and uninstall. Then Cortana was just gone. Floated off to the big orbital in the sky.

If Recall continues to inspire grumbling and receives very little praise, I could see it unceremoniously removed in a Windows 12 26H2 Feature Update.

ASalazarMX
0 replies
3h10m

Given their eagerness, I'd guess:

on by default in Windows 11 25H1, impossible to disable in Windows 11 25H2
surfingdino
3 replies
2h6m

Only to be enabled by default by the IT department of your mistrusting employer. Microsoft better remove Recall altogether if they want to avoid costly lawsuits.

INGSOCIALITE
1 replies
1h42m

where they can then verify, minute-by-minute that their remote employees are grinding away for every minute they are paid for. i'm convinced MS has two profit models here: 1) NSA/CIA/FBI/ETC 2) employer monitoring of remote workers.

surfingdino
0 replies
1h38m

3) schools, and 4) parents.

SoftTalker
0 replies
1h37m

Employer IT departments already have access to and can install any number of tracking and screen-watching products to monitor their employess on work-issued computers. It's perfectly legal though in my view pretty scummy behavior.

st3ve445678
3 replies
2h40m

It could still just be switched on and used to spy on an unknowing spouse for example... its just so creepy. Who asked for this feature?? No one did.

mprime1
1 replies
2h34m

The AI training team asked for this feature

(I’m being a bit provocative and assume today it stores locally only but a future TOS change will secretly and “anonymously” upload your data ‘for training purposes’ —- that’s what everyone else is doing these days)

st3ve445678
0 replies
2h12m

The same thought did cross my mind... would not surprise me.

k8sToGo
0 replies
2h36m

In theory you could have always just installed a screen recorder to record your spouse even before this.

mackrevinack
3 replies
2h51m

make it a separate program that people can install if they want to. if its really that great then people will download it

ffhhj
1 replies
2h47m

And how are they going to convince people to be surveilled voluntarily? This needs to be behind a switch they can silently enable in some update, ofcourse.

ratg13
0 replies
2h31m

This isn't new technology. Apple has had "Rewind" for some time, which is basically the same thing, and it's widely used.

The major difference is that it's a 3rd party software, not bundled with the OS, and you would have to intentionally go out and buy it and install it.

Microsoft has just taken it for granted that everyone would want this and then forced it on everyone.

LordKeren
0 replies
2h37m

We will never see Microsoft ship a major product like this and not have it bundled in to a windows update. (Rather than specific install)

After their success with installing Teams, Microsoft has seen that the regulators will not proactively stop this kind of thing anymore

infinitezest
3 replies
1h4m

I have a really hard time understanding the use case for something like this. Stuff that I want to remember I just write down or reference something like my browser history or recently opened files. It's very low tech for sure but it works, is waaay more energy efficient, way easier to understand and audit, and doesnt have the same security concerns. I get that using "AI" has a Wow Factor that existing systems have but I cannot understand the thinking of folks that are OK with the trade-off. Ita just not even close for me.

crowcroft
1 replies
53m

I agree, I think the current state of the AI is absolutely incredible technology, but I just don't see a 'product' yet.

If chat and co-pilots are all we get out of this wave of investment, then I'm not sure if it's been worth it.

TillE
0 replies
31m

I see a lot of cool little use cases (eg, LLMs are genuinely fantastic for creative brainstorming), but I'm absolutely not seeing the multi-trillion dollar AI industry that all the big companies are clearly banking on.

benhurmarcel
0 replies
35m

Have a look at Rewind.ai for some idea about the use cases maybe. Some people are already paying for the feature, so it clearly has some value.

https://www.rewind.ai/

Personally, data privacy/protection and compliance aside, I’d find it fairly useful on my work computer.

skc
2 replies
2h8m

The first big mis-step of the Nadella era.

Will be interesting to hear what he has to say when he's inevitably asked to comment in his next public appearance.

fooey
0 replies
24m

This is something nearly on par with the xbox launch debacle

Mind bogglingly tone-deaf and out of touch with what users want

ffhhj
0 replies
42m

From the lack of security we could assume Nadella himself created Recall over the weekend with the help of Copilot.

rolph
2 replies
3h31m

without seeing an actual data file created by recall, i would expect it to quickly become large.

if so, i would not keep it on a system drive, when you can store it externally, to be plugged in when the owner feels they actually need recall data, and left physically out of band when its wise to do so

dylan604
1 replies
3h5m

how would the recall data get expanded if it is not plugged in all the time? hopefully you can see while it's not designed that way

rolph
0 replies
2h33m

ideally it wouldnt be expanded, the whole point is to have definite denial of recording at any time, or a cut off period, such as archiving the system portion after 12, or 24 hours. this saves system storage space, and preserves data for the owner should they need what they were doing 6months ago.

nativeit
1 replies
2h35m

Microsoft keeps attempting to violate HIPAA on my clients’ behalf. Before this, they turned on OneDrive backups via updates, and began moving sensitive documents onto their servers without prior authorization or consent. I documented the incident, because I honestly wasn’t sure whether or not a lawsuit would result from it. I notified Microsoft, but never got a response.

bongodongobob
0 replies
2h26m

If your clients are storing sensitive PII on their desktop or my documents folders, they're already likely way the fuck out of compliance. Nice FUD though.

hedgehog
1 replies
2h44m

It's interesting that for years Safari stored page screenshots in its history to allow a "coverflow" view and there wasn't broad concern.

OtherShrezzing
0 replies
2h4m

I think the main difference there (apart from the feature being deprecated over a decade ago) is that Coverflow stored a single thumbnail, from which you couldn't derive much information - it's metadata alongside your browsing history, but not much more than that.

Meanwhile Recall takes a stream of high-quality images, from which a full reconstruction of your entire computer-use activity over the last 90 days can be reconstructed in high fidelity and searched through.

From a security point of view, the threat models are a world apart.

foxandmouse
1 replies
2h48m

Do we know anything about Linux support for Snapdragon X.. Personally, I don't trust Qualcomm with Linux support. Their WiFi adapters don't work properly with Linux. Their mobile SoC that supposedly have mainline support only have the CPU part working, but GPU, modem, Bluetooth, etc. won't.

Also, wasn't their history of closed source drivers and their short support timeline was the reason Android devices only ever got 2 years of updates only a few years back?

deafpolygon
1 replies
3h36m

What exactly is a good usecase for Copilot Pro (I'm assuming Recall will be powered by that in some form)? I'm on the free trial and I'm not finding it to be any more useful than the free version, and pretty similar to ChatGPT.

It can't really do anything.

Can someone smarter than I chime in on this?

wkat4242
0 replies
3h30m

It'll be the other way around I expect. Recall will provide more context to CoPilot.

It's not really about looking back at your own activity in case you forgot. But the AI will use it to learn about your habits, wants and hates, interests, people you deal with, usual schedule etc.

An assistant is after all much more effective if it knows you through and through. The one problem is: I don't want Microsoft to be that assistant and know all that about me. Even if "it's all local". They still control what gets done with that info and can change it at any time.

autoexec
1 replies
3h36m

Lawyers, law enforcement, and three letter agencies everywhere are going to be extremely disappointed by this development.

russdpale
0 replies
3h4m

and abusive partners/stalkers.

arusahni
1 replies
3h48m

Looking forward to the update that accidentally re-enables it.

creativeSlumber
0 replies
3h36m

This. I won't be surprised at all if i' silently enabled in a future update that has nothing to do with it.

_zoltan_
1 replies
2h8m

I think Recall is really cool and it's a shame that it's disabled.

o283j5o238ju
0 replies
2h3m

... then you can turn it on for yourself. Unless you think it's a shame it's disabled for other people? Why would you be concerned about that I wonder?

Foobar8568
1 replies
2h10m

I am done with Windows, I really love .net, SQL Server, WSL, but I have been burnt on so many of their tools, features etc, Windows 11 was the last straw (task bar unmovable? Are you kidding me? ), and Recall will be the never look back for my personal computing.

k8sToGo
0 replies
1h40m

Are you switching to Mac?

sgtaylor5
0 replies
5m

... or make a OneDrive-connected folder have an icon that shows, clearly, that it's been taken over by OneDrive.

I'd give a setup option to provide a non-OneDrive Documents folder, that feature would be turned on automatically if OneDrive senses that there is a database residing in the Documents folder (ACT!, I'm looking at you!)

resource_waste
0 replies
3h24m

Oh man this is totally going to affect:

My workplace

It wont affect me personally, because I dont use crappy operating systems on my personal time. Microsoft products are just an efficiency loss, I still bill the same.

I literally get everything done faster on Fedora, no linux prayer needed anymore. Its just better.

postepowanieadm
0 replies
2h40m

Recall got recalled(ba dum tss).

pessimizer
0 replies
53m

Microsoft isn't filled with morons, and they knew this would be the reaction. They always planned this "retreat," and this retreat is actually an advance: if you completely missed the media tempest in a teapot, the story would be that Windows is going to embed AI into every copy that will be able to track everything that is done on the machine and make inferences from it.

Now, the story is: Microsoft has been forced to retreat, through public pressure, from tracking everything that its users do by default.

Complete success on Microsoft's part. And the public that angrily reads headlines and angrily tweeted twice, vigourously pats themselves on the back for their "victory."

oriel
0 replies
25m

Off by default, means On by Default When They Change Their Mind [tomorrow, next week, next month, etc]. Antitrust yesterday already.

nottorp
0 replies
1h52m

Hmm the real question is:

Will you be warned when sending information to someone who has Recall on?

Kinda defeats the purpose of all those confidential communication apps when everything is automatically screenshotted.

lowbloodsugar
0 replies
2h10m

If you’re faced with the trade-off between security and another priority, your answer is clear: Do security,” Nadella's memo read

Just insane that this wasn’t already the rule.

leprials
0 replies
3h48m

Hopefully any debloat tools will remove it quickly. Can't wait until Microsoft force pushes this spyware to the masses.

kylehotchkiss
0 replies
2h20m

Recall certainly validates China's government decision to try to get rid of Windows on government computers (https://www.marketwatch.com/story/china-reportedly-seeks-to-...). Of course recall wouldn't have been enabled on those, but the company providing the OS has made it clear they're willing to make such a sloppy attempt to AI all the things

karaterobot
0 replies
2h22m

Would love to know if any product research was done on this at all, or if it was a mandate from someone high up in Microsoft. I cannot imagine they'd go very long talking to potential users without hearing the exact same fears they seem to be surprised about today.

kachurovskiy
0 replies
1h0m

Classic 2-step move, introduce what you want to ship but add a red herring, remove red herring on the outrage, ship it.

k8svet
0 replies
1h46m

They should've left it disabled, and then "accidentally" enabled it, or nagged people into enabling it. I think it would've boiled the frog slower and been more successful.

Alternative cynical take: they needed to have a compelling story for press/launching the laptops they've been working with software/hardware partners on for years. They got to announce "Copilot+ PCs with Total^H^H^H^H^H Recall"! And now they get to walk it back enough controversy will die down and they can still do the first bit I mentioned. Hm.

jug
0 replies
2h31m

I hope it can be uninstalled altogether. Actually I wish it was a Microsoft Store app. I mean, I don't want that codepath dormant in my OS for malware to enable via a Windows Registry value or whatever. No, not a screenlogger please.

jrhey
0 replies
23m

Security backlash?

Should be security concerns

jrepinc
0 replies
2h10m

Even if it shows being turned off you can't be sure it really is. And yeah they have a tendency to secretly turn malicious features on with little updates. One would really be naive to believe them after their past bad behaviour. It is just another step in slowly boiling the frog to death. Maybe it will be off by default only for as long as people get used to it and normalise it and then, next step turn it on again, more quietly of course.

godelski
0 replies
4m

I don't understand how recall even got launched. No one should have spent money developing it.

Yes, the idea is cool. But even if you trust Microsoft it's obviously a privacy and security nightmare. How many people would install a keylogger on their own system? And then make that keylogger trivial to search through? It just makes windows computers extremely valuable targets for hackers and I'll ban them on my networks even if relay isn't enabled.

gigel82
0 replies
2h42m

Good progress, but to take it just over the trust threshold for me, I'd like it to be a component that you can add/remove (like Hyper-V or IIS); removing literally uninstalls the associated services, applications, DLL registrations, scheduled tasks, etc.

geephroh
0 replies
17m

Fairly certain it won't be switched off by default in most corporate environments. Recall is one of the more impressive foot-bazookas to come out of MS since WebDAV in Windows 2000!

chrisjj
0 replies
2h42m

requiring that users prove their identity via its Microsoft Hello authentication function any time they either enable Recall or access its data,

So now I need MS permission to read my own data stored on my own machine? Insane.

blackeyeblitzar
0 replies
46m

How about they remove ALL AI features, including Copilot? This is clearly illegal bundling that deserves swift anti-trust action. Microsoft is worse than ever, and far more bold with abuse of their market position than they ever were in the 90s.

aners_xyz
0 replies
1h50m

What’s funny to me in all of this is I’m pretty sure regular windows search is still really bad and I haven’t heard them mention the feature “search for a file on your pc you know exists”.

aikinai
0 replies
3h6m

I switched to Macs in 2006 and haven’t felt like Windows’ grass is greener once since then. Until today.

Maybe it shouldn’t be on by default, but this looks amazing.

EasyMark
0 replies
1h16m

I think this will be definitely a "for now" moment until they let us all become a little bit more used to the idea.

Aachen
0 replies
1m

What the default was going to be regardless, except by now everyone heard of the product to the value of probably millions if not billions worth of ads