return to table of content

Microsoft to delay release of Recall AI feature on security concerns

digging
152 replies
2d

This is confusing and vague to me, which I believe is exactly the intent. It focuses on security, reiterates that security is their top priority (and we know that this is untrue). What were the security problems? They don't even allude to the existence or detection of any specific security problems.

It sounds to me like they're figuring out a new marketing approach, or they're softening the blow by "listening to users" and then rolling out more slowly, when outrage has died down and people will just accept it.

segasaturn
119 replies
1d23h

My takeaway is that Microsoft has been trying to boil the frog, but slipped and turned the temperature up too quickly. They're retreating for now, but make no mistake that Recall will slowly trickle back into Windows under another name. Every major power broker wants something like Recall to become the norm - bosses to spy on their employees, governments to spy on their citizens/enemies, and tech CEO's to collect training data for AI and target more ads at end users.

simonw
108 replies
1d23h

This is a very cynical take. I've not seen anything to make me think this feature is intended for surveillance as opposed to personal utility. The personal utility benefits are very clear to me - the problem is the ease with which malicious attackers might steal the data (if they can breach the system).

neltnerb
21 replies
1d23h

I do not think it is cynical to assume that Microsoft would sell this to companies as a way to do constant surveillance of their employees with OCR and LLMs used to make it easier for a manager to sift through massive amounts of data.

That's just an actual use case that their true customers would pay for, I think it's awful and should be illegal under any reasonable worker protections but why would they not advertise it this way privately to business customers?

I also don't think it's cynical to think that a manager looking for a reason to get rid of someone will have a much easier time justifying a PIP or just straight up firing someone if they can retroactively have an AI do it for them.

Why wouldn't they be able to ask the system "how much of <employee they don't like>'s time do they spend doing things on the computer that are not directly related to <company name>?"

Is it technically happening already? Sure, there's nasty nasty spyware being forced on people and it is awful and I hate that those employers are getting away with it. But integrated into the OS, on by default, with a long memory? Just imagine how easy it will be to fire anyone that tries to unionize in an effort to fight against such surveillance.

nofunsir
8 replies
1d23h

It's exactly this.

Development of a feature like this surely started during the WFH craze, where managers could no longer casually walk behind people who had to have their monitors facing outwards. A market opened up, and this is not the only tool for this sort of corporate surveillance.

Certain Software Engineers will probably get some time without it by claiming they need Admin rights and that the system messes up their graphics or slows down their system or what have you.

generic92034
4 replies
1d22h

Or you are living in a country where worker rights prevent causeless mass surveillance of employees.

skywhopper
0 replies
1d8h

This is a really pernicious lie. If you believe this sort of thing, explain why you think sexual harassment laws are unfair, and why corporations were so trusting of their employees before that.

Hint: They weren’t trusting. Corporate surveillance follows technology. The bosses are obsessed with watching their workers every second. This is nothing new. What’s new is that we now do most of our work on networked computers, cameras are vanishingly cheap, and data storage is abundant.

jordanb
0 replies
1d19h

That doesn't seem plausible given that "scientific management" is quite a bit older and one of its main concepts comes from an experiment in surveillance from 1927.

https://en.wikipedia.org/wiki/Hawthorne_effect

freehorse
0 replies
1d10h

The linked article does not support what you say in any way. If anything, it argues that invasion of privacy can actually be used against somebody by getting things out of context. It is definitely not what the link talks about, spending 1/3 of the text writing about how wrongfully invasion of privacy was used during Clinton's impeachment. Maybe you meant to share something else?

RIMR
2 replies
1d20h

It's not even only about surveillance. Microsoft also makes Github Copilot. Getting Recall onto developer machines gives them the opportunity to train their AI on how programmers actually program, rather than just using an LLM trained on code.

Eventually we'll have programmers with Recall activated by company policy on their PCs, actively training the AI models that will replace their labor.

That has to be part of the goal here. The full automation of software development. Think about how much money Microsoft would make if they did it, and how much they would save if they implemented it.

We need a new Luddite movement to protect the workers from all of this.

skydhash
0 replies
1d20h

Typing is the least interesting part of programming. And most of the other doing parts have been automated already (compiling, testing, deploying,…) Most of my days are mostly spent reading, thinking, and waiting.

hn_version_0023
0 replies
1d20h

Hear! Hear!

I work in a massive data center. Manned by very few people. I often think about how many homes could be heated or cooled with the power used to prop up the internet.

It feels borderline criminal when there are homeless and hungry all over the world.

JW_00000
6 replies
1d22h

If that's the case, why don't they sell Teams activity data to companies? I mean, after you're idle for 5 minutes, Teams detects this and changes your status to "idle". Following your reasoning, they should be selling this data already.

JW_00000
1 replies
1d9h

As far as I can tell, this does not allow the employer to see whether employees were idle or not. It does allow tracking of how much time they spent in meetings and how many chat messages they sent.

neltnerb
0 replies
1d1h

Why are you focused on idle time? You don't think a LLM can try to answer other questions?

Do you think Microsoft will prevent their paying customers (the companies) from querying, "What is the strongest legal reason to fire <person> based on the past three years of activity on this computer?"

Their sales team would be absolute fools not to point out how much easier it makes it for a manager to see historically whether someone is performing tasks as they are specified in some formal handbook.

The difference between doing that for reasonable reasons and doing that for post-hoc justification of targeted reprisals is in the mind of the manager and nowhere else. Maybe unspoken, but incredibly obvious.

"Give me the man and I will give you the case against him."

JW_00000
1 replies
1d9h

Does this allow seeing how long an an employee was idle, or just whether they were in meetings?

ethbr1
0 replies
23h56m

As of now, Microsoft seems to be boiling the frog slowly by marketing derived analytics. I believe they're less-than-specific on what goes into the mix.

E.g. "Employees that might be suffering burnout and need attention"

Which I can see for both PR optics and product reasons. If they retain the secret sauce and raw data, it makes it more difficult for others to go over-the-top and compete.

sirspacey
2 replies
1d22h

You’ve got a point. Presuming you are correct, what do you think happens when the team has been culled?

Union busting & screen tracking already works pretty well as is for the goals you’ve outline.

We usually think about tracking/measurement as Big Brother looking over our shoulder, but all of us are living a day-to-day reality of losing context and having to invest a lot of effort and time to get it back (usually only partially).

neltnerb
0 replies
1d19h

what do you think happens when the team has been culled?

I'm not quite sure what you mean, I see this as a long term trend that doesn't really have an end point.

There are always people that some manager wants to get rid of, for performance or unrelated reasons.

Employers are scared of getting sued for wrongful termination. Often they do it anyway, but then they need to make up a reason. They're decent at it already, but my prediction is that wrongful termination will become far more widespread and harder to detect or fight in court.

It won't stop though.

godelski
0 replies
1d22h

Union busting & screen tracking already works pretty well as is for the goals you’ve outline.

I don't think I understand your point here. It feels as if you're framing this as a binary decision/outcome. Personally I see Relay making such abuse easier. So I don't think the existence of bad acts in any way lessens the potential harm of Relay.

We usually think about tracking/measurement as Big Brother looking over our shoulder, but all of us are living a day-to-day reality of losing context and having to invest a lot of effort and time to get it back (usually only partially).

I also don't understand this. Do you keep notes? If the problem is quite large for you, I think you should take more notes and likely better notes (a skill in of itself). Yes, this has cost, but so does everything. There is no free lunch. But notes are distilled while technologies like Relay are dragnets. And at the root of your argument is the recognition that information is powerful. So you have to ask what information has power and to who. Because information that may not be useful to you may be useful to others who wish to use power against you. And in those scenarios, I don't know about you, but I'd rather have distilled information, and more specifically be more aware of what information is being stored, than just scoop up everything.

Personally, I just don't think it is very hard to take notes.

waynesonfire
1 replies
1d22h

I agree it's not cynical. But MSFT doesn't give a shit about surveilling employee computers for PIP purposes. Like, really? A 3 trillion dollar company and this is how they're going to add shareholder value?

They need data to feed their LLM / AI models. Period.

7thaccount
0 replies
1d21h

I think you underestimate the amount of businesses who would love this for reasons of fear mongering. Yes, they also want it for training their crummy AI models

red_admiral
15 replies
1d23h

As far as I know, a long while ago, the Islamic Republic of Iran asked Cisco to develop a filtering solution to stop their citizens from accessing undesirable content. Cisco said no. Then US companies started asking for filters to stop their employees watching porn at work, Cisco invented a centralised domain/packet filtering solution for their routers, and Iran went "can we buy one of those, please?".

My take is that MS did intend the feature purely for utility (and to be fair to them I can think of a lot of scenarios where it is useful). But they did this by not seriously thinking about security at all, and the wider internet has now done that thinking for them.

It reminds me of why SSL version numbers effectively start at 3. Netscape wrote version 1, their internal security team broke it, so they wrote version 2 and I believe shipped it without letting their internal security team do a full review. That got broken quickly too, so they want back and did the job properly (by the standards of the day) and shipped SSL v3, which lasted a while. (It's also been broken now, of course.)

I think Microsoft realised recall needed more work, and is now looking at that more seriously.

vsuperpower2020
12 replies
1d23h

When would this be useful? Microsoft's best examples are that the user forgot the location of a chinese food place your friend told you once.

red_admiral
4 replies
1d22h

I imagine MS did a lot of user studies, and found that the average user could gain a lot from being able to ask the computer questions like "where's the word document for the summer anniversary party that I worked on a couple of weeks ago" or "the photo with the waterfall from our holiday in Greece in 2015 that I sent to Mary recently". Whether Recall in 2024 will be good enough to answer queries like that remains to be seen.

From helping non-technical family members find where they've mislaid files (such as behind another file on the desktop, which can happen if you drag more than one file at a time) I am confident there is a user base for this kind of thing.

We are, after all, in a world where the youth don't seem to understand file systems and folders [1] and rely on the search feature for everything. Recall could, if done properly, be a great user experience for such people.

It was through user studies that we got both the ribbon interface (great for new users apparently, even if less so for experts) and the fact that when you open an office app it suggests a list of documents you worked on most recently. Sharepoint even takes this further in organisations and suggests documents shared by others that "might be relevant to you" based on what you worked on recently (it's not very good).

If I want to be really snarky, I could mention that UNIX had "Recall" back in the days of text-mode only consoles. It was called the `.bash_history` file, and it's genuinely useful.

[1] https://news.ycombinator.com/item?id=30253526

Andrex
2 replies
1d18h

the photo with the waterfall from our holiday in Greece in 2015 that I sent to Mary recently

Google Photos' search bar would be able to complete this search, since like 2015. Recall is completely overkill for this, like building a Death Star to swat a fly.

vel0city
0 replies
1d16h

Only if your photos are in Google Photos. And weren't we expressing the concern of sharing our personal data with giant massive tech companies? Google Photos work entirely locally these days?

TeMPOraL
0 replies
1d12h

Google Photo is opaque and unreliable and keeps degrading and corrupting your photos, and if I'm not misremembering, had data loss issues in a past.

OneDrive doesn't have those problems, but its search is even more unreliable than that in Google Photos.

In both cases, the companies go out of their way to remove any controls over classification, or even user agency in search. Like, how hard would it be to list all of the categories it knows for users to browse, as well as on the photo page for users to know all the buckets the photos land in? They go out of their way to not do that.

Not that there are any better alternatives. For example, Samsung gallery app is just as bad, despite running locally on your phone, and on top of that, has data loss issues that the company refuses to admit or fix. For some reason, tech companies managed to fuck up something as basic as a photo gallery.

onemoresoop
0 replies
1d20h

We are, after all, in a world where the youth don't seem to understand file systems and folders [1] and rely on the search feature for everything. Recall could, if done properly, be a great user experience for such people.

I think this was done on purpose to disempower the user.

chollida1
4 replies
1d22h

Easy answer. It's a built in history.

I use bash history all the time, I use my browser history all the time.

To be able to use an OS history would be amazing.

What was the name of the esoteric software i was using to program my lego robot,

What was I working on last Thursday so I can fill out the government required SHRED report to get the Canadian RnD tax rebate.

What was the song i was listening to that Spotify played last Tuesday afternoon.

There are so many times i'd use a feature like this.

red_admiral
3 replies
1d21h

Which is fine because the browser has a private browsing mode, and the shell has the space trick (for example if a tool requires an SSH key as a command-line argument) as well as various "pinentry" things.

You'd need some API for applications to signal to Recall "the user has requested not to save this", and then every single program with a password input box would have to update to call this.

ozzcer
1 replies
1d8h

All the important controls here have to be done by the user. You really think the average user is going to blacklist things in the awful settings app?

chollida1
0 replies
1d6h

what could the OS do to "blacklist" things on its own?

How would the OS have any chance of knowing I don't want my programming session recorded if I don't' tell it?

How would google chrome know to go to incognito mode if I don't tell it?

Of course the burden for this is on the user, what other way could possibly work?

maxglute
0 replies
1d22h

I think the best unspoken use cases is Recall is basically distributed backup of content. MS will get the idea in their head one day that they can pull dead info from peoples HDs. This is sus capability is MS decides to play info broker. This would be great if there's some system where people can access link rot / vanished content backed up from someone elses computer.

chucke1992
0 replies
1d18h

For example you had some issue while developing the application, but you don't remember what parameters did you use to create this bug.

Or for example, you were reading some article but did not save it and now want to recall it.

Or maybe you watched some music clip or song on the some website and forgot the link to website.

A lot of use cases.

ImJamal
1 replies
1d22h

It seems weird that Cisco wouldn't help Iran when they were indispensable in the creation of China's firewall. Do you have more details on the reasoning? Was it due to sanctions or did they genuinely not want to help Iran?

red_admiral
0 replies
1d22h

I'm afraid my source for this is a half-remembered conference talk from someone who I believe worked for the TOR foundation. My best guess technically was that they didn't want to invest R&D effort into the form of Deep Packet Inspection that came out as a result, for a project that could get them bad press or hauled before congress.

surfingdino
11 replies
1d23h

TPM was met with resistance due to privacy concerns and Microsoft quietly re-introduced it anyway. The same will happen to Recall.

brookst
8 replies
1d23h

Has TPM been a net positive or negative for users / enterprises / the industry?

ekidd
5 replies
1d22h

TPM protects against two main threat models:

1. You don't trust people with physical access to the computer. For the average home user, this means you consider the hardware owner a threat.

2. You want to protect against malware that has already taken complete control over the OS at runtime, and that wants to write itself to disk or the BIOS so that it survives a reboot. At this point, the attacker has already won, so... This might make sense on a stateless appliance like a Chromebook where you do factory wipes a lot.

So TPM mostly "protects" against the hardware owner, or against malware that already has 100% access to all user data, and just wants to stick around a bit longer.

Personally, I'd go with TPM being net negative, because the primary threat model it "protects" against is the actual hardware owner.

clhodapp
2 replies
1d22h

For a mobile device, such as a laptop, lots of people other than the device owner will have physical access.

The useful use-case of a TPM to me is the ability to encrypt my disk without having to type a decryption password each time I use it.

freeone3000
1 replies
1d12h

It does require someone to steal the entire laptop rather than just the hard drive, but… I don’t think that this was an actual worry, and the security result of encrypting to a device with the key stored in the same device is much like not encrypting.

clhodapp
0 replies
1d11h

It also makes it a lot harder to bypass the login screen, even if someone takes the whole laptop.

In case you weren't aware, the ability to do a passwordless unseal can be tied to not tampering with the bootchain. It's not entirely bulletproof, but it's beyond the abilities of most thieves to bypass this (versus just popping the drive in another machine).

panchoop
0 replies
1d6h

I think you are missing some parts in the industrial use.

The TPM is also used for device authentication. It prevents the leakage of certificates that are used to ensure that you are using the device you claim to be using. This is highly relevant when having remote access from users and one would like to enforce tiering rules together with privileged access workstations.

Furthermore, the second example in which "the attacker already won" is missing the context. The attacker does not want to access the computer (in the industrial example), it wants to use to escalate access within its organization. The TPM can be used for remote attestation, that is, a remote server can verify the integrity of the boot process of the device before giving access to remote resources. In other words, it can be used to check for device compliance.

It is definitely a positive for enterprise security.

brookst
0 replies
1d18h

Interesting perspective. While I know secure boot has some downsides, on the whole I think it’s a pretty good thing.

I guess you’re looking at it as a freedom for gramps to dual boot a homebrew OS, and I’m looking at it as taking away gramps’ freedom to install persistent malware that requires buying new hardware to get rid of.

traverseda
0 replies
1d21h

No

supertrope
0 replies
1d20h

Smartphone encryption uses TPMs to keep keys out of RAM and to limit thieves/police to 9 PIN attempts before wipe on failed attempt 10. If you care about your phone being encrypted you benefit. If you wipe a phone with just a few taps thanks to key destruction instead of waiting for a full TRIM run you benefit.

On the negative side requiring TPM to install Windows 11 is planned obsolescence that greatly outweighs any perceived platform level security Microsoft promises. A lot of e-waste will be generated ahead of the Oct 2025 sunset of Windows 10. Who really believes Microsoft is fighting for user security like Google did when they proactively sunset SHA-1? Platform security also means bank apps refuse to run on rooted phones. Some online games have metastasized from kernel extensions to TPM verified hardware IDs.

ryandrake
1 replies
1d23h

It's the same playbook every company uses, who want to feed us something we don't like. They'll try again and again. Maybe they'll add sugar to the medicine, maybe they'll wave the spoon around and make airplane noises, maybe they'll distract us with a toy and jam the spoon in when we aren't expecting it, maybe they'll hold us down and give it as a suppository. One way or another, the baby is going to take the medicine. That's how these companies think about their customers.

devsda
0 replies
1d22h

Another example comes from Facebook/Meta.

When WhatsApp forced accepting terms that affect privacy, they faced huge backlash and many were migrating to alternatives like signal & telegram. In response WhatsApp didn't backout of new the policy but just removed the enforcement deadline.

Now they silently and randomly show an annoying popup asking users to agree to the new privacy terms. The dialog is strategically placed and designed to collect as many accidental as clicks possible.

Sadly, the strategy worked for them and nobody cares about the new terms any more.

throw20240511
5 replies
1d23h

and your take is quite naive.

Surveillance is absolutely the purpose, overt or not. The huge push for bossware/spyware for windows in 2020+ demonstrates that the less ethical portions of industry desperately want to spy on users workstations! Eventually there will be retention laws in certain regulated industries that mandate such technologies! Why enable this potential abuse?

Microsoft is trying to Sherlock the surveillance software industry with this!

I’d rather run North Koreas spyware Red Star Linux than Microsoft Windows.

andybak
3 replies
1d23h

This doesn't make sense. Screen recording is trivial. Why go to this much trouble? I don't buy the "Trojan Horse" argument in this case.

Occam's Razor, folks.

nehal3m
0 replies
1d22h

Screen recording is trivial

Well yeah, but doing it by default and saving the results in a searchable way for each and every one of your users is not.

disqard
0 replies
1d21h

Screen recording is Data.

Being able to perform text-search queries on those is Information.

Having pie charts of "what % of the time did my minions spend on work-related tasks today?" is Knowledge.

What's lacking IMHO, is the Wisdom to ask "just because you can build this technology, should you?"

Avshalom
0 replies
1d22h

Recording is trivial.

monitoring at scale, in real time? getting a concise "what did bob do on his computer all day" those are hard.

lassoiat
0 replies
1d8h

I would suspect its much more ambitious than just peeking over your shoulder.

If you are going to try to make some new product to automate white color jobs a good way would be to sample what all the people are actually doing on windows every 5 seconds and see what you really have.

Peeking over your shoulder will be a side effect you get for free.

It is amusing to me because I was actually considering getting a windows laptop then they pull this shit. So standard for this evil company, I had just been lulled to sleep.

0xFEE1DEAD
3 replies
1d21h

This is disgusting.

I did not know that Microsoft offers these tools to organizations. I'm honestly shocked that this exists. They'll 100% abuse preview to offer similar features in the future.

Over the last years/decade, they worked hard to improve their image in the tech community, and I have to admit, it worked, at least for me. They've just lost all the respect I had for them.

kstrauser
1 replies
1d20h

I can't believe I'm saying this, but in Microsoft's defense, those controls are aimed at companies working in regulated industries. They're meant to help those companies prove they they're meeting their legal and/or contractual compliance obligations.

For example, if your company works with healthcare information and is a HIPAA "covered entity", your customers will demand to see proof that you're using data loss prevention (DLP) software. Such software does things like:

- MITMing output email to make sure you're not sending a spreadsheet full of social security numbers.

- The same but for posts to web forms.

- The same but for instant messengers.

...etc. Netskope is a big player in that space. Go read up on what all their stuff can do sometime. As an individual, a donor to the EFF, and a vocal advocate for user privacy, those things make me shudder. As someone responsible for making sure our employees didn't accidentally upload PHI to Facebook from a work computer, I gritted my teeth and accepted that they're a necessary evil.

There's no reminder that "your work laptop belongs to your employer" quite like working in healthtech. I'm willing to cut Microsoft some slack for offering those products to customers.

skydhash
0 replies
1d19h

You can enable some pretty strict policies with device management and general policies. But actually recording the screen is a big breach of information if the database is not secured.

lkjdsklf
0 replies
1d20h

Every enterprise communication platform provides something similar.

It’s important to realize you don’t own any of the communication on a corporate owned device.

roody15
3 replies
1d21h

Explain the personal utility here... Ohh I cannot find that one website I visited but I know I had found it a couple weeks back? Really. The personal utility use case looks pretty weak IMO.

kstrauser
2 replies
1d20h

I disagree. I think having an easy to search database of everything I've looked at would be very useful.

And if I ever want such a thing, I'll be happy to go and find one and install it myself. I don't want it anywhere near my computer unless I deliberately select and acquire it myself.

lotsoweiners
1 replies
1d18h

lol I definitely don’t want that. That is the reason I already use incognito mode for everything.

kstrauser
0 replies
1d17h

Heh! I just mean it seems like a cool thing to have the ability to turn on when you want to use it, because you want it, not as an opt-out feature.

Avshalom
3 replies
1d23h

It's a system that constantly surveils you, of course it's meant for surveillance. The only question is who gets access, is it just you, or is it you and the cops, or is it you and the cops and anyone with a checkbook.

dotps1
2 replies
1d23h

I think the issue is more that nobody asked for it.

These tools are useful, and on a Mac if you want Rewind, you have to know you want it, go out download it, pay for it, install it yourself .. and you knew what you were getting into the whole time.

Having a tool like this planted in your device without your consent is pushing your userbase over the edge.

If they made it a separate feature you had to manually install, like Windows Sandbox or WSL .. they could have avoided shooting themselves in the foot.

the_snooze
1 replies
1d23h

I think you hit the nail on the head. The feature itself can be benign and useful if Microsoft valued being respectful of user agency. Using Windows feels increasingly like a battle against against someone who can't accept "no" and tries to sneak around your intentions.

throwaway48476
0 replies
1d18h

Along with Adobe recently it consensual business relationships are no longer common.

usefulcat
2 replies
1d23h

I've not seen anything to make me think this feature is intended for surveillance

What it's intended for and what it can actually be used for are two different things.

wizzwizz4
1 replies
1d22h

According to the cybernetician, the purpose of a system is what it does. This is a basic dictum. It stands for bald fact, which makes a better starting point in seeking understanding than the familiar attributions of good intention, prejudices about expectations, moral judgment, or sheer ignorance of circumstances.

— Stafford Beer, 2001 (via Wikipedia: https://en.wikipedia.org/w/index.php?title=The_purpose_of_a_...)

usefulcat
0 replies
1d20h

I think that's a reasonable and insightful definition, but I don't think that's what most people are likely to think when they read the words I quoted.

coldtea
2 replies
1d23h

This is a very cynical take.

But also very correct.

I've not seen anything to make me think this feature is intended for surveillance as opposed to personal utility.

Now that's a very naive take.

They already use tons of telemetry to profie you for ads, snitch about you to your boss, share with partners, and so on, and only growing on that front. Plus all the cooperation they do with their favorite government.

talldayo
1 replies
1d22h

But I pay for Windows! Surely, the existence of a preeminent financial contract with my benefactor means they would never sell me downriver to a suspicious partner. At least, that's the rationale I seem to hear these days from people that pay extra for peace-of-mind.

bostik
0 replies
1d12h

But I pay for Windows!

So you are:

- part of a captive audience

- with money so spare

- and for whom someone else has done pretty extensive KYC

Please ignore the sounds of drooling from the marketing department. We have called the cleaners.

jart
1 replies
1d22h

My take is more cynical. They actually want your soul. By collecting all the information that was ever used to train the neural network between your ears, they can create a synthetic version of you, to impersonate you, and some might even argue resurrect you, inside a computer, to torture you Clockwork Orange style with an endless display of ads, predicting what the fleshy version of you wants to buy, how to preempt your real life decisions, deny you the things you desire, and more.

greenavocado
0 replies
21h43m

The fundamental energy responsible for the universe is consciousness, and the goal of consciousness is to create, to experience, to learn and to improve (or re-create), ultimately evolving to a state of lower entropy (creating order out of chaos). The pyramids on the ancient artifacts represent our consciousness. And if you take a look at the depictions of the pyramids with the eye (or sun) on top, you’ll notice that the top of the pyramid is always missing. This symbolizes the fact that the development of our consciousness is always ongoing and will likely never end — at least for as long as the universe exists. We’re on a continuous path of building our consciousness, brick by brick, slowly but surely reaching higher states of awareness.

And where are we ultimately heading? To the very top, of course; towards the sun; towards enlightenment. The ancient people used various objects in nature to symbolize certain concepts, and the sun above the pyramid represents enlightenment — the highest state of awareness, knowledge and wisdom. The idea behind this is that the bright light from the sun allows us to see our environment and when we can see our environment clearly — i.e. when we can see things as they truly are — we can start to collect valid information about it and build a good understanding of it. That’s why when you withhold knowledge from people it’s called “keeping them in the dark.” This is also why one of the well known secret societies called themselves the Illuminati; they considered themselves the illuminated ones, because they possessed knowledge others didn’t have; in other words, they were illuminated by the extra knowledge they possessed while everyone else was (relatively) in the dark.

digging
1 replies
1d23h

I've not seen anything to make me think this feature is intended for surveillance

It's published by Microsoft

nonrandomstring
0 replies
1d23h

tbh that's a knockdown argument. All the conversation second guessing the intent and motives of bosses, users and third parties is moot when it runs on an OS that is controlled remotely and insecure by design. Apple are following, (and I exlect you'll have even less choice about that - because its clientsode scanning in disguise) and Google have always been proud of their surveillance based business model, so I think the whole landscape of big provider computing is changing. People are actually starting to question what they want computer devices for

devjab
1 replies
1d19h

I think you’re a little naive if you don’t think this will become handy tools for management. We view its potential as two-fold from a strictly non-employee-friendly side.

The monitoring abilities will be better than what is currently available. But it’s not really something a lot of organisations is going to be too interested in. Everyone already knows you’re spending a few hours each week doing internet things, maybe you’re even playing some digital board games with your coworkers. That’s fine (again, in most organisations), in good organisations you might even be able to play a little with your managers. What would be interesting isn’t the DDR type surveillance, it would be if the tools come with automatic detection for outliers. This would help you gather information on poor performers and maybe help them get better.

The other potential is much more sinister. At least if the tools work out as we expect they will. In that everyone will basically be training their AI replacements. This isn’t going to kill the office job, but it’ll make the processes where we’re already putting in more and more RPA smoother and more rapid. Microsoft being who they are, they will sell these tools of course, and if they keep up with their current pricing… well… let’s just say that having a student worker move data is cheaper than most of Microsoft’s current data automation, so we’ll…

As far as security goes I think this is more about complaisance than actual IT security. It’s frankly illegal to monitor employees the way these systems are intended to do in a lot of countries, and I’m not sure Microsoft really thought that true. If they roll out the current system in the EU then they are going to get a lot of attention from the big bureaucratic dragon. They probably will regardless of how they roll it out.

bitwize
0 replies
1d11h

This would help you gather information on poor performers and maybe help them get better.

Poor performers can get better on their own time, after they've been separated from the company. PIPs are a formality to provide documentation that ensures wrongful-termination lawsuits don't stick.

adriancr
1 replies
1d23h

I've not seen anything to make me think this feature is intended for surveillance as opposed to personal utility.

In the future companies can have this enabled and just ask chatgpt to fire bottom 10% of staff.

Or they can ask microsoft to 'train' their own company AI based on worker interactions then fire them once the AI can mimic the work good enough. (this is likely the goal)

neltnerb
0 replies
1d22h

Worse, they can pick whistleblowers, people who attempt to unionize, people who have harassment claims against the company, and ask it to retroactively come up with a legal justification for firing them that would pass muster if challenged in court.

It would be for sure a nightmare if it's automating the thing some companies do where they constantly hire their "worst performers" -- but they're doing it anyway with manual labor. The worse thing is that it makes it much more possible to justify firing someone for deceptive reasons in order to avoid anti-discrimination or harassment claims.

This enables much more, because screenshots to comb through for dirt exist where they otherwise would not.

adamrezich
1 replies
1d23h

This is not the first time they've done this—have you forgotten the "Xbox One-Eighty," when they initially announced the Xbox One as having mandatory Kinect functionality, only to similarly realize they boiled the proverbial frog too quickly and renege?

Dylan16807
0 replies
1d21h

If "this" is temporarily backing off the surveillance frog boil because they went too fast, then the Kinect is clearly not an example. It has been over ten years since the launch of the Xbox One and they never did anything surveillancey with the consoles.

ungamedplayer
0 replies
1d17h

I believe that any corporate entity will eventually use any tool at their disposal to optimise profits at the cost of their customer.

tomrod
0 replies
1d22h

Given they have performed the strategy of user-hostile rollouts time and time again, why would you think they would behave any differently?

Relatedly, do you like ads in the OS?

throwaway48476
0 replies
1d19h

I agree. If this feature was developed by someone not in the ad tech surveillance business and it ran on a secure by design operating system there would be a positive reaction.

soraminazuki
0 replies
1d11h

Cynicism? Mind you, what the GP described is exactly what Microsoft has been doing for the past decade. It's not cynicism, it's extensively documented fact.

# Privacy Violations

Windows 11 Update 23H2 is stealing users' IMAP credentials - https://news.ycombinator.com/item?id=38212453

I noticed some disturbing privacy defaults in Windows 10 - https://news.ycombinator.com/item?id=9976298

Even when told not to, Windows 10 doesn't stop talking to Microsoft - https://news.ycombinator.com/item?id=10053352

# User Interference and Coercion

Microsoft has removed the “use offline account” option when installing Windows - https://news.ycombinator.com/item?id=21103683

Microsoft intercepting Firefox, Chrome installation on Windows 10 Insider build - https://news.ycombinator.com/item?id=17967243

Outlook now ignores Windows' Default Browser and opens links in Edge by default - https://news.ycombinator.com/item?id=36492329

Microsoft blocks EdgeDeflector to force Windows 11 users into Edge - https://news.ycombinator.com/item?id=29251210

Microsoft has not stopped forcing Edge on Windows 11 users - https://news.ycombinator.com/item?id=37461449

Windows 11 Officially Shuts Down Firefox’s Default Browser Workaround - https://news.ycombinator.com/item?id=29579994

Last Windows 11 update changed all default browser settings to Edge - https://news.ycombinator.com/item?id=30055222

Microsoft tests Windows account menu error badge when Microsoft Account not used - https://news.ycombinator.com/item?id=35443361

Removing “Annoying” Windows 10 Features Is a DMCA Violation, Microsoft Says - https://news.ycombinator.com/item?id=23486887

# Ads

Windows Now Showing Full-Screen Ads - https://news.ycombinator.com/item?id=11167964

Why can an ad break the Windows 11 desktop and taskbar? - https://news.ycombinator.com/item?id=28404332

Windows 10 nagging users with Bing advertisements - https://news.ycombinator.com/item?id=27337382

Microsoft begins showing an anti-Firefox ad in the Windows 10 start menu - https://news.ycombinator.com/item?id=22288599

Windows 10 Tip: Turn Off File Explorer Advertising - https://news.ycombinator.com/item?id=13835733

# Unwanted Features

Windows needs to stop showing tabloid news - https://news.ycombinator.com/item?id=35323121

sneak
0 replies
1d22h

iMessage and iCloud weren’t designed for surveillance, but they allow the FBI to read basically every text and image sent to or from every iPhone without probable cause or a warrant.

Something doesn’t need to be designed with the intent to surveil to be used by the state for that purpose.

skywhopper
0 replies
1d8h

Microsoft already builds countless APIs and services into Windows that are there mostly to enable spying by corporate owners. If you don’t think governments of all sorts are asking for This sort of functionality to be baked into all operating systems, you are being naive, especially on the face of recent reports of Microsoft’s internal willingness to retain a major security hole in ADFS rather than risk a lucrative US government contract.

It’s true they also have folks internally pushing for this as a source of training data for MS AI models as well. There are countless “benefits” for Microsoft that have nothing to do with the personal utility.

The personal utility angle is just the marketing hook, which they thankfully misjudged. How else, though, could they justify recording the screen all the time?

mrangle
0 replies
1d21h

Cynicism is forgivable. Smart, even. Given that it implies expectations from experience. Naivete, and possibly "willful naivete", on the other hand is not forgivable given perceived stakes by many.

It's not cynical whatsoever to understand that features that enable surveillance are for surveillance. It's simply a realistic take.

markus_zhang
0 replies
1d22h

With large corporations and governments the general rule is: assume a cynical take until proved as not.

I actually think this is a pretty healthy mindset for anything that is political.

godelski
0 replies
1d22h

I've not seen anything to make me think this feature is intended for surveillance

I think you may have forgotten about Chat Control[0]. Regardless of its intent for surveillance or not, Relay would be an essential technology for making things such as Chat Control even possible.

I must stress that this can come with all good intentions. That the developers and even Nadella see this purely from the utility perspective and have zero intentions to use it for increased surveillance. But like they say "The road to Hell is paved with good intentions." So I'm trying to distinguish between the potential harm of the technology itself and the conspiracies that are arising. Because we need to recognize that evil often arises with no malintent, and to be careful attributing malicious intentions to those who never had none. It can be incredibly hard to know.

But regardless of the intent, I think we can now look at this and see how ripe the technology is for abuse. And I think we can ask the questions about how likely it is to be abused. And don't just ask how likely __you__ are to be subjected to the abuse, but include others. Because even if others are subjected to that abuse, it is not unlikely to affect you in some form (if you need that specific motivation). I think we can all agree that the likelihood of the technology being abused in authoritarian countries like Iran, North Korea, and many others, is quite high. Maybe this isn't on your radar or maybe it isn't a concern for you because those powers will already abuse their citizens. But certainly this gives them the ability to be more abusive and more invasive.

[0] https://www.patrick-breyer.de/en/posts/chat-control/

fumeux_fume
0 replies
1d22h

Cynical, that's cute. The only thing that's "very clear" up to this point is that no one wants msft taking screenshots of their activity.

freedomben
0 replies
1d23h

I agree, I think GP is overly cynical. There's a strong chance that the primary reason is for personal utility. But MS (like all big tech) are all about two-birds-one-stone wins. If you can get the personal utility, while also gaining capability that "rightsholders" and advertisers, etc will want, that's a huge win to them. Reminds me a lot of Apple's hardware DRM that is primarily about reducing the value of stolen Apple hardware, but which also serves to make third party repairs way more difficult and expensive, which is not a "con" to them.

dylan604
0 replies
1d21h

How is this cynical? In what way have evilCorps of any name/brand shown you in the past that this is not exactly what will happen? Even Apple's CSAM back pedaling hasn't been long enough ago to see what the next attempt at it will be.

I do not trust anyone attempting to make money on AI that will not ultimately just be a data hoover for whatever model it is they are using. That's being generous in their motives. Anyone that is trying to hide their ulterior motives of out right spying would use this as the perfect cover.

So, am I an asshole in assuming everyone has nefarious intent or are you a good sheeple for giving people benefit of the doubt?

colordrops
0 replies
1d22h

"cynical". That's like calling the sky blue a "cynical" take. It should be obvious to anyone that has been paying attention for a while that this is exactly what is happening. Requires absolutely zero conspiracy mindset. You are either very young or don't pay attention whatsoever. Sorry about being blunt, but I'm tired of these pollyanna naive takes that it's "cynical" to suggest that corporations and government agents want to spy on you when it's obvious to my 8 year old that they are doing it. There have been hundreds of events and leaks indicating exactly this situation that made front-page news in major publications over the last couple decades. Where have you been?

codehalo
0 replies
1d23h

I cant fathom someone writing this and not doing so in bad faith.

bitwize
0 replies
1d11h

Microsoft is already selling analytics on Microsoft Office employee usage statistics to companies with Office site licenses. Selling analytics based on data gathered from Recall is a very short hop from what they are already doing.

beefnugs
0 replies
1d17h

If this was released out of the blue (and not on by default) after maybe windows 7 era: sure microsoft is just putting some new untested feature out in the wild.

But Microsoft has made loud clear reputation destroying moves in the last few years by putting ads into the BASE OPERATING SYSTEM. And also forcing online account linking into the BASE OPERATING SYSTEM. They are yelling out into the world that they can no longer be trusted because they dont understand what an operating system is suppose to be anymore. What kind of deep trust is required to be that layer in a computer.

_heimdall
0 replies
1d21h

Taking screenshots of everything a user sees, running it through image recognition, and cataloging all of it in a database is surveillance no matter what Microsoft currently intends to use the data for.

If intent mattered, police could have us all wiretapped without a warrant. They wouldn't be actively sueveilling us for a specific case so there's really no problem, right?

WhackyIdeas
0 replies
1d21h

I don’t mean this to be rude, but wake up and smell the coffee already.

The reason why Silicon Valley has got to where it is with the complete erosion of user privacy is naive individuals not being able to see far in front of them. Recall isn’t just one event, it’s an accumulation of a thousand tiny events to the point where Microsoft are so up their own arses that they assumed this would be an easy hole in one. Because it usually is.

And they will just slip it in regardless. This is just a PR thing. Mark my words, Recall will be back with a new name and slipped in with an update at some point and it will be enabled without the user even wanting it. Or coerced out of the user. Microsoft want people’s data, whether for their own greed or because they’ve been asked to by the NSA. Regardless, Recall is coming, and the public will be naive about its true intentions. Microsoft will win this in the end.

RIMR
0 replies
1d20h

I don't think that mistrust of tech companies is cynicism, especially not after we have seen them repeatedly prioritize profits over our privacy, including literally selling our privacy on the open market.

It's hard for me to imagine that Microsoft would implement a "watches everything you do" program if they didn't want to look at what it sees.

The entire internet, all of your personal information, every written text, and every photo uploaded to social media have been absorbed into these companies AI models, and they are all clamoring to one-up each other. They are going to acquire as much data as they can get their hands on, and this software is a clear way to do it.

Even the AI features in MS Paint will send your data to Microsoft for "content safety", even though the model runs locally. They're already setting the scene for what they plan to do with Recall.

HumblyTossed
0 replies
1d22h

This is a very cynical take.

I think it fits reality.

Gormo
0 replies
1d21h

I've not seen anything to make me think this feature is intended for surveillance as opposed to personal utility.

The previous commenter was attributing malicious intent to Microsoft and other parties, but in the long run, I'm not sure that anyone's immediate intentions are particularly relevant.

My concern is much less about how the creators of these tools currently intend for them to be used, and much more about how they will end up being used regardless. Well-intentioned people have often created things that were viciously abused by ill-intentioned others later, or created things that had negative unintended consequences.

Andrex
0 replies
1d18h

The personal utility benefits are very clear to me

Please explain to me, because I keep failing to understand. How would Recall help me do anything I want to do on my PC?

tivert
3 replies
1d22h

Every major power broker wants something like Recall to become the norm - bosses to spy on their employees...

Isn't that already the norm, or at least very very common? It's just a 3rd party package totally focused on surveillance, not built into the OS and used for some user-accessible features.

...governments to spy on their citizens/enemies, and tech CEO's to collect training data for AI and target more ads at end users.

These applications would be novel, at least on a widespread basis in Western liberal democracies.

segasaturn
2 replies
1d22h

These applications would be novel, at least on a widespread basis in Western liberal democracies.

How? We already know Google trains its AI on people's private emails and Five Eyes conducts mass surveillance on Western citizens (see: Snowden). You can be sure that the people behind the PRISM program are salivating at the thought of access to the unencrypted Recall databases, and that they'll be twisting Microsoft's arm for backdoor access.

tivert
0 replies
1d22h

> These applications would be novel, at least on a widespread basis in Western liberal democracies.

How? We already know...

I think you're making the mistake of interpreting this as a binary thing, which obscures the difference between, for instance, tapping phone calls and installing bugs in every room of everyone's home (a la 1984's telescreens). Or in this case, Google scanning the emails you sent/stored on their servers vs. Microsoft storing and scanning every action you take on your PC.

It would be novel because most people outside a corporate environment don't have a keylogger/screen-recorder running on their system.

lrem
0 replies
1d21h

We already know Google trains its AI on people's private emails

Source?

ugjka
2 replies
1d23h

There are already Recall type of products on the market, not just that, they also work on the cloud not just locally. All Microsoft had to do was make it opt in by default

bostik
1 replies
1d23h

Yes, these existing products are generally called RATs or spousal stalkerware.

ugjka
0 replies
1d22h

No

golemotron
0 replies
1d14h

I can't believe that no one there didn't anticipate the blowback. It could just have been a way for Satya to put the feature in front of their business customers. They'd likely want that feature even if consumers reject it.

albert_e
0 replies
1d13h

Employers can collect task/business process staps by recording the screens.

This will help train RPA bots and reduce the need for human workforce for repetitive tasks.

Microsoft can collect this data across industries with or without informed consent and sell RPA/AI bots back to the same enterprise customers as a managed service.

Lot of commercial potential there for the taking. Just needs a innocuous enough cover story ro make it a default offering to server you the individual customer alone and help you gain an edge over your peers.

Hasu
0 replies
1d21h

They're retreating for now, but make no mistake that Recall will slowly trickle back into Windows under another name.

Not even that. It's still coming, under the same name, just not as soon for everyone.

swatcoder
12 replies
1d23h

There's a much more mundane read:

They invested a bunch of effort into a product the market loudly rejected.

They're now withdrawing the product while they figure out what they can salvage from the effort.

Key stakeholders may have a few ideas about how to proceed (ranging from "try again later" through "repurpose it" to "forget it"), but enterprises of Microsoft size make decisions very slowly so of course it's vague about what's next. Collectively, they almost certainly don't know!

consumer451
9 replies
1d23h

In addition to direct market reaction, they must be a bit red in the face considering that Apple just laid out a complex and well thought out implementation of "AI", which focused on privacy.

As someone who grew up near Redmond, who still has an emotional soft-spot for Microsoft for some reason, I feel truly embarrassed for their implementation.

pjmlp
6 replies
1d23h

From all three major OS vendors on the consumer market, Microsoft is still the one that pushes more C and C++ into production on their OS, in detriment of .NET, despite all the security discussions.

All the efforts from other teams to have .NET reach Swift, Java, Kotlin levels of adoption on Windows, have always hit a wall against WinDev culture.

Also the 90's spirit from features over security hasn't yet gone away from WinDev, so it isn't really surprising this turned out this way.

creshal
3 replies
1d23h

Your post could've been written in 2004, when Microsoft was pinky swearing it was gonna refocus on security-first development, starting with XP SP2

consumer451
1 replies
1d22h

To be a bit fair, Windows security has gone from a laughing stock in 2004, to having Windows Defender in the 2020s. I ain't no city slickin' infosec guy, but Defender appears to be state of the art end point protection today.

They can figure this stuff out sometimes, right?

How did they get from Windows/AVG/ESET to Windows Defender, and how can they make that happen on Azure?

keyringlight
0 replies
1d20h

To me this seems like a different aspect of security. The push with the winxp service packs onwards was to make it secure by default against the network (trying to be vague because I'll probably be wrong on the details), I'm fairly sure it was xp where you could be infected before setup was complete if the network was plugged in, or that acquiring third party AV was something you must do for anything that touches the internet or media from a source you can't 100% trust. Now with defender this is far in the background for most users that they don't need to think about it at all.

The difference with recall is about blast radius of any unauthorized/unintended access, which still happens even if it's less common or via something like clicking a bad link in an email. That's in addition to mistrust of MS or large corporations sucking up data, and how secure they are (what would a Ashley Madison type breach look like with recall data?)

pjmlp
0 replies
1d22h

They did improve their story, with SAL exactly introduced for XP SP2, and having for many years having one of the few C++ standard libraries with bounds checking enabled by default in debug builds.

However that was it, WinDev fought against Longhorn, Office folks redid the .NET ideas in COM for Vista, and so on.

Gormo
0 replies
1d21h

It's too bad that the rest of the "90's spirit" -- consistent, well-organized UIs, users controlling their own computers, and software that runs locally without dependence on cloud servers -- seems to be receding at Microsoft, leaving everyone with the worst of both worlds.

slashdave
1 replies
1d21h

My suspicion is that Microsoft learned of Apple's effort, thus this rushed, skunkworks implementation, pushed to be released before Apple. The effort backfired spectacularly.

consumer451
0 replies
1d16h

I worry that it's worse. They have been working on this for years, but I think that they may have assumed that their desktop market dominance was so sound, that they just didn't care to put the effort into privacy. What are you going to do, Linux Desktop?

This seems like the general attitude that delivers lackluster solutions across many products, like Teams, SharePoint, etc.

dialup_sounds
0 replies
1d22h

Intelligent search for your personal data is still a feature with broad appeal, and they're bound to come back with that.

The critical blunder was in indexing that personal data by watching over your shoulder, which is both creepy and low-effort. They've got to put the work in to find a better way.

chucke1992
0 replies
1d18h

But market did not reject it - the OS and corresponding copilot devices literally hasn't launched yet.

patmorgan23
5 replies
1d22h

Per one of the ars Technica articles, All the information collected was stored locally completely unencrypted, and would be accessible by anyone with local administrator rights.

slashdave
3 replies
1d21h

Nevermind accessible to other users, but accessible to any 3rd party application that the user executes. A nightmare of a security hole.

ranger_danger
2 replies
1d20h

That's already true for every desktop application though. All third party programs can spy on all other programs and documents that user has available. This has been a seemingly criminally-overlooked shortcoming of desktop systems and this approach has fallen WAY behind current mobile security practices.

shuckles
0 replies
1d19h

This is not true on macOS.

johnisgood
0 replies
1d6h

That is why "firejail" exists.

mihaaly
0 replies
1d7h

What if it was encrypted but the key need to be present locally anyway. Key under the mat situation? PIN on the back of the card case?

AceJohnny2
2 replies
1d23h

You're assuming Microsoft acts as a singular, cohesive entity, which like any company it is not.

greenavocado
0 replies
21h49m

You're right. Carolina Hernandez speadheaded this initiative to take screenshots of your desktop every few seconds or minutes and transcribe the result into a regular local sqlite database.

gmd63
0 replies
1d23h

It's convenient for corporations to have this as an excuse, but they should be assessed as singular entities. They enjoy corporate personhood also.

As the size and influence of an entity increases, it has more power in the economy and therefore should have more responsibility, not less, to act according to high standards.

A gargantuan company that is 7% of the S&P 500 getting whoopsie-daisy passes because it is so large and nobody knows what it's doing is a dystopian situation that we should have incentives in place to discourage

xnx
0 replies
1d17h

People should not get over this (but probably will). There was an uproar (decades ago) about GMail "reading all your email". This was overblown, but Microsoft building the infrastructure to view a history of everything on your screen is much much worse. There's a lot more private things that get displayed on a screen (and of course all of your email would be a subset) that no one has a right to see.

rvense
0 replies
1d21h

Security is a mindset and some people don't have it.

I used to work for a company that made a rather popular database for mobile applications. An easy API to store data on your phone and have it synced to a server with no effort on the developers part.

Two of my co-workers spent a few weeks making a nice looking chat application which worked by syncing messages from many users to different devices, and they wanted to publish it as a demo. Until somebody else pointed out that there was no security at all. The server just accepts the latest state from the client. This was fine for most of the current use cases, but for chat basically meant that any client could rewrite the entire history and the server would just say "thanks!" on next sync and distribute the changes to everyone else. These were adult humans with degrees from respectable institutions, and this hadn't crossed their minds at all.

Basically, I think a combination of Hanlon's razor and nobody wanting to be a naysayer is a perfectly adequate explanation for this Recall thing. I think it's obvious that a lot of people would like their computer to work like that, and I can see them wanting to get it out without having listened to any internal criticism (if they even have a culture that allows that).

ranger_danger
0 replies
1d20h

What were the security problems?

I would argue there really weren't away, apart from the usual disaster/lack of security that desktop systems have.

It wasn't uploaded anywhere, so the only threat would be from programs that would run locally and steal it, which is already the same for any other (even third-party) program stealing your local files, which they have always been able to do.

pjmlp
0 replies
1d23h

Currently I am still looking forward to when the Secure Future Initiative (SFI) will actually mean more .NET and Rust and less COM and C++ love by Windows team.

So until this changes, take with a grain of salt how much secure Recall is actually going to be.

Contrast this with Apple Inteligence, where not only are most local APIs made available via Swift, they have created special hardware and a unikernel like OS with sandboxed layers, exposing only what OS capabilities required for AI processing and cluster communication.

Versus "Thrust us, we are going to do the right thing".

pcloadletter_
0 replies
2d

Or maybe they have to figure out how to actually make it work

mihaaly
0 replies
1d7h

My recollection is that the CEO stated no security problem with the product, security was their utmost and first the toppest priority all the time and into eternity, they wouldn't dare trying to release anything with security concerns.

Apparently there are security concerns afterall. Did they lie before or now or just completely clueless about what is a security concern or what? I am confused.

godelski
0 replies
1d22h

What were the security problems?

They don't even allude to the existence or detection of any specific security problems

Arguably the product itself. Which is another reason they might be vague about it. Because to talk about those security problems would taint the entire product and they can't do that if they aren't willing to completely scrap it.

People have been talking about how the data in here is similar to what may be already existing but that's far from the truth. Yes, these companies have a lot of data on us, but this is a significant step forwards in the granularity of that data. It's also worth noting that hackers could not get into your computer and assume that your computer not only has a keylogger that they can access to further compromise your system (and other systems/accounts) but that they can also obtain screenshots. These increase user risk significantly and greatly reduce the requisite technical skill needed for those infiltrating machines.

Similarly, many have pointed out the potential connections to Chat Control[0] and how such systems can likely be used by many companies to be exploitative of workers. While you may trust your company/partner/significant others/government and so on, it is important to remember that not everyone has such luxuries. It is also important to remember that such things can change. Even in the US there are high risks of potential abuse: such as police obtaining a warrant to get this data to see if someone is trying to obtain abortion medication. Regardless on where you fall on that specific issue, you can replace it with any other concerning issue and I'm sure you wouldn't like that (guns, religion, gender identity, political affiliations, and so on). So even if you trust Microsoft to not give away this type of information nor to provide authorities access (which often includes authorities not in your home country), then you must ask if the benefits are worth the costs. And not just for you, but for others.[1]

It sounds to me like they're figuring out a new marketing approach

I suspect this is correct and as segasaturn suggested, turned up the heat too fast. I also suspect that this type of data invasion can be much more easily understood by the general public, who often struggle with understanding what metadata is and how it is/can be used. It does require technical knowledge for this and is often non-obvious, even for people who are well above average in technical literacy (as is the average HN user).

[0] Specifically we should note here that Chat Control would force Microsoft to use this system in a much more invasive way. We lambasted Apple over their proposal for CSAM detection, including the potential risks of abuse even if it were theoretically impossible to avoid hash collisions. Having Relay would require Microsoft to implement such a system and that's why there are many conspiracies arising that Relay is specifically intended for Chat Control, because true or not it would likely have similar outcomes. We'll see if Apple revisits the idea, and the recent WWDC doesn't rule out such a possibility https://www.patrick-breyer.de/en/posts/chat-control/

[1] https://www.youtube.com/watch?v=goQ4ii-zBMw

Jedd
0 replies
1d5h

The specific security problem was that their enterprise customers said no, and not in a 'no thanks' way, but a more vehement 'no fucking way', way.

They could conceivably push to SOHO users, but a) there's no revenue there (and this stuff is expensive), and b) it's really bad optics.

"We're going to offer you a feature that your workplace refused to run on their network."

I'm sure there's ways to spin that, but it'd be a challenge.

HumblyTossed
0 replies
1d22h

They're totally waiting for the negative press to die down, then they'll try again.

1vuio0pswjnm7
0 replies
1d19h

"It sounds to me like they're figuring out a new marketing approach, or they're softening the blow by "listening to users" and then rolling out more slowly, when outrage has dies down ad people will just accept it."

Of course "listening to users" really means "listening in on users". Or just "bad press".

Microsoft does not consult with users before adding code into Windows. Nor do users contact Microsoft to tell the company what code they want or don't want.

Even if they did, the company does not operate based on user suggestions.

The reaction to "Recall" by journalists, bloggers and commenters is not that they think it should be "delayed". They think it is a bad idea.

Microsoft will do as it pleases. As it always has done.

nimbius
58 replies
2d

In summary: the only customers that matter --corporations paying site licenses-- declared this to be an unacceptable business risk.

Anyone who is still using windows in 2024 and isnt a multinational business or llc gets what they deserve.

999900000999
34 replies
1d23h

What if you can't afford a Mac, and you're not technically literate enough to install Ubuntu ?

Speaking for myself, I dual boot mint and windows because I really like playing games and making music. Both of those are absolutely subpar on Linux.

Outside of our nerd bubble, most normal people don't really want to run desktop Linux. Macs are great, but I can't really game on them.

HaZeust
9 replies
1d22h

ZorinOS is catching up FAST and QUICK with out-of-the-box gaming support, many thanks to Valve's bankroll into the problem with Proton (primarily) and Wine (secondarily) for the Steam Deck.

I look forward to see where developments can go from here, but Zorin is pretty good for a solid amount of games... Maybe not most.

k8svet
5 replies
1d22h

Give me a break. Its the kernel, drm, mesa, and proton. The distro haw scant all to do with it except a bunch of newbies loudly claiming "new distro" is the best because it includes one single extra package pre-installed or something.

I will never stop being annoyed at conversations around distros. Ever.

creata
1 replies
1d22h

I get what you're saying, and I don't know much about "ZorinOS", but the discussion is about people who might struggle to install Linux at all, so having the right packages preinstalled is important.

k8svet
0 replies
1d11h

Okay. Now they have a distro from someone that doesn't care to respect licensing terms. And an end user who apparently can't be trained to click a few times in an app store...

Yeah, let's imagine how they react to their entire system being broken and some rumblings of "well maybe if you change time". Yeah, sure, okay, I'm sure a user that can't install a package will be able to handle that. /s

Maybe it's simply because I AM a distro maintainer, that I just roll my eyes at all of this. What's pre-installed is so trivial it's almost nothing to me when I think about why I chose my distro. How fast can they react to security reports? Are they abreast of developments in the Linux ecosystem and adjusting and experimenting with defaults? Really truly? Because even in (my distro) where I can tell you the names of owners of specific areas, there's still some gaps we could cover better.

The curse of knowing too much. Or maybe my empathy meter is way off tonight. Idk.

HaZeust
1 replies
1d21h

The conversation started, to which I contributed to, was about what's easiest out of the box for casual users. What are you on about?

k8svet
0 replies
1d11h

"how many clicks does it take to install Nvidia or steam" is not a good measure of a distro. I will stand by that statement strongly, I think. Let imagine a totally-not-real distro that definitely isn't pushed on noobs constantly. Let's imagine that include that said distro has, multiple times, let their SSL cert expire and at least once recommended users roll back their clock. Is that a "good distro" for noobs because it slips the Nvidia package in?

Fuck. No.

I'm sorry but if the way we handle accessibility of Linux to non-Lijux-aware folks is to just push them to the latest flavor that has the most shit crammed in, well, I'm not sure what we expect the outcome to be.

Tarball10
0 replies
1d22h

I think you're underestimating how important the out-of-the-box experience is to casual users. Having Steam games "just work" and being able to do the familiar double-click of an exe file to install a Windows app in compatibility mode is valuable to those users.

kergonath
2 replies
1d21h

ZorinOS is catching up FAST and QUICK

This is a perfect example of a frustrating problem with Linux on the desktop. There is always a perfect distro that my aunt can just use and that never breaks. The problem is that once it was Mandrake, then Ubuntu, then Manjaro, then Pop_OS!, and many others. Most of them fade into obscurity after a couple of years, to be replaced by $shiny_distro that this time will be perfect for non-technical users, I promise! And a year later, there will be another one and everyone will start raving about it and dismiss $shiny_distro for being broken.

This does not work. To work with a general audience, a distro needs to look nice, behave well, be good at marketing, and last long enough to establish a presence. Maybe ZorinOS is good, I have no clue. But I never heard of it (and I am following what’s happening in tech in general), and i have no clue whether it will be around next year. So I’ll stay on Tumbleweed, and I still don’t have a really good solution for normal people who might want to use Linux.

k8svet
1 replies
1d11h

I can't decide a tone for this comment. But comments like yours make me want to go make a new "distro" that is just triggered when nixos updates and publishes an iso with Nvidia pre-installed. Lol maybe even do it for every major distribution. Nvubuntu, fedoria, etc. And then we can be done with this? Idk.

Like you, I find the "hopping" nature of Linux enthusiasts to be exhausting. it's almost always nearly the same fucking bits at the end of the day. Great, you know how to use the package manager? Everything you like about NewShinyDistro's defaults can probably be hadon the distro you're on already.

Christ maybe the better approach is my other idea - customnixos.org. You always get nixos, but you get to pre-pick the desktop environment, theme, background, etc, and then it slips you an iso with those options set.

kergonath
0 replies
1d11h

I can't decide a tone for this comment.

Frustration, mostly. I really like Linux and I think it should be more accessible, but the community keep shooting themselves in their metaphorical feet.

Lol maybe even do it for every major distribution. Nvubuntu, fedoria, etc. And then we can be done with this? Idk.

That would help. NVidia drivers are a major pain point even for more experienced users, and yet are critical for something that can be used for gaming.

Great, you know how to use the package manager? Everything you like about NewShinyDistro's defaults can probably be hadon the distro you're on already.

I know that, and I am very happy with Tumbleweed, but that’s not really something we can say to the general public.

Christ maybe the better approach is my other idea - customnixos.org. You always get nixos, but you get to pre-pick the desktop environment, theme, background, etc, and then it slips you an iso with those options set.

A huge part would still be missing: the integration of all these pieces and setup so that they look like something that works and not a Rube Goldberg OS. Something that at least Ubuntu is doing, for all their faults.

Look at game controllers for example. That’s another major pain point for gaming on Linux. You can use all of them (the various generations of xBox and PlayStation gamepads that work over Bluetooth, not sure about the Switch ones) with quite a bit of fiddling. OTOH, on a Mac, iPhone or iPad you just pair them and they work, and can then be used with whatever game you want. No fiddling with the package manager, no config file wrangling. This integration work is important for an OS we want everyone to use.

creata
8 replies
1d22h

If someone isn't technically literate enough to install Linux, they have three options:

1. Become technically literate enough to install Linux. Distros like Fedora are very easy to set up imo.

2. Ask someone else (relatives, local computer store, etc.) to set it up for you.

3. Continue using Windows.

999900000999
6 replies
1d21h

Alright.

What happens when something weird happens and you have to manually change the kernel or your hardware just isn't supported.

I still wouldn't recommend Linux to most normal people. So your stuck with 3 realistic options.

Mac. Chromebook. Windows.

Chromebooks are actually really capable, but forget gaming or serious music creation.

I've been using desktop Linux for over 15 years. It's still much more work than normal people want to do.

talldayo
3 replies
1d21h

I still wouldn't recommend Linux to most normal people.

Then I think you're making things hard on yourself. I'm a NixOS user, I know I cannot get everyone to install my specific system with all the bells and whistles. But you could walk a middle-schooler through installing Ubuntu or Fedora; it's easier than setting up an email account.

Both Windows and MacOS are slowly rolling down a hill of bloat, surveillance and unusability that will eventually push people onto something else. Modern GNOME is basically just an iPad with more obvious on-screen controls. With distros supporting Flatpak, it doesn't even matter if you misconfigure your base system since all your apps are sandboxed anyways. I think the success of the Steam Deck kinda proves that people don't care what your desktop is as long as you have recent Chrome/Firefox and let them sideload stuff.

999900000999
2 replies
1d21h

Ubuntu with it's Telemetry and bizarre proprietary Snap store?

It's not just the initial install. Eventually for almost every distro I've installed things get rough and you need to use the command line.

Want to play Fortnight, well you can't. How about Roblox , might be possible but it's a full comp sci project.

The only thing that will ever change this is if Valve comes out with a full laptop. The Steam Deck is the closest thing we have to a mainstream adoption of Desktop Linux.

In my personal life, Linux is where I go to when I really just need to focus and get things done. Less weird background crap going. It's much easier to enter a flow state with Linux.

talldayo
0 replies
1d20h

Want to play Fortnight, well you can't. How about Roblox , might be possible but it's a full comp sci project.

God forbid they want to entertain themselves without using spyware.

minetest2048
0 replies
1d16h

Want to play Fortnight, well you can't. How about Roblox , might be possible but it's a full comp sci project.

Those two games put a code that will intentionally stop them from working if it detects them running on Linux. Justified because (at least in Fortnite case ) they can't install kernel level anticheat.

The only thing that will ever change this is if Valve comes out with a full laptop.

Unfortunately Valve Laptop won't solve this either, unless if Valve goes against the spirit of Linux and lock it down

craigds
0 replies
1d12h

I'll agree with others here and endorse Linux for use by normal people. I've switched multiple family members now and no issues (despite absolutely no technical chops whatsoever on their part)

admittedly I did the installing part, but day to day use is not an issue any more. Ubuntu is hands down much more user friendly than Windows 11

Dylan16807
0 replies
1d21h

If by "change the kernel" you mean pick the backup one in the boot menu, that should almost never been needed but tech support can walk you through it.

If you mean something else, you never need to do that as a normal user.

Hardware just not working happens on other operating systems too, it just sucks. But normal people aren't swapping out important parts so at most some USB thingy doesn't work.

lotsoweiners
0 replies
1d18h

Most people don’t even know what Linux is.

jahewson
4 replies
1d22h

What is this laptop that costs less than a Mac but is good for gaming?

xcv123
0 replies
1d22h

There are cheap gaming laptops from Dell, HP, MSI, Asus, Gigabyte, Lenovo, Acer, Razer.

Dell G15

filleduchaos
0 replies
1d21h

Honestly, pretty much every laptop that isn't an absolute potato is good enough for gaming.

Contrary to what both people who don't really play games and people who make their gaming rigs their entire identity tend to think, the vast majority of games on the market run just fine on half-decent hardware with a concession here and there as far as resolution, particle systems, etc go. At $700+ you can get plenty of bang for your buck; even more so if you buy secondhand.

FactKnower69
0 replies
1d22h

Steam Deck + bluetooth mouse and keyboard + external monitor if you want

999900000999
0 replies
1d21h

I just purchased a Amd 8845HS for about 750$ and I can run most games at mid spec.

Tossed in a 4TB SSD and I'm very happy with my purchase. I have Mint installed along with Windows.

Price out a 4TB Mac, you'll be spending an unholy amount of money. Plus in a few years when the 8TB SSDs are cheaper it's an easy upgrade.

MrDrMcCoy
3 replies
1d19h

I'm genuinely curious to hear an actual musician's take on the following Linux-compatible DAWs:

- Reaper

- Tracktion Waveform

- Bitwig

- Fairlight

- Zrythm

- Ardour

As for games, I've been 100% Linux for several years now, and haven't had much trouble. I'm only aware of issues with aggressive anticheat these days, but I refuse to give money to companies that push ring0-spyware anyway.

999900000999
2 replies
1d19h

I haven't used those tools, but Maschine, FL Studio, Akai's MPC(you can use it stand alone, but they heavily push the PC integration,) and Ableton are practically industry standards at this point.

You can make music on anything, I'd imagine a skilled producer could do anything I can do in Maschine in Zrythm. But it's a matter of difficulty.

Maschine has a series of custom midi instruments which are simply amazing.

As for gaming, you could probably play the next Call of Duty with browser based cloud gaming when it hits gamepass.

I definitely understand the benefits of Linux though. I think dual booting is the way to go.

MrDrMcCoy
1 replies
1d17h

Not being a user myself, I wouldn't know for sure, but I've heard that Bitwig is the cross-platform answer to Ableton. I've also heard that Reaper is the industry standard in various corners, with sizable market share.

I only know these things from doing light audio work, mostly relating to video editing. In that world, DaVinci Resolve studio seems to be winning, and is thankfully cross-platform. Blackmagic is truly a wonderful company.

999900000999
0 replies
1d16h

Bitwig does look interesting.

I think it comes down to wait ultimately matters to you.

Windows hasn't gotten so bad I want to avoid it entirely yet.

I've used Maschine for like a decade, I don't really want to have to learn a new tool just to spite Microsoft.

Plus if you have a job that requires Windows, it gets familiar... The devil you know

grishka
1 replies
1d22h

Then you install one of those slimmed down builds of Windows that removes almost everything that isn't required to run win32 software.

okanat
0 replies
1d18h

Custom builds are not trustworthy. I have less trust to random nobodies on the Web than a corporation who still has to have some profits and acquire some trust. It doesn't mean they wouldn't use that trust and do things against my intentions, but the way they do things is more predictable.

segasaturn
0 replies
1d20h

What if you can't afford a Mac, and you're not technically literate enough to install Ubuntu ?

Honestly, buy an iPad. You can get a new iPad for as cheap as $300 and it will adequately serve all of your basic needs. If you're not tech-literate enough to install Ubuntu (which is extremely easy and straightforward in my experience) then I don't think you will need the extra bells & whistles of owning a laptop.

globular-toast
0 replies
1d11h

GNU/Linux is easier than Windows. Present two new users with each and they'll find Linux easier. The technically literate part usually comes down to them having a PC with their data already on it. That's where you come in to help your friends back up their data so they can easily move between computers and OSes.

dialup_sounds
0 replies
1d22h

Your comment encapsulates why normies get iPads and Chromebooks in spite of the nerd rage they generate.

Gormo
0 replies
1d21h

What if you can't afford a Mac, and you're not technically literate enough to install Ubuntu ?

Problem: Uber is expensive, and you don't know how to drive, so getting around is a challenge.

Solution: Learn how to drive.

jcfrei
7 replies
1d23h

Not quite true: The other huge group of customers is simply gamers.

JonathanMerklin
4 replies
1d23h

Genuinely asking: is that huge in terms of their install base or revenue, or is that huge in terms of PR ramifications (like, "vocal minority" type of deal)? In my younger days I'd've had a heavily skewed pro-gamer and pro-authority-of-the-gamer-rabble viewpoint, but now at this phase of my life I can't help but feel the majority of the places I see Windows are all in business and education contexts (so just business, heyo). I'd be curious to know if the gamer-rabble still holds the kind of weight in the social media aggregate that, say, got the Kinect-as-mandatory stuff walked back.

vsuperpower2020
1 replies
1d23h

Was "gamer-rabble" the word of the day?

JonathanMerklin
0 replies
1d20h

Perhaps not the hyphenated form, but I'd had a chat with a friend a couple days ago where we meandered around some surface level philosophy and I paraphrased a section or two from Thus Spoke Zarathustra about the rabble ([1]), so I'm sure that's why it was front of mind. I only used it twice just to be clear that it was referring to the same thing, I didn't intend for any semantic satiation or emphasis through repetition. My apologies!

[1] http://www.literaturepage.com/read/thusspakezarathustra-107....

ARandumGuy
0 replies
1d22h

Steam has a daily peak userbase of around 33 million users[1]. I haven't been able to find a recent monthly user count, but it's certainly a lot of users. The Steam hardware survey reports over 96% of surveyed users use Windows[2].

Now, we can't say for sure how many of these users primarily use their PC for gaming. But it's probably a lot of them. PC gaming is huge, and it's one of the few areas where a general consumer actually needs a PC, and can't use a phone or tablet.

[1]: https://store.steampowered.com/charts/

[2]: https://store.steampowered.com/hwsurvey/Steam-Hardware-Softw...

chabons
0 replies
1d23h

And more generally, consumers of Windows-only software, of which there is still a ton.

MrDrMcCoy
0 replies
1d19h

Gaming on Linux is pretty good now for games that don't demand ring0-spyware.

wilsonnb3
4 replies
1d23h

Anyone who is still using windows in 2024 and isnt a multinational business or llc gets what they deserve.

Yeah, enjoy your just desserts of games that work, HDR that works, variable refresh rates that work, sleep and wake that works, the ability to run the software you need to use, one of the best IDEs available, fantastic backwards compatibility, etc

irusensei
1 replies
1d9h

sleep and wake that works

That’s not Windows.

zer0zzz
0 replies
1d9h

It’s not Linux either.

IshKebab
0 replies
1d23h

Eh who needs more than 90 minutes of battery life anyway?

Gormo
0 replies
1d21h

You seem to be describing Linux, but the previous comment was about Windows.

quickthrowman
3 replies
1d23h

I work for an S-Corp with ~500 office employees and high nine-figure revenue (in dollars). All of our industry specific software is only available on Windows.

jahewson
1 replies
1d22h

What’s your industry?

quickthrowman
0 replies
1d18h

Construction. Trimble and Autodesk are the two main industry specific vendors we use software from.

userbinator
0 replies
1d10h

Time to try WINE.

UberFly
2 replies
1d23h

I'm neither of those things and Windows 10 Enterprise is working fine for me. Many of us (for now) are still able to corral our OS.

rchaud
1 replies
1d21h

What about when Win10 falls out of support in Oct 2025?

UberFly
0 replies
1d9h

Windows 10 IoT Enterprise LTSC is supported until 2030.

wruza
0 replies
1d23h

And what should we choose instead? $$$$ set of adapters or Kubuntu that can’t calm down with updates and sudo password?

Before putting me in crazy fanboy fandom, I’ve used all three systems each for at least a decade now (and counting), and windows wins workstation pc award by simply being alone in the league of what works out of box with no additional expenses or headaches.

Edit: don’t get me wrong I hate ms, but I hate stupid bugs and restrictions much more.

qsdf38100
0 replies
1d18h

No, they also try to attract non-pro developers with a free OS, free programming suites and languages, free web frameworks, free web server, all that with a home edition. They also claim to embrace open source, etc. They care about their image as a relevant and alive Linux and Apple alternative for developers, and I don't mean the ones forced into it because of their job.

Now they also want to attract the "masses" so in the end on Windows you'll get a lot of crappy "user-friendly" stuff. There is the ad situation also, but is really not as bad as I keep hearing about, I'm not even sure what it refers to exactly. The only times I see ads is when I mistype something in the start menu, and I start getting irrelevant web search results from bing or whatever, with ads, just like when googling. I guess that's what I "deserve"? It didn't bother me enough to try disabling it anyway.

And finally, obviously if I'm using Windows it means I accepted that I implicitly trust Microsoft, just like anyone with an iPhone/Android implicitly trusts Apple/Google. I try to minimize the number of actors which I trust. Actually Microsoft doesn't scare me too much because they are always under the spot lights, with lots of harsh criticism, so they have much more to loose than smaller/more "reputable" players. So, anyway, I don't really see why I should care that some new crappy feature could help them spy on me, as they could spy on me anytime anyway.

jmholla
0 replies
1d22h

In summary: the only customers that matter --corporations paying site licenses-- declared this to be an unacceptable business risk.

I think it's more narrow than that. Yesterday, Brad Smith (president of Microsoft) went in front of the House committee for Homeland security and they were making the case that Microsoft is a national security risk.

Corporate customers may react based off of that testimony, but given the timing, it feels like the US government is the motivating factor for this announcement today.

visarga
43 replies
2d13h

Meanwhile Apple Intelligence recalls across all apps with no backlash. I personally like this idea, should be done in a thoughtful and safe way, but recalling your logs is more useful than searching anew.

I see the same double standard with Google's generative search vs OpenAI's chatGPT with search - when Google gets it wrong, it's a big issue, but not for the other.

Dalewyn
12 replies
2d12h

I feel Recall got excessive backlash because of how ubiquitous and far reaching Windows is, and critics basically live and die by finding something popular to bitch about.

There are already many things that record our data and actions that most of us are otherwise fine with. Browsing history, Undo in any number of productivity software, search histories both local (eg: Windows) and remote (eg: Google, Bing), password managers and Post-Its on monitors(tm), chat logs, vidja gaem save files, and more.

Some of the issues floated like the seemingly complete lack of encryption are valid, but the overall response indeed felt very overblown and hypocritical.

mrangle
6 replies
1d21h

Explain "hypocrisy". As far as "overblown" goes, there's no other realm of social balance wherein concession to something means an obligation to an extreme.

Last, your statement falsely presupposes that most are happy with any tracking / intrusion.

Dalewyn
5 replies
1d18h

Explain "hypocrisy".

Recall is neither the first nor the last thing to record and store your actions and data. Why is it such a big problem?

Last, your statement falsely presupposes that most are happy with any tracking / intrusion.

Most people are in fact fine with tracking, it has been demonstrated time and time again ad nauseum that the commons do not fucking care about digital privacy and especially if they are inconvenienced.

As for intrusions (presumably you mean attacks, whether digital or physical?), it's not so much most people are fine with it so much as they don't/can't care as it's all far above their paygrades.

mrangle
4 replies
1d13h

Recall is neither the first nor the last thing to record and store your actions and data. Why is it such a big problem?

Not agreeing to something that one does not want, in spite of tolerating qualitatively similar yet different objects that one also does want not want, is not "hypocrisy". It's a boundary.

Are you unfamiliar with the concept of boundaries?

I feel like I'm in an argument with a psychologically abusive SO.

You imply a defect in rationality via your misuse or misunderstanding of vocabulary.

As what? A means of browbeating people into acceptance?

Your need to resort to such a non-agreeable tactic, alone, should inform you that your logic is the problem if not your motive or Recall itself.

It is within everyone's right, and within the bounds of rationality, to reject Recall on its qualitative differences, on the sole fact that they don't want one more tracker when they really don't want the first, or because others seem strangely over-interested in making poor yet insistent arguments in favor of it.

I mean, if it's just one more tracker than why does anyone need it? Right?

Or is the singular nature of Recall that makes it uniquely desirable to some the reason that it is rationally undesirable to others?

Denial of that nature of Recall is what is hypocritical.

Most people are in fact fine with tracking,

Do "most" people have the option of easily turning tracking completely off? Most are "fine" with it?

Except the ones that aren't, who are tend to also be against having second to second activity recorded. Right?

And who are significant enough that you feel compelled to argue with them here.

the commons do not fucking care about digital privacy

ooph, the spicy language. I'm persuaded.

As for intrusions (presumably you mean attacks, whether digital or physical?)

No, as the attack vs tracking difference of user data being sent to an off-site server, and then sold or otherwise, is immaterial when the user isn't aware of the nature of the data being sent if they are aware of it being sent at all. With Recall and for most users, the possibility that screenshot data would be remotely accessed certainly falls under the category of "intrusion". In spite of legalese.

it's not so much most people are fine with it so much as... it's all far above their paygrades.

Boom

Dalewyn
3 replies
1d11h

Not agreeing to something that one does not want, in spite of tolerating qualitatively similar yet different objects that one also does want not want, is not "hypocrisy". It's a boundary.

It is hypocrisy because there is no difference.

None of you have yet managed to answer what differences, if any, exist between Recall and All The Other Tracking Siphoning Things(tm) most of us either accept or tolerate.

Your need to resort to such a non-agreeable tactic, alone, should inform you that your logic is the problem if not your motive or Recall itself.

I am asking you all a question and so far noone has managed to answer it. If none of you can answer what exactly about Recall makes it unacceptable unlike All The Others(tm), your logic is flawed.

Again: What is the difference? I do not see any.

Do "most" people have the option of easily turning tracking completely off? Most are "fine" with it?

To the former: Actually, yes; just don't use the services or software that track you. As unenforcable as EULAs are, we all agree to them and it is made explicitly clear we can reject by not perusing.

To the latter: Also, yes; everyone happily uses iCloud and Google Photos and OneDrive and Dropbox and whatever else that tracks user data. To say nothing of Windows, and even Firefox (yes, Firefox phones home) that people happily use.

And who are significant enough that you feel compelled to argue with them here.

Significant in the sense that apples are significant in an orchard, but apples only comprise a small portion of all trees and most trees don't care.

Likewise, techies bitch in tech circles and the noise is significant, but in the world at large techies are an insignificant minority as far as whether tracking is acceptable or not is concerned.

ooph, the spicy language. I'm persuaded.

Whether I can persuade you is irrelevant, the commons still do not fucking care about digital privacy. Seriously. That's the reality. It's like how the Earth will spin and keep spinning no matter what any of us do.

user data being sent to an off-site server

One of Recall's biggest marketing spiels is that it's all stored and processed locally. If Microsoft violates that marketing then they're guilty of false advertising and we can absolutely throw books at them for it, but that's tangential to the collection and processing of user data.

mrangle
1 replies
1d2h

There is a difference or Recall would be redundant, and you and they wouldn't care about it so much. It wouldn't exist. Your insistent advocacy and what you are demanding people accept, in Recall's supposed relative insignificance, are incongruent.

Second, this situation doesn't fall under the definition of hypocrisy. It's more like date rapist's logic: "She didn't reject me when I kissed her while she was passed out, and so she's a hypocrite if she denies me sex". TF is your problem, honestly.

Third, again see "boundaries" and people's right to them without needing to tolerate browbeating. Only weirdos and abuser types ignore firmly stated boundaries, and try to move past them via abuse tactics.

None of you have yet managed to answer what differences, if any, exist between Recall and All The Other Tracking Siphoning Things(tm) most of us either accept or tolerate.

I wasn't aware that an answer to your nonsense question was required in order to justify Recall's popular rejection. It isn't. However, the answer is that nothing else in the base OS is creating a word for word, second to second, record of what is on one's screen to include passwords. And if it is, that should be made widely known so that it also has a chance to be broadly rejected.

I am asking you all a question and so far noone has managed to answer it. If none of you can answer what exactly about Recall makes it unacceptable unlike All The Others(tm), your logic is flawed.

Your "flawed logic" premise is rejected.

The assertion that your question is not sufficiently answered is rejected, but irrelevant regardless.

You need people to accept Recall, for some bizarre reason. Beyond the already presented logic, they simply don't have to.

To state that your logic is flawed would be polite. More accurately, its nonexistent. You resort to browbeating as a replacement for it.

Whether I can persuade you is irrelevant, the commons still do not fucking care about digital privacy. Seriously. That's the reality. It's like how the Earth will spin and keep spinning no matter what any of us do.

And yet here you are.

One of Recall's biggest marketing spiels is that it's all stored and processed locally.

Few if any who comment on either side of this fake argument trust MS or those who are above it, if they are being honest. MS spent its trust currency long ago, and no one owes it to them.

Dalewyn
0 replies
16h34m

There is a difference or Recall would be redundant, and you and they wouldn't care about it so much.

Recall makes accessing the data more convenient especially for the commons, but that's a difference on the frontend. The criticism is directed at the backend, which is no different from all the others.

Your insistent advocacy and what you are demanding people accept

I'm neither advocating nor demanding anything, stop mouthbreathing zealotry and go get some fresh air.

Third, again see "boundaries"

You can't draw two lines on top of each other and say they are different lines to be treated differently.

I wasn't aware that an answer to your nonsense question was required in order to justify Recall's popular rejection.

Can you answer what justifies the negative reaction?

However, the answer is that nothing else in the base OS is creating a word for word, second to second, record of what is on one's screen to include passwords.

Sure there are, literally everything sitting in RAM or the page file for starters. Clearing the page file on shut down is a security measure some people/organizations take, by the way.

Also anything in the GPU, whose literal job is to render graphics and to do that it needs to know everything it has to render on screen. The GPU's data stores can also be accessed and routed externally, most commonly screen capture protocols and associated software.

Of course, you also just made it clear you don't even know WTF you're talking about: Recall reads the screen and creates a database dump which will be subsequently processed and accessed. It doesn't store the literal video in any permanent sense.

Your "flawed logic" premise is rejected. ... The assertion that your question is not sufficiently answered is rejected ...

You reject reality and substitute your own?

You need people to accept Recall, for some bizarre reason.

See above.

And yet here you are.

Indeed, and?

Few if any who comment on either side of this fake argument trust MS or those who are above it, if they are being honest. MS spent its trust currency long ago, and no one owes it to them.

To cite the HN Guidelines:

Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.

Microsoft stated Recall is local, subsequent conversations and discussions should assume this to be correct until demonstrated otherwise which so far is not the case.

johnisgood
0 replies
1d6h

Personally I do not think that there are any fundamental differences; Recall is just more "obvious" or "apparent". Plus according to someone Apple's AI thing does not record what you type into the text field inside your browser, but I really am not certain about that. All that said, I will continue using Linux with firejail (because I do not like the idea of programs sharing data in many cases).

davesmylie
4 replies
2d12h

Browsing history, Undo in any number of productivity software, search histories both local (eg: Windows) and remote (eg: Google, Bing), password managers and Post-Its on monitors(tm), chat logs, vidja gaem save files, and more.

None of these are taking screenshots of your entire desktop, using OCR and AI to summarize all text/secrets displayed and storing them in a single centralized, location, (currently) easily exfiltrated and searched by any one gaining access to your desktop

They made the right call to delay and revisit this.

Dalewyn
3 replies
2d12h

Is there a difference between that and the others? I'm not seeing one fundamentally and brutally speaking.

Also, if a hostile has access to your computer then all bets are off. Nothing matters at that point besides how quickly you can remove that access if it's even possible and whether you can deal with the fallout.

jononor
1 replies
2d10h

The Microsoft approach will slurp up passwords/tokens, as well as anything in incognito browser window, etc. Things that are explicitly designed to be private. And it may have stored images, not just text.

Dalewyn
0 replies
2d10h

slurp up passwords/tokens

So like the clipboard?

anything in incognito browser window

None of that is private.

And it may have stored images, not just text.

They're both data.

Once again: Is there any difference? I'm not seeing one. Pedantics aren't worth my time.

davesmylie
0 replies
2d12h

I probably would have agreed once that someone physically having access to your computer was as bad as things could get.

Given the choice now though between someone having access to my computer, _or_ someone having physical access to my computer as well as a database with a detailed and lengthy history of every secret i've ever seen in my terminal or web browser, as well every bit of employer or customer data that I've seen whilst working, as well as well ... everything else personal, all in one nice tidy package they could download and search as they pleased - I think the former would end up not being quite as bad things could get.

ketzo
6 replies
2d12h

Are we really comparing a userland, unencrypted-at-rest SQLite database with Apple's app sandbox + secure enclave?

hiAndrewQuinn
4 replies
2d12h

To be evenhanded, encrypting SQLite at rest is a well-solved problem. Dr. Richard Hipp and his merry men even sell an official extension to do so. Plenty of third party FOSS solutions also exist for this.

I feel if that were the case I'd suddenly feel a lot more comfortable with the MS approach than the Apple approach.

mjg59
2 replies
2d12h

Under what circumstances would someone have access to the database but not the key?

hiAndrewQuinn
1 replies
2d8h

Well, presumably under the circumstances where you'd prefer that.

mjg59
0 replies
2d3h

How?

karlgkk
0 replies
2d11h

Encryption isn’t the problem here, it’s key management.

And Microsoft’s solution was borderline useless

postmodest
0 replies
2d5h

Apple's competitors lose the PR war if they don't post to social media!

ankurdhama
6 replies
2d12h

MS recall captures screenshot, analyze them, extract data from them and create a database index of these things so you can search them.

Apple AI essentially provides API hooks that apps can use to expose actions and data to the model. Currently it seems Apple own apps does that but any app owner can decide to support this or not.

Two completely different approach.

visarga
2 replies
2d4h

Two completely different approach.

Just semantics. In the end Apple has access to everything, like MS.

mimikatz
0 replies
2d4h

It isn't there are large real world implications and difference in what each does and what risk it exposes to the end user.

DougN7
0 replies
1d23h

I suspect Apple doesn’t have access to everything typed into a web form, or in a notes app, even if those values are erased/backspaces, not saved, not submitted. But Recall does. All usernames in all apps/websites. The content of every single web page you visit, not just the URL. The content of every email you read, every document you open of any kind in any app. Apple _might_ spy on some of this. Recall WOULD record ALL of that. Very different in my opinion.

str3wer
0 replies
2d12h

and it was possible for any user on windows to have access to these screenshots

jwrallie
0 replies
1d16h

To me it sounds that anyone could implement Microsoft’s approach as an app, there is no reason for it to be bundled with the OS. The only difference would be it would cost users token costs directly as opposed to be paid by other means.

azinman2
0 replies
2d12h

Not only that but the data is what is exposed to spotlight - an api that’s existed forever. iOS 18 just has much better search over the same data.

oefrha
4 replies
2d12h

When did Apple announce they’re going to start taking screenshots of entire screens and storing them? Windows has had a (crappy) unified search “across all apps” for years and there’s been no backlash AFAIK.

iLoveOncall
3 replies
2d10h

They didn't, and they wouldn't. Yet, for all we know and ever will know, it's exactly how their feature might work.

The only reason people aren't outraged at Apple is because they won't be able to access the directory with all the screenshots unlike on Windows.

Both implementations are awful. Apple's one is probably the worst one actually, because it sends some data to Apple's servers for processing (probably most), when Microsoft runs everything on the device.

rsynnott
1 replies
1d11h

Yet, for all we know and ever will know, it's exactly how their feature might work.

… Wait, how do you think they’d keep _that_ one secret?

iLoveOncall
0 replies
22h15m

By encrypting the data on your device with a key that only they have? It's extremely simple.

kbf
0 replies
2d10h

Yet, for all we know and ever will know, it's exactly how their feature might work.

We already know how it works, it’s based on App Intents. It’s how Shortcuts has worked for years, just instead of meticulously making your shortcuts for each automation you want to do, you essentially get an ML model to make one on the fly.

pjmlp
2 replies
2d11h

There is some backslash, however besides brand recognition, Apple has taken all the steps to approach this with security first, features second, to the point that they even have a special OS version for the server side, unikernel style, everything taken away not needed to AI compute or networking, using Swift, and the secure enclave.

Not a cleartext SQL Lite database, with stuff written either in C or C++ with COM, as the WinDev business unit loves to do.

stby
1 replies
2d10h

On the other hand, Recall doesn't even have a server side, right? Ignoring the SQLite access issue for a moment, I'll always prefer a local solution.

pjmlp
0 replies
2d10h

Microsoft says it is local, how much you end up believing that is up to you.

Those of us with long Windows development experience certainly don't.

crystaln
1 replies
2d12h

Their implementation is entirely different. This is like comparing Telegram to Signal.

sprobertson
0 replies
2d12h

More like comparing Instagram to Signal

ThrowawayTestr
1 replies
2d13h

The power of trust (and brand loyalty)

callalex
0 replies
2d12h

(And completely different implementations)

rsynnott
0 replies
2d6h

While I'm not a huge fan of Apple's thing, either, it isn't the same level of ridiculously over-aggressive data collection.

riffraff
0 replies
2d12h

Personally, I feel about Apple Intelligence only slightly more positive than MS Recall.

I mean, sure, private cloud looks as good as something can be without being open source and self-hosted, but it seems nobody considered the fact that I do not want everything I do to be tracked.

If this was a per-app opt-in then maybe but as it has been presented this is pure distopia.

logicchains
0 replies
2d12h

when Google gets it wrong, it's a big issue, but not for the other.

Because Google was presenting the AI-generated answer as the top query result, implying it's the most relevant/factual answer. OpenAI (and Bing) make it clear you're talking to an AI chatbot, which most people wouldn't expect to be as reliable/accurate as the first result in Google search.

greenthrow
0 replies
2d12h

You are failing to appreciate how the things are different and this is why you are baffled by the different responses.

jjcm
17 replies
1d22h

Recall suffered from a classic Microsoft mistake they've made time and again, but never learned from - how to correctly market and package your feature.

Microsoft always tends to "go big" with their integrations, often to their detriment, in order to increase adoption of new features. One notable time was with Windows 8. They really, REALLY wanted people to try out the new Metro UI, so they deeply integrated it into the OS, pushed it in every marketing campaign, and made it the first screen you saw on login. There were some great features in it - better performance and better search results, but it wasn't opt in. The reaction from customers who took a casual look was, "they removed the desktop!". It wasn't true, but because of how overzealous MS was to push the new feature, that became the takeaway.

The same thing is happening here - Microsoft pushed what objectively is a great tool, but they did so in a way that never gave users a choice of whether or not they wanted it. They've also framed the messaging and marketing in a way that's confusing to what is actually happening. Look at the amount of talk in this blogpost dedicated to mentioning how important security is for them, without ever actually going into what the security issues are or how they're addressing them.

Sloppy marketing + forced integration has bit Microsoft so many times now. I'm always shocked that they never learn from this.

plopilop
7 replies
1d21h

How is this objectively a great feature? This is a spyware that stores screenshots unencrypted (and thus accessible to any other spyware). I am also not convinced that the AI tools would have been offline, thus effectively sharing your whole data with Microsoft (even more than before).

From a privacy perspective, this feature is an abomination

jjcm
3 replies
1d18h

I'd caution us to separate out the feature from the implementation.

The feature provides the ability to search through all of the previous things you've done and gain context in an instant, in a way that can be queried with natural language. I think we can agree what it aims to achieve is beneficial.

The implementation is what you're debating. I see these are two separate things, but they play hand in hand. If you get the implementation wrong, it can easily tank the feature.

Still, the documentation for this seems to disagree with what you're saying.

This is a spyware that stores screenshots unencrypted

This page[1] states "Snapshots are encrypted by Device Encryption or BitLocker". They suggest that things aren't shared with Microsoft, though I totally understand the skepticism there.

[1] https://support.microsoft.com/en-us/windows/privacy-and-cont...

Everdred2dx
1 replies
1d11h

While the claim that Bitlocker is used to encrypt them is true, it’s really not good enough here. The files are unencrypted during a live session, which makes them an easy target for malware.

tremon
0 replies
1h42m

Not just during a live session -- whenever Windows is running. Nobody needs to be logged in or actively using the machine for the files to be readable in unencrypted form.

Sophira
0 replies
1d11h

This page[1] states "Snapshots are encrypted by Device Encryption or BitLocker".

That sounds like it just means it's encrypted at rest - ie. while you're logged out - but transparently decrypted in much the same way as everything else on the system while you're logged in. That is to say, any running malware would have just as much access as it would do on a system that doesn't use encryption.

From a functional point of view, it can be treated as being equivalent to being unencrypted, with the exception being when you aren't logged in - at which point you're not running any programs anyway.

jbotdev
0 replies
1d21h

I’m not sure an “objectively great” feature exists, because “great” is such a vague and subjective term.

I think it’s more productive to discuss it in terms of the use cases and who they benefit.

dbish
0 replies
21h47m

Many users were paying for this from a 3rd party already (rewindAI)

NegativeK
0 replies
1d21h

"Objectively" is very strong, but I'd love a tool like this.

Except it's so thoroughly invasive and ripe for abuse that I can't imagine ever using something like this that isn't open source and thoroughly vetted. And I think your very valid points are stemming from that -- MS's implementation was hamfisted and halfassed, and people don't trust them even if they do it correctly. But those are issues with the implementation and the implementer, in my mind. Not the conceptual feature.

IAmNotACellist
3 replies
1d21h

What's funny is if they had marketed it as Apple does (and had as much credibility as Apple does among their fans) then everyone would love it. I seriously doubt they intend to do much different than "Apple Intelligence." I.e., local access to all your data and uploads of data you use on cloud apps.

ubermonkey
1 replies
1d21h

then everyone would love it.

I do not think this is at all true.

Recall as implemented is an absolutely security and privacy nightmare, and would absolutely become a tool of oppression for abusers. MS deserved to reap the whirlwind here, as would any firm that offered the same sort of feature.

alsetmusic
0 replies
1d21h

as would any firm that offered the same sort of feature.

I’m reminded of the backlash to Apple’s plan to have on-device scanning for CSAM in (I think) 2021. It blew up badly for them.

slashdave
0 replies
1d21h

There is no equivalence. Apple has been building on this technology for years now, all with a focus on privacy. Microsoft neither has the engineering talent, the time, nor the development ecosystem to catch up.

tacocataco
0 replies
18h32m

Can't users just not want a feature?

Why bother using psychological tricks to fool the user into compliance when you can just use that time and energy to make a better product?

mihaaly
0 replies
1d7h

Microsoft pushed what objectively is a great tool

... excuse me!? Complete surveillance being a great tool?! Objectively great tool?! Maybe in China, yes.

hn_throwaway_99
0 replies
1d14h

The problem is not marketing. The problem is the tool is fundamentally not secure, and in my opinion, fundamentally not securable without major changes.

The core issue is that everyone has things on their computer that they want to be transient. I don't ever want my computer taking screenshots when I'm entering, say, my credit card number. More importantly, though, I oftentimes have text editors containing "scratch pads" that may contain sensitive data that I never want to persist.

Microsoft just never thought through the security implications of this feature.

cubefox
0 replies
1d6h

The same thing is happening here - Microsoft pushed what objectively is a great tool, but they did so in a way that never gave users a choice of whether or not they wanted it.

Citation needed. I highly doubt this is true.

Kwpolska
0 replies
1d10h

With Windows 8, Microsoft thought that tablets and touchscreens were the future, and Metro was designed for those. Tablets being the future of computing meant they made the new experience the default. Turns out keyboards and mice are still vastly more popular a decade later.

Rinzler89
13 replies
2d

What a dumb feature. They had to get all that backlash to understand why everyone wouldn't want it. Is someone at Microsoft taking crazy pills to think consumers would be into that?

They pulled the exact same shit 11 years ago when they launched the Xbox One as a "home media center" instead of a gaming console and it came with mandatory always-on internet connection, disc games DRM tied to a single console unable to lend them to a friend, and with Kinect camera, and just like this time, it took community backlash to get them to roll back on this shit while Sony was having the time of their lives seeing how the succes of the PS4 was already in the bag from the start before they evens started.

What is wrong with them? Does Microsoft think consumers are stupid masochists who enjoy being shit on by megacorporations while paying for the privilege? Does Nadella not look into the stupid decisions his execs are making and make necessary organizational adjustments to prevent stuff like this?

People shit on Steve Balmer but I don't remember Microsoft's products having that level of anti-consumer disrespect during his tenure. Sure Microsoft Zune and Window Phone 7-10 eventually flopped, by not because they had anti-consumer features but because they were too late and not very popular. And the Xbox 360, despite the Red ring of death was still smash hit. Now, Microsoft is an even richer company that during Balmer's tenure but it's products seem way more anti-consumer.

Edit: sorry for the overuse of the word shit, I'm just angry

resource_waste
4 replies
1d23h

Lets be honest, if Apple did it, it would be hailed revolutionary.

Different customer base.

alt227
3 replies
1d22h

To enforce your point, rewind.ai has been doing it on mac for a while now and I havent seen anything but good reports about it.

https://www.rewind.ai/

Rinzler89
1 replies
1d22h

I'm not sure how I feel about a product whose page still says ©2023

slater
0 replies
1d21h

A.I. is notoriously bad at math

acdha
0 replies
1d20h

That’s the difference consent makes: I’ve heard criticism of that product but it was always “I will never use this” rather than “my root of trust is untrustworthy”.

digging
2 replies
1d23h

It's not as stupid as you're making it out to be.

For almost all tech companies - hell, almost all companies in the modern world - customer abuse is a first-class strategy. Some push it further than others, some are more blatant than others. It's probably not about them being insanely out-of-touch with what people want, but about them miscalculating what people will tolerate. Microsoft seems to be willing to push things a little further because, why wouldn't they? They got people to install Vista, then 7, then 10, then 11, all increasingly abusive.

zubspace
0 replies
1d22h

Yeah, and if you do that long enough, eventually there will be generation of consumers which think that it is totally normal.

I remember a time, when I set specific firewall rules for each application. A time where I would never allow to share my location. A time where I would never link my google account to other services. But as I grew older I stopped caring because I have other stuff to do.

The problem is, that those companies have time on their side. They can do whatever they want, back out, constantly rebrand stuff and confuse their users until we eventually give up. And at some point a large part of the population stops caring, because it's a fight, which is very hard to win. I hate it, but I have not the strength, time and will to push back.

Rinzler89
0 replies
1d11h

How was Windows 7 abusive?

yakz
1 replies
1d23h

Adobe just forced through a EULA update (for creative software tools) that was at least somewhat widely interpreted as practically granting Adobe ownership of the work product of their users and their stock is (/checks notes) up 14% today.

Rinzler89
0 replies
1d11h

Wallstreet rewards rent seeking.

staunton
0 replies
1d23h

Does Microsoft think consumers are stupid masochists

Microsoft thinks their product has no agency (and they are mostly right, just not always)

jahewson
0 replies
1d22h

To answer your question about the Xbox One, I visited Microsoft Research during the development of the 2nd Kinect and the researchers were excited about all the technology they were going to pack into it and the great success that it would be - compared with their usual business of making prototypes that never see the light of day or are quickly killed off.

It’s well known that Microsoft is a very divisional company with internal frictions, and I think what we saw with the Xbox One is that anyone who convincingly could shove their technology into the product lobbied hard for that. Perhaps because they knew the alternative for them was irrelevance.

ahmeneeroe-v2
0 replies
1d20h

Minus the mandatory always-on internet and DRM, that sounds 10 years ahead of its time. During covid I was really hoping that Microsoft would launch videoconferencing through Kinect (which was sitting unused in a closet in my home). Looking back the XBone wanted to become what my Apple TV has ended up becoming. Agree 100% on the awful delivery of the whole thing though

7thpower
12 replies
1d23h

This is not a must have feature for me, but I am interested to see how it unfolds and I can definitely see it being useful in the future.

I do think they bungled the launch by not thinking through the security implications, and particularly how many sensitive threads this crosses.

That being said, they took a risk, it did not go over well, and they’re adjusting. I am sure I will get flamed, but I appreciate the approach.

bachmeier
8 replies
1d23h

I think there's more to it than that. After a while, they say "We're going to send some of your information into the cloud to give you a better experience." Then a while after that, you have to click the button giving permission to send all your information to the cloud or you can't use Windows.

In spite of claims often made on this site that nobody understands or cares about privacy, people do care and understand when it's something this obvious and this extreme.

hbn
4 replies
1d22h

Or at the very least, every other week when your computer forcibly updates itself as Windows likes to do, and you go through your 127th iteration of the onboarding process to your own computer that you've owned for 4 years, one of the new steps will be "Enable Copilot for an improved experience!" with a big "Enable" button and a tiny little piece of text that you wouldn't know was clickable for "More options" which spawns a button labeled "Leave off for now (not recommended)"

disqard
3 replies
1d21h

I don't know why you're being downvoted.

This is Microsoft's enshittification, which crossed a personal threshold for me -- "don't worry, everything's right where it was", but subtle nudges to accept further "opt-in"s that are hidden behind UI Dark Patterns.

I wonder if Satya is dancing right now...

hbn
2 replies
1d21h

I literally have to "set up my computer" like 10 times a year now every time there's a seemingly "big enough" update, and it's just carefully navigating menus trying to get me to sign up for Microsoft services and trick me into switching to Edge

A couple updates ago they put a bunch of new shit on my lock screen, like stocks and news articles or something, which I disabled immediately. And then the last update made my clock disappear which I can't even be arsed to figure out if that's a setting or a bug. Just do whatever you want with my computer at this point I guess, Microsoft. I just want to play a game.

Narishma
1 replies
1d17h

I got tired of that shit years ago and switched to PS5 for gaming and Debian for everything else.

hbn
0 replies
1d10h

I do have a PS5 but I prefer purchasing games on Steam if I have the option since I know those games are practically guaranteed to be forward compatible long term. I’d love to ditch Windows though. I hope Valve continues to make progress with Linux gaming with the Steam Deck.

Thorrez
2 replies
1d23h

Does Recall work locally? If so, why would it send data to the cloud?

renegade-otter
0 replies
1d23h

Because the whole point is to collect massive amounts of data to "train" their AI.

AI is the new Big Data, but instead of just wanting your basic information, where you moved your mouse, and how long you stayed on a page, they want all of it.

johnfernow
0 replies
1d20h

Windows user accounts used to work locally. At some point during Windows 10's life it became a hassle to use a local account on a new computer. Now in Windows 11, short of modifying the ISO or using other unintuitive workarounds (some of which Microsoft has patched out), you are required to be connected to the Internet and use a Microsoft account when setting up your new computer (even for Windows 11 Pro!) If despite that you choose to work around that requirement, several features are disabled, including ones that enhance security!

Notably, you lose out on full-disk encryption on Windows 11 Home. On Home and Pro you lose out on facial recognition login (Windows Hello), which can be a useful tool for avoiding shoulder surfing attacks in public. But by using a Microsoft account, your computer's password can be reset remotely. There's no way (official or otherwise) to maximize security on Windows 11. Outside of Enterprise, there's not even an official manner to setup an air-gapped Windows 11 PC!

Until they received massive backlash, Microsoft planned on requiring Xbox One users to have a Kinect (camera, mic, and motion sensing device) connected at all times when the console is on, as well as connect to the Internet once a day to use the console. https://www.pcmag.com/news/microsoft-xbox-one-wont-require-k...

To an extent the theoretical concerns that people are stating about Recall sound like paranoia, but the examples above show Microsoft has a bad history when it comes to privacy. Connecting Recall to the Internet sounds like a terrible idea, but so does restricting/limiting local accounts on Windows and (planning on) mandating that your home game console has a camera and mic connected and is connected to the Internet each day.

Unfortunately, they also have a bad history when it comes to security. Recent example: https://www.theverge.com/2024/4/3/24119787/microsoft-cloud-e...

From the article, the US Department of Homeland Security claims that Microsoft has "a corporate culture that deprioritized enterprise security investments and rigorous risk management."

So while on the surface the concerns about Recall seem unreasonable, I think the fear is more understandable given Microsoft's many previously unthinkable actions, in addition to their poor security.

layer8
2 replies
1d23h

What’s damning is that they didn’t foresee the obvious reaction. It’s characteristic of the bubble that informs their product design decisions.

ryandrake
1 replies
1d22h

I would guess that many low-level workerbees in Microsoft foresaw the obvious reaction, but it's career-limiting to tell the emperor he has no clothes, when the emperor surrounds himself with sycophants who only tell him YES.

disqard
0 replies
1d21h

This is probably endemic to Big Tech now -- the chorus of AI, AI, AI is still growing, and that's all the execs want more of.

MP_1729
9 replies
1d23h

Satya Nadella's Microsoft is such a weird company. It's like there's one side of it that is running with Zuckerberg's "move fast and break things" and the other side is saying "wait, we're the most important software company in the world! Things can't break!"

TillE
2 replies
1d18h

One side is open-sourcing .NET and VS Code and running GitHub well and making vcpkg. The other is crapping up Windows with embarrassing ad-ridden F2P games. It's really weird.

sunaookami
0 replies
1d

open-sourcing .NET and VS Code

They didn't open-source the debugger so that you have to use VS or VSC. VS Code also has shittons of telemtry (same for dotnet LCI) and when you use Codium you are (officially) not allowed to use their marketplace.

running GitHub well

GitHub is down nearly every week and constantly has problems. I appreciate them making certain features free though.

Nition
0 replies
1d11h

One side preserving backwards compatibility through the past 30 years, the other replacing the taskbar and losing half the features.

wvenable
1 replies
1d22h

This is a pretty insightful comment. That's exactly how it feels. The core of their technologies have never been more solid, including Windows. But then on top of that solid core is a bunch of "move fast and break things" and short-term profit choices that make the whole thing seem awful.

hypeatei
0 replies
1d7h

Don't forget the ones that can't get a simple chat app to work right (Microsoft Teams) or the ones redesigning outlook which introduced a shit ton of bugs.

It's amazing that humans as a collective have decided that private corporations are the best way to progress as a civilization.

rchaud
1 replies
1d21h

Even before Nadella, MS took insane risks with Windows. Ballmer oversaw the disastrous Windows 8 wigh the fullscreen Start Menu, which was hated far more than Vista ever was. W8 didn't even last 3 years before being replaced by Win10.

And that's to say nothing of the decade-long attempt to compete with Google and Apple in mobile with Windows Phone/RT/Nokia, which Nadella mercifully unwound.

jmkni
0 replies
1d2h

I'm one of the very few people who genuinely loved Windows 8

makeitdouble
0 replies
1d10h

One side is targeting corporate business, the other is for end-consumer.

The eye opener for me is the Surface Pro 10 only existing for businesses. They cared to design and produce the whole device, but not ship it to regular customers. That whole market is forced to go to the more experimental copilot line instead (which could arguably be great, but you don't get to choose in the first place)

cedws
0 replies
1d21h

Microsoft don't want to miss out on another big industry so they're compensating by trying to frontrun everyone whilst trying not to fall over.

ChicagoDave
8 replies
1d23h

This is only the beginning of AI-centric offerings that were oversold and will be delayed or quietly abandoned.

LLMs are nice for simple things, but they’ve already reached their limits. No amount of data will solve the iteration and complexity problems.

surfingdino
2 replies
1d23h

Every month I am in meetings where LLMs are being considered for applications they are absolutely not the right fit, but the answer to my concerns is "we need more AI advocates". These conversations are led by people who never actually read a single paper on LLMs or tried them in real life. They have no idea about risks, but plough on because their clueless bosses told them to come up with a plan to use AI.

potatolicious
0 replies
1d23h

I remain very skeptical that most companies or products can or should integrate with LLMs - and I say this as someone who works on a LLM-based product!

Overall I feel like our industry has lost the plot to a large degree. Hype has always to some degree exceeded the merits of the technology-of-the-month, but the last few cycles have been truly extraordinary in terms of the gap between the breathless hype and the reality of the tech. It's LLMs now but before it was crypto.

It just seems like we're stagnating as an industry, and rather focus our efforts on the hard R&D needed to reach the next Big Thing, we've decided it's much easier just to focus on cults of personality combined with vast over-hypedness.

jabroni_salad
0 replies
1d22h

Honestly, people just need to touch a hot pan every now and then. Let them slap their LLM onto something low-stakes and experience the results for themselves.

Everyone does, it's just that some of us have the decency to do it in a homelab or on a cheap proof of concept first.

xcv123
1 replies
1d21h

The delay of Recall has absolutely nothing to do with technical limitations.

ChicagoDave
0 replies
1d12h

The marketing was 100% trying to sell AI built into a new version of Windows. They completely jumped the shark because of technology.

That they weren’t thinking it through is endemic of everything going on relating to LLMs.

BriggyDwiggs42
1 replies
1d23h

Wait how do we know that they’ve reached their limits?

ChicagoDave
0 replies
1d12h

If you understand how vector databases work, you realize that LLMs can only tell you what is in the data. There’s no such thing as perfect data except maybe for things like tax preparation or tic-tac-toe.

Inherently, no LLM can provide a solution based on a creative logic it does not possess.

It’s that creative logic that has not been invented/automated yet.

wvenable
0 replies
1d21h

Nobody has argued that this feature doesn't work. In fact, it probably works really well which is why Microsoft has been pushing it so hard.

ulfw
6 replies
2d13h

What are MSFT Product Managers doing these days? This was one of the worst launches in recent years.

Has Microsoft fallen victim to AI panic like Google has? Do people dare to speak up and say no to Satya and Sundar?

surfingdino
2 replies
2d12h

Microsoft suffers from bad memories of dismissing the importance of internet, then missing the boat (a failing 3-4 times) on personal music players and music/video streaming, followed by failing to capture any meaningful smartphone or tablet market share, and still playing catch up in the cloud computing space. They went all in on AI, because they want to own the next platform that others will build on top of. Their problem is simple, AI is not the next platform to build on top of. It is not the next internet, not the next operating system, it is a research project with way too much funding.

pjmlp
0 replies
2d11h

Additionally, they messed up so much the WinRT/UWP/WinUI developer experience, that most of us that advocated for the technology, feel betrayed and aren't going to advocate for anything else, other than regular .NET and the pre-Windows 8 desktop technologies.

IshKebab
0 replies
2d12h

AI is way beyond a research project at this point, and the level of funding doesn't seem totally unreasonable given its potential.

But I do agree it isn't a "platform".

beefnugs
1 replies
2d11h

Here is some brand new level of bullshit happening: they are deploying these NPU on all new processors. But with ZERO proper user consent and control.

The bare minimum of proper operating system or driver feature is that I can choose NO I dont want anything running on my NPU, unless I approve it specifically. Fuck youtube's new eyeball tracking on their ads running on MY hardware without the slightest consent.

Zee2
0 replies
2d11h

Fuck youtube's new eyeball tracking on their ads

That was a meme posted by a popular Twitter user who creates humorous Black Mirror-esque UI mockups.

sebazzz
0 replies
2d3h

I believe this is separate from that. Generally it is believed that the admin the "airtight hatchway". They stil could have encrypted the recall database with DPAPI though.

barbariangrunge
6 replies
1d23h

What is recall ai?

tedivm
4 replies
1d23h

It's a system microsoft designed that took regular screenshots of what was happening on the desktop, stored them in a sqlite database, and then allowed people to ask their "AI" questions that would take into account literally everything they user has ever done on their computer.

People pointed out that this would record things like people watching porn, typing in banking credentials, viewing bills, filing taxes, etc etc. The thread of having these sqlite database leaked, combined with the amount of malware and randomware already out there, made a lot of security folks get very very concerned.

simonw
2 replies
1d23h

I didn't think Recall was about answering questions - there was no LLM component - so much as it was about being able to search your history, based on a combination of SQLite FTS against OCRd text plus CLIP-style embeddings-based semantic search against the content of those images.

tedivm
1 replies
1d1h

Microsoft says Recall lets you find anything you've seen or done on your PC with a simple search query, and it's powered by state-of-the-art large language models, which can understand various content on your PC, like text, images, and videos. It works in any application, so you can search across your computer.

https://www.wired.com/story/everything-announced-microsoft-s...

barbariangrunge
0 replies
1d2h

That’s horrifying

wruza
4 replies
1d23h

Recall uses local AI models built into Windows 11 to screenshot mostly everything you see or do on your computer and then give you the ability to search and retrieve items you’ve seen. An explorable timeline lets you scroll through these snapshots to look back on what you did on a particular day on your PC. Everything in Recall is designed to remain local and private on-device, so no data is used to train Microsoft’s AI models.

https://www.theverge.com/2024/6/13/24178144/microsoft-window...

Had to look it up, sharing to save someone a minute.

tmpz22
2 replies
1d23h

Newer Apple Intelligence features will require 16gb ram and new M-series chips to run on-device. How is Microsoft able to release wide-spread features on device when there is a much diverse ecosystem of lower-powered, low-cost, windows devices??

wilsonnb3
0 replies
1d23h

This feature is exclusive to PCs designated as CoPilot+, which requires 16 gigs of ram and a NPU of a certain speed.

Sir_Twist
0 replies
1d18h

Apple Intelligence works 8 gigs because of the phone's ram limit, no?

beretguy
0 replies
1d23h

Everything in Recall is designed to remain local and private on-device, so no data is used to train Microsoft’s AI models.

Not yet.

nofunsir
4 replies
1d23h

There was a post on HN not too long ago about a random 3rd party/open source tool that does exactly this, no? When I first heard about Recall AI, I immediately thought back to that HN article, but can't find it.

janjones
1 replies
1d22h

What an irony. If you had Recall or that tool you mention installed, you could probably find it easily :D

alt227
1 replies
1d3h

You mean rewind.ai

ruuda
3 replies
2d12h

The lack of a formal market for land has not made land any cheaper, it has simply shifted the price from being denominated in money-dollars, to time-dollars and pain-in-the-butt-dollars.

Vitalik writes about this too: https://vitalik.eth.limo/general/2021/08/22/prices.html

slicktux
2 replies
2d12h

Off topic??

nextworddev
3 replies
2d

This is what happens when a 3 trillion dollar company moves fast and breaks things

resource_waste
2 replies
1d23h

It doesnt help that M$'s reputation is awful.

How many different ad screens are on windows 11? How many privacy things did I need to check or uncheck for privacy? Why did the ads come back after I disabled it? Why did onedrive takeover my documents?

Microsoft isnt trustworthy.

I have begun my migration away. I only use Microsoft for programs my customers use. MSTeams(webapp isnt good enough for high stakes b2b), and Windows for a specific niche application.

Everything Microsoft says is met with an anti-consumer lens. They earned it.

wvenable
0 replies
1d21h

How many different ad screens are on windows 11?

How many are there? Admittedly I use a Start Menu replacement so I don't see ads there but I don't see any ads anywhere else.

FactKnower69
0 replies
1d22h

This feature wouldn't even be the worst thing in the world if it was strictly opt-in like every other piece of software you would run on your computer; the reason everyone is so fucking sick of Microsoft's rollouts is the way they trample over user consent by replacing every instance of "No" in their UI with "Not now" or "Remind me later", eventually hijacking your computer and forcing it to shut down and install updates while you were using it if you dare postpone their "optional" rollout for too long

It's just extra funny when the software you're being bullied into nonconsensually installing on your own machine is also literally spyware that screenshots your desktop every few minutes

hnpolicestate
3 replies
1d23h

You know what would be catastrophically bad? A Recall AI feature being baked into Android.

Like most people don't actually use personal computers anymore, even laptops aren't common among demos younger than millennials. I can tolerate switching to Linux or buying a steam deck.

But if this became a hard coded feature of android or iOS I'd have to give up smartphones entirely.

Gormo
1 replies
1d21h

I'm sure Lineage, Graphene et al would immediately remove it.

Something like that would likely also motivate a surge of interest in pure Linux phones, like the Librem or PinePhone, which would accelerate their development, and might be a net positive.

okanat
0 replies
1d18h

Graphene maybe but it has a very limited set of devices it works on. Lineage may not be actually. They rarely go against what Google does.

Developing any normal user facing OS with lots of bells and whistles so it has a useful and modern closed-source friendly app ecosystem is insanely hard. It is the huge software stack that Google put in Android that makes it nicer for many app developers to make apps for it. Those basically un-Linux the Linux parts of it to provide stable interfaces.

I don't think this will change in the open source world in the next 3 decades and with increasing hardware complexity I expect even less success from independent Linux phone projects.

If such a project wants to be successful it has to do many things against the usual Linux. I don't see that happening without any corporate support.

gigel82
0 replies
1d18h

That's basically what Apple announced with the their semantic AI integrations; they didn't call them screenshots because they're smarter than Microsoft but it's the same thing (actually, slightly worse, since their "AI" is not only local, but can reach out to the "private cloud" under unspecified conditions).

azinman2
3 replies
2d12h

I don’t understand how the gap was so large between them saying this data was encrypted/protected and people easily being able to get the raw data. I know once you’re on someone’s machine in a way all bets are off, but it feels like this should have had far greater security attached to it. It doesn’t seem to even match their promises. Couldn’t this have been seen a mile away?

sqeaky
1 replies
2d12h

I know microsoft has crap security, but in this case they probably aren't lying about it being encrypted. Encryption for storage simply isn't a solution that most people need for security of data on their devices. It pretty much only protects against the threat of a device being stolen, and that simply isn't the way most people lose their data. Almost every virus runs as the main user of the PC, so almost every virus will be able to decrypt the recall storage.

Microsoft should know this so it is easy to say they were disingenuous even raising this as a point. If Windows is to be secure it needs to fundamentally change its security model and that means breaking compatibility with a huge number of applications. So that probably can't happen.

azinman2
0 replies
1d23h

macOS and iOS have later rolled out methods of data containerization on top of existing file systems. Microsoft certainly has the talent to do this as well. They shouldn’t have shipped a product without the necessary requirements in place - it’s quite obvious the sensitivity of this data.

ankushnarula
0 replies
2d12h

The fact that Recall data and screenshots are only protected at the file system level reinforces the reality that Windows lacks user-centered privacy and security. Microsoft is content to rest their laurels instead on system level control.

skilled
2 replies
2d

And why the corporate speak? They messed up and that’s the end of it.

Where is the acknowledgement of getting owned two days after announcement? Where is the acknowledgment of having an understanding of the issues this poses and how they are going to address them?

Make no mistake that this feature was in development for a long time, with resources allocated to it. And throughout all that process, Microsoft thought this is a great and safe feature for the users.

And yet here we are.

ttyprintk
0 replies
1d23h

If they're not careful, then the neural processor and even Pluton become a badge that the machine runs Copilot Windows, and new machines not meeting those requirements just run Windows.

rsynnott
0 replies
1d10h

And throughout all that process, Microsoft thought this is a great and safe feature for the users.

I’m fairly sure plenty of people in Microsoft would have realised that this was a terrible feature. But sometimes, it is easier to just let emperors go shopping for new clothes.

neogodless
2 replies
1d23h

I'm a bit confused by the headline chosen for the submission (but the update doesn't do much to clarify).

The original is this:

Update on the Recall preview feature for Copilot+ PCs

Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks.

To be clear, it may be delayed for public release, but it is still shipping to Insiders (possibly on June 18, 2024 but in the coming weeks indicates later).

With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.

Further...

...we plan to make Recall (preview) available for all Copilot+ PCs coming soon.
kmlx
0 replies
1d10h

Copilot+ PCs

not being accustomed with microsoft products i initially read this as copilot “plus” pcs.

Hasu
0 replies
1d22h

The headline is correct. I have seen people believe that "indefinite" means "permanent", but it just means "undetermined". It is delayed, but we (and perhaps Microsoft) do not know for how long, so the delay is indefinite.

jrflowers
2 replies
1d22h

I love all of the “I see how this could be useful software. I’d maybe use it!” comments.

Since this functionality can pretty much be replicated with OBS Studio + a keylogger I would love to know what keylogger/screen recorder software combo everybody is already running on their own machines

alt227
1 replies
1d3h

The data capture could, but the part where you ask AI a humanised query and it will search your data for you couldnt.

jrflowers
0 replies
21h4m

Surely you could just pipe the output of your keylogger to chatgpt or a local llama instance. Voila!

cedws
2 replies
1d21h

If Apple did something like Recall, they'd run the whole thing on a separate secure chip somehow and encrypt the data with a (actual secure) enclave.

Microsoft are doing this the quick, dirty, lazy way by just embedding it into the OS. Lack of vertical integration is also haunting them.

skydhash
0 replies
1d19h

Apple is already building the same set of features. But because everything is so centralized (Apple’s frameworks and dev tooling are good) they can do stuff without recording your activities. Especially with so many people using the default apps, and the integration with Siri that already exists.

gigel82
0 replies
1d18h

Of course, everything will be encrypted, then securely transmitted over to their servers and promptly decrypted when requested by the authorities (see Apple in China and CCP's key to iCloud).

appstorelottery
2 replies
1d23h

I'm impressed that Microsoft seems to be listening to the tech community - now if only they would address telemetry I'm back in!

phyrex
1 replies
1d22h

I work on dev tools at my company. Telemetry really helps a ton to figure out if you're prioritizing the right things and if changes that you made are really for the better

Ylpertnodi
0 replies
1d16h

Opt-in, or opt-out?

methuselah_in
1 replies
1d23h

Well I guess got scared because people will install Linux?

cybwraith
0 replies
1d21h

Windows 11's disaster of changes had already pushed me to decide to go full linux on my PCs, this was the straw that got me to stop being lazy and actually execute on that decision.

frithsun
1 replies
1d22h

What's interesting to me is that AI hype accidentally got non technical people thinking and talking more about their privacy and security concerns relating to software.

There's nothing sinister about LLMs relative to the kind of data collection big tech has been up to for years and years. It's just that all the AGI spin has triggered a defensive response in people.

Positive, in my opinion. People should be approaching tech privacy concerns with fear, uncertainty, and doubt.

hbn
0 replies
1d22h

There did not previously exist screenshots of everything my monitor displays any time I'm using my computer, and I don't want that data to exist. Sure, a lot of my activity could be pieced together from various other things that track my activity, but constant screenshots of everything that was on my monitor is a centralized goldmine of data that I don't want anyone to have access to.

I'd say that is more sinister than most other data collection.

finkin1
1 replies
1d23h

I wonder if MKBHD's podcast discussing the feature is the cause of the backlash: https://www.youtube.com/watch?v=kg8uJXSRhKo. I think they do a fairly good job talking about the pros/cons of the feature. It definitely seems insane that raw screenshots would just be accessible on the device.

alt227
0 replies
1d3h

No, I saw this video come out after the backlash. I assumed MKBHD was jumping on the hype.

eigenvalue
1 replies
1d22h

Unless I'm understanding this wrong, 99% of computers out there wouldn't even be able to run this anyway, since it requires a special neural processing chip that supports 40 trillion operations per second (and this can't be the GPU). So basically only Microsoft's own brand new Surface models could even use it in the first place.

SimianSci
1 replies
1d20h

For those who have not been keeping up with recent events. The United States government, is currently reevaluating its relationship with Microsoft due to recent security issues related to Russian and Chinese state-funded attacks.

[Microsoft Storm-0558 Incident, cited as a recent example] https://www.microsoft.com/en-us/security/blog/2023/07/14/ana...

Microsoft recently pledged to improve its security practices through incentives to executive pay and other initiatives.

[Microsoft Blog on recent Commitment] https://blogs.microsoft.com/on-the-issues/2024/06/13/microso...

Despite these pledges, several members of Congress are making it known that they dont see Microsoft as being serious about their recent commitments around security. It is worth noting that several of these members of congress influence how much Microsoft gets paid. The Recall feature is often used as a lightning rod to bring to light the rushed rollout of Microsoft's features without concern for security.

[Video with timestamp of Microsoft's President being questioned by Florida Congresswoman, Recall mentioned] https://youtu.be/kB2GCmasH4c?t=8217

While I suspect there may not be any sole reason for the release delay, it would seem to me that having Microsoft's biggest customer using Recall this way, may greatly influence the company's decision to hold off on the release.

akira2501
0 replies
1d16h

improve its security practices through incentives to executive pay

Oh! It was lax executive pay that led to the problems.

upbeatlinux
0 replies
1d23h

A total recall

tylerchilds
0 replies
3h45m

i was recently filming on a reality show and i used recall as an example of why my system is important.

i’ve been building an end to end encrypted system, to secure cross platform interactive collaboration and that broke the threat model.

i can only guarantee security insofar as the host operating system doesn’t bypass my security by taking pictures of your screen every three seconds.

i hate that i’m going to need to lean into that, but for the first time in my approaching twenty years in technology, non technical folks are understanding cybersecurity better because it’s so clearly against their day to day lives, expectations, and interests.

sagebird
0 replies
1d15h

Nevermind the security and ethical issues.

The implementation will be a slog, annoying, and distract from something that Microsoft ought to care about: creating a delightful, snappy experience.

Why isn’t recall a piece of software instead of an operating system integration?

Can apps spawn apps? Like, if you want chrome session recalled- open recall, then open chrome from there?

Why does every new feature need to enshitificate the operating system? Isn’t that an indication that the operating system doesn’t give app developers enough expressive power to create tools that they must go up the hierarchy and reach for OS modification?

porcoda
0 replies
1d21h

I’m not sure Microsoft will ever achieve the level of trust they’d need to make things like this feature ever be acceptable. I’m sure in parts of the company they care about user trust quite a bit, but those people will never be able to counter the actions that the “maximize revenue at all costs” people take that undermine trust left and right. I don’t see them putting “build and maintain user trust” as a corporate goal that they ACTUALLY try to achieve (not just use as a corporate feel good statement), since “maximize shareholder value and revenue” will always win.

pcloadletter_
0 replies
2d

But hey, at least Microsoft got to increase their stock price from the initial, hasty announcement, right?

ofslidingfeet
0 replies
1d23h

Maybe the powers that be will have to come to terms with how they have *completely fucking obliterated all public trust in any large institution*.

npalli
0 replies
2d12h

Good call on the no-call for Recall.

nnurmanov
0 replies
1d12h

This kind of delays always amuse me. Did they conduct user research after they come up with the idea? I highly doubt that all 100% were happy about it.

ngrilly
0 replies
1d23h

That’s a product recall.

nashashmi
0 replies
1d23h

Guess the sh!t they thought they could force down everyone's throat (like the Windows 11 bar) has a recoil effect.

mrandish
0 replies
1d1h

Once they do deploy it, I'll immediately disable it. And not even (primarily) because it's invasive and intrusive but because it'll be mostly useless to me AND it'll further clog my still-occasionally-laggy 4B cycle/sec PC with more unnecessary background tasks while sucking battery life and storage space for little benefit.

I resent that they continue to invest significant resources in buzzy new features like this (which no user asked for) to drive conceptual agendas decreed by MSFT leadership while continuing to ignore fixing the core Windows feature in this area: Search. The Windows built-in search function has always been so slow and limited it's nearly useless. It's so bad MSFT should be embarrassed. Meanwhile, the free Everything add-on shows exactly how it should be done - delivering global file search that's blisteringly fast, flexible and deeply capable. And it's written by one guy in his spare time (https://www.voidtools.com/).

Note: I assume above that MSFT will be forced to offer a way for enterprise IT departments to disable this via Policy Manager (because NSA and others with sensitive intel or IP will balk without a way to disable it).

mihaaly
0 replies
1d8h

Delay?!

Will recording and storing all your activity ever be secure? Suddenly in the future it will flip and become secure or what do they expect from the delay?

Ah, yes, I see, they want to delay until people are not concerned anymore. Cooking them slowly in increasingly worse privacy violations than throwing them into a hot one at once. Works with frogs. And users of modern gadgets.

Instead of waiting they'd better making it a product that those have no concern can download now, and perhaps even paid for in exchange for the mass of data they provide. It could even be a separate operating system lets say Windows 1984 that users are paid for using it. With webcam on all the time and no stars in password fields. Alternatively it could be called Windwos Beijing and have mass orders from the folks there.

midtake
0 replies
1d22h

I don't think Microsoft understands security. They use phrases like "secure by default" as if Recall is anything but, and it looks like "just-in-time" security requires Windows Hello, which I also don't want.

I'm sorry but what little faith I had in Windows has absolutely dried up. If I didn't use Windows for video games with an Nvidia card, I would have no personal use for Windows. MacOS and Linux have been amazing lately and it seems like a downgrade every time I switch to my windows PC.

mannewalis
0 replies
2d1h

Lol this isn't about helping users, this is about creating training data for MS to use to train their models.

lemonlime0x3C33
0 replies
1d20h

I have been dual booting for years but this has been my motivation to officially abandon windows at home, just need to figure out how to play civ 7 when it comes out next year...

iscrewyou
0 replies
1d11h

I keep seeing this headline and they keep misspelling privacy.

hehdhdjehehegwv
0 replies
1d23h

This is why you need proactive privacy evaluations before you ship.

The standard of the past 25 years of “let’s violate every privacy law and know it won’t catch up with us” is over.

You either ship privacy complaint product, which means painful and slow review and adjustment which is an obvious financial cost…OR you go to market out of compliance, get slammed by the press and regulators, and the entire project eats shit.

What seems like short-term cost saving is really just torching the entire investment.

The underlying reason Boeing planes fall out of the sky and these privacy hostile products fail is the same: speed and greed.

havkom
0 replies
1d22h

Did they recall the recall product?

gnicholas
0 replies
1d23h

I can see why they would want to hold onto this feature, since it would make their devices incredibly sticky. If you spent a year or two having an AI understand literally everything that happens on your screen, then you'd be hard-pressed to switch to a different platform that lacks that historical understanding. Assuming there's no way to port the data, this would all but guarantee that you're a customer for life.

It's possible Apple could have pulled this off. But MS has shown itself time and time again to be user-hostile and privacy-agnostic.

globalnode
0 replies
1d16h

this is going to be costly for me as i will now need 2 pc's one running linux for personal use, programming, w/e, and one running windoze just for games

gerash
0 replies
1d18h

The feature is great. It's not new idea. We were thinking of something like this 10 years ago on Android phones but the compute and battery life wasn't and still isn't there.

So I will use it if it's executed right. However I mainly use Linux and Mac these days.

erulabs
0 replies
2d12h

considering how much worse this looks than just launching it and fixing it after while claiming it’s all fine and good, kinda makes you wonder just how bad it really was.

downrightmike
0 replies
19h37m

Shame, legal discovery would have been an easy grift: $250\hr lawyer to review 8 hours per day = $2k Times 90 days history = 180,000 (PER USER PER MACHINE)

dclaw
0 replies
2d13h

s/delay/terminate

dang
0 replies
1d21h

Related. Others?

Microsoft to delay release of Recall AI feature on security concerns - https://news.ycombinator.com/item?id=40677424 - June 2024 (54 comments)

Microsoft will switch off Recall by default after security backlash - https://news.ycombinator.com/item?id=40610435 - June 2024 (523 comments)

Microsoft Research chief scientist has no issue with Recall - https://news.ycombinator.com/item?id=40594608 - June 2024 (87 comments)

Microsoft Recall should make you consider Linux - https://news.ycombinator.com/item?id=40591141 - June 2024 (141 comments)

Microsoft has gone radio silent on Windows Recall - https://news.ycombinator.com/item?id=40584190 - June 2024 (45 comments)

Windows Recall demands an extraordinary level of trust Microsoft hasn't earned - https://news.ycombinator.com/item?id=40577197 - June 2024 (35 comments)

Security researcher discovers Microsoft's Recall tool is woefully insecure - https://news.ycombinator.com/item?id=40573097 - June 2024 (68 comments)

Windows AI feature that screenshots everything labeled a security 'disaster' - https://news.ycombinator.com/item?id=40570294 - June 2024 (42 comments)

How the new Microsoft Recall feature fundamentally undermines Windows security - https://news.ycombinator.com/item?id=40433884 - May 2024 (47 comments)

Microsoft's AI chatbot will 'recall' everything you do on its new PCs - https://news.ycombinator.com/item?id=40425306 - May 2024 (167 comments)

Recall is Microsoft's key to unlocking the future of PCs - https://news.ycombinator.com/item?id=40417837 - May 2024 (58 comments)

chx
0 replies
1d23h

Recall snapshots will only be decrypted and accessible when the user authenticates.

Question is, do you need to auth every time you try to access past snapshots? If not then this is still the mother lode for any infostealer.

And I do not think the danger Recall poses in an abusive relationship especially to women is adequately answered by "You can disable saving snapshots, pause them temporarily, filter applications and websites from being in snapshots, and delete your snapshots at any time" -- you'd need to know this thing exists and figure out how to pause. And I wonder whether the pause itself would leave a trace...

chucke1992
0 replies
1d23h

Erm...But that's not what is written in the article though?

catoc
0 replies
1d21h

Microsoft Recalled

capl
0 replies
1d19h

Please delay it indefinitely. The OS with the worst security combined with a queryable LLM recording everything you do?

Yeah, no.

cancerhacker
0 replies
1d13h

22 years ago, Microsoft was pushing “.net my services”, also known as Hailstorm - but after announcement and initial push it was suspended[1]. But looking back at it - many of the services they were describing have been reemerging (if not just copied). I’m sure there will be parts of Recall AI that will survive, just maybe not with Microsoft driving.

[1] https://www.nytimes.com/2002/04/11/business/technology-micro...

airstrike
0 replies
1d15h

We here for you

WhackyIdeas
0 replies
1d22h

As I said nearly three weeks ago on HN:

“Even if they say that they’ll be abandoning this idea as they have ‘listened to user feedback’ or some other bull, the complete damage has already been done here. Thank the lord there are an abundance of excellent OS alternatives.”

Get them to fuck. Sorry, for the language.

Sparkyte
0 replies
1d22h

AI needs more pot on the kettle to be useful. Everyone is trying to AI into some money making machine which it is to an extent. Just the same problem we experienced with the cryptocraze.

SpaceManNabs
0 replies
1d21h

wonder how they managed to add all these security features so quickly to a product that they didn't think had security issues in the first place...

If you are vague enough, you can say you did something.

If you don't explicitly mention the issue(s), you don't have to mention what you changed, if anything.

Classic M$.

RcouF1uZ4gsC
0 replies
1d23h

What is interesting is the contrast to Apple’s AI announcements.

Apple’s announcements were accompanied by an acknowledgment of the risk of privacy and a thorough analysis of the threat model and detailed design and specific steps taken to mitigate them. You can tell people with deep expertise spent time looking at the problem and coming up with solutions.

Microsoft Recall on the hand had the feeling of - Oh my, this has privacy implications, we never would have guessed???

That approach my Microsoft erodes trust. Apples’s approach builds trust.