There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Giving Windows total recall is a privacy minefield

Microsoft’s Windows Recall feature is attracting controversy before even venturing out of preview.

Microsoft said in its FAQs that its snapshotting feature will vacuum up sensitive information: “Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”

Mozilla’s Chief Product Officer Steve Teixeira told The Register: "Mozilla is concerned about Windows Recall. From a browser perspective, some data should be saved, and some shouldn’t.

Jake Moore, Global Cybersecurity Advisor at ESET, noted that while the feature is not on by default, its use “opens up another avenue for criminals to attack.”

Moore warned that “users should be mindful of allowing any content to be analysed by AI algorithms for a better experience.”

Cybersecurity expert Kevin Beaumont was scathing in his assessment of the technology, writing: “In essence, a keylogger is being baked into Windows as a feature.”

AI expert Gary Marcus was blunter: “F^ck that. I don’t want my computer to spy on everything I ever do.”

rob200 ,

What exactly can recall see? Is it just what’s on screen?

Because, if I’m like most people when I type my password, I keep my passwords hashed on the screen as I type it. (i’m using anything but Windows since 2016)

StaySquared ,

Hopefully this will get more people into looking at Linux as their OS.

Blackmist ,

Even if we believe them and all the data stays local to your machine, what’s to stop your average bit of malware accessing it?

So now not only is any data compromised going forward, but all your data going back as well.

EmperorHenry ,
@EmperorHenry@discuss.tchncs.de avatar

literally every cybersecurity expert is saying this would be a bad idea that could be used maliciously by anyone. I really hope the executives listen to them.

yeah, sure, it’s supposedly encrypted and supposedly stored locally exclusively and supposedly not turned on by default, but even if that does turn out to be true, scammers can use it with remote desktop to snoop, anyone who plants a RAT on your system could look through that shit too.

anavrinman ,

“I really hope the executives listen to them.”

Oh man. Needed a good laugh tonight. Thanks champ.

Wirlocke ,

Microsoft’s bread and butter has been selling and servicing to businesses.

So with that in mind, the hell are they thinking? Windows 10 end of life guarantees that businesses specifically will have to switch. Then the next option in line is one that will by default vacuum up all your proprietary information to feed into an AI, effectively “copyright laundering” it?.

Even if there’s ways to deactivate the feature, the non-tech savvy managers will just go off of the headlines and the tech savvy ones will recognize the security risk. And government/healthcare computer might just fork Linux into a non-open source version.

Ironically it feels like they’re focusing too much on consumers (on extorting them) and shooting themselves in the foot for their business clientele.

EmperorHenry ,
@EmperorHenry@discuss.tchncs.de avatar

Ironically it feels like they’re focusing too much on consumers (on extorting them) and shooting themselves in the foot for their business clientele.

It’s like they saw all the shittiest things about apple products and said “game on motherfuckers!”

imagine how many people are going to get doxxed by this feature.

nickwitha_k ,

Seems like all hospitals and medical providers would need to avoid the OS in order to remain in compliance with HIPAA.

AtariDump ,

I give it two weeks, tops.

https://lemmy.world/pictrs/image/5d4bcaf0-7269-4910-a5fe-46c4abacede7.gif

Lumisal ,

No one here mentioning this will be a gold mine for Malware makers and hackers.

balder1991 , (edited )

The actual article does mention it.

jj4211 ,

Total Recall? Get your ass to Linux!

Lost_My_Mind ,

I’ve tried to get into linux 4 different times now. Over the coarst of 15 years.

I have no idea what I’m doing.

Lumisal ,

Try BazziteOS

It’s meant for gaming, but I find it’s so feature complete that’s it’s great for non-gaming purposes.

Somehow it even works better on my monitor than Windows, since I can actually control my brightness from an applet rather than having to use my monitor buttons.

Gestrid ,

Not OP, but I feel like every time I come across a thread like this, someone is recommending a different version of Linux. It makes it really difficult to decide, and I can’t exactly just “try out” Linux on my computer the same way I could try out other programs.

Yes, I could install it on a thumb drive, but that’s not persistent, so I couldn’t try it out for more than a few hours. Takes longer than that to decide to completely switch OSes.

Lumisal ,

You can make a persistent install on a thumb drive actually. Has been possible for about a decade I think. There’s even a program now called Ventoy that lets you make multiple persistent installs of different Linux distros on a single thumb drive even.

Gestrid ,

I think I’ve tried Ventoy before, actually. I didn’t know it did persistent installs.

Unfortunately, I couldn’t figure out how to enable my PC to boot from a USB device. It uses the most recent version of the MyAsus UEFI, the one that looks like this picture I pulled from online (minus the red outline, obviously):

https://lemmy.ca/pictrs/image/0d57bab1-6ec9-4484-ad74-a9511618d64e.jpeg

You don’t happen to know how to enable booting from a device from there, do you? All the guides I found online were for an older version of the Asus UEFI settings.

Lumisal ,

Normally when your PC is initially starting up, F8 will bring up the boot menu and you’d select the USB drive. Otherwise, where it says boot order, clicking around there should let you change the boot order and have the drive boot first every time. Actually, if you’re using it as a persistent then this is probably the better option.

I’m not the biggest computer buff compared to some here, so if I’m wrong in any way let me know or comment again - someone will likely come give the right answer lol.

Plus I haven’t used Ventoy much, I only used to do it the old fashioned way of partitioning it many years ago until I found what I liked best.

For beginners, I recommend Fedora or Ubuntu based distros because they’re definitely the most user friendly, like windows or the days, possibly more now? At least BazziteOS has had more feature compatibility than Windows, which I was shocked by. Still testing all my games, but so far that works well too.

hazeebabee ,

Chiming in to say that on my asus laptop, the start up button is f12! Press as soon as the first logo appears on the screen. It might take a few times to get the timing right, if you miss it just restart the computer.

It should take you to a menu that looks like a classic hacker screen (blue screen with pixilated text, no clickable UI). Then go to the boot options and select the USB.

IzzyScissor ,

You can create a partition on your hard drive and set your PC up to dual-boot. I have no idea if this is still widely used or if there is another, better/easier way, but it’s what I did a long time ago for a hat simulator game.

Gestrid ,

I’ve read in a few different places, unfortunately, that more recent Windows bootloader’s can break dual-boot setups.

balder1991 , (edited )

You can use something like VirtualBox or VMWare. Won’t be the fastest experience, but also not so bad. It’s good enough to have a feel of how something works.

Katana314 ,

The kicker is, for years and years down the line, all of your tech questions will be written to Google as “How do I xxxx in <obscure distro name here>”.

Many, but not all, of those problems are resolved by searching “in Linux”, but others you’d have to search for “in <similar distro>”. Windows is just Windows.

EmperorHenry ,
@EmperorHenry@discuss.tchncs.de avatar

And not just that, but each distro of linux has its own quirks and each one is compatible with a different list of brands of hardware. you could brick your system if you install the wrong distro on the wrong hardware, like down to the bios

And contrary to popular belief, LINUX CAN GET MALWARE JUST AS EASILY AS WINDOWS CAN.

With windows, there’s a 30 year history of malware infections and there’s several good choices for windows based antivirus programs, and three amazing ones. The people who work at those antivirus companies know how vulnerable windows is and so they’re always working on improving their software…at least the good ones are, but those same antivirus programs on linux don’t have nearly as much stuff in them to fight against APTs most linux versions of great antivirus programs like comodo and kaspersky are gutted down to just a regular antivirus with heuristics, no zero-day threat protection at all, you’re completely dependent on how fast the new malware can get added to the blacklist.

But on windows, if you use comodo and know how to configure it and understand that it will never pop up unless something might be wrong, you’re always prepared for zero-day threats and even zero-hour threats.

Linux used to be super secure, simply because there were so few people using it or even aware of it, but with every linux distro being open source, malware-makers can make all kinds of exploit kits for it in record time, because there’s no trial an error like there is on windows, at this point in time, no antivirus company is really prepared to deal with zero-day linux malware.

But windows users, even stupid ones know that you need an antivirus program on windows. So the malware-makers have to play a cat-and-mouse game with windows malware if they hit a decent number of systems with their malware, that malware isn’t going to be unknown for very long. And antivirus companies like bitdefender and avira, the former of which is great at adding new samples to the blacklist at super speed, and avira which isn’t as good at that anymore because they got bought by…norton? If I remember correctly, they rent their database out to other antivirus companies, Eset, another really good detector of new malware also rents their database out to other antivirus companies.

ClamAV is good at detecting linux based malware…as far as I’ve heard, but it’s useless against anything unknown to it.

windows is a pain in the ass to detail with…but that’s only if you don’t know how to work with it. Linux can be that way too. If there’s a bug in some software that fucks up parts of your OS, there’s not much support you can get from local techs, but if something like that happens with windows, there’s loads of freelance independent computer techs out there that know how to fix it.

Linux is cool, if you can make it work for you, great! But don’t act like windows is worthless. There’s ways to deal with the bloat, and there’s endless amounts of free advice on countless forums across the entire internet on how to deal with problems that come up

Gestrid ,

Honestly, I have Windows working just the way I want it right now (and I do know enough to be able to wrangle it to do just what I want it to do), but I could do without so much spyware. That’s the main reason I’m looking into Linux. Any way you know how to get rid of Windows’ built-in spyware without impacting security at all or breaking anything too badly?

On a different note, I have actually been looking for a new antivirus, preferably a free but very good one. Norton (my dad subscribed to it and got like 10 license keys years ago and shared with the family) has become too much like adware for me in recent years. Your comment has been helpful with that.

Alph4d0g ,

Honestly if you do truly value having control over your privacy take this advice to heart. There are so many good Linux options now that are even easier than Windows to install. All it takes is a few clicks. You can even choose which UI you prefer in many cases. All those previous barriers to entry no longer exist.

EmperorHenry ,
@EmperorHenry@discuss.tchncs.de avatar

malware on linux is surprisingly common, more common than most people realize.

in fact, for every variety of malware for windows, there’s a version of it for many linux distros too

ICastFist ,
@ICastFist@programming.dev avatar

Most malware that targets linux goes for server stuff, since those are the most valuable targets. End user linux, which barely hits 3% usage, isn’t a common target because there’s not much to be gained.

AtariDump ,

https://lemmy.world/pictrs/image/5d4bcaf0-7269-4910-a5fe-46c4abacede7.gif

NutWrench ,
@NutWrench@lemmy.world avatar

I think the problem with big companies like Microsoft, EA, Ubisoft, Bethesda, etc is that once all the smart & creative people have gone, all you have left are the “line must always go up” business idiots, who have no idea what their company does or how to fix it.

CoPilot is exactly the kind of End-stage, “let’s screw our customers to death” idea the CEOs come up with right before their company implodes.

The reason I know that’s true is because when this stupid idea for CoPilot came up, there were no smart people who immediately said, “do you have any idea what a terrible f*cking plan this is?”

Gestrid ,

I’m sure some did, but, unfortunately, those people aren’t the ones making the business decisions.

The “line must go up” people are in charge because “line must go up” investors are saying the “line must go up”.

Wirlocke ,

Ironically the business people are terrible at business. I genuinely think LLMs (despite their economic evils) are stunning pieces of technology.

But they are money sinks and the only plans for profit are subscriptions or advertisements. It’s Social Media/Streaming/Tech Startups panicked hype investing all over again. Subscriptions and advertising just simply do not pay the bills for huge server and gpu farms.

But sustainability isn’t what they want is it? They want the stock to go up to then cash out when it’s about to fall. sigh

mojofrododojo ,

all you have left are the “line must always go up” business idiots, who have no idea what their company does or how to fix it.

boy does this seem to describe google nowadays

IEatAsbestos ,

This is something that steve jobs talked about in an interview that I cannot find at the moment. Its ironic coming from him, but he was talking about when a company truly begins to die. His theory was that when a company is founded, the people that made and designed the product/service are in positions of power. But as a company grows and lives on they get replaced with marketing people. They dont know how to make anything, but they do have that “line go up” mentality. Instead of making something better, the marketing and sales people find ways to sell worse things. Again, hilarious coming from him but i think he had a point.

jj4211 ,

I don’t know if it’s really about a breakdown between ‘innovators’ and ‘sales/marketing’, but instead a breakdown between people who sincerely want to deliver something intrinsically valuable versus product delivery being some unfortunate obnoxious means to the end of “more money now”. A company founded from the onset of “don’t care, just make money” will generally fail, and the ones that succeed are the ones that care. Then you move beyond the “founder” generation of a company and then you get to watch the effort get scavenged to pieces.

Whatever may be said of Jobs, he really liked the company and products he was in charge of. Sometimes he would value form over function more than I would like, but it was still at least a facet of the actual product rather than hyper fixation on how to make the profit margins grow without much regard for the product itself. Yes, massive wealth flowed in as they caught the culture just right with iPod and then iPhone, but I don’t think it ever descended to cannibalizing the company to make those numbers even better than they were.

Suavevillain ,
@Suavevillain@lemmy.world avatar

This is going to be terrible for work place security.

FlyingSquid ,
@FlyingSquid@lemmy.world avatar

But the C-suite folks think it’s a great new way to spy in their employees, so I’m guessing it’s here to stay.

TurtleJoe ,
@TurtleJoe@lemmy.world avatar

I bet their lawyers might not think it’s a great idea.

FlyingSquid ,
@FlyingSquid@lemmy.world avatar

Why? Their company, their computers.

sugar_in_your_tea ,

But AI is “somebody else’s computer,” at least that’s how most work. What’s to guarantee that it’s actually local and stays local going forward?

Lost_My_Mind ,

…corporate good will to be on the side of the peoHAHAHAHAHA!!!

Sorry, could say it with a straight face.

Avatar_of_Self ,

Not that I’m defending it but the data and the model itself on Recall stays all local and encrypted, according to Microsoft. It also says it won’t use it for ad targeting or will sell the data. Of course, the caveat is that is what they are saying right now and may not be saying in the future. We’ve obviously seen strategies where gradually things move down the spectrum as it continuously normalizes.

With MS we’ve seen the “Start” menu advertise Candy Crush forever and then “recommended apps” and it isn’t a far step to show “sponsored recommended apps” and then just “sponsored content” as things continue to become more normal for everyone, especially if its for the “Home” version or whatever. People will just argue to pay whatever for a Pro license.

Going to full blown ads now though? It’ll piss the consumer off. Do it gradually over a decade? There will be some rumblings, sure, but it probably won’t matter. By then they might be able to give you a “free” cloud VDI (with lots ads from the OS) with less ads and CPU/GPU power based on subscription tiers and you just need to buy a cheap $30 thin client and everyone will just be OK with that.

red_pigeon ,

What’s the point of this feature ? If it were not evil, what problem would it solve ? How often do you go to your PC and think “what was that thing I saw but never thought to create a bookmark or save the link/image”.

Even if people use it, it would be for something they missed because they thought it was unimportant or didn’t interest them, which is a very rare use case.

And still it is a highlight feature !

I wonder if it is lack of ideas or lack of commitment to create a good idea , given a technology, when these kinds of useless features are launched.

NutWrench ,
@NutWrench@lemmy.world avatar

I can’t think of a single reason why I would need detailed snapshots of everything I did with my own computer.

But I can think of plenty of reasons why corporations, advertisers and governments would want that.

JeffreyOrange ,

I can’t remember the last time Microsoft Imolemented a good idea into windows other than small UI changes.

br3d ,

Windows 12 has better window shadows. That is literally the only improvement I’ve found

sugar_in_your_tea ,

Use case: I remember doing something yesterday about this, but I can’t find the email/document/etc.

But I honestly don’t think the value outweighs the cost, so if I still used Windows, this would absolutely be something that drives me away.

Lost_My_Mind ,

Just do what video game companies do. They have an old game. It runs on old hardware. Some parts of the game feel very outdated in modern day. So they update the graphics, retool some outdated game mechanics, update it’s availability to run modern hardware.

They take 20 year old games, update them, and then sell it back to you at full price as a remaster.

I guess what I’m saying is…forget trying NEW ideas. Just give us Windows XP 2.0 that works on modern hardware with ongoing security updates.

That’s all anyone wants.

JustARegularNerd ,

The thought of Microsoft remastering XP scares me, you and I both know they’d still be throwing Copilot into it.

Crismus ,

As much as I want “Jarvis” OS system, I really don’t want the version made by Microsoft, Google, or, Apple.

I want to be able to talk with my AI PC, but I want secure AI that’s just for me and won’t steal all my data for any Corporations to browse.

callouscomic ,

You want something that will never happen.

SomeGuy69 ,

Why is this upvoted. It’s a wrong statement. Maybe there’s no recall open source local AI yet but voice chat with AI is already possible without sending your information to anyone else.

demonsword ,
@demonsword@lemmy.world avatar

Why never? There are already AI models you can run locally on your own machine.

aniki ,

WTF? You can make your very own private, locally run, AI assistant on a Raspberry PI, and make your own interface with an ESP32. Right now.

SomeGuy69 ,

To a way you can already do AI audio chat with sillytavern or tavernAI and oobabooga llm in the backend. Its a little setup required but you can find online tutorials. For example from aitrepreneur on YT. It’s not perfect yet, but we’ll get there. It’s already fun to use, I just wish I had a better PC to run with a bigger and newer language model. Now using a recall function, that’s too new, but I’d not surprised if we get that in a few months.

prole ,

I think the would becomes a lonely place if everyone started only talking with their AI friend. And you know that’s what would happen. Humans would isolate from each other ever more.

rayyy ,

if everyone started only talking with their AI friend.

This would be super great for the ruling class behind the AI curtain. Your AI pal would compliment and flatter you while guiding you down the corporate cattle chute.

prole ,

Is this a Black Mirror episode yet?

hazeebabee ,

The potential for self hosted AI is there! I’ve seen a few projects in the works, and if youre tech saavy you can spin up your own. It is pretty resource intensive, but could be run on a home server.

I’m pretty excited to have my own personal AI, vut i want one that is trained on data I select and who only phones home to my server lol.

zcd ,

https://lemmy.ca/pictrs/image/79945820-b3ce-4b60-9190-443e51a17b57.jpeg

FlashMobOfOne ,
@FlashMobOfOne@lemmy.world avatar

Yup, I’m setting up a dual boot when my thumb-drive arrives.

Actually really excited to get back to computing the way it was in 2010. :)

felbane ,

Actually really enjoying OpenSUSE Tumbleweed… first time on a rolling release distro and so far no major complaints.

Probably would have started with Arch (btw) but I felt a little daunted by the install process. In contrast with my ~2010 attempt, all my data is on a separate drive with automatic backups to NAS — so when I upgrade to an NVMe drive I’m going to give it a whirl.

FlashMobOfOne ,
@FlashMobOfOne@lemmy.world avatar

Nice!

I just want something that’s similar to Windows, regularly updated, easy to use, and comes with proton already installed.

Lost_My_Mind ,

2010 sounds so fantastical, and such a far away time of mystery in the future. We’ll have flying cars, and robot monkey maids, and brain chips that can drive cars, and…it was 14 years ago??? It’s currently 2024? Well that sounds like a depressing year!

FlashMobOfOne ,
@FlashMobOfOne@lemmy.world avatar

Yup, I couldn’t have imagined the extent of the enshittification.

I’m glad I can turn back the clock a little on my PC at least.

AtariDump ,

https://lemmy.world/pictrs/image/5d4bcaf0-7269-4910-a5fe-46c4abacede7.gif

disguy_ovahea ,

It completely depends on their implementation. Apple released Local Snapshots for OSX with Time Machine in 2007. Granted, they’re created hourly rather than every few minutes, but there hasn’t been a vulnerability or exploit as a result of the feature.

support.apple.com/en-us/102154

Pechente ,

That’s pretty much a completely different feature though? It creates local backups. It respects passwords and encryption. It doesn’t take periodical screenshots of what you’re doing and reads their content to feed an LLM.

disguy_ovahea , (edited )

I assumed the Copilot integration was elective. The article states it’s not on by default.

Otherwise it’s the same. Local backups through Time Machine can be accessed a la carte through a screenshot-based GUI, so the screenshots are part of the Local Snapshots stored on your local drive. They’re password protected and decrypted at user login.

Pechente ,

Time Machine doesn’t use screenshots, it shows a folder at different states throughout time. The folders and files are fully interactive too. It’s much more akin to how git works.

disguy_ovahea , (edited )

Have you used it with an application? You can look at all revisions made to a document in Pages, a spreadsheet in Numbers, etc. It makes Local Snapshots of foreground applications.

support.apple.com/guide/pages/…/mac

loie ,

That is an iterative backup of a file within a file system. It is not the same as periodic screenshots.

Ghostalmedia ,
@Ghostalmedia@lemmy.world avatar

Recall is done with a local model. It’s not uploaded to the cloud.

…microsoft.com/…/privacy-and-control-over-your-re…

We built privacy and security into Recall’s design from the ground up. With Copilot+ PCs, you get powerful AI that runs locally on your device. No internet or cloud connections are required or used to save and analyze snapshots. Your snapshots aren’t sent to Microsoft. Recall AI processing occurs locally, and your snapshots are securely stored on your local device only.

Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11. Recall doesn’t share snapshots with other users that are signed into Windows on the same device. Microsoft can’t access or view the snapshots.

You can delete your snapshots at any time by going to Settings > Privacy & security > Recall & snapshots on your PC. Windows sets a maximum storage size to use for snapshots, which you can change at any time. Once that maximum is reached, the oldest snapshots are deleted automatically.

random_character_a ,
@random_character_a@lemmy.world avatar

Well, that sounds like a one helluva bloatware

CarbonatedPastaSauce ,

I just don’t believe them. And even if it works as described, they’ll change the terms quietly to screw you as soon as they need the next quarters line to go up. I’m tired of watching their every move to protect myself.

prole ,

Linux is easier and more manageable than you think. Not to be the Lemmy stereotype…

I’m actually rather new to Linux, but my experience has been great and it feels amazing to be free of Microsoft bullshit (outside of my work laptop ugh)

CarbonatedPastaSauce ,

Been using it as my daily driver for a couple months now. And even though my day job involves Microsoft servers and enterprise applications, I’ve become an anti Microsoft advocate when it comes to consumer OS stuff.

tulth ,

I don’t believe them either. I watched the talk video, and there are some serious weasel words around local processing. Something like “the promise is this could be processed locally”

fatalError ,

So not only is it training AI on your data, but you’re the one paying for the storage and the energy to do so.

brianorca ,

But Recall is recording screenshots, not data stored on disk. That’s not the same as Apple’s hourly data snapshot which is just a automated backup of what you have already stored. Recall will be recording the videos or images you watch, even when you don’t keep them locally. It will store the things you decided not to save, and every time you have to open your password manager to check a password, or create a new one. It might be limited to your account, but that still means it’s accessible to anyone who can figure out your password or access your unlocked PC behind your back. Or to that virus you accidentally downloaded, if it’s not immediately detected.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •