[HN Gopher] Microsoft will switch off Recall by default after se...
___________________________________________________________________
Microsoft will switch off Recall by default after security backlash
Author : georgehill
Score : 424 points
Date : 2024-06-07 16:47 UTC (6 hours ago)
(HTM) web link (www.wired.com)
(TXT) w3m dump (www.wired.com)
| vinyl7 wrote:
| Then they'll enable it by default once people forget
| aeurielesn wrote:
| Doubting they'll even disable it at all.
| nerdjon wrote:
| It's one thing to be critical of the feature.
|
| But this is a pretty cut and dry announcement. There isn't
| any ambiguity they could stand behind if they are lying.
|
| I would fully expect it will be disabled by default (for now)
| bonton89 wrote:
| They'll just say it is a bug when it is turned on.
| wongarsu wrote:
| People will opt-in to it during setup the same way people opt-
| in to logging in via a Microsoft account instead of a local
| account.
| cybrox wrote:
| Local accounts are almost impossible to set up for the normal
| user in win11
| nerdjon wrote:
| It is pretty easy now if you use Rufus to create your
| installation usb.
|
| It will prompt you (and select by default) to disable the
| need for an online account. I installed the Pro version and
| then just said I was setting it up for work or school,
| chose domain and then I set it up just fine as a local
| account.
|
| I don't know for sure how much of this is rufas or the pro
| version. But I just installed Windows 11 within the last
| hour.
| g15jv2dp wrote:
| > normal user
|
| > use Rufus to create your installation usb
|
| Pick one. "Normal" users don't use specialized software
| to create installation media. They boot the laptop with
| the OS already installed and go on from there.
| nerdjon wrote:
| I mostly agree, but installing Windows is not as daunting
| of a task as it used to be.
|
| It is also not uncommon for 'normal' gamers to use a
| custom built PC which would require installing Windows.
|
| Maybe normal is the wrong word, but it would be a pretty
| quick and easy to understand guide to do this.
| jachee wrote:
| Normal gamers aren't representative of normal users on a
| whole. Gamers are just a tiny fraction of the overall
| user base. Normal users buy cheap-ass laptops with their
| manufacturers' opinionated Windows installation,
| including boatloads of bloatware. And they don't ever
| change any of the defaults.
| hobo_in_library wrote:
| > if you use Rufus to create your installation usb.
|
| You've already scared away all the normal users
| ngneer wrote:
| Normal user, agreed. You can find tutorials online, though,
| for those of us who still remember that the PC was
| something the user used to own.
| wongarsu wrote:
| That's the hidden joke. In early Win10 it used to be a
| simple dark-pattern screen with a prominent button "use a
| Microsoft account" and a text link in the corner "use a
| local account". Then they made it increasingly ridiculous
| with subsequent updates until the current point where you
| need a tutorial on how to even make the option visible.
| LegitShady wrote:
| "game pass is only available with Recall enabled!"
|
| "microsoft office features y and j require Recall! please click
| here to enable it"
|
| etc etc
| nerdjon wrote:
| Will have to wait and see if the extra security measures actually
| improve anything or not.
|
| However regarding it being opt out... what would prevent a virus
| from just enabling it on a bunch of machines silently. Sure it
| would be caught but the damage done and most won't be bothered to
| go in and disable it after.
|
| Or Microsoft just decides they need to really market the hell out
| of AI and it gets turned on my default anyways.
| cybrox wrote:
| It will be re-enabled accidentally by an update anyways.
| Rinzler89 wrote:
| Please stop with these kinds of made up fantasy scenarios.
|
| There's no such thing as "accidental enablement" for stuff
| like this, as if it's a switch every employee at Microsoft
| has access to, and one of them one day can end up flipping by
| accident with their elbow and it ends up in production
| without anyone else noticing.
|
| Either they decide to intentionally enable it or not. There
| are no accidents , when stuff like this needs to go through a
| committee of people for approval before it makes it into
| production.
| i_s wrote:
| I'm not sure the use of 'accidentally' was sincere. But I
| like this choice of words in your post in your first
| version:
|
| > unmercenary assumptions
| Tool_of_Society wrote:
| Yet despite all that I've witnessed accidents still make it
| in production...
| meowster wrote:
| I think OP forgot the quotes around "accidentally". You're
| right it won't be a true accident; it will be intentional
| and just called an "accident".
| tetha wrote:
| > Either they decide to intentionally enable it or not.
| There are no accidents , when stuff like this needs to go
| through a committee of people for approval before it makes
| it into production.
|
| Absolutely. And all of them decided to screw largely
| defenseless non-technical consumer to make short-term
| profits. That's not a fantasy, that's our reality.
| Rinzler89 wrote:
| Yeah, but like I said, that's by intention, not by
| accident. How does your comment disprove my point which
| is exactly yours?
| dv_dt wrote:
| Or by intent - it seems I was reading about an early proof of
| concept attack that turned Recall on and hid a systray
| indicator that it was on.
| ragnese wrote:
| "accidentally"
| paxys wrote:
| What would prevent a virus from directly stealing the data it
| wants without going through this feature?
| djmips wrote:
| Just like in biology a virus can be simpler if it can co-opt
| existing machinery.
| buildbot wrote:
| I agree, the ability to take screenshots is unsafe and
| should be removed. A virus is just a PRT SCRN away from
| stealing everything! (/s)
| ndiddy wrote:
| Without Recall, an attacker needs to get a program to stay
| resident in memory to log keystrokes, screen contents, etc.
| for an extended period of time without getting detected. With
| Recall, they can get the same end effect by exfiltrating the
| Recall database file whenever it's convenient (i.e. an
| infected version of a text editor could send it while
| pretending to check for updates). This significantly lowers
| the barrier to entry for getting a victim's data, while also
| making it much easier to avoid detection.
| drexlspivey wrote:
| > Without Recall, an attacker needs to get a program to
| stay resident in memory to log keystrokes, screen contents,
| etc
|
| Or it could just steal your cookies which are out there in
| the open.
| haswell wrote:
| Cookies are of relatively low value compared to a
| database of everything the user has typed and seen.
| wvenable wrote:
| What value is that? My auth cookies are far more valuable
| than anything I typed out in the open today.
| haswell wrote:
| Your auth cookie expires.
|
| The username/password you type in next time it expires is
| far more valuable.
|
| And it might not even be necessary to obtain cookies or
| credentials if I can just see whatever you could see when
| you're logged into various sites.
| wvenable wrote:
| This is all moot anyway because Microsoft has already
| said they are now going to encrypt everything behind
| Windows Hello making it as secure as my password manager.
| haswell wrote:
| Microsoft has made misleading statements regarding
| encryption [0] and it doesn't help much. Encryption at
| rest doesn't much matter if the user being logged in is
| enough for the data to be decrypted. This is the context
| malware runs in.
|
| https://doublepulsar.com/recall-stealing-everything-
| youve-ev...
| wvenable wrote:
| That's old information. This is how Microsoft is
| intending to change Recall based on these criticisms:
|
| Microsoft will also require Windows Hello to enable
| Recall, so you'll either authenticate with your face,
| fingerprint, or using a PIN. "In addition, proof of
| presence is also required to view your timeline and
| search in Recall," says Davuluri, so someone won't be
| able to start searching through your timeline without
| authenticating first.
|
| This authentication will also apply to the data
| protection around the snapshots that Recall creates. "We
| are adding additional layers of data protection including
| 'just in time' decryption protected by Windows Hello
| Enhanced Sign-in Security (ESS) so Recall snapshots will
| only be decrypted and accessible when the user
| authenticates," explains Davuluri. "In addition, we
| encrypted the search index database."
|
| https://www.theverge.com/2024/6/7/24173499/microsoft-
| windows...
| haswell wrote:
| "Old" is a bit of a stretch here ;)
|
| But I'm glad to hear they've committed to making changes.
| Given the misrepresentations they made regarding the
| initial rollout plan (the target of most criticism, mine
| included), Microsoft has to prove themselves here and
| I'll wait until qualified security folks get their hands
| on this before coming to any conclusions.
|
| What we know is that the initial version was a non-
| starter, and this new info validates the concerns we've
| all been expressing.
|
| I truly hope Microsoft does an acceptable job of
| addressing this. It remains baffling and worrisome that
| it took a public outcry for them to implement what sounds
| like a baseline level of acceptable protection.
| wvenable wrote:
| Well it's not "old" since the article is about
| Microsoft's blog post where they discuss all these
| changes!
|
| https://blogs.windows.com/windowsexperience/2024/06/07/up
| dat...
|
| > It remains baffling and worrisome that it took a public
| outcry for them to implement what sounds like a baseline
| level of acceptable protection.
|
| It's possible this was the intention all along but as a
| early-beta feature this was just the MVP. The reason it
| was rolled out to early testers at all was to get
| feedback.
| sqeaky wrote:
| Why would someone trust microsoft on security?
| wvenable wrote:
| HN is a weird place. 95% of the world runs on Microsoft
| technology to some degree. (95% also runs on Linux to
| some degree as well)
| godelski wrote:
| Virus turns on recall, user might not notice much. A real
| Microsoft service is running. It can then just wait and
| activate later. If the user notices recall on, they'll just
| blame Microsoft. You can then just turn it on again. You can
| already see that many users are suspect that it'll go back to
| being on by default sometime in the future too. It's not
| uncommon to see system updates change settings.
|
| The virus doing the same things as recall will be much noiser
| and much more suspicious. Making it much more likely to be
| removed.
|
| Not to mention that once recall has been running a virus only
| needs to extract the data. It records far more than what a
| password manager does and is far easier to search through. It
| just makes a very large attack surface.
|
| Basically, why would anyone develop keyloggers anymore?
| Microsoft did it for you. And it'll never be tripped by
| antivirus software because it's an official and legitimately
| signed program. You don't see a problem with this?
| strictnein wrote:
| > what would prevent a virus from just enabling it
|
| If that occurs, the malware won't have access to months or
| years of data to sift through.
| sqeaky wrote:
| Yet.
|
| Malware that scrapes it and malware that turn it don't need
| to be the same.
| ragnese wrote:
| > Or Microsoft just decides they need to really market the hell
| out of AI and it gets turned on my default anyways.
|
| This is what will happen. And when you turn it off again, it'll
| be turned back on by the next update. Enjoy.
| downrightmike wrote:
| They can't even do their own infra securely, or did you forget
| a advanced persistent threat entity was in their system and
| minting certs to access all of azure recently?
| malshe wrote:
| On LinkedIn someone in my network pointed out that, apart from
| the security and privacy disaster, the name Recall was a bad
| choice because of negative events like product recall.
| leprials wrote:
| They should take note and recall Recall.
| permo-w wrote:
| this is one of the first things mentioned in the article
| jonny_eh wrote:
| "Total Recall", aka "We Can Remember It For You Wholesale"
| dylan604 wrote:
| "Total Recall" in quotes makes me think you're trying to get
| your ass back to Mars and that you're trying to remember
| something because you had your memories wiped. It makes me
| think of nothing about a friendly service being offered
| forcefully upon you from your friendly and malevolent OS
| provider.
| jonny_eh wrote:
| It's a story about false memories, and how that can change
| your identity. Regardless, it's the first thing I thought
| of when I heard about the feature.
| unpixer wrote:
| The Philip K. Dick short story was a direct inspiration
| for the Paul Verhoeven movie starring Arnold
| Schwarzenegger, as it happens.
| kyle-rb wrote:
| We Can Remember It For You Enterprise Edition
| bee_rider wrote:
| It would actually be a fantastic name if this were a real
| concern. Imagine, a well-known feature to mask any searches of
| a product recall. The only problem with this theory is that
| computer QA is so incredibly shit that the concept of a recall
| more or less doesn't exist in the first place.
| layer8 wrote:
| They should have named it "I Know What You Did Last Summer". ;)
| leprials wrote:
| Hopefully any debloat tools will remove it quickly. Can't wait
| until Microsoft force pushes this spyware to the masses.
| arusahni wrote:
| Looking forward to the update that accidentally re-enables it.
| creativeSlumber wrote:
| This. I won't be surprised at all if i' silently enabled in a
| future update that has nothing to do with it.
| organsnyder wrote:
| I still don't understand how this got this far. Enabling this in
| any corporate setting would be a compliance nightmare.
| Rinzler89 wrote:
| Corporate is never on the bleeding edge of Windows feature
| updates. They bring security updates first, but feature updates
| are at least one generation behind, maybe more waiting for
| Microsoft to fix bugs and doing their own regression testing,
| plus they get to choose wich features employees receive or are
| enabled by default via group policy. In other worlds, recall
| was never making it into any corporation anyway.
| oldpersonintx wrote:
| maybe 50% of US business users have an admin of any kind who
| oversees their IT ops
|
| everyone else just gets a laptop, unboxes it, turns it on,
| uses it, does whatever they want to it
|
| see: any retail location in a strip mall, any mom/pop
| business, etc etc
| nativeit wrote:
| This is generally true, but Windows is the standard for far
| more SMBs than larger enterprise customers, and in that
| context it's not nearly so straightforward. I have a client,
| a health insurance benefits broker for other local
| businesses. They do very well for themselves, but it's just
| 2-3 full-time people, so there's never been much cause for a
| full-on domain with GPO policies to maintain a strict, stable
| state across their equipment. Traditionally, off-the-shelf
| systems with SMB-targeted software had been more than
| sufficient.
|
| When Microsoft decided to push a feature upgrade last year
| that automatically enabled OneDrive backups for their home
| directories, it technically violated HIPAA by moving
| electronic patient health information contained within their
| scanned files folder onto OneDrive servers without any prior
| consent or authorization. They literally called me when they
| were unable to find their files, Microsoft had (laughably, if
| it weren't so serious) placed a text file on the desktop
| titled "Where Did My Files Go.txt", and then directed them to
| the OneDrive folders where it had moved their desktops,
| documents, and pictures without their knowledge or approval.
|
| I have since moved them to Microsoft 365 accounts where I can
| apply GPO, but my clients were understandably unhappy about
| having a new annual subscription that didn't add any tangible
| benefit, rather they're now on the hook for a couple hundred
| bucks a year for what's essentially a shake down. Pay for the
| new service that adds nothing meaningful to their experience,
| or else face the consequences of Microsoft ruining your
| business on a whim.
| 3qmtacr674qac wrote:
| With Chat Control[1] coming up in EU, it would be awfully
| convenient to have the technological capability readily
| available to deliver a solution.
|
| Once you have the Recall capabilities, it doesn't take much to
| start collecting and searching the data.
|
| [1]: https://www.patrick-breyer.de/en/posts/chat-control/
| LegitShady wrote:
| I bet there are a trillion companies and governments who want
| to know what all of their employees are doing every second of
| the workday. compliance won't stop them from trying.
| rchaud wrote:
| Corporate clients get whatever they want. I am certain that
| their Windows 10 support won't be pulled in Oct 2025 as MS has
| threatened for everyone else. And when they migrate to Win11,
| it will almost certainly be a separate OS image free of the
| garbage bloatware and ads that the consumer devices are plagued
| with.
| nativeit wrote:
| Am I just imagining their saying that Windows 10 would be the
| last Windows? I had thought they would be moving to an Apple-
| esque model where OS updates would just become iterative and
| avoid the old EOL/upgrade cycle. It's how I justified all of
| their tangential money-grabs on other fronts.
| Terretta wrote:
| The corporate settings that care already do this to the
| employee screens ...
|
| Compliance doesn't say "company can't watch employee" -- in
| many cases it _mandates_ surveillance.
|
| This just lets the employee leverage that too.
| organsnyder wrote:
| Depends on the compliance. If this monitoring sucks up any
| personal data (I don't mean employees' data here--personal
| data owned by _anyone_ ) there are erasure and data subject
| access requirements, for instance.
| karaterobot wrote:
| Security compliance generally does not require a third-party
| company, unaffiliated with the corporation, to be sent a copy
| of everything shown on a user's screen.
| dbish wrote:
| I think on the product side it's pretty straight forward. They
| saw RewindAI talking up a bunch of traction and people
| seemingly interested. Someone assumed customers wanted this
| because of that data, and it's a pretty easy thing to build, so
| they went ahead. I am surprised it got past security reviews
| but I can understand how it came to be from the product side.
|
| They'll probably think twice before jumping into the fray again
| with the Microsoft branded Informant Wire (I mean AI wearable)
| ;)
| notaustinpowers wrote:
| Archive: https://archive.ph/xlh7n
| lordofgibbons wrote:
| Doesn't Microsoft have a long history (and present) where they
| just enable privacy invasive "features" after a windows update
| even though the user has disabled or removed the "feature"?
| 7thaccount wrote:
| Yeah. You tell everyone you learned your lesson and then just
| go back and do it anyway a year later.
| lawlessone wrote:
| It must be the year for all this. Bethesda are basically
| trying again to make paid mods stick with their Fallout 4
| update.
|
| Softwar never changes.
| ceejayoz wrote:
| Twitter used to do this all the time; they'd make the
| notification email options more granular and opt you in to the
| three new options that used to make up the one option you
| already unchecked.
| resource_waste wrote:
| Yes.
|
| Windows is soo low quality. It feels cheap. It feels like you
| are at a car dealership.
|
| Fedora, feels like you are at some futuristic office that has
| buttons that do multiple steps. I was literally angry last year
| that it took me so long to learn about up-to-date linux.
| Canonical's marketing of debian-family linux gave Desktop Linux
| a bad name.
| giancarlostoro wrote:
| Yeah, which is why I'm over on Linux now.
| deafpolygon wrote:
| What exactly is a good usecase for Copilot Pro (I'm assuming
| Recall will be powered by that in some form)? I'm on the free
| trial and I'm not finding it to be any more useful than the free
| version, and pretty similar to ChatGPT.
|
| It can't really _do_ anything.
|
| Can someone smarter than I chime in on this?
| wkat4242 wrote:
| It'll be the other way around I expect. Recall will provide
| more context to CoPilot.
|
| It's not really about looking back at your own activity in case
| you forgot. But the AI will use it to learn about your habits,
| wants and hates, interests, people you deal with, usual
| schedule etc.
|
| An assistant is after all much more effective if it knows you
| through and through. The one problem is: I don't want Microsoft
| to be that assistant and know all that about me. Even if "it's
| all local". They still control what gets done with that info
| and can change it at any time.
| autoexec wrote:
| Lawyers, law enforcement, and three letter agencies everywhere
| are going to be extremely disappointed by this development.
| russdpale wrote:
| and abusive partners/stalkers.
| rolph wrote:
| without seeing an actual data file created by recall, i would
| expect it to quickly become large.
|
| if so, i would not keep it on a system drive, when you can store
| it externally, to be plugged in when the owner feels they
| actually need recall data, and left physically out of band when
| its wise to do so
| dylan604 wrote:
| how would the recall data get expanded if it is not plugged in
| all the time? hopefully you can see while it's not designed
| that way
| rolph wrote:
| ideally it wouldnt be expanded, the whole point is to have
| definite denial of recording at any time, or a cut off
| period, such as archiving the system portion after 12, or 24
| hours. this saves system storage space, and preserves data
| for the owner should they need what they were doing 6months
| ago.
| terrut wrote:
| I've been a Windows user since 3.1, but this was the straw for
| me. They have always provided an OS that just worked for my home
| needs, even with the creeping privacy invasions in the last
| update.
|
| I've been dual booting for a while and last weekend I went full
| Linux at home. My day job revolves around being truly good at
| solving Windows issues, and I will happily continue doing that,
| but at home I'm still just liking for something that "just works"
| I hope I'm part of a trend, and that 2024 is the year of the....
| lawlessone wrote:
| Any Recs? i've just gotten a Kubuntu image. I am thinking if i
| dual boot that and SteamOS i should have everything i want
| covered.
| tapoxi wrote:
| No reason to use SteamOS, it's just immutable Arch with an
| A/B partition scheme. Modern SteamOS is designed specifically
| for the Steam Deck and they only ship it as a recovery image
| for the Deck.
|
| You can install Steam on whatever distribution you want, I
| use the Flatpak, and just enable Proton in the compatibility
| settings.
| exitb wrote:
| And if someone's after that console-like functionality,
| ChimeraOS is the right choice in this area. It behaves like
| SteamOS, but is more compatible with PC hardware.
| lawlessone wrote:
| Ok awesome suggestions.
|
| I got set on SteamOS as i was contemplating buying an SBC
| with similar hardware and giving it a custom case.
|
| But this looks better!
| al_borland wrote:
| I'm pretty excited for the Cosmic DE later this year. Here is
| a demo given by the CEO and the design lead. The audio isn't
| the best, but good enough. This is probably the most excited
| I've been to try out a new operating system since OS X Tiger.
| It is being developed by the Pop OS team, but they are making
| it so anyone can use it, Fedora plans on having a spin, I
| believe it's out there for Arch, and I'm sure others will
| have it as an option. Though I wouldn't use it as a daily
| driver until it's actually released.
|
| https://www.youtube.com/watch?v=JHLfsWhDvz0
| jug wrote:
| Yes, it's a really tough thing to manage this whole Recall
| thing philosophically and it makes me concerned about this OS.
| Even if MS is backtracking somewhat, they have shown their
| cards now and how they prioritize positioning themselves as an
| AI company above even rudimentary privacy. It's hard to just
| regain trust as if nothing happened.
|
| I'm considering Linux with a Windows VM for Visual Studio. I've
| had my Linux detours in the past and it honestly works pretty
| well for me. I personally enjoy Fedora with Gnome which I think
| strikes a good balance between stability, security, and
| freshness. But if being stable and worryfree is of top
| importance (like where you are "unpaid tech support", haha),
| why not just go Debian. :)
| al_borland wrote:
| If you want Linux isn't "just working" over time, give macOS a
| look. My dad was a lifelong Windows user and sung the praises
| of Microsoft's monopoly over the industry. As much as he was
| disappointed and upset with Borland Software dying off, he
| thought the benefit of a single document format everyone used
| was a huge benefit for the industry early on when Word started
| to take over, and by extension all of the standardization
| through a single player rather than through actual standards.
| He always said it worked great and didn't see why he'd ever
| want to change, or why anyone would want anything different.
|
| He ended up switching to Apple around 15 years ago after a
| series of bad experiences. He was very nervous about it, and
| really hedged his bets early on. It took him some time to get
| used to how the OS worked, to find new apps to replace some
| that he had used since the Windows 3.1 days, and sort out his
| workflows. He eventually gave up his Windows VM when he
| realized the only thing he ever used it for was to run Windows
| Update.
|
| I grew up on Windows, with the views from my dad instilled in
| me. In college I tried Linux and ultimately moved to the Mac
| about 21 years ago. I still used Linux on and off for the past
| 22 years (and currently have a music server running it). I do
| find Linux to still be much more finicky than macOS. No system
| is perfect, but macOS is more of a "just works" operating
| system than Linux (imo), likely due to the focus on polishing
| that last 10% of the user experience, that never seems to get
| the attention it needs in Linux. While I am excited to see what
| Cosmic has to offer later this year on Pop OS, I'm always
| ending up having to deal with some level of nonsense, even my
| most recent install of Mint just last week had a few annoying
| things where things didn't work, and they should have worked.
| danielcampos93 wrote:
| This seems to be a feature that execs wanted, and people find
| creepy, and no one has the gumption to push back on the exec
| request.
| dylan604 wrote:
| How can you have the number of employees they do and not have a
| single non-sychophant employee?
| riscy wrote:
| The layer of management reporting to leadership are yes-men.
| fingerlocks wrote:
| Company-wide internal push to shoehorn AI into every product
| and service. All recognition and rewards are given to the
| sychophants, no matter how ludicrous their proposals. Even
| Principal and Senior developers are dragged into meetings
| with senior leadership to provide suggestions on how AI can
| be used in their microcosm. Whether it _should be_ used is
| completely out of the question.
|
| It's a complete circus right now. Plenty of us just ignoring
| it and opting-out but it might reflect on our bonuses.
| pluc wrote:
| Because you get fired when bringing dissenting opinions
| dylan604 wrote:
| Other than it potentially being abrupt and not on your
| terms, it's probably for the best
| salt-thrower wrote:
| Non-sycophant employees are shut down and ignored once the
| whole corporate culture has bought in to the hype du jour. If
| you are the sole dissenter, it can even make you look like a
| "bad" employee for not recognizing the "opportunity" that the
| new hyped thing will supposedly bring.
| dylan604 wrote:
| AKA time to leave
| code_biologist wrote:
| In this job market? Employee leverage is at a low ebb
| right now.
| dylan604 wrote:
| Yeah, cause MS has gotten this way "right now".
| al_borland wrote:
| As someone who has tried to push back against what execs ask
| for many times, if they want it bad enough, it doesn't matter.
| They will push forward no matter what the objections are. And
| if the person objecting won't give in, they'll find someone
| else to do it.
| nerdix wrote:
| I only have a windows partition for games. I would occasionally
| use it for other stuff because it's sometimes inconvenient to
| switch back and forth. After recall, I'm only using it for gaming
| and nothing else.
| pipes wrote:
| I'm surprised by how good proton is at running windows games on
| steamdeck. Because of this and nonsense like recall and the
| adverts in windows I'm considering just getting rid of windows
| all together, I'll just run mint Linux probably.
| ryukoposting wrote:
| I run Ubuntu on nearly all of my machines, but I build it up
| manually from the Ubuntu Server installation to reduce bloat.
| If anyone was going to have problems with Proton on an Ubuntu
| machine, it's me. Yet, every game I've tried works fine.
| Everything from Among Us to Metro Exodus runs great.
|
| Some games require a little fiddling, sure, but I've never
| had an issue that couldn't be resolved using some copy-
| pasting from ProtonDB. As you may have surmised from the way
| I set up my machines, I may have a higher tolerance for
| fiddling than most folks. YMMV.
| 0cf8612b2e1e wrote:
| I am curious about your Ubuntu setup. Any particular
| technical reason? Any especially thorny bits? Do you see
| improved performance or fewer background processes? I am
| well past the point of enduring this kind of OS pain, and
| will use the path well trodden by others.
|
| I have always assumed that distros layer on so many
| extensions, customizations, etc that Gnome or KDE would be
| alien if naively installed.
| Novosell wrote:
| Can't play League, TFT or Valorant on Linux though sonce they
| started enforcing Vanguard for League as well.
| resource_waste wrote:
| Oh man this is totally going to affect:
|
| >My workplace
|
| It wont affect me personally, because I dont use crappy operating
| systems on my personal time. Microsoft products are just an
| efficiency loss, I still bill the same.
|
| I literally get everything done faster on Fedora, no linux prayer
| needed anymore. Its just better.
| herf wrote:
| It's interesting to compare this to the Chrome/Safari/Edge
| browsing history, which is stored in an unencrypted SQLite
| database, and tracks what you do for the last 90 days. It's just
| a bit less visual, Incognito/Private modes work, and some users
| clear it more often.
|
| But a _whole lot_ of the surveillance attacks people imagine
| about Recall apply just the same to the browser. I think it 's
| the "little brother" casual attacks that are so well enabled by
| Recall - it makes it faster, easier, and way more visual.
| EGreg wrote:
| Browsing history doesn't contain what's displayed on the page,
| and what you input into the input boxes, or POST requests. It's
| sorta like telephone metadata.
|
| On the other hand, I am always freaked out by Chrome extensions
| that "can read _and change_ your data on _all websites_ ".
| Can't they have more granular permissions? You gotta have _a
| lot_ of trust for those extensions LMAO. They can read your
| bank passwords, probably!! And if they are ever sold...
| herf wrote:
| Exactly - knowing the content of each webpage is pretty easy
| if you're "big brother" surveilling millions of people, even
| more so if you have a Chrome extension to help.
|
| It's "little brother" that benefits a lot here: bosses,
| spouses, parents, etc., who otherwise wouldn't click on 1000
| links in your history.
| ls612 wrote:
| To be fair for me the extensions that get that are uBO,
| Privacy Badger, and Tampermonkey.
|
| I trust gorhill and the EFF to not fuck me over on my data,
| and Tampermonkey kinda needs those sorts of permissions to
| work. My password manager has read access to every website
| but I'm already trusting it with all of my passwords so...
| EGreg wrote:
| Seems like a very juicy target.
|
| These extensions should not store any data without a master
| password that you input every time.
|
| What if someone stole the signing key, and submitted an
| update to Chrome store, even for a little? Oh wait that is
| only for Chrome Apps. For extensions, they can literally
| update themselves anytime. Someone would just have to steal
| the certificate.
|
| If an extension that reads all data uses a CDN (like
| CloudFlare) that CDN can execute a MITM attack against it
| and download new code, that would he catastrophic even if
| it was caught 1 day later.
| ls612 wrote:
| >Oh wait that is only for Chrome Apps. For extensions,
| they can literally update themselves anytime. Someone
| would just have to steal the certificate.
|
| Mozilla reviews signed extension updates. Something tells
| me uBO is one of the most scrutinized given how very many
| users it has.
|
| >If an extension that reads all data uses a CDN (like
| CloudFlare) that CDN can execute a MITM attack against it
| and download new code, that would he catastrophic even if
| it was caught 1 day later.
|
| My threat model doesn't include state actors targeting me
| specifically. Not sure much of anything works against
| that threat model besides _maybe_ iOS in Lockdown Mode as
| your only device.
| red_admiral wrote:
| I have an extension like that called uBlock. If that ever
| gets compromised or sold, I will have much bigger problems
| ...
| immibis wrote:
| Yes, they can change it, that's what Manifest V2 deprecation
| is about. It will break a lot of ad blockers, because they
| rely on being able to read anything and change anything on
| all websites. Many people feel that Google is doing it to
| make more people watch more ads, not to improve security.
| Analemma_ wrote:
| Yeah, I think this entire debate is uninformed hysteria and
| manufactured outrage. "If an attacker has administrator access,
| they can see everything you have done on your computer!". OK?
| That has literally always been the case? "Attacker is root" is
| game over and always has been. The original writeup from
| DoublePulsar tried to justify that Recall is somehow different
| from other such scenarios, but I found it totally unconvincing.
|
| I think it's the right move to have it off by default, but I'm
| just not convinced by the outrage here.
| mostlysimilar wrote:
| Recall FEELS like being watched. Your browser history does
| not.
| listenallyall wrote:
| To be clear, I am not in favor of Recall or dismissing its
| intrusiveness. However, the correct comparison is not just
| "browser history". Google is also tracking your search
| history, passwords (built-in password manager), location
| history (Google Maps), ad clicks, and more. All-in, it's a
| LOT of data.
| mostlysimilar wrote:
| I'm with you -- I avoid Google products for the reasons
| you listed and am staunchly anti-surveillance capitalism.
| I just meant to say that even for a person with my very
| plugged-in perspective on these topics, Google's
| violations of my privacy still don't feel quite as
| invasive as Recall feels, even if on paper it's just as
| egregious and dangerous.
| Tool_of_Society wrote:
| Browser history doesn't show my passwords, everything I typed
| out and did on the machine.
|
| In comparison browser history is nothing.
| Analemma_ wrote:
| You're missing the point. An attacker can only see the
| passwords in your Recall database if they have root, but if
| they have root there are (and always have been) a thousand
| other ways they can get your passwords. There is no new
| attack vector being introduced by Recall.
| Benedicht wrote:
| If an attacker got root with recall they might not need
| to wait the user to type their password and risk
| detection. The information they want to know might be
| already in the recall database.
| morder wrote:
| One difference is that you can get root access after the
| fact and get however much prior data Recall recorded vs
| only going forward.
| fh9302 wrote:
| It is possible to access to Recall database without admin
| access.
|
| https://x.com/GossiTheDog/status/1798832390070276500
| sgent wrote:
| RTA, Microsoft announced changes to the security model to
| prevent that.
| fh9302 wrote:
| I did read the article. The person I'm replying to claims
| the entire debate was "uninformed hysteria", which means
| they thought the previous security model already required
| admin.
| smaudet wrote:
| Another big, big difference, anybody, not just some
| black-hat pro with a long kill chain of zero-days, has a
| fantastic source of data to exfiltrate.
|
| Perhaps you didn't note before, or are one yourself, but
| this includes e.g. abusive spouses. Sure, maybe the
| abusive spouse could hire a black hat, but this is very
| different to a drunk low-life wife-beater casually
| snooping through "recall".
|
| It might not be a "new" attack vector, but its absolutely
| a complete degradation to any computer security.
| sanktanglia wrote:
| You can get cookies/tokens from chrome databases so its the
| equivalent to passwords in alot of cases
| amusingimpala75 wrote:
| Except that before today you didn't even need admin for
| access to the database, any process that is allowed to read
| things could access the Recall database.
| shermantanktop wrote:
| In a typical bigcorp environment, laptops are loaded with
| silently installed spyware. Certainly equivalent to taking a
| screenshot every second or an always-on keylogger.
|
| The horse is out of the barn for many people during work
| hours. But in the OS and on by default is a different story!
| andrewmutz wrote:
| If there's AI involved, everyone's panic level skyrockets.
|
| No one retweets "Attacker gaining root access reveals all user
| information", but instead "Attacker gaining root access reveals
| all user information collected by AI program" will go viral for
| sure.
| ydnaclementine wrote:
| Does Recall run entirely locally? I don't think your browser
| history gets sent out
| toyg wrote:
| I expect it does, if you're using Chrome outside of Incognito
| Mode. Iirc, there is an opt-out about "web history" on the
| google account - which then disables some other things so
| that it annoys enough people into keeping it on.
| juancn wrote:
| It does, that's why it needs an NPU to run.
| al_borland wrote:
| It does, but who's to say insights in gains won't ever be
| sent back and used/sold?
| layer8 wrote:
| The vulnerability is that the first thing any malware that
| happens to run on the PC will do is upload the Recall
| database, giving the attacker your entire usage history since
| installation (and of any other user account on the same PC).
| This can then be analyzed for worthwhile targets for scams
| and blackmailing.
| russdpale wrote:
| no it isnt the same, you may know I went to my health care
| provider's website, maybe even to make an appointment depending
| on the url, but with recall, everything that is on the page
| will be stored, not just the url. It's totally different. So
| the message I sent my healthcare provider that is discussing
| some of my most sensitive medical issues will be available to
| read and a record is kept of it... not just the url. Do you not
| see the difference?
| herf wrote:
| Yes, but one product cycle and there's metadata (like a
| background texture) that tells the OCR to skip this page. Or
| ask your local LLM if the user is talking about medical
| conditions? If you like the feature at all you can make these
| things work.
| entropicdrifter wrote:
| "If you like the feature at all you can make these things
| work."
|
| It's not on the individual users to take steps to preserve
| their basic human dignity. It's not Microsoft to not take
| that dignity away _by default_ as was their plan before
| this fiasco predictably blew up in their faces just like
| the Xbox One always-online Kinect requirement before it.
| biftek wrote:
| Your browser history doesn't contain screen recordings of what
| you do on websites
| nyrikki wrote:
| Their is a very different scope at the OS level.
|
| Most of us know that the public Internet is based on
| surveillance capitalism, no matter if we hate it or are just
| complacent or ignorant.
|
| OS wide is far more problematic and of low value to the user.
| GordonS wrote:
| Your browsing history is unlikely to contain personal
| information, secrets, porn images etc. And if you use Chrome,
| they get your full browsing history by default.
|
| I get your point, but Microsoft's Recall can capture _anything_
| onscreen - emails, personal info, porn, passwords and the like.
| And it feels, bizarrely for 2024, that little thought has gone
| into privacy or security.
| axus wrote:
| It's analogous to phone call metadata vs. the contents of the
| phone calls.
| GordonS wrote:
| Yes, it's a good way to put it. Though it's worse in some
| respects, since AI will add "context" to the "contents"
| too.
| giobox wrote:
| Perhaps. A key difference though - history files can
| include the individual pages I requested from the same
| host. Right now I have like 50 entries for the various
| posts I read just from HackerNews, all as separate line
| items etc etc.
|
| In the case of the phone, one simply sees recipient of
| call, duration etc, regardless of how much information was
| exchanged. The phone I'm calling is arguably analogous to
| the server I request a page from, in the metadata context.
|
| I'd argue browser history is significantly richer in some
| regards due to this. It's not unheard of for user
| identifiers to appear in URL paths either - try visiting
| https://news.ycombinator.com/user?id=<HN user name>... In
| my Chrome, that's instantly in the history file with my
| username.
| nomel wrote:
| > that little thought has gone into privacy or security.
|
| I think the thought is proportional to the amount of thought
| a non-tech customer will put into it. Nobody seems to care
| about or understands privacy these days. Everyone knows
| they're being tracked everywhere they go physically and on
| the web. People use their real names, address, etc for every
| junk service they sign up for, without seeing any reason not
| to. If you tell people that their TV is tracking and taking
| screenshots of what they watch [1], they say "yeah, Netflix
| knows too".
|
| It's literally, "how it's always been" for any non tech
| person under 30.
|
| [1] https://themarkup.org/privacy/2023/12/12/your-smart-tv-
| knows...
| haswell wrote:
| > _I think the thought is proportional to the amount of
| thought a non-tech customer will put into it._
|
| Part of me wonders if this is the consequence of how
| accessible tech has become, and the prevalence of
| increasingly non-technical product managers. I'm a former
| PM, and I'm not here to denigrate the PM role, but the fact
| that a product like Recall got shipped says a lot about the
| makeup of the product org that shipped it.
|
| While I get that younger people tend to see privacy
| differently, I'd argue this isn't really a privacy issue,
| it's a security conversation, albeit with obvious privacy
| implications. Leaking what apps I use or what sites I visit
| is mostly a privacy issue. Leaking what I type into the
| boxes on those sites is a security issue. If the end result
| of leaking this info is the attacker can pwn all of my bank
| accounts, we're solidly into security territory.
|
| The fact that this got shipped means that multiple levels
| of leadership either didn't think about the consequences or
| didn't care about the consequences. I hope it's the former,
| because that means they can learn from the backlash and
| hopefully recalibrate.
|
| Microsoft is in a position of power that IMO requires a
| significant duty of care and responsibility to their
| customers, and lapses like this need to be judged through
| that lens, i.e. it is their entire business to make sure
| features like this are safe.
| xattt wrote:
| > The fact that this got shipped means that multiple
| levels of leadership either didn't think about the
| consequences or didn't care about the consequences. I
| hope it's the former, because that means they can learn
| from the backlash and hopefully recalibrate.
|
| There was probably from lower decks, where they are
| closer to reality. However, people are scared for their
| jobs in this economy and likely didn't take it farther.
| intended wrote:
| I think it's a good point - these are still privacy
| issues, and being fatigued with the impossibility of
| defending privacy is indication of a power imbalance, not
| an acceptable default for humanity.
| elevatedastalt wrote:
| It's not surprising once you consider that all the big
| tech firms hire MBAs for their PM roles. The ideal PM
| profile for these companies is someone with consulting
| experience who just finished an MBA.
| sumtechguy wrote:
| > Everyone knows they're being tracked everywhere they go
| physically and on the web
|
| That sounds good to some people. But if I mentioned it to
| most people in my family they would probably be rather
| weirded out by it. They probably also would have no idea of
| the scope of the size of it and how it is being used
| against them.
| skydhash wrote:
| Do you listen to music only with earbuds? Do you cover your
| face when going outside? Do you transform your voice for
| each person you're talking to? Are you buying only with
| cash that you handled with gloves?
|
| Privacy is not a binary concept. There are actions and
| information that some people are ok being public, and there
| are some they prefer to remain private.
|
| What is not OK is spying and exploitation. I should know
| what data you're collecting and preferably specify which
| I'm ok with. I also should know what is intended for and
| preferably for most of it to be anonymized.
|
| Most people expect reasonable privacy policies from
| companies and they believe that there's some regulation in
| place.
| SoftTalker wrote:
| It's how it's always been, always.
|
| Many here may be too young to remember when many consumer
| products came with a "product registration" card. This was
| basically a postcard that asked for all sorts of
| information, such as your name, address, phone number,
| birthdate, sex, SSN, marital status, annual income,
| interests, other products owned, whether you own or rent
| your home, etc.
|
| People willingly filled these out and sent them in. All the
| info went into databases that were merged with other
| sources and traded around various marketing agencies on
| 9-track tape reels. Advertisers could get mailing lists
| segmented by age, sex, income level, geographical region or
| specific zip codes, etc. for their campaigns.
|
| It's all much more pervasive and invisible now, but it's
| basically what has always been done.
| smaudet wrote:
| > It's how it's always been, always.
|
| I don't know, I don't think sending in product
| registration cards could/would often result in your bank
| account being drained...
|
| > It's all much more pervasive and invisible now, but
| it's basically what has always been done.
|
| So you admit it is far worse today than it was before?
| But the second half of your sentence seeks to
| disingenuously pretend that it has "always" been bad.
|
| I can be sick with a cold or I can have stage-four brain
| cancer. People have "always" been sick but one is serious
| (terminal cancer) one is not (a non persistent cold).
| piva00 wrote:
| > It's all much more pervasive and invisible now, but
| it's basically what has always been done.
|
| Basically is doing a lot of work here, the level and
| degree of how much data is vacuumed, processed, and used
| for targeting nowadays is orders of magnitude of
| difference from these primitive ways.
|
| A tent and a house are basically the same: a shelter.
| ragnese wrote:
| > And it feels, bizarrely for 2024, that little thought has
| gone into privacy or security.
|
| No, no. They thought about the privacy and security aspect.
| They decided that it's better for their bottom line if
| Windows users don't have privacy from the mother ship.
| Really, they already decided that way back when Windows Vista
| first came out and periodically asked Microsoft HQ if you
| should continue being allowed to use your computer.
| Sharlin wrote:
| I mean, you can't even install Windows 10 without it
| telling you several times that unless you opt out (again
| and again), it's going to send just about anything you do
| to Microsoft...
| SketchySeaBeast wrote:
| I think they actually did consider that - that's why they
| emphasized it was all on device. They thought about it, they
| just didn't think about how little we would trust that
| promise.
| pydry wrote:
| I'm perplexed that anybody thinks Microsoft were being
| dumb. They know exactly what they are doing and putting the
| pieces in place to violate users' security _is_ the point.
|
| Theyre just boiling the frog slowly. It'll be turned on by
| default soon enough and then theyll start looking for
| excuses to upload it.
|
| This can be used to make them a shedload of money one day.
| INGSOCIALITE wrote:
| on the contrary, i think a LOT of thought went into privacy
| and security. specifically, how to ignore and bypass it.
| thaumasiotes wrote:
| > Your browsing history is unlikely to contain [...] porn
| images
|
| Of all the places on your computer that might contain porn
| images, that would be one of the very top candidates.
| GordonS wrote:
| Nope - links to porn sites (but who browses porn without
| Incognito Mode! :), but it's not going to contain actual
| images.
| thaumasiotes wrote:
| As far as metadata versus data, the URL of a static image
| automatically discloses the image itself. The only way to
| claim that the history doesn't actually contain the image
| is if you assume that the site has gone defunct.
|
| Unless, of course, you're willing to argue that a porn
| image stored on the local hard drive isn't contained in
| any folders on the same PC that soft-link it. You might
| have an interesting time trying to justify why it _is_
| contained in folders that hard-link it.
| adamomada wrote:
| I always joked around that Firefox made the incognito
| shortcut CTRL-Shift-P for Porn mode
|
| (I really wish they followed the "standard" keyboard
| shortcut)
| dragonwriter wrote:
| No, the browsing _history_ isn 't likely to (data URLs I
| guess make it technically possible, but...); your browser
| _cache_ might.
| TiredOfLife wrote:
| No thought at all. Just by default auto exclude private
| browser windows and password managers. No thought at all.
| GordonS wrote:
| It's a turn of phrase; it doesn't mean _literally_ no
| though at all!
|
| On a more relevant note, how can it know when a private
| browser window is open in anything other than Edge? Same
| question with the password manager - is there going to be
| some new API that apps have to "opt in" to to enable
| Windows to recognise them?
| shawnz wrote:
| What about the browser cache? And isn't there some capability
| in many browsers to store form field contents when navigating
| back/forward too?
| torstenvl wrote:
| They're quite obviously very different, as browser history
| doesn't tend to include things like financial details or
| information subject to an NDA.
| sho_hn wrote:
| The browser history may not, the cache and other local
| storage may well.
|
| The take-away is simple though: Modern desktop operating
| systems need a security model where individual applications
| are sand-boxed and protected from each other.
|
| Legacy systems have security models that protect users from
| each other, but this isn't the personal computing world we
| live in anymore.
| juancn wrote:
| The ickier parts are on the unintended capture side, like
| enabling "show password" on a site doesn't affect browser
| history but Recall may capture it in the clear.
|
| Or from history you may see that you accessed a site, but not
| what you did on it (what comments you typed for example).
| byteknight wrote:
| This is a horrible comparison. Browsing history doesnt show the
| contents of the page. It doesnt show you what you were doing on
| that page. It doesn't reveal anything other than you went there
| and maybe how long.
| nottorp wrote:
| Well, on old school sites where there are static pages each
| pointed to by an unique url, yes it does show the contents of
| the page :)
| neilv wrote:
| One difference is that Web browser history has been there 30
| years, since before most people at the time had even touched a
| Web browser.
|
| At the time, it wasn't very thinkable that someone would have
| the audacity to take and abuse that information.
|
| It dates from when Internet people overall were more savvy
| about privacy than users overall today are, _but_ it was also
| when the Internet was closer to a trustworthy environment, and
| before Wall Street sociopath types took over the tech and the
| culture.
|
| Lots of kinds of abuse that today are routine and almost
| universal, for even startup tech companies, (e.g., embedding
| third-party trackers into Web site, and getting even worse from
| there), I think would've gotten them ostracized, and outraged
| demands for criminal charges.
|
| During the dotcom gold rush, there was such a flood of totally
| new, posturing people, and so much money being thrown wildly at
| everything, that any remaining outrage was lost in the noise.
|
| And now virtually no one knows any different.
|
| But if you're trying to push some _new_ abuse today, I think
| ordinary people are _starting_ to have some awareness of what
| vicious sociopathic buttholes tech companies have become, and
| so acceptance might not be a slam-dunk.
| usrbinbash wrote:
| 1. Browsing history doesn't show what the user is doing on the
| page. There is a big difference between logging "user visited
| his e-banking app", and logging his actual credentials as they
| are entered.
|
| 2. Browsing history watches one app. Screenshots watch
| everything across the entire OS.
| kenny11 wrote:
| Not just credentials - account balances, account numbers,
| etc. There's a big difference between your browser history
| recording that you opened your bank or healthcare provider's
| web site and Recall recording everything that appeared on the
| screen while you did.
|
| People might use Incognito mode to browse porn, but I imagine
| it's a lot less common when looking at other sensitive sites.
| epanchin wrote:
| Talk on zoom to the wife while bathing the kid, stored on
| recall. VC the girlfriend, stored on recall.
|
| Does your browser history store pictures of your family?
| 1vuio0pswjnm7 wrote:
| Continuing with the comparsion, Recall applies to the entire
| operating system not just one application. To avoid it, one has
| to avoid Windows.
|
| Whereas to avoid browsing history, one only has to avoid the
| popular, graphical, advertising corporation browser. As I am
| not interesting in graphics, I do this everyday, with ease,
| because there are countless clients besides
| "Chrome/Safari/Edge" that work with the www for consuming
| information.
| AlexandrB wrote:
| All I can say is LOL. Off by default for Windows 11 24H2, on by
| default in Windows 11 25H2, impossible to disable in Windows 11
| 26H2 (except in enterprise versions of course). Microsoft's
| history with respecting the user's wishes speaks for itself.
| bonton89 wrote:
| Not to mention all the dark pattern lying nag dialogs that will
| trick you into turning it on, or just wear you down.
| the_snooze wrote:
| I saw a yellow dot alert next to the restart/shutdown button
| on my Windows machine the other day. Those historically
| indicate a request to restart to apply critical updates. But
| no, it was a message recommending I sign into a Microsoft
| account.
|
| That was the last straw for me when it comes to Windows BS---
| designs that only serve Microsoft, and disrespects all the
| other times I've said no to their crap. I switched everything
| over to Linux the next day.
| ASalazarMX wrote:
| Given their eagerness, I'd guess:
|
| > on by default in Windows 11 25H1, impossible to disable in
| Windows 11 25H2
| wishfish wrote:
| I'm a little more optimistic. Cortana was mandatory at first.
| Not easy for the average user to disable. Then Cortana was
| optional. Easy to turn off and uninstall. Then Cortana was just
| gone. Floated off to the big orbital in the sky.
|
| If Recall continues to inspire grumbling and receives very
| little praise, I could see it unceremoniously removed in a
| Windows 12 26H2 Feature Update.
| modeless wrote:
| It is puzzling to me that so many people seem to think this
| concept has no value. To me the concept is obviously good and
| something I have wanted for a long time.
|
| Of course the security of the implementation is important and I
| agree with some of the criticism there. But I see a lot of people
| arguing that the feature is worthless, or that it doesn't make
| sense at the OS level, or that Microsoft specifically should not
| be allowed to add it to Windows, and I have to strongly disagree.
| mschuster91 wrote:
| The concept itself _has_ value, but the ethical and legal
| concerns are severe, not to mention the issue of Recall also
| capturing sensitive stuff like passwords.
|
| Microsoft, Google, Apple - _everyone_ is scared shitless of
| some AI startup kicking their nutsacks, and is launching
| products that should have gone through extensive ethics
| discussions beforehand in a matter of weeks.
| russdpale wrote:
| passwords are the last of it, think about women inquiring
| about abortions in states where they aren't legal. Or people
| trying to get away from an abusive partner, on and on it
| goes.
| mschuster91 wrote:
| Agree on the "abusive partner" scenario, but regarding
| abortions, local police already can abuse dragnet orders on
| Google Maps [1] - even though they promised to auto-delete
| anything regarding abortion clinics, there are more than
| enough other ways for police to target pregnant people.
|
| [1] https://www.npr.org/2022/07/11/1110391316/google-data-
| aborti...
| LegitShady wrote:
| the concept is valuable but so ripe for abuse that even it
| existing at all is a threat to everyone's privacy.
|
| I have been a windows user basically my whole life. 3 years ago
| I got an ipad pro (2018, 12.9") for drawing and I hate the
| operating system. 7 months ago I got a steam deck and its fine
| for games but doing anything in the OS is confusing and
| annoying.
|
| Microsoft announced recall and suddenly I'm using a spare
| computer to test linux distros, and I suck at everything to do
| with linux and I'm doing it anyways.
|
| It's too dangerous, to much an invasion of privacy, and too
| easily enabled completely outside of my control.
| A4ET8a8uTh0 wrote:
| Hmm. I think I can respond here.
|
| No one is really saying this feature has no value. For a user,
| there is value to being able to get to a previous point in
| time. That feature, however, is clearly not very well designed
| and implemented if it took days for it to be cracked on the
| internet for everyone to see. If I could trust that it _STAYS_
| local, maybe I would be less paranoid. But this is MS we are
| talking about.
|
| Personally, I am glad this thing was created. It may be finally
| make people hesitate over the evolution of PCs.
| Tool_of_Society wrote:
| Indeed since this is MS you can guarantee this is just a
| another step in them expanding their ability to monitor your
| habits for further monetization.
| sseagull wrote:
| > clearly not very well designed and implemented if it took
| days for it to be cracked on the internet for everyone to see
|
| I really don't understand this line of thinking. What was
| cracked? That the database is readable, unencrypted? How
| could it be encrypted and usable at the same time?
|
| > If I could trust that it STAYS local
|
| This I agree with. While it's local now, not trusting MS is a
| valid belief, given their past behavior. If they feel sending
| some of the info to the cloud could get them $$$, then they
| will do it. Although I feel regulators might be pretty quick
| on this one...
| A4ET8a8uTh0 wrote:
| << I really don't understand this line of thinking. What
| was cracked? That the database is readable, unencrypted?
| How could it be encrypted and usable at the same time?
|
| I am admittedly mildly confused by this response. Do online
| portals typically use unencrypted passwords? Do they let
| data flow unecrypted? Are those portals somehow unusable?
|
| Could you elaborate a little bit? It is possible I am
| misunderstanding your point.
| sseagull wrote:
| I have only been somewhat paying attention, but there
| were lots of stories about someone "cracking" the
| implementation of Recall and getting access to the
| locally-stored database. The criticism is that it is
| easily accessible, but it's hard for me to imagine it any
| other way and have it still be useful. It's still
| encrypted at rest, but must be unencrypted for data to be
| written to it.
|
| There is plenty to criticize about Microsoft, but that
| one seems manufactured.
|
| As far as I know, the database is local, and Recall does
| not use the cloud at all. That also means that you can't
| view the history from one computer on another. But I
| agree that trust that it will stay that way is not
| particularly wise.
| A4ET8a8uTh0 wrote:
| << "cracking" the implementation of Recal
|
| I think you have a point there. Would you accept reverse
| engineering[1] as a more accurate term instead of
| cracking?
|
| << I have only been somewhat paying attention
|
| We are in the same boat. I saw the thing pop in my feeds
| in the past weeks. I skimmed it, thought it was a bad
| idea, but since I don't have a PC that would be affected,
| mostly ignored it. I think I only pay more attention
| today, because it is the weekend and somehow my testing
| is not ready for me..
|
| [1]https://en.wikipedia.org/wiki/Reverse_engineering
| [2]https://www.wired.com/story/microsoft-windows-recall-
| privile...
| sseagull wrote:
| Ah I see. I guess that came across as criticizing your
| terminology, but it was more aimed at the general hype
| around those reverse-engineering articles, which seemed a
| bit over the top to me :)
|
| Either way, I'm holding off on buying one of these PCs
| until some real-world info comes out (no one really has
| this capability yet, so it's all largely speculative).
| musictubes wrote:
| I have also only been skimming the info but the issues
| seem to be:
|
| 1) Recall takes snapshots of user's activity and then
| copilot analyses it and keep the info in a plain text
| database.
|
| 2) The database is accessible to other accounts in the
| same computer.
|
| 3) The database is kept very small in order to save
| storage space. The trouble is that it is so small that it
| takes no time at all to upload it. One researcher
| infected his machine with a know piece of malware. By the
| time the AV software recognized it the database had
| already been sent.
|
| 4) Oncenthe database is in hand it is trivial to see
| whatever the person was working on and what information
| was involved. Apparently you can literally see some
| things.
|
| So yeah, collecting large amounts of sensitive data makes
| for a very juicy target.
| modeless wrote:
| > No one is really saying this feature has no value
|
| Oh yeah?
|
| > I have a really hard time understanding the use case for
| something like this. Stuff that I want to remember I just
| write down https://news.ycombinator.com/item?id=40612277
|
| > the only people that really want this feature are the ones
| trying to push it down everyones collective throat. Why is MS
| pushing something so hard when nobody asked for it?
| https://news.ycombinator.com/item?id=40611263
|
| > It really doesn't [sound like a cool feature]. Not a single
| person I've spoken to likes the idea of this, at all
| https://news.ycombinator.com/item?id=40445335
|
| > i have never wanted to go back in history [...] what's the
| use case https://news.ycombinator.com/item?id=40544521
|
| etc.
| cesarb wrote:
| > It is puzzling to me that so many people seem to think this
| concept has no value. To me the concept is obviously good and
| something I have wanted for a long time.
|
| The issue is not that the concept has no value. The issue is
| that the risks and drawbacks are so severe, that they override
| any value the concept would have.
|
| It's like asbestos, or leaded fuel; these have several useful
| properties, but their drawbacks are bad enough that they have
| been banned in many places.
| modeless wrote:
| That's your opinion, but you can't deny there _are_ a lot of
| people arguing that the concept essentially has no value.
| Even on this very page.
|
| > I have a really hard time understanding the use case for
| something like this. Stuff that I want to remember I just
| write down https://news.ycombinator.com/item?id=40612277
|
| > the only people that really want this feature are the ones
| trying to push it down everyones collective throat. Why is MS
| pushing something so hard when nobody asked for it?
| https://news.ycombinator.com/item?id=40611263
|
| > It really doesn't [sound like a cool feature]. Not a single
| person I've spoken to likes the idea of this, at all
| https://news.ycombinator.com/item?id=40445335
|
| > i have never wanted to go back in history [...] what's the
| use case https://news.ycombinator.com/item?id=40544521
|
| etc.
| aikinai wrote:
| I switched to Macs in 2006 and haven't felt like Windows' grass
| is greener once since then. Until today.
|
| Maybe it shouldn't be on by default, but this looks amazing.
| mackrevinack wrote:
| make it a separate program that people can install if they want
| to. if its really that great then people will download it
| ffhhj wrote:
| And how are they going to convince people to be surveilled
| voluntarily? This needs to be behind a switch they can silently
| enable in some update, ofcourse.
| ratg13 wrote:
| This isn't new technology. Apple has had "Rewind" for some
| time, which is basically the same thing, and it's widely
| used.
|
| The major difference is that it's a 3rd party software, not
| bundled with the OS, and you would have to intentionally go
| out and buy it and install it.
|
| Microsoft has just taken it for granted that everyone would
| want this and then forced it on everyone.
| LordKeren wrote:
| We will never see Microsoft ship a major product like this and
| not have it bundled in to a windows update. (Rather than
| specific install)
|
| After their success with installing Teams, Microsoft has seen
| that the regulators will not proactively stop this kind of
| thing anymore
| foxandmouse wrote:
| Do we know anything about Linux support for Snapdragon X..
| Personally, I don't trust Qualcomm with Linux support. Their WiFi
| adapters don't work properly with Linux. Their mobile SoC that
| supposedly have mainline support only have the CPU part working,
| but GPU, modem, Bluetooth, etc. won't.
|
| Also, wasn't their history of closed source drivers and their
| short support timeline was the reason Android devices only ever
| got 2 years of updates only a few years back?
| wishfish wrote:
| Here's what Qualcomm is saying:
| https://www.qualcomm.com/developer/blog/2024/05/upstreaming-...
|
| They claim they're all in on making Linux work seamlessly on
| the Snapdragon X. I'll leave it up to you on whether or not to
| believe them.
| foxandmouse wrote:
| Funny enough, that's the article I read before commenting.
| They've made bold claims in the past and failed to deliver.
| SavageBeast wrote:
| In all the MS Recall drama, I've yet to hear or read one single
| person utter something to the effect of "Wow - great!!! - I've
| been waiting for something like this for years! This will solve
| at least one of the major issues I face regularly!". In fact, it
| seems to me the only people that really want this feature are the
| ones trying to push it down everyones collective throat. Why is
| MS pushing something so hard when nobody asked for it?
| LordKeren wrote:
| Rewind.ai is the Mac version of this and many is the same
| talking points apply. However, it's a third party tool, and as
| such isn't enabled by default.
|
| I think most, if not all, of the overwhelmingly negative
| feedback is tied to this being enabled by default, and shipped
| by default
| WorkerBee28474 wrote:
| I use the search inside Windows all the time. To me, this seems
| like a 2% improved version of that. Probably useful, mostly
| mundane, something I would use but not get excited about.
|
| I assume they would push it for the same reason they would push
| any other mildly-useful feature improvement.
| rchaud wrote:
| I've heard Microsoft wants to do away with on-device Windows
| entirely for consumer devices, and go with a "dumb client" form
| factor that is always connected to a remote Windows server.
|
| I'm not sure who at the org is pushing for this as it would
| essentially hand the PC games market to SteamOS. I suppose they
| saw how well it's worked for enterprise customers that
| essentially already use a Windows VM through Citrix or some
| other provider, and think this would solve the virus/malware
| problem once and for all.
| nottorp wrote:
| > as it would essentially hand the PC games market to SteamOS
|
| ... or they will just stop developing windows games and do
| only xbox/playstation games ...
| cesarb wrote:
| > I'm not sure who at the org is pushing for this as it would
| essentially hand the PC games market to SteamOS.
|
| PC games can already be played on a remote server, using
| services like Stadia, so it would not necessarily hand the PC
| games market to local Linux-based devices running SteamOS
| (like the Steam Deck).
| dabbz wrote:
| It's because there's a huge cloud first push internally.
| Leadership is trying to find any way they can find to
| leverage Azure and recurring revenue.
| callalex wrote:
| Rent-seeking is not new human behavior, it's just been enough
| generations that the lesson must be collectively learned
| again.
| wing-_-nuts wrote:
| When this was announced I actually saw a post by someone who
| used a similar tool for time tracking in OS X and they claimed
| it was really helpful.
|
| To be frank, I would not mind having this feature on linux
| provided it was _entirely local, and encrypted_.
| Daedren wrote:
| As long as stockholders think it'll be good, that's what
| matters. Perceived value is easier to create than real value.
| chrisjj wrote:
| > Why is MS pushing something so hard when nobody asked for it?
|
| Here's the thing. When no-one asks for it, hard push is the
| only way to sell it.
|
| :)
| Terretta wrote:
| On the contrary, executives at the office have been coming to
| me about various such tools for months now. It really picked up
| last fall.
|
| Microsoft was last to the party.
| pdntspa wrote:
| Honestly this whole thing reeks of some sort of data grab
| dressed up as an "innovative" new feature. They probably wanted
| a bunch of new training material for their AI projects, and
| this is what they came up with.
| barbazoo wrote:
| > when nobody asked for it
|
| It's easy to say if you aren't one to benefit from this, but
| that doesn't mean no one will or that no one asked for it.
| mikehearn wrote:
| I can be that guy. I use Rewind for Mac, which is almost
| identical to Recall in functionality. I love it, and I've used
| it frequently to find things that otherwise would have been
| lost forever.
|
| Most recently I used it to refresh my memory on a particularly
| convoluted way to authenticate with a third-party oauth system
| (it involved using an online oauth debugger and curl commands).
| I had gone through the process once successfully weeks ago, but
| by the time I had to do it again I'd forgotten every detail.
| Rather than have to go through the process of figuring it out
| again, I went back to my successful attempt, watched it, and
| basically retraced my steps. Rewind probably saved me an hour
| or two.
|
| My take on Recall is that, like with almost everything, it's a
| trade-off of security for convenience. I find it valuable
| enough that I'm willing to make the trade-off, but others might
| not.
| pjmlp wrote:
| Just go to Windows Central, and you will get a couple of
| editors shouting exactly that.
| delecti wrote:
| Security nightmare aside, it seems like it would be handy all
| the time. Surely everyone has had trouble finding a website or
| document or email again, days or weeks later?
| ragnese wrote:
| Documents and emails are probably easier to find via old-
| school text searching, though.
| roywiggins wrote:
| Most or indeed all of that doesn't need screen-scraping
| though.
| vondur wrote:
| It could be handy if the data was stored locally and was
| managed by the users.
| wvenable wrote:
| It is.
| ragnese wrote:
| > In all the MS Recall drama, I've yet to hear or read one
| single person utter something to the effect of "Wow - great!!!
| - I've been waiting for something like this for years! This
| will solve at least one of the major issues I face regularly!".
|
| There were definitely some comments in a previous HN post about
| it that attempted defend it and to paint everyone else as
| overreacting. Several of them even said that they thought it
| would be useful for something they might hypothetically like to
| remember or search for... I don't really remember, because the
| whole thing is crazy to me and I think it's crazy for any tech-
| savvy person to be running Windows in 2024.
|
| > Why is MS pushing something so hard when nobody asked for it?
|
| I assume this is a rhetorical question, but just in case it
| isn't: this is not a feature/product for Windows USERS. This is
| a feature to help train/test MS's AI stuff- YOU are the
| product, not the customer.
| chucke1992 wrote:
| Has the new Copilot devices even launched? Because I don't
| think that aside journos anybody else has even tried to play
| with the Recall yet.
| haswell wrote:
| If I knew that the data could be absolutely kept safe and
| private to me, I'd love a feature like this. Keeping track of
| my work over time would be so much easier.
|
| The natural next step is to have a local model trained on
| everything I've ever done, and for all of my computing tasks to
| be contextual to that history.
|
| I could see this transforming how we use computers.
|
| But I wouldn't go anywhere near Recall.
|
| I suspect Microsoft is pushing this so hard because they want
| to do what I just described, and they want to start collecting
| the data necessary to enable it ASAP.
|
| I can easily see a future capability that people might love
| that they wouldn't have even known to ask for. But the way
| they're rolling out Recall is certainly not a good foundation.
| rvense wrote:
| For tech savvy people, it's a bewildering feature. Why would I
| want some weird unpredictable AI thing when I've already got
| filesystem search, browser bookmarks, the neatly categorized
| PDF collection, and my Zettelkasten/2GB Org.mode doc/Joplin
| notes?
|
| But for non-technical people, of course, computers are already
| unpredictable. They routinely (appear to) misplace files and
| overwrite them with previous versions, and if the URL falls out
| of autocomplete the site might as well not exist. For people
| who google to find the Facebook login page, this would simply
| be how computers should work. You tell it to give you the thing
| and it gives you the thing. How that happens is immaterial.
| chuckadams wrote:
| I'm plenty savvy and I'd like that AI thing. I'd just like it
| to be more discerning about what it records, and managed in a
| way that's not a pinkie-swear promise to protect my privacy.
| MS has a track record both long and recent that shows they're
| not the appropriate stewards of this data. I don't even see
| MS as mustache-twirling villains in general, just incompetent
| at an organizational level to stand up to whatever scheme any
| individual mustache-twirling marketing middle manager comes
| up with.
| usrbinbash wrote:
| I can, and am, using a locally running LLM with RAG on my
| personal wiki already.
|
| The difference between that and Recall: _I_ decide what
| goes into the wiki.
| callalex wrote:
| I know it's generally unhelpful to discuss voting on this
| site, but I must point out the irony that this particular
| comment chain started with "I haven't heard anybody saying
| they want this" and then the one comment saying "I want
| this" was rejected so hard it was threatening to disappear
| if I didn't save it.
| doug_durham wrote:
| Why are you conflating being tech savvy with being organized?
| Only a subset of people in tech that I know have the type of
| organization you describe. I personally rely on local search
| for everything.
| rurp wrote:
| This applies to most AI features that have been released
| recently. It feels like almost every business that wants to
| think of itself as a tech company has been desperate to throw
| out as many new features as possible that they can slap an AI
| label onto.
|
| Most of those features are garbage and make the product worse,
| either because they don't address an actual problem or because
| they are implemented poorly. But of course improving the
| product is at best a secondary concern, chasing the hype is far
| more important, both for the company itself and the individuals
| building this stuff.
| usrbinbash wrote:
| > Why is MS pushing something so hard when nobody asked for it?
|
| Because they bet big on AI, and hardware suppliers bet big on
| AI-enabled hardware, and so they are trying to find use cases
| for it.
| al_borland wrote:
| I've heard some people say this, but those people either don't
| understand what's going on, or they have to start off by
| staying, "security issues aside," which is basically saying
| that they'd like it in a magical world where they could have
| the feature without anything the system is doing to enable the
| feature.
| gnuser wrote:
| All the replies ignoring the elephant in the room: three letter
| pressure. To me such large moves could indicate an event is in
| the near/medium future.
| twobitshifter wrote:
| Imagine you could use Recall to train a model to do all the
| interactions that knowledge workers do on their computers using
| the exact same software, do you think there would be value in
| that?
| callalex wrote:
| I can also imagine that Recall could grow and cook my food
| for me, but it can't so that either so I don't really
| understand your point.
| layer8 wrote:
| To be fair, people recording their full terminal and browsing
| history forever is a topic that has come up regularly in HN
| submissions. It's certainly something people find a worthwhile
| idea.
| hedgehog wrote:
| It's interesting that for years Safari stored page screenshots in
| its history to allow a "coverflow" view and there wasn't broad
| concern.
| OtherShrezzing wrote:
| I think the main difference there (apart from the feature being
| deprecated over a decade ago) is that Coverflow stored a single
| thumbnail, from which you couldn't derive much information -
| it's metadata alongside your browsing history, but not much
| more than that.
|
| Meanwhile Recall takes a stream of high-quality images, from
| which a full reconstruction of your entire computer-use
| activity over the last 90 days can be reconstructed in high
| fidelity and searched through.
|
| From a security point of view, the threat models are a world
| apart.
| gigel82 wrote:
| Good progress, but to take it just over the trust threshold for
| me, I'd like it to be a component that you can add/remove (like
| Hyper-V or IIS); removing literally uninstalls the associated
| services, applications, DLL registrations, scheduled tasks, etc.
| chrisjj wrote:
| > requiring that users prove their identity via its Microsoft
| Hello authentication function any time they either enable Recall
| or access its data,
|
| So now I need MS permission to read my own data stored on my own
| machine? Insane.
| workfromspace wrote:
| It's sad that Microsoft (or any big company) wouldn't take a step
| back from such privacy intrusive or anti-user behavior unless
| there's a public backlash.
|
| Can't we just have a peaceful life without wasting time on
| constantly following and analyzing every single move from these
| companies?
| chinathrow wrote:
| Have you not seen Windows 11 lately?
|
| I have, and I am still happy to be on Linux as my daily driver
| for over 20 years now.
| bee_rider wrote:
| I almost want to start using Windows as a daily driver just
| so I can leave again.
| grugagag wrote:
| Microsoft will go ahead with Recall, will temporarily make it
| opt-in. Eventually, when weather is good they'll default it to
| opt-out. If new backlash ensues they'll PR that it was a a bug
| and turn it off only to bundle it later with something that
| can't be turned off.
|
| At this point MS is a toxic company that you're better off, as
| a user, to steer away from.
| PKop wrote:
| I think they'll abandon it after a few years like they did
| with Cortana, when the reality of no one wanting to use it
| sets in.
| ragnese wrote:
| > Can't we just have a peaceful life without wasting time on
| constantly following and analyzing every single move from these
| companies?
|
| Not if you're using Microsoft products, no.
|
| People continue to get irritated when "we" do this, but here I
| go: you should be running Linux exclusively on your personal
| computers. You should also stop buying "smart" shit.
| Workaccount2 wrote:
| I've been running linux (ubuntu) for last 2 years, for the
| 3rd time in my life.
|
| All I can say is:
|
| Linux does just about everything more efficiently than
| Windows, but Windows does just about everything better than
| Linux. What makes Linux so great is also what keeps it
| perpetually at ~5% adoption.
|
| I'm probably going to go back to Windows again soon. I'm just
| not interested in needing to learn a bespoke computer
| language to get the most of of my PC.
| ragnese wrote:
| Okay. And? I still think it's not in your best interest to
| do that, but I'm just some guy on the internet and you can
| do whatever you want. I also recommend that you don't smoke
| cigarettes, but I'm not going to lose sleep if you tell me
| you're going to do that, too.
|
| I'm not like so many who seem to have to rationalize their
| choice of Linux or other free software by pretending it's
| actually technically better than the proprietary for-profit
| stuff. It's not about that.
|
| Linux could get 10% of the battery life of Windows, have
| zero games, no Netflix/whatever support, and be slow as
| hell--I'd still choose it over proprietary options out of
| principle.
|
| I want to own my computer. I don't want my computer to spy
| on me. Microsoft is literally adversarial to its users
| (Apple and Google are, too, but Apple at least has slightly
| different incentives that might make them less bad). Why
| would I invite that negativity into my life? Life is hard
| enough without trying to fight against a trillion dollar
| company for my privacy when I don't have to. It's that
| simple for me: I'm not inviting a Trojan horse in. But,
| people act like I'm some tinfoil hat nutjob. I think
| everyone else is crazy for sacrificing their privacy for
| "but Windows has a game I like".
|
| Apologies for the preaching, but I don't know how to
| explain my point of view without it sounding like that!
| postepowanieadm wrote:
| Recall got recalled(ba dum tss).
| st3ve445678 wrote:
| It could still just be switched on and used to spy on an
| unknowing spouse for example... its just so creepy. Who asked for
| this feature?? No one did.
| k8sToGo wrote:
| In theory you could have always just installed a screen
| recorder to record your spouse even before this.
| mprime1 wrote:
| The AI training team asked for this feature
|
| (I'm being a bit provocative and assume today it stores locally
| only but a future TOS change will secretly and "anonymously"
| upload your data 'for training purposes' --- that's what
| everyone else is doing these days)
| st3ve445678 wrote:
| The same thought did cross my mind... would not surprise me.
| nativeit wrote:
| Microsoft keeps attempting to violate HIPAA on my clients'
| behalf. Before this, they turned on OneDrive backups via updates,
| and began moving sensitive documents onto their servers without
| prior authorization or consent. I documented the incident,
| because I honestly wasn't sure whether or not a lawsuit would
| result from it. I notified Microsoft, but never got a response.
| bongodongobob wrote:
| If your clients are storing sensitive PII on their desktop or
| my documents folders, they're already likely way the fuck out
| of compliance. Nice FUD though.
| jug wrote:
| I hope it can be uninstalled altogether. Actually I wish it was a
| Microsoft Store app. I mean, I don't want that codepath dormant
| in my OS for malware to enable via a Windows Registry value or
| whatever. No, not a screenlogger please.
| karaterobot wrote:
| Would love to know if any product research was done on this at
| all, or if it was a mandate from someone high up in Microsoft. I
| cannot imagine they'd go very long talking to potential users
| without hearing the exact same fears they seem to be surprised
| about today.
| kylehotchkiss wrote:
| Recall certainly validates China's government decision to try to
| get rid of Windows on government computers
| (https://www.marketwatch.com/story/china-reportedly-seeks-
| to-...). Of course recall wouldn't have been enabled on those,
| but the company providing the OS has made it clear they're
| willing to make such a sloppy attempt to AI all the things
| chx wrote:
| This is nothing.
|
| An abusive spouse will easily switch it to on. It's very likely
| Windows will downright push you to do so anyways.
|
| How does Microsoft intend to mitigate that harm?
|
| Because AirTags worked out just fine:
|
| > AirTags have been a tool for stalkers and domestic abusers
| since Apple launched them in 2021. Police records show that this
| is a problem, and the legal system has failed women who were
| targeted by stalkers using AirTags. There have been several
| instances where AirTag stalking has turned violent, and in at
| least two cases, resulted in the tracker murdering their target.
|
| https://www.404media.co/email/ce4cec4d-51c3-4101-b2b4-2c9a64...
|
| How many women will beaten and murdered because of Recall? Why is
| it that Microsoft reacts to software security concerns but not to
| the concerns of women?
| bigstrat2003 wrote:
| This is sheer moral panic. Of course tools can be misused by
| bad people, but that doesn't make it the tool's fault ("how
| many women will be beaten and murdered because of Recall"). It
| is the fault of the person misusing the tool to do bad things.
| pessimizer wrote:
| Thank god. I've been selling front door locks that don't
| actually work, and I'm glad that when people are robbed, it
| will be the criminal's fault, not mine. Instead of me selling
| locks that work, what needs to be done first is that all
| potential criminals should be made not to be criminals.
| chx wrote:
| Yes, much as airtag was sheer moral panic.
|
| Techbros never admit their myopic view.
| skazazes wrote:
| Knowing you could turn on recall to spy in this way implies an
| individual with the technical know how to grab a freeware
| keylogger anyways.
|
| Similarly with airtags, you have been able to buy cheaper
| cellular based GPS trackers for years prior to airtags
| existing.
|
| In the airtag case, those GPS tags also do not alert the
| individual that there is a beacon following their person, and
| as such most likely go unnoticed and under reported.
| pessimizer wrote:
| > Knowing you could turn on recall to spy in this way implies
| an individual with the technical know how to grab a freeware
| keylogger anyways.
|
| Strange that you were able to discover this. Has anyone asked
| you for your research? Does knowing how to grab a freeware
| keylogger imply that you know how to code up a keylogger for
| yourself, or did your study not go that far?
| chx wrote:
| There is a massive difference between switching on your new
| laptop and having a flaming big "look how cool recall is, do
| you want to switch it on? No? Are you _sure_ " versus finding
| recall.ai or openrecall.
|
| It is much the same with airtag.
| cynicalsecurity wrote:
| You are trying to appeal to morally corrupt people.
|
| Instead you should hurt their business. Ditch Windows, switch
| to open source solutions, do not but their product and
| services. This is the only language they understand.
| jrepinc wrote:
| Even if it shows being turned off you can't be sure it really is.
| And yeah they have a tendency to secretly turn malicious features
| on with little updates. One would really be naive to believe them
| after their past bad behaviour. It is just another step in slowly
| boiling the frog to death. Maybe it will be off by default only
| for as long as people get used to it and normalise it and then,
| next step turn it on again, more quietly of course.
| Foobar8568 wrote:
| I am done with Windows, I really love .net, SQL Server, WSL, but
| I have been burnt on so many of their tools, features etc,
| Windows 11 was the last straw (task bar unmovable? Are you
| kidding me? ), and Recall will be the never look back for my
| personal computing.
| k8sToGo wrote:
| Are you switching to Mac?
| Foobar8568 wrote:
| Already bought a MBP 16" M3 Max a couple months ago
| jgalentine007 wrote:
| I did - I had a Macbook air on and off on the side, but
| Windows was home base for 30 years. I ditched Windows for
| good when 11 came around, it has become untenable.
| neonsunset wrote:
| You don't need Windows for .NET, there are teams which actively
| use Rider and VS Code while using Mac or Linux laptops.
| lowbloodsugar wrote:
| >If you're faced with the trade-off between security and another
| priority, your answer is clear: Do security," Nadella's memo read
|
| Just insane that this wasn't already the rule.
| skc wrote:
| The first big mis-step of the Nadella era.
|
| Will be interesting to hear what he has to say when he's
| inevitably asked to comment in his next public appearance.
| ffhhj wrote:
| From the lack of security we could assume Nadella himself
| created Recall over the weekend with the help of Copilot.
| fooey wrote:
| This is something nearly on par with the xbox launch debacle
|
| Mind bogglingly tone-deaf and out of touch with what users want
| ragnese wrote:
| I remember the giant astroturf campaign when he first took over
| and Microsoft started "heart"-ing open source and Linux.
| Everyone/bot on the internet said that Microsoft had really
| changed and that anyone who was still skeptical of them was
| being irrational and out of touch.
|
| That's all.
| layer8 wrote:
| Windows 11 and its hardware requirements arguably is a big
| misstep already.
| _zoltan_ wrote:
| I think Recall is really cool and it's a shame that it's
| disabled.
| o283j5o238ju wrote:
| ... then you can turn it on for yourself. Unless you think it's
| a shame it's disabled for other people? Why would you be
| concerned about that I wonder?
| surfingdino wrote:
| Only to be enabled by default by the IT department of your
| mistrusting employer. Microsoft better remove Recall altogether
| if they want to avoid costly lawsuits.
| INGSOCIALITE wrote:
| where they can then verify, minute-by-minute that their remote
| employees are grinding away for every minute they are paid for.
| i'm convinced MS has two profit models here: 1) NSA/CIA/FBI/ETC
| 2) employer monitoring of remote workers.
| surfingdino wrote:
| 3) schools, and 4) parents.
| SoftTalker wrote:
| Employer IT departments already have access to and can install
| any number of tracking and screen-watching products to monitor
| their employess on work-issued computers. It's perfectly legal
| though in my view pretty scummy behavior.
| pixelpoet wrote:
| What makes my blood boil is that they are just going to keep
| pulling shit like this which they KNOW everyone (with zero
| exceptions) intensely HATES, and it's up to everyone to push back
| _ferociously_ (very high threshold) every damn time. It 's up
| there with "not now" instead of "get rekt and never ask me again"
| choices in terms of user-antagonism.
|
| I'm aware that other OSes exist, but I happen to hate Windows
| least on the whole :/
| csdreamer7 wrote:
| > I'm aware that other OSes exist, but I happen to hate Windows
| least on the whole :/
|
| Have you given Linux a try? Unless you have an Nvidia card or
| an Adobe workflow; it is usually good. The Nvidia issue may go
| away in a year.
| causal wrote:
| What do you mean about NVIDIA? I find their drivers have
| become pretty good. Especially so if you're using them with
| containers.
| pixelpoet wrote:
| Yeah, a few times. Got burned very early on installing
| Slackware from about 10 billion stiffie disks, and have kept
| up reasonable effort to be a responsible nerd and keep trying
| it, but every time there's some roadblock; when I was younger
| gaming was one example, being an MSVC dev has been a constant
| throughout, and yeah the ordeal with drivers is also more or
| less a constant.
|
| I'm an OpenCL guy, not even using CUDA, and have had a decent
| enough experience with AMD's drivers, but that wasn't enough.
| I still think MSVC, again with all its flaws, is the best C++
| IDE (I've similarly tried them all, repeatedly over decades).
| causal wrote:
| I'm glad that it's shining a light on the reality of Windows 11
| as a subscription and data collecting vehicle.
|
| If you still hate Windows least, that's almost certainly
| because it's what you know best. I work with Windows, Linux,
| and OSX on a daily basis and Windows is easily the most user-
| hostile of the three.
|
| Edit: All you know -> What you know best
| pixelpoet wrote:
| I've used them all, Mac OS most begrudgingly as needed for
| cross platform building and testing/support, Linux is alright
| (and obviously more powerful than Windows) but... just
| because I have programmer-level troubleshooting skills and
| computer knowledge, doesn't mean I want / have the energy to
| use the full force of that all the time for every random
| thing that could be solved with a simple dialog box and/or
| sane default. (I understand that opensource OSes don't have
| paid devs responsible for all this, but it is what is when I
| download it and try it out.)
|
| It's true that I'm most familiar with Windows; given free
| choice, why would someone use an OS they dislike more? I
| personally think Mac OS is more user-hostile (it's a whole
| _lifestyle and worldview_ they really want to sell you!) but
| it 's comparable.
|
| What I _actually want_ isn 't Linux or Mac OS, but a Windows-
| like OS that isn't so goddamn user hostile and doing stupid
| shit like always-listening Cortana or this Recall feature or
| whatever they feel trumps what the user actually wants. If
| there were a "Windows but actually a user-first product and
| not a data collection vehicle" I bet it would utterly crush
| in the marketplace (inasmuch as there is a viable market for
| OSes).
| fleshmonad wrote:
| >I'm aware that other OSes exist, but I happen to hate Windows
| least on the whole :/
|
| Would you like to share what you like about windows that you
| don't have on other operating systems, or what puts you off
| about other OSes? Not trying to be passive aggressive, just
| curious
| pixelpoet wrote:
| Sure; originally it was about having the best graphics and
| OpenCL drivers for my development needs, and that I've been
| an MSVC user since version 5. My hate for Windows pales in
| comparison to things like CMake / the overarching philosophy
| that every bit of software needs its own configuration
| language and cmdline arg convention, things like that.
|
| Around the time of Windows 7 for example, to me there was
| just no contest whatsoever in terms of ease of use, no
| shaming / cargo culting (Apple can piss right off telling me
| that my scroll direction is "unnatural" and pushing me to use
| Apple-everything, users putting stickers on their cars etc),
| ... Windows is just the default for people coming from a
| gamedev and graphics background from the 90s, for better or
| worse. I'm painfully aware of its shortcomings, and I don't
| want to champion Windows, it's just what made me hate my life
| least on average :)
| nottorp wrote:
| Hmm the real question is:
|
| Will you be warned when sending information to someone who has
| Recall on?
|
| Kinda defeats the purpose of all those confidential communication
| apps when everything is automatically screenshotted.
| aners_xyz wrote:
| What's funny to me in all of this is I'm pretty sure regular
| windows search is still really bad and I haven't heard them
| mention the feature "search for a file on your pc you know
| exists".
| k8svet wrote:
| They should've left it disabled, and then "accidentally" enabled
| it, or nagged people into enabling it. I think it would've boiled
| the frog slower and been more successful.
|
| Alternative cynical take: they needed to have a compelling story
| for press/launching the laptops they've been working with
| software/hardware partners on for years. They got to announce
| "Copilot+ PCs with Total^H^H^H^H^H Recall"! And now they get to
| walk it back enough controversy will die down and they can still
| do the first bit I mentioned. Hm.
| atribecalledqst wrote:
| Maybe a bit off-topic, but I sure wish they'd do this for
| OneDrive! I installed Windows for personal use for the first time
| recently (although I use it exclusively at work) and it drove me
| ABSOLUTELY BONKERS that my home drive was mapping to
| C:\Users\atribecalledqst\OneDrive.
|
| What I hated the most was that the File Explorer just calls the
| folders in there e.g. "Documents" and "Pictures" without showing
| the full path. So it was hard to figure out just where in the
| file system you were looking -- a major annoyance if you do any
| work in the command-line!
|
| Even after switching OneDrive off and doing as much as I can to
| try and get rid of the OneDrive folder structure, I haven't been
| completely successful. You can make some -- but not all -- home
| folders (like Downloads, Documents, etc.) point directly to their
| place in the local user folder, but others, particularly
| Pictures, don't seem to be movable. Additionally, some programs
| still seem to want to use the OneDrive folder by default, like I
| think Office programs still do their best to use them.
|
| In the grand scheme of things it's a small annoyance but god it
| annoys the shit out of me! I didn't ask for cloud backup and it
| drives me nuts they tried to force it on me!
| fourteenfour wrote:
| Yes, my company just went through a merger and for quite a
| while we had two OneDrives showing up and it was difficult to
| tell where the default folders were in addition to being a huge
| mess any time a file dialog opened. I've actually reverted to
| creating folders in C:\ to store files so I know where they
| are.
| mrandish wrote:
| Yes, Onedrive started out as a pretty useful tool but has
| turned into a deceptive trojan that tries to force whatever
| growth metric MSFT managers are currently chasing through a
| combination of dark patterns (like hiding true file paths from
| view) and also simply refusing to operate in obviously useful
| ways which many users want and expect (like not having a built-
| in way to back up only specific sub-folders on different drives
| (forcing paying users to trick it by using junctions)).
| RajT88 wrote:
| There used to be no option to uninstall it - now there is.
|
| You will still get it reinstalled during a major OS update,
| but at least it can easily be removed. Before it was a chore
| to clean up.
|
| I would speculate there is even some way to prevent it from
| reinstalling during those major updates. That seems like the
| kind of capability they would build in because a huge Windows
| customer complained (i.e. realistically, the major check
| against dark patterns in Windows).
| bc_programming wrote:
| Not quite what you are describing, but you can prevent any
| specific executable from ever running by configuring a
| "debugger" for it in Image File Execution options
| (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
| NT\CurrentVersion\Image File Execution Options). You add a
| key with the executable name and then add a "debugger"
| value, then point that debugger at
| C:\Windows\system32\systray.exe. Every time the named
| executable tries to launch, Windows will try to "debug" it
| with systray, which immediately exits so the program never
| actually runs. After uninstalling OneDrive this can be set
| to prevent OneDriveSetup.exe from ever running for example.
| soared wrote:
| I just got a new PC and went through the same thing! Incredibly
| frustrating that in something Godot I have to manually traverse
| through folders to get to where I want to actually save a file
| (like.. Documents)
| jandrese wrote:
| Dear OS writers:
|
| Internet access is not always guaranteed or reliable. Please do
| not assume that the cloud is a viable solution for every user.
|
| I ran into this on my phone awhile back. I knew I would be out
| of service for some time but had some PDFs I needed to
| reference. So I downloaded them to "files". Que surprise when I
| later go to look up a value and there's a little cloud with a
| down arrow button next to the PDF in the files app, which of
| course fails because I'm nowhere near any internet access. Even
| more fun: turning off the cloud integration in files just
| causes the files to disappear, even if you are currently
| connected. It's allergic to local storage.
| gleenn wrote:
| This is the number one thing that annoys me about so many
| apps, especially apps with clear use-cases for offline use
| like listening to music, reading, and learning apps. I don't
| understand how so many app writers have never gone for a run
| through a canyon or flown on an airplane. I specifically pay
| money to SoundCloud for instance just for the "feature" to
| cache the music locally and somehow it _regularly_ gets stuck
| clearly from lack of internet. It 's probably some metric
| collection or some other spyware to make sure all the bean
| counters get their money at the huge expense to usability.
| Pimsleurs language learning app, and many book reading apps
| all suffer and all I want to do is not be bored to tears on
| flights that don't have internet.
| szundi wrote:
| They just want live data on your activities and update
| without sync and stuff however expensive that is even for
| them, easier to be lazy too
|
| Also every <35 years old person is a js/web dev, so that's
| what they do on cloud
| pocketarc wrote:
| > I don't understand how so many app writers have never
| gone for a run through a canyon or flown on an airplane.
|
| In the UK, every time I got on a train, I'd experience
| that. And it was worse than not having internet; you had
| internet, but with extreme packet loss and instability,
| meaning that every app out there would simply stall, even
| if it already had the data to do whatever it is I wanted it
| to do, because it was waiting on some background request to
| complete. And because I had internet, the request didn't
| just fail, but it also wouldn't complete in any reasonable
| amount of time.
|
| Very frustrating.
| torstenvl wrote:
| Audible recently started doing this, to the point where I
| had to revoke its permissions to use cellular data just
| to get it to work right.
| hughesjj wrote:
| > learning apps.
|
| So fun to spring for the paid duolingo only to realize you
| can only download the next lesson up, not like the entire
| course.
|
| The lessons are like 5m long wtf am I supposed to do with
| that? I just want to spend my idle time on the plane or
| camping disconnected from distractions so I can learn, but
| app developers have made that effectively impossible
|
| And this is why I don't pay for, or even use duolingo even
| though I'm actively learning a language
| jl6 wrote:
| If this is the place to complain about broken patterns in
| Microsoft software, I wonder if anyone can fix this:
|
| 1. Create new office document (Word/PowerPoint/etc) and hit
| save.
|
| 2. No, the default location in OneDrive isn't right so you
| click the down arrow to see more.
|
| 3. No, none of the other recent locations in the (short) list
| are right either, so you click "More locations"
|
| 4. Now you have to click Browse to see an actual Save As
| dialog that finally lets you navigate through folders. Even
| then the actual folders are right down at the bottom of the
| left hand "tree" pane, below a bunch of virtual folders,
| below OneDrive (aside: if you navigate "up" from here you get
| to "Desktop", but it's _not the same_ "Desktop" that appears
| lower down in the list; that one is _inside_ your OneDrive),
| below Music, Videos (you get no hint as to where these
| actually are), finally near the bottom there is This PC and
| Network which you can navigate sanely through. Oh, and right
| at the bottom there is "Microsoft PowerPoint", as a save
| location. You can click on it and try to save a document in
| there, wherever "Microsoft PowerPoint" is. Just kidding, you
| are stopped by a dialog box telling you this isn't a valid
| location.
|
| JFC. No wonder people prefer the "everything is an app icon"
| approach. Windows is diabolical for managing files.
| ijidak wrote:
| 1,000% agree.
|
| Saving files in Office has turned into a nightmare.
|
| I don't understand what Microsoft is thinking with this
| behavior.
|
| I'm fine with that being the default flow. But it can't
| even be turned off.
|
| I imagine this design is better for non power users.
|
| They no longer forget where they saved their files.
|
| But for power users, this is terrible.
| rezonant wrote:
| Yeah, my machine connects over WiFi on an external USB 3
| adapter because I'm too lazy to finish my Ethernet project.
| The adapter requires drivers, which are handily included on
| the device itself as a mass storage device. But there's
| seemingly no way to get those drivers installed in the
| captive environment, I even tried using the "launch cmd" key
| shortcut and manually running the executable, but Windows
| wouldn't have it. And there's no option to install drivers so
| you can proceed with Microsoft Account sign in...
|
| Literally my only option was to use the local account bypass.
| How long before they fully remove that, though, remains to be
| seen.
| freedomben wrote:
| Seriously, it drives me absolutely out of my mind. I tell
| everybody who listen, "Remember your users aren't software
| engineers who are always connected over fast reliable pipes,
| and program accordingly" but it's a hard problem. No PM ever
| wants to hear that you're spending time optimizing for no/low
| internet scenarios.
|
| I've gotten burned by that "isn't really downloaded" thing a
| few times before too, to the point where I don't trust apps
| to download anymore. I just adb push files from my laptop to
| my phone before I go. Can't always do that though, but I try
| to.
| emeril wrote:
| you just have to use dopus as a file explorer replacement and
| just use dropbox (with cryptomator of course...) to yield (in
| most respects) best in class file management and sync
| scrlk wrote:
| Always set Windows up with a local account to avoid this
| nonsense. Used to be relatively straightforward in Windows 10,
| but MS made it a lot harder to dodge in 11.
| isoprophlex wrote:
| Hang around kids and even though they can be pretty good at
| using a computer, they have no clue how the thing actually
| works. They don't know what a file is anymore. Everything is a
| shiny little icon in a shiny little magic folder.
|
| Not trying to make this sound like a value judgment, more an
| observation. But it makes you wonder, what do we lose by
| excessive abstraction.
| cjk2 wrote:
| Yeah my 82 year old mother knows more about files than my
| kids do.
| immibis wrote:
| This isn't excessive abstraction - this is just different
| abstraction. Files and folders are a human invention, and
| there's no law of nature forcing us to continue using them.
| It's like complaining about people forgetting how to use MS-
| DOS commands, when Windows (until PowerShell) was built on
| GUIs through and through and MS-DOS commands were only still
| there for compatibility. You don't have to learn MS-DOS
| command to copy files, you learn to use Explorer to copy
| files (which to a small extent is like using the MS-DOS
| command).
|
| Or like complaining people forgot how to use teletypes. We
| didn't have to keep using teletypes, and we didn't keep using
| them. Our Linux terminals are still modeled after teletypes,
| but not in a way that has anything to do with using a real
| teletype. You don't learn teletypes, you learn terminals
| (which to a medium extent are like teletypes).
|
| It isn't like when people don't learn to add numbers or how
| Quicksort works or assembly code. Those are still fundamental
| truths that help people understand things. It's more like not
| learning to write Roman numerals, or not learning ALGOL 60.
| Nothing is really lost except the ability to read old things.
| You don't learn Roman numerals, you learn western Arabic
| numerals, and they're better, not worse. You don't learn
| ALGOL 60, you learn C11, and some people would argue whether
| it's better, but it's not worse.
| dimensi0nal wrote:
| storing things "in apps" still makes a file on a
| filesystem, but it's less reliable and the user doesn't
| know where it is
| immibis wrote:
| Storing things "in files" still writes a CHS-addressed
| sector on a disk, but it's less reliable and the user
| doesn't know where it is.
|
| Files are currently used to implement apps, but that can
| be seen as a transitional measure, like an OS that
| supports both files and raw disk access. A fully app-
| based OS without files, though not existing currently,
| would be possible.
|
| Another idea the industry discarded was to make the disk
| a big SQL database, again without files.
| skywhopper wrote:
| Nah. The files and folders still exist on all of these
| systems. So hiding them away is actually more abstraction,
| not "different" abstraction.
|
| UX prognosticators have been preaching for decades that
| anything that computer users find confusing should simply
| be hidden. Not made more clear, or easier to use, but just
| papered over so users can no longer identify a specific
| thing to complain about. It's just like the weirdos who try
| to get rid of the address bar on web browsers every few
| years, but the filesystem haters have been a lot more
| successful, and computers are more confusing as a result.
| You don't solve confusion by hiding it behind a thin layer
| of paint. All the same problems still exist, but there's no
| longer a way for experts to even try to help. There are so
| many better ways to simplify computing than pretending it's
| magic.
| rurp wrote:
| No, those shiny app icons are still using folders and
| files, that part is just being hidden from users to where
| they have less understanding of how things actually work.
|
| Phones aren't secretly using Roman numerals or tiny
| embedded abacuses though. If they were for whatever reason,
| there would be plenty of value in learning those systems.
| wannacboatmovie wrote:
| The proper way of doing it is to use the API calls that have
| existed for decades to get the paths of well-known folders. It
| is because they are known to move and in fact having a roaming
| profile on a server location dates to the mid 90s with WinNT.
|
| If you're hard coding paths you're doing it wrong.
| smaudet wrote:
| > The proper way of doing it is to use the API calls that
| have existed for decades
|
| A user doesn't want to do this though.
|
| I tried casually using a windows 11 machine for something the
| other day (I think I was fixing game folders for my
| girlfriend), using just explorer, and it was pretty obscenely
| bad how overly confusing it had gotten. I say this, and I
| fairly routinely debug old build systems with complex nesting
| file structures, I know my way around a file system.
|
| This wasn't a case of "oh you're just a power user", this was
| a case of the system had broken, and the _simple_ advice of
| "backing up your files" and "copy your files over here" _wasn
| 't working_.
|
| Telling everyone they need to use API calls is just
| ridiculous, the filesystem is just _broken_ for the average
| user.
| tkuraku wrote:
| It is infuriating when I open the file explorer and it takes
| many seconds to populate the side bar. This wasn't the case wit
| windows 10. Everyting in one drive really makes things take a
| long time. OneDrive is great, but I want a OneDrive folder
| where things are sync'd, not transparently transforming the
| file system into OneDrive.
| whutsurnaym wrote:
| I recently tried to fully rid myself of OneDrive and it took me
| over 48 hours to accomplish. The only working method I found
| involved fully enabling OneDrive, signing in, and waiting for a
| full sync. Only then was I able to tell it to stop syncing and
| finally remap Documents, Downloads, Pictures, etc.
|
| The fact that I needed to log in, wait 24 hours for my account
| to unlock due to inactivity (!!!), and enable sync in order to
| disable it was enough for me to finally decide that Windows 10
| will be my last Microsoft product. It may be a small annoyance,
| but to me it was the straw that broke the camel's back.
| shbooms wrote:
| And I can almost guarentee you it will magically all turn
| itself back on/reinstall itself eventually after the OS force
| updates/reboots itself in the not too distant future.
| imiric wrote:
| That is truly insidious, but FWIW, you don't need to abandon
| Windows entirely because of this. There are ways of creating
| a custom Windows installation disk that removes OneDrive,
| along with other bloatware, spyware, and pretty much anything
| else you don't like. Look into tools such as Tiny11 Builder,
| MSMG Toolkit, NTLite, etc. This is a decent guide[1] for
| setting all of this up.
|
| The process is quite tedious and takes a few hours, but in
| the end you end up with a personalized version of Windows,
| without any of the garbage. You still need to be vigilant of
| Windows Update undoing some of this, but you can also disable
| it altogether and manually cherry pick the updates you want
| to install.
|
| It's insane that Microsoft is building such a user hostile OS
| that forces users to resort to this, but if you absolutely
| must use it, the experience after doing the above is not so
| bad. I've been running a custom install of Windows 11 for
| about a year now without any issues.
|
| [1]: https://www.tomshardware.com/how-to/create-custom-
| windows-11...
| gond wrote:
| Maybe this tool is a bit more comprehensive. After
| configuring a stripped down image, Windows can be installed
| in what is almost like a headless mode in literally 5
| minutes with no user intervention:
|
| https://www.ntlite.com/
| passport98 wrote:
| They are the house of dark patterns.
|
| After a certain point anyone paying attention can see it's
| not accidental. Oops sorry! No. Their goal is your
| technological enslavement. Mis-features like that don't
| accidentally just always end up being evil and oops sorry
| when there is a real backlash. They wanted to see if they
| could get away with it, like they do.
|
| I abandoned MS products in 1998 for good. Win98se pushed me
| over the edge.
| cjk2 wrote:
| If you think this is bad, there was a period last year that my
| documents folder would suddenly rename itself to "Documents"
| but in a different language. This would religiously change
| every few days. Other people have reported it as well.
|
| I have disposed of my last PC now and have nothing to do with
| the infernal things, or onedrive, or any of that crap ever
| again!
| diego_sandoval wrote:
| I unfortunately had to use Windows last year, and the whole mix
| up between local folders and OneDrive folders meant that the
| only way to not go insane was to avoid using those folders
| altogether, create a C:\MyStuff folder and store everything
| there.
|
| I like this video of Jonathan Blow ranting about the file
| explorer: https://www.youtube.com/watch?v=le6dvr95Z2Q
| rezonant wrote:
| Interesting, our experiences are different here. I suspect it's
| because I installed Windows 11 (23H2) using a local account
| using the OOBE bypass (not because I particularly hate the
| Microsoft account thing, but because this machine uses an
| external WiFi adapter and requires drivers in order to work, so
| I could not have done it even if I wanted to). The drivers are
| actually included on the device, but there's not a clear way to
| accomplish a driver installation while in the captive OOBE,
| even given the ability to launch a command line.
|
| I did later connect my Microsoft account. In my installation
| the OneDrive folder is empty and the entries in Explorer map to
| the normal places (C:\Users\X\Pictures etc). If I open one of
| the default folders, it does show a "Start backup" entry in the
| address bar that is referring to OneDrive, though. If I open
| the OneDrive folder, it asks me to sign in (entering password)
| and set it up-- which is funny, because the Windows user is
| signed in using a Microsoft account already- so seems like they
| haven't connected those dots properly yet. In theory this might
| be their way of implementing a security check for uploading all
| your files, but if so it's an awkward way to do it.
|
| > Additionally, some programs still seem to want to use the
| OneDrive folder by default, like I think Office programs still
| do their best to use them.
|
| If I remember correctly, there is an API that programs can use
| to locate common folder locations for users (such as Documents,
| Pictures, etc). My guess is that your account still points to
| the C:\Users\X\OneDrive\Pictures instead of
| C:\Users\X\Pictures. If you could adjust those directly (maybe
| in the registry?), I would imagine that it will work correctly
| in these programs, especially since I doubt those programs
| would break on my setup, where there _is_ no OneDrive
| subfolders (though I don 't use Office so I can't check). And
| in case you wonder if there really are no subfolders in
| OneDrive since I can't open it in Explorer without signing into
| it- it shows nothing when viewed via PowerShell.
| neogodless wrote:
| This is _especially_ obnoxious for _Desktop_ and _Remote
| Desktop Connection_.
|
| The former because my desktop is... where I want things just a
| certain way _for THIS computer_ , not across the cloud. And
| because it's a PITA to undo and set it the correct way.
|
| The latter because of course I use Remote Desktop on multiple
| computers, but it keeps saving a "default" file in the same
| place across computers, and throwing errors left and right
| because they conflict. So stupid.
| gigel82 wrote:
| Or better yet, make the OneDrive integration a public,
| documented API so we can plug in our own cloud storage and get
| all the same benefits (syncing settings, files, game saves,
| etc. but with the added benefit of choice). I'd love to get
| native integration with ownCloud / NextCloud and even other
| online competitors.
|
| And for that matter, make Apple do the same for iCloud; I'd
| love to keep all my iPhone stuff in my own self hosted "cloud"
| and get 1st party integration.
| layer8 wrote:
| You have to reinstall Windows and set up a local account
| instead of a Microsoft account. Everyone should install Windows
| with a local account.
|
| For Windows 11: https://www.tomshardware.com/how-to/install-
| windows-11-witho...
| megablast wrote:
| One drive is awful. It keeps crashing and forgetting where it
| was. I have 3 copies now. I have to waste time to sort it out.
| And it messes up the dates. It is disgustingly f our workplace
| enforces this.
| robocat wrote:
| The gateway to a monthly consumer subscription. Therefore
| important to Microsoft.
|
| Apple also uses dark patterns to try and get a monthly income
| from customers. Apple has upsells and nag nag nag
| advertisements for iCloud.
|
| The irony with Microsoft is that I would consider paying a
| monthly fee for a modern version of Windows 2000 without extra
| features. No adverts, no telemetry, no OneDrive, no cloud
| signin, no store, no games installed as part of the OS, no MS
| junkware, no bullshit. Aside: why is there no "Windows for
| developers" - even Balmer knew "developers developers
| developers" was worthwhile but Microsoft has deleted that from
| its DNA: even though Apple's competition is a mixed bag.
| skywhopper wrote:
| Add to these complaints that many folders are actually logical
| overlapping folders that pull from multiple places. I haven't
| been able to bring myself to use Windows for years now, and I
| was a Windows sysadmin for over a decade! It's basically
| impossible for someone like me who needs to feel in control of
| their computing environment to ever feel comfortable with.
| EasyMark wrote:
| I think this will be definitely a "for now" moment until they let
| us all become a little bit more used to the idea.
| infinitezest wrote:
| I have a really hard time understanding the use case for
| something like this. Stuff that I want to remember I just write
| down or reference something like my browser history or recently
| opened files. It's very low tech for sure but it works, is waaay
| more energy efficient, way easier to understand and audit, and
| doesnt have the same security concerns. I get that using "AI" has
| a Wow Factor that existing systems have but I cannot understand
| the thinking of folks that are OK with the trade-off. Ita just
| not even close for me.
| crowcroft wrote:
| I agree, I think the current state of the AI is absolutely
| incredible technology, but I just don't see a 'product' yet.
|
| If chat and co-pilots are all we get out of this wave of
| investment, then I'm not sure if it's been worth it.
| TillE wrote:
| I see a lot of cool little use cases (eg, LLMs are genuinely
| fantastic for creative brainstorming), but I'm absolutely not
| seeing the multi-trillion dollar AI industry that all the big
| companies are clearly banking on.
| benhurmarcel wrote:
| Have a look at Rewind.ai for some idea about the use cases
| maybe. Some people are already paying for the feature, so it
| clearly has some value.
|
| https://www.rewind.ai/
|
| Personally, data privacy/protection and compliance aside, I'd
| find it fairly useful on my work computer.
| godelski wrote:
| I definitely get the use case. It's naive to ignore that there
| is utility.
|
| But just because something has utility doesn't mean it comes at
| high costs. I mean it's a super powerful keylogger that is
| searchable without technical knowledge. Not to mention that
| it'll probably fail to LLM type of attacks, which even many non
| technical people are able to figure out.
|
| But then again, I don't understand why people so passionately
| store all their chat logs (not just important/memorable
| messages) and take millions of photos. We kinda spy on
| ourselves
| diego_sandoval wrote:
| I think the product itself can be useful, but Microsoft is the
| second last organization that I would ever trust to implement
| it correctly, only after governments.
|
| Giving your screen recordings to Microsoft is like giving a
| loaded gun to a toddler.
| kachurovskiy wrote:
| Classic 2-step move, introduce what you want to ship but add a
| red herring, remove red herring on the outrage, ship it.
| pessimizer wrote:
| Microsoft isn't filled with morons, and they knew this would be
| the reaction. They always planned this "retreat," and this
| retreat is actually an advance: if you completely missed the
| media tempest in a teapot, _the story would be that Windows is
| going to embed AI into every copy that will be able to track
| everything that is done on the machine and make inferences from
| it._
|
| Now, the story is: _Microsoft has been forced to retreat, through
| public pressure, from tracking everything that its users do by
| default._
|
| Complete success on Microsoft's part. And the public that angrily
| reads headlines and angrily tweeted twice, vigourously pats
| themselves on the back for their "victory."
| blackeyeblitzar wrote:
| How about they remove ALL AI features, including Copilot? This is
| clearly illegal bundling that deserves swift anti-trust action.
| Microsoft is worse than ever, and far more bold with abuse of
| their market position than they ever were in the 90s.
| oriel wrote:
| Off by default, means On by Default When They Change Their Mind
| [tomorrow, next week, next month, etc]. Antitrust yesterday
| already.
| jrhey wrote:
| Security backlash?
|
| Should be security concerns
| geephroh wrote:
| Fairly certain it won't be switched off by default in most
| corporate environments. Recall is one of the more impressive
| foot-bazookas to come out of MS since WebDAV in Windows 2000!
| sgtaylor5 wrote:
| ... or make a OneDrive-connected folder have an icon that shows,
| clearly, that it's been taken over by OneDrive.
|
| I'd give a setup option to provide a non-OneDrive Documents
| folder, that feature would be turned on automatically if OneDrive
| senses that there is a database residing in the Documents folder
| (ACT!, I'm looking at you!)
| godelski wrote:
| I don't understand how recall even got launched. No one should
| have spent money developing it.
|
| Yes, the idea is cool. But even if you trust Microsoft it's
| obviously a privacy and security nightmare. How many people would
| install a keylogger on their own system? And then make that
| keylogger trivial to search through? It just makes windows
| computers extremely valuable targets for hackers and I'll ban
| them on my networks even if relay isn't enabled.
|
| Edit: I imagine there's going to be fewer keyloggers developed.
| Microsoft provides one for you, that's officially signed,
| legitimate, and won't trip antivirus systems. Attackers now just
| need to make programs that turn on replay. They can then wait.
| User sees replay running? They blame Microsoft. Legitimate
| software is so buggy that it's not going to set off alarm bells.
| That virus just needs to lay dormant for a week or so. And if the
| user already had replay running, well then the attacker can
| extract information prior to their infiltration. Stuff that
| wouldn't normally be logged even if the user had a keylogger.
| sho_hn wrote:
| > I don't understand how recall even got launched. No one
| should have spent money developing it.
|
| I disagree. I would feel quite comfortable using functionality
| like Recall on my personal computer, on which I of course run
| Linux, if it was opt-in. It's a great idea.
|
| The problem is that it's an idea that's just not compatible
| with how Microsoft is running the Windows platform, the
| relationship the company has with its customers, and that it
| was originally announced as impossible to disable.
|
| Recall as default-on for managed corporate devices is
| preposterous, for example.
| godelski wrote:
| > The problem is that it's an idea that's just not compatible
| with how Microsoft
|
| You disagreed but ignored my entire point. No, I don't trust
| Microsoft, but my point was about even if we did
|
| > I of course run Linux
|
| I use Arch btw
| Aachen wrote:
| What the default was going to be regardless, except by now
| everyone heard of the product to the value of probably millions
| if not billions of dollars worth of ads (since so many people
| block them and here we all still read it on the news and ad-free
| social media like mastodon anyway)
| midnitewarrior wrote:
| The feature is dead and will only be a drag on Windows,
| Microsoft, and their public perception.
|
| Throw in the towel, it has been besmirched to the point of no
| return.
| crawfishphase wrote:
| wait wait wait- Are they going to do a recall on Recall? What a
| crappy name for anything sold in the history of all the things
| mysore wrote:
| i feel like an open source version of this would be really cool.
|
| theres a lot of people who have a lot of data they wont want to
| put into this and run other people's closed source code and you
| dont really know what its doing.
|
| is there an open source linux friendly equivalent?
| wormius wrote:
| What I think MS should do if they _really_ believed this is a
| thing people want is make it an actual sold product. Not free.
| Not a sub.
|
| Just like when we used to have boxed software back in the day. Of
| course it would be on Windows Store or whatever hogwash they use
| to push software.
|
| Remember when you had to actually take market risk to publish
| something and not just "give it for free"? I get times are past
| that, but if the market is good enough for Cybertruck, surely
| it's good enough for Recall.
|
| In fact, if I were the CEO I would do this just to allay FTC
| concerns about big-boi MS and their market power. Like how they
| made Office for the Mac when Jobs came back and to keep Mac
| afloat (or like how Google pays Firefox money).
|
| Let the market decide, that's what these capitalists claim to
| love, right (yes, I know we see through their bluff from both
| left/right sides of the aisle - that's me calling it there).
| consumer451 wrote:
| When Recall is enabled, it should have an overlay stating that it
| is active so that all users are aware. Something at least as
| obvious as the old windows activation overlay.
|
| Otherwise, every creepy roommate, bad partner, bad friend, etc...
| will take advantage of this to do bad things.
| wormius wrote:
| FF should create a DRM that uses the bullshit webdrm standards
| and apply it to the entire sandboxed experience. Lock MS the fuck
| out. Oh you want passwords? Sorry bucko. It's DRM'd. What's good
| for Hollywood execs is good for End Users. (but we don't get the
| phat stacks of cash).
___________________________________________________________________
(page generated 2024-06-07 23:01 UTC)