[HN Gopher] Microsoft to delay release of Recall AI feature on s...
___________________________________________________________________
Microsoft to delay release of Recall AI feature on security
concerns
Author : mfiguiere
Score : 120 points
Date : 2024-06-14 04:14 UTC (18 hours ago)
(HTM) web link (www.reuters.com)
(TXT) w3m dump (www.reuters.com)
| dclaw wrote:
| s/delay/terminate
| visarga wrote:
| Meanwhile Apple Intelligence recalls across all apps with no
| backlash. I personally like this idea, should be done in a
| thoughtful and safe way, but recalling your logs is more useful
| than searching anew.
|
| I see the same double standard with Google's generative search vs
| OpenAI's chatGPT with search - when Google gets it wrong, it's a
| big issue, but not for the other.
| ThrowawayTestr wrote:
| The power of trust (and brand loyalty)
| callalex wrote:
| (And completely different implementations)
| Dalewyn wrote:
| I feel Recall got excessive backlash because of how ubiquitous
| and far reaching Windows is, and critics basically live and die
| by finding something popular to bitch about.
|
| There are already _many_ things that record our data and
| actions that most of us are otherwise fine with. Browsing
| history, Undo in any number of productivity software, search
| histories both local (eg: Windows) and remote (eg: Google,
| Bing), password managers and Post-Its on monitors(tm), chat
| logs, vidja gaem save files, and more.
|
| Some of the issues floated like the seemingly complete lack of
| encryption are valid, but the overall response indeed felt very
| overblown and hypocritical.
| davesmylie wrote:
| > Browsing history, Undo in any number of productivity
| software, search histories both local (eg: Windows) and
| remote (eg: Google, Bing), password managers and Post-Its on
| monitors(tm), chat logs, vidja gaem save files, and more.
|
| None of these are taking screenshots of your entire desktop,
| using OCR and AI to summarize all text/secrets displayed and
| storing them in a single centralized, location, (currently)
| easily exfiltrated and searched by any one gaining access to
| your desktop
|
| They made the right call to delay and revisit this.
| Dalewyn wrote:
| Is there a difference between that and the others? I'm not
| seeing one fundamentally and brutally speaking.
|
| Also, if a hostile _has access to your computer_ then all
| bets are off. Nothing matters at that point besides how
| quickly you can remove that access if it 's even possible
| and whether you can deal with the fallout.
| davesmylie wrote:
| I probably would have agreed once that someone physically
| having access to your computer was as bad as things could
| get.
|
| Given the choice now though between someone having access
| to my computer, _or_ someone having physical access to my
| computer as well as a database with a detailed and
| lengthy history of every secret i've ever seen in my
| terminal or web browser, as well every bit of employer or
| customer data that I've seen whilst working, as well as
| well ... everything else personal, all in one nice tidy
| package they could download and search as they pleased -
| I think the former would end up not being quite as bad
| things could get.
| jononor wrote:
| The Microsoft approach will slurp up passwords/tokens, as
| well as anything in incognito browser window, etc. Things
| that are explicitly designed to be private. And it may
| have stored images, not just text.
| Dalewyn wrote:
| >slurp up passwords/tokens
|
| So like the clipboard?
|
| >anything in incognito browser window
|
| None of that is private.
|
| >And it may have stored images, not just text.
|
| They're both data.
|
| Once again: Is there any difference? I'm not seeing one.
| Pedantics aren't worth my time.
| mrangle wrote:
| Explain "hypocrisy". As far as "overblown" goes, there's no
| other realm of social balance wherein concession to something
| means an obligation to an extreme.
|
| Last, your statement falsely presupposes that most are happy
| with any tracking / intrusion.
| crystaln wrote:
| Their implementation is entirely different. This is like
| comparing Telegram to Signal.
| sprobertson wrote:
| More like comparing Instagram to Signal
| oefrha wrote:
| When did Apple announce they're going to start taking
| screenshots of entire screens and storing them? Windows has had
| a (crappy) unified search "across all apps" for years and
| there's been no backlash AFAIK.
| iLoveOncall wrote:
| They didn't, and they wouldn't. Yet, for all we know and ever
| will know, it's exactly how their feature might work.
|
| The only reason people aren't outraged at Apple is because
| they won't be able to access the directory with all the
| screenshots unlike on Windows.
|
| Both implementations are awful. Apple's one is probably the
| worst one actually, because it sends some data to Apple's
| servers for processing (probably most), when Microsoft runs
| everything on the device.
| kbf wrote:
| >Yet, for all we know and ever will know, it's exactly how
| their feature might work.
|
| We already know how it works, it's based on App Intents.
| It's how Shortcuts has worked for years, just instead of
| meticulously making your shortcuts for each automation you
| want to do, you essentially get an ML model to make one on
| the fly.
| ketzo wrote:
| Are we really comparing a userland, unencrypted-at-rest SQLite
| database with Apple's app sandbox + secure enclave?
| hiAndrewQuinn wrote:
| To be evenhanded, encrypting SQLite at rest is a well-solved
| problem. Dr. Richard Hipp and his merry men even sell an
| official extension to do so. Plenty of third party FOSS
| solutions also exist for this.
|
| I feel if that were the case I'd suddenly feel a lot more
| comfortable with the MS approach than the Apple approach.
| mjg59 wrote:
| Under what circumstances would someone have access to the
| database but not the key?
| hiAndrewQuinn wrote:
| Well, presumably under the circumstances where you'd
| prefer that.
| mjg59 wrote:
| How?
| karlgkk wrote:
| Encryption isn't the problem here, it's key management.
|
| And Microsoft's solution was borderline useless
| postmodest wrote:
| Apple's competitors lose the PR war if they don't post to
| social media!
| ankurdhama wrote:
| MS recall captures screenshot, analyze them, extract data from
| them and create a database index of these things so you can
| search them.
|
| Apple AI essentially provides API hooks that apps can use to
| expose actions and data to the model. Currently it seems Apple
| own apps does that but any app owner can decide to support this
| or not.
|
| Two completely different approach.
| str3wer wrote:
| and it was possible for _any_ user on windows to have access
| to these screenshots
| azinman2 wrote:
| Not only that but the data is what is exposed to spotlight -
| an api that's existed forever. iOS 18 just has much better
| search over the same data.
| visarga wrote:
| > Two completely different approach.
|
| Just semantics. In the end Apple has access to everything,
| like MS.
| mimikatz wrote:
| It isn't there are large real world implications and
| difference in what each does and what risk it exposes to
| the end user.
| DougN7 wrote:
| I suspect Apple doesn't have access to everything typed
| into a web form, or in a notes app, even if those values
| are erased/backspaces, not saved, not submitted. But Recall
| does. All usernames in all apps/websites. The content of
| every single web page you visit, not just the URL. The
| content of every email you read, every document you open of
| any kind in any app. Apple _might_ spy on some of this.
| Recall WOULD record ALL of that. Very different in my
| opinion.
| greenthrow wrote:
| You are failing to appreciate how the things are different and
| this is why you are baffled by the different responses.
| riffraff wrote:
| Personally, I feel about Apple Intelligence only slightly more
| positive than MS Recall.
|
| I mean, sure, private cloud looks as good as something can be
| without being open source and self-hosted, but it seems nobody
| considered the fact that _I do not want everything I do to be
| tracked_.
|
| If this was a per-app opt-in then maybe but as it has been
| presented this is pure distopia.
| logicchains wrote:
| >when Google gets it wrong, it's a big issue, but not for the
| other.
|
| Because Google was presenting the AI-generated answer as the
| top query result, implying it's the most relevant/factual
| answer. OpenAI (and Bing) make it clear you're talking to an AI
| chatbot, which most people wouldn't expect to be as
| reliable/accurate as the first result in Google search.
| pjmlp wrote:
| There is some backslash, however besides brand recognition,
| Apple has taken all the steps to approach this with security
| first, features second, to the point that they even have a
| special OS version for the server side, unikernel style,
| everything taken away not needed to AI compute or networking,
| using Swift, and the secure enclave.
|
| Not a cleartext SQL Lite database, with stuff written either in
| C or C++ with COM, as the WinDev business unit loves to do.
| stby wrote:
| On the other hand, Recall doesn't even have a server side,
| right? Ignoring the SQLite access issue for a moment, I'll
| always prefer a local solution.
| pjmlp wrote:
| Microsoft says it is local, how much you end up believing
| that is up to you.
|
| Those of us with long Windows development experience
| certainly don't.
| rsynnott wrote:
| While I'm not a huge fan of Apple's thing, either, it isn't the
| same level of ridiculously over-aggressive data collection.
| ulfw wrote:
| What are MSFT Product Managers doing these days? This was one of
| the worst launches in recent years.
|
| Has Microsoft fallen victim to AI panic like Google has? Do
| people dare to speak up and say no to Satya and Sundar?
| surfingdino wrote:
| Microsoft suffers from bad memories of dismissing the
| importance of internet, then missing the boat (a failing 3-4
| times) on personal music players and music/video streaming,
| followed by failing to capture any meaningful smartphone or
| tablet market share, and still playing catch up in the cloud
| computing space. They went all in on AI, because they want to
| own the next platform that others will build on top of. Their
| problem is simple, AI is not the next platform to build on top
| of. It is not the next internet, not the next operating system,
| it is a research project with way too much funding.
| IshKebab wrote:
| AI is way beyond a research project at this point, and the
| level of funding doesn't seem totally unreasonable given its
| potential.
|
| But I do agree it isn't a "platform".
| pjmlp wrote:
| Additionally, they messed up so much the WinRT/UWP/WinUI
| developer experience, that most of us that advocated for the
| technology, feel betrayed and aren't going to advocate for
| anything else, other than regular .NET and the pre-Windows 8
| desktop technologies.
| beefnugs wrote:
| Here is some brand new level of bullshit happening: they are
| deploying these NPU on all new processors. But with ZERO proper
| user consent and control.
|
| The bare minimum of proper operating system or driver feature
| is that I can choose NO I dont want anything running on my NPU,
| unless I approve it specifically. Fuck youtube's new eyeball
| tracking on their ads running on MY hardware without the
| slightest consent.
| Zee2 wrote:
| >Fuck youtube's new eyeball tracking on their ads
|
| That was a meme posted by a popular Twitter user who creates
| humorous Black Mirror-esque UI mockups.
| sebazzz wrote:
| I believe this is separate from that. Generally it is believed
| that the admin the "airtight hatchway". They stil could have
| encrypted the recall database with DPAPI though.
| skilled wrote:
| https://archive.is/X48nn
| ruuda wrote:
| > The lack of a formal market for land has not made land any
| cheaper, it has simply shifted the price from being denominated
| in money-dollars, to time-dollars and pain-in-the-butt-dollars.
|
| Vitalik writes about this too:
| https://vitalik.eth.limo/general/2021/08/22/prices.html
| slicktux wrote:
| Off topic??
| reaperman wrote:
| Definitely off topic. Should have been posted somewhere here:
| https://news.ycombinator.com/item?id=40676408
| ruuda wrote:
| Apologies, wrong tab, I meant to post here:
| https://news.ycombinator.com/item?id=40677941
| azinman2 wrote:
| I don't understand how the gap was so large between them saying
| this data was encrypted/protected and people easily being able to
| get the raw data. I know once you're on someone's machine in a
| way all bets are off, but it feels like this should have had far
| greater security attached to it. It doesn't seem to even match
| their promises. Couldn't this have been seen a mile away?
| sqeaky wrote:
| I know microsoft has crap security, but in this case they
| probably aren't lying about it being encrypted. Encryption for
| storage simply isn't a solution that most people need for
| security of data on their devices. It pretty much only protects
| against the threat of a device being stolen, and that simply
| isn't the way most people lose their data. Almost every virus
| runs as the main user of the PC, so almost every virus will be
| able to decrypt the recall storage.
|
| Microsoft should know this so it is easy to say they were
| disingenuous even raising this as a point. If Windows is to be
| secure it needs to fundamentally change its security model and
| that means breaking compatibility with a huge number of
| applications. So that probably can't happen.
| azinman2 wrote:
| macOS and iOS have later rolled out methods of data
| containerization on top of existing file systems. Microsoft
| certainly has the talent to do this as well. They shouldn't
| have shipped a product without the necessary requirements in
| place - it's quite obvious the sensitivity of this data.
| ankushnarula wrote:
| The fact that Recall data and screenshots are only protected at
| the file system level reinforces the reality that Windows lacks
| user-centered privacy and security. Microsoft is content to
| rest their laurels instead on system level control.
| npalli wrote:
| Good call on the no-call for Recall.
| erulabs wrote:
| considering how much worse this looks than just launching it and
| fixing it after while claiming it's all fine and good, kinda
| makes you wonder just how bad it really was.
| mannewalis wrote:
| Lol this isn't about helping users, this is about creating
| training data for MS to use to train their models.
| digging wrote:
| This is confusing and vague to me, which I believe is exactly the
| intent. It focuses on security, reiterates that security is their
| top priority (and we know that this is untrue). What were the
| security problems? They don't even _allude to_ the existence or
| detection of any specific security problems.
|
| It sounds to me like they're figuring out a new marketing
| approach, or they're softening the blow by "listening to users"
| and then rolling out more slowly, when outrage has died down and
| people will just accept it.
| pcloadletter_ wrote:
| Or maybe they have to figure out how to actually make it work
| segasaturn wrote:
| My takeaway is that Microsoft has been trying to boil the frog,
| but slipped and turned the temperature up too quickly. They're
| retreating for now, but make no mistake that Recall will slowly
| trickle back into Windows under another name. Every major power
| broker wants something like Recall to become the norm - bosses
| to spy on their employees, governments to spy on their
| citizens/enemies, and tech CEO's to collect training data for
| AI and target more ads at end users.
| ttyprintk wrote:
| I expect it to emerge as an accessibility feature for
| cognitive memory loss. Imagine not remembering the name of
| your email client or the color of its icon, but Siri With
| Screenshots can pull up an important email thread.
| vundercind wrote:
| Christ. I just went through this stuff with a loved one,
| for a few years.
|
| "Hey Siri, what did mom do today?"
|
| "Asked 214 times when you were getting back in town,
| because she has not seen you in a long time."
|
| "I've been back for two months and I saw her this morning."
|
| "That is what I told her, each time."
|
| "Ok. What else did she do?"
|
| "Nothing."
|
| Yeesh. Some Black Mirror shit.
|
| [edit] not to crap on how nice that really might be for a
| lot of people. Dementia's just... well, pretty messed up
| and sad, I guess, and bringing machines into the mix can be
| weird.
| ugjka wrote:
| There are already Recall type of products on the market, not
| just that, they also work on the cloud not just locally. All
| Microsoft had to do was make it opt in by default
| bostik wrote:
| Yes, these existing products are generally called RATs or
| spousal stalkerware.
| ugjka wrote:
| No
| simonw wrote:
| This is a very cynical take. I've not seen anything to make
| me think this feature is intended for surveillance as opposed
| to personal utility. The personal utility benefits are very
| clear to me - the problem is the ease with which malicious
| attackers might steal the data (if they can breach the
| system).
| digging wrote:
| > I've not seen anything to make me think this feature is
| intended for surveillance
|
| It's published by Microsoft
| nonrandomstring wrote:
| tbh that's a knockdown argument. All the conversation
| second guessing the intent and motives of bosses, users
| and third parties is moot when it runs on an OS that is
| controlled remotely and insecure by design. Apple are
| following, (and I exlect you'll have even less choice
| about that - because its clientsode scanning in disguise)
| and Google have always been proud of their surveillance
| based business model, so I think the whole landscape of
| big provider computing is changing. People are actually
| starting to question what they want computer devices
| _for_
| surfingdino wrote:
| TPM was met with resistance due to privacy concerns and
| Microsoft quietly re-introduced it anyway. The same will
| happen to Recall.
| brookst wrote:
| Has TPM been a net positive or negative for users /
| enterprises / the industry?
| ekidd wrote:
| TPM protects against two main threat models:
|
| 1. You don't trust people with physical access to the
| computer. For the average home user, this means you
| consider the hardware owner a threat.
|
| 2. You want to protect against malware that has already
| taken complete control over the OS at runtime, and that
| wants to write itself to disk or the BIOS so that it
| survives a reboot. At this point, the attacker has
| already won, so... This might make sense on a stateless
| appliance like a Chromebook where you do factory wipes a
| lot.
|
| So TPM mostly "protects" against the hardware owner, or
| against malware that already has 100% access to all user
| data, and just wants to stick around a bit longer.
|
| Personally, I'd go with TPM being net negative, because
| the primary threat model it "protects" against is the
| actual hardware owner.
| clhodapp wrote:
| For a mobile device, such as a laptop, lots of people
| other than the device owner will have physical access.
|
| The useful use-case of a TPM to me is the ability to
| encrypt my disk without having to type a decryption
| password each time I use it.
| traverseda wrote:
| No
| supertrope wrote:
| Smartphone encryption uses TPMs to keep keys out of RAM
| and to limit thieves/police to 9 PIN attempts before wipe
| on failed attempt 10. If you care about your phone being
| encrypted you benefit. If you wipe a phone with just a
| few taps thanks to key destruction instead of waiting for
| a full TRIM run you benefit.
|
| On the negative side requiring TPM to install Windows 11
| is planned obsolescence that greatly outweighs any
| perceived platform level security Microsoft promises. A
| lot of e-waste will be generated ahead of the Oct 2025
| sunset of Windows 10. Who really believes Microsoft is
| fighting for user security like Google did when they
| proactively sunset SHA-1? Platform security also means
| bank apps refuse to run on rooted phones. Some online
| games have metastasized from kernel extensions to TPM
| verified hardware IDs.
| ryandrake wrote:
| It's the same playbook every company uses, who want to
| feed us something we don't like. They'll try again and
| again. Maybe they'll add sugar to the medicine, maybe
| they'll wave the spoon around and make airplane noises,
| maybe they'll distract us with a toy and jam the spoon in
| when we aren't expecting it, maybe they'll hold us down
| and give it as a suppository. One way or another, the
| baby is going to take the medicine. That's how these
| companies think about their customers.
| devsda wrote:
| Another example comes from Facebook/Meta.
|
| When WhatsApp forced accepting terms that affect privacy,
| they faced huge backlash and many were migrating to
| alternatives like signal & telegram. In response WhatsApp
| didn't backout of new the policy but just removed the
| enforcement deadline.
|
| Now they silently and randomly show an annoying popup
| asking users to agree to the new privacy terms. The
| dialog is strategically placed and designed to collect as
| many accidental as clicks possible.
|
| Sadly, the strategy worked for them and nobody cares
| about the new terms any more.
| throw20240511 wrote:
| and your take is quite naive.
|
| Surveillance is absolutely the purpose, overt or not. The
| huge push for bossware/spyware for windows in 2020+
| demonstrates that the less ethical portions of industry
| desperately want to spy on users workstations! Eventually
| there will be retention laws in certain regulated
| industries that mandate such technologies! Why enable this
| potential abuse?
|
| Microsoft is trying to Sherlock the surveillance software
| industry with this!
|
| I'd rather run North Koreas spyware Red Star Linux than
| Microsoft Windows.
| andybak wrote:
| This doesn't make sense. Screen recording is trivial. Why
| go to this much trouble? I don't buy the "Trojan Horse"
| argument in this case.
|
| Occam's Razor, folks.
| nehal3m wrote:
| > Screen recording is trivial
|
| Well yeah, but doing it by default and saving the results
| in a searchable way for each and every one of your users
| is not.
| Avshalom wrote:
| Recording is trivial.
|
| monitoring at scale, in real time? getting a concise
| "what did bob do on his computer all day" those are hard.
| disqard wrote:
| Screen recording is Data.
|
| Being able to perform text-search queries on those is
| Information.
|
| Having pie charts of "what % of the time did my minions
| spend on work-related tasks today?" is Knowledge.
|
| What's lacking IMHO, is the Wisdom to ask "just because
| you _can_ build this technology, _should_ you? "
| freedomben wrote:
| I agree, I think GP is overly cynical. There's a strong
| chance that the primary reason is for personal utility. But
| MS (like all big tech) are all about two-birds-one-stone
| wins. If you can get the personal utility, while _also_
| gaining capability that "rightsholders" and advertisers,
| etc will want, that's a huge win to them. Reminds me a lot
| of Apple's hardware DRM that is primarily about reducing
| the value of stolen Apple hardware, but which also serves
| to make third party repairs way more difficult and
| expensive, which is not a "con" to them.
| Avshalom wrote:
| It's a system that constantly surveils you, of course it's
| meant for surveillance. The only question is who gets
| access, is it just you, or is it you and the cops, or is it
| you and the cops and anyone with a checkbook.
| dotps1 wrote:
| I think the issue is more that nobody asked for it.
|
| These tools are useful, and on a Mac if you want Rewind,
| you have to know you want it, go out download it, pay for
| it, install it yourself .. and you knew what you were
| getting into the whole time.
|
| Having a tool like this planted in your device without
| your consent is pushing your userbase over the edge.
|
| If they made it a separate feature you had to manually
| install, like Windows Sandbox or WSL .. they could have
| avoided shooting themselves in the foot.
| the_snooze wrote:
| I think you hit the nail on the head. The feature itself
| can be benign and useful _if Microsoft valued being
| respectful of user agency_. Using Windows feels
| increasingly like a battle against against someone who
| can 't accept "no" and tries to sneak around your
| intentions.
| neltnerb wrote:
| I do not think it is cynical to assume that Microsoft would
| sell this to companies as a way to do constant surveillance
| of their employees with OCR and LLMs used to make it easier
| for a manager to sift through massive amounts of data.
|
| That's just an actual use case that their true customers
| would pay for, I think it's awful and should be illegal
| under any reasonable worker protections but why would they
| not advertise it this way privately to business customers?
|
| I also don't think it's cynical to think that a manager
| looking for a reason to get rid of someone will have a
| _much_ easier time justifying a PIP or just straight up
| firing someone if they can retroactively have an AI do it
| for them.
|
| Why wouldn't they be able to ask the system "how much of
| <employee they don't like>'s time do they spend doing
| things on the computer that are not directly related to
| <company name>?"
|
| Is it technically happening already? Sure, there's nasty
| nasty spyware being forced on people and it is awful and I
| hate that those employers are getting away with it. But
| integrated into the OS, on by default, with a long memory?
| Just imagine how easy it will be to fire anyone that tries
| to unionize in an effort to fight against such
| surveillance.
| nofunsir wrote:
| It's exactly this.
|
| Development of a feature like this surely started during
| the WFH craze, where managers could no longer casually
| walk behind people who had to have their monitors facing
| outwards. A market opened up, and this is not the only
| tool for this sort of corporate surveillance.
|
| Certain Software Engineers will probably get _some_ time
| without it by claiming they need Admin rights and that
| the system messes up their graphics or slows down their
| system or what have you.
| generic92034 wrote:
| Or you are living in a country where worker rights
| prevent causeless mass surveillance of employees.
| kilolima wrote:
| Workplace surveillance of employees became widespread in
| part because of sexual harassment laws, employers
| suddenly had to protect themselves from litigation.
|
| See:
|
| https://archive.nytimes.com/www.nytimes.com/books/first/r
| /ro...
| jordanb wrote:
| That doesn't seem plausible given that "scientific
| management" is quite a bit older and one of its main
| concepts comes from an experiment in surveillance from
| 1927.
|
| https://en.wikipedia.org/wiki/Hawthorne_effect
| failbuffer wrote:
| Ha ha, no, we can't have that in the states. If the
| Republicans are in control, that's a pesky restriction of
| the owner class that needs removing. And if the Democrats
| are in charge, it's the opportunity to create landmark
| legislation that provides a sweeping solution to the
| problem that somehow doesn't accomplish anything.
| sumeruchat wrote:
| Just use linux any tech worker that uses windows deserves
| this lol
| int_19h wrote:
| You are very lucky if you have a choice of OS at work.
|
| In any case, something like this wouldn't be hard to
| implement on Linux. And if Windows normalizes it in
| corporate environments, rest assured that other parties
| will offer it for Linux as well.
| lawlessone wrote:
| Lol, if they want to use Linux the company will just give
| them a virtual linux machine and have them use it via
| windows... recall will still sorta work.
| RIMR wrote:
| I could see this implemented as a hypervisor that doesn't
| care what OS you're running.
| skydhash wrote:
| I don't really care in corporate settings. I don't like
| to bring personal stuff on my work machine anyway. Most
| of the time the only thing I keep is a picture for
| setting up my profiles. I have my personal computer or my
| phone nearby when I want to do these stuff.
| RIMR wrote:
| It's not even only about surveillance. Microsoft also
| makes Github Copilot. Getting Recall onto developer
| machines gives them the opportunity to train their AI on
| how programmers actually program, rather than just using
| an LLM trained on code.
|
| Eventually we'll have programmers with Recall activated
| by company policy on their PCs, actively training the AI
| models that will replace their labor.
|
| That has to be part of the goal here. The full automation
| of software development. Think about how much money
| Microsoft would make if they did it, and how much they
| would save if they implemented it.
|
| We need a new Luddite movement to protect the workers
| from all of this.
| hn_version_0023 wrote:
| Hear! Hear!
|
| I work in a massive data center. Manned by very few
| people. I often think about how many homes could be
| heated or cooled with the power used to prop up the
| internet.
|
| It feels borderline criminal when there are homeless and
| hungry all over the world.
| skydhash wrote:
| Typing is the least interesting part of programming. And
| most of the other doing parts have been automated already
| (compiling, testing, deploying,...) Most of my days are
| mostly spent reading, thinking, and waiting.
| jerk-o wrote:
| It sounds like it's almost time for the Butlerian Jihad.
| JW_00000 wrote:
| If that's the case, why don't they sell Teams activity
| data to companies? I mean, after you're idle for 5
| minutes, Teams detects this and changes your status to
| "idle". Following your reasoning, they should be selling
| this data already.
| ethbr1 wrote:
| You mean Viva Insights? (formerly Workplace Analytics)
|
| https://www.microsoft.com/en-us/microsoft-viva/insights
| pydry wrote:
| https://learn.microsoft.com/en-us/microsoftteams/teams-
| analy...
| sirspacey wrote:
| You've got a point. Presuming you are correct, what do
| you think happens when the team has been culled?
|
| Union busting & screen tracking already works pretty well
| as is for the goals you've outline.
|
| We usually think about tracking/measurement as Big
| Brother looking over our shoulder, but all of us are
| living a day-to-day reality of losing context and having
| to invest a lot of effort and time to get it back
| (usually only partially).
| godelski wrote:
| > Union busting & screen tracking already works pretty
| well as is for the goals you've outline.
|
| I don't think I understand your point here. It feels as
| if you're framing this as a binary decision/outcome.
| Personally I see Relay making such abuse easier. So I
| don't think the existence of bad acts in any way lessens
| the potential harm of Relay.
|
| > We usually think about tracking/measurement as Big
| Brother looking over our shoulder, but all of us are
| living a day-to-day reality of losing context and having
| to invest a lot of effort and time to get it back
| (usually only partially).
|
| I also don't understand this. Do you keep notes? If the
| problem is quite large for you, I think you should take
| more notes and likely better notes (a skill in of
| itself). Yes, this has cost, but so does everything.
| There is no free lunch. But notes are distilled while
| technologies like Relay are dragnets. And at the root of
| your argument is the recognition that information is
| powerful. So you have to ask what information has power
| and to who. Because information that may not be useful to
| you may be useful to others who wish to use power against
| you. And in those scenarios, I don't know about you, but
| I'd rather have distilled information, and more
| specifically be more aware of what information is being
| stored, than just scoop up everything.
|
| Personally, I just don't think it is very hard to take
| notes.
| waynesonfire wrote:
| I agree it's not cynical. But MSFT doesn't give a shit
| about surveilling employee computers for PIP purposes.
| Like, really? A 3 trillion dollar company and this is how
| they're going to add shareholder value?
|
| They need data to feed their LLM / AI models. Period.
| 7thaccount wrote:
| I think you underestimate the amount of businesses who
| would love this for reasons of fear mongering. Yes, they
| also want it for training their crummy AI models
| adriancr wrote:
| > I've not seen anything to make me think this feature is
| intended for surveillance as opposed to personal utility.
|
| In the future companies can have this enabled and just ask
| chatgpt to fire bottom 10% of staff.
|
| Or they can ask microsoft to 'train' their own company AI
| based on worker interactions then fire them once the AI can
| mimic the work good enough. (this is likely the goal)
| neltnerb wrote:
| Worse, they can pick whistleblowers, people who attempt
| to unionize, people who have harassment claims against
| the company, and ask it to retroactively come up with a
| legal justification for firing them that would pass
| muster if challenged in court.
|
| It would be for sure a nightmare if it's automating the
| thing some companies do where they constantly hire their
| "worst performers" -- but they're doing it anyway with
| manual labor. The worse thing is that it makes it much
| more possible to justify firing someone for deceptive
| reasons in order to avoid anti-discrimination or
| harassment claims.
|
| This enables much more, because screenshots to comb
| through for dirt exist where they otherwise would not.
| red_admiral wrote:
| As far as I know, a long while ago, the Islamic Republic of
| Iran asked Cisco to develop a filtering solution to stop
| their citizens from accessing undesirable content. Cisco
| said no. Then US companies started asking for filters to
| stop their employees watching porn at work, Cisco invented
| a centralised domain/packet filtering solution for their
| routers, and Iran went "can we buy one of those, please?".
|
| My take is that MS did intend the feature purely for
| utility (and to be fair to them I can think of a lot of
| scenarios where it is useful). But they did this by not
| seriously thinking about security at all, and the wider
| internet has now done that thinking for them.
|
| It reminds me of why SSL version numbers effectively start
| at 3. Netscape wrote version 1, their internal security
| team broke it, so they wrote version 2 and I believe
| shipped it without letting their internal security team do
| a full review. That got broken quickly too, so they want
| back and did the job properly (by the standards of the day)
| and shipped SSL v3, which lasted a while. (It's also been
| broken now, of course.)
|
| I think Microsoft realised recall needed more work, and is
| now looking at that more seriously.
| vsuperpower2020 wrote:
| When would this be useful? Microsoft's best examples are
| that the user forgot the location of a chinese food place
| your friend told you once.
| maxglute wrote:
| I think the best unspoken use cases is Recall is
| basically distributed backup of content. MS will get the
| idea in their head one day that they can pull dead info
| from peoples HDs. This is sus capability is MS decides to
| play info broker. This would be great if there's some
| system where people can access link rot / vanished
| content backed up from someone elses computer.
| red_admiral wrote:
| I imagine MS did a lot of user studies, and found that
| the average user could gain a lot from being able to ask
| the computer questions like "where's the word document
| for the summer anniversary party that I worked on a
| couple of weeks ago" or "the photo with the waterfall
| from our holiday in Greece in 2015 that I sent to Mary
| recently". Whether Recall in 2024 will be good enough to
| answer queries like that remains to be seen.
|
| From helping non-technical family members find where
| they've mislaid files (such as behind another file on the
| desktop, which can happen if you drag more than one file
| at a time) I am confident there is a user base for this
| kind of thing.
|
| We are, after all, in a world where the youth don't seem
| to understand file systems and folders [1] and rely on
| the search feature for everything. Recall could, if done
| properly, be a great user experience for such people.
|
| It was through user studies that we got both the ribbon
| interface (great for new users apparently, even if less
| so for experts) and the fact that when you open an office
| app it suggests a list of documents you worked on most
| recently. Sharepoint even takes this further in
| organisations and suggests documents shared by others
| that "might be relevant to you" based on what you worked
| on recently (it's not very good).
|
| If I want to be really snarky, I could mention that UNIX
| had "Recall" back in the days of text-mode only consoles.
| It was called the `.bash_history` file, and it's
| genuinely useful.
|
| [1] https://news.ycombinator.com/item?id=30253526
| onemoresoop wrote:
| > We are, after all, in a world where the youth don't
| seem to understand file systems and folders [1] and rely
| on the search feature for everything. Recall could, if
| done properly, be a great user experience for such
| people.
|
| I think this was done on purpose to disempower the user.
| chollida1 wrote:
| Easy answer. It's a built in history.
|
| I use bash history all the time, I use my browser history
| all the time.
|
| To be able to use an OS history would be amazing.
|
| What was the name of the esoteric software i was using to
| program my lego robot,
|
| What was I working on last Thursday so I can fill out the
| government required SHRED report to get the Canadian RnD
| tax rebate.
|
| What was the song i was listening to that Spotify played
| last Tuesday afternoon.
|
| There are so many times i'd use a feature like this.
| red_admiral wrote:
| Which is fine because the browser has a private browsing
| mode, and the shell has the space trick (for example if a
| tool requires an SSH key as a command-line argument) as
| well as various "pinentry" things.
|
| You'd need some API for applications to signal to Recall
| "the user has requested not to save this", and then every
| single program with a password input box would have to
| update to call this.
| ImJamal wrote:
| It seems weird that Cisco wouldn't help Iran when they
| were indispensable in the creation of China's firewall.
| Do you have more details on the reasoning? Was it due to
| sanctions or did they genuinely not want to help Iran?
| red_admiral wrote:
| I'm afraid my source for this is a half-remembered
| conference talk from someone who I believe worked for the
| TOR foundation. My best guess technically was that they
| didn't want to invest R&D effort into the form of Deep
| Packet Inspection that came out as a result, for a
| project that could get them bad press or hauled before
| congress.
| coldtea wrote:
| > _This is a very cynical take._
|
| But also very correct.
|
| > _I 've not seen anything to make me think this feature is
| intended for surveillance as opposed to personal utility._
|
| Now that's a very naive take.
|
| They already use tons of telemetry to profie you for ads,
| snitch about you to your boss, share with partners, and so
| on, and only growing on that front. Plus all the
| cooperation they do with their favorite government.
| talldayo wrote:
| But I _pay_ for Windows! Surely, the existence of a
| preeminent financial contract with my benefactor means
| they would _never_ sell me downriver to a suspicious
| partner. At least, that 's the rationale I seem to hear
| these days from people that pay extra for peace-of-mind.
| usefulcat wrote:
| > I've not seen anything to make me think this feature is
| intended for surveillance
|
| What it's intended for and what it can actually be used for
| are two different things.
| wizzwizz4 wrote:
| > According to the cybernetician, the purpose of a system
| is what it does. This is a basic dictum. It stands for
| bald fact, which makes a better starting point in seeking
| understanding than the familiar attributions of good
| intention, prejudices about expectations, moral judgment,
| or sheer ignorance of circumstances.
|
| -- Stafford Beer, 2001 (via Wikipedia: https://en.wikiped
| ia.org/w/index.php?title=The_purpose_of_a_...)
| usefulcat wrote:
| I think that's a reasonable and insightful definition,
| but I don't think that's what most people are likely to
| think when they read the words I quoted.
| adamrezich wrote:
| This is not the first time they've done this--have you
| forgotten the "Xbox One-Eighty," when they initially
| announced the Xbox One as having _mandatory_ Kinect
| functionality, only to similarly realize they boiled the
| proverbial frog too quickly and renege?
| Dylan16807 wrote:
| If "this" is temporarily backing off the surveillance
| frog boil because they went too fast, then the Kinect is
| clearly _not_ an example. It has been over ten years
| since the launch of the Xbox One and they never did
| anything surveillancey with the consoles.
| codehalo wrote:
| I cant fathom someone writing this and not doing so in bad
| faith.
| colordrops wrote:
| "cynical". That's like calling the sky blue a "cynical"
| take. It should be obvious to anyone that has been paying
| attention for a while that this is exactly what is
| happening. Requires absolutely zero conspiracy mindset. You
| are either very young or don't pay attention whatsoever.
| Sorry about being blunt, but I'm tired of these pollyanna
| naive takes that it's "cynical" to suggest that
| corporations and government agents want to spy on you when
| it's obvious to my 8 year old that they are doing it. There
| have been hundreds of events and leaks indicating exactly
| this situation that made front-page news in major
| publications over the last couple decades. Where have you
| been?
| tflol wrote:
| You're taking about this company:
|
| https://learn.microsoft.com/en-us/purview/purview-
| compliance
|
| https://learn.microsoft.com/en-us/purview/communication-
| comp...
| 0xFEE1DEAD wrote:
| This is disgusting.
|
| I did not know that Microsoft offers these tools to
| organizations. I'm honestly shocked that this exists.
| They'll 100% abuse preview to offer similar features in
| the future.
|
| Over the last years/decade, they worked hard to improve
| their image in the tech community, and I have to admit,
| it worked, at least for me. They've just lost all the
| respect I had for them.
| lkjdsklf wrote:
| Every enterprise communication platform provides
| something similar.
|
| It's important to realize you don't own _any_ of the
| communication on a corporate owned device.
| kstrauser wrote:
| I can't believe I'm saying this, but _in Microsoft 's
| defense_, those controls are aimed at companies working
| in regulated industries. They're meant to help those
| companies prove they they're meeting their legal and/or
| contractual compliance obligations.
|
| For example, if your company works with healthcare
| information and is a HIPAA "covered entity", your
| customers _will_ demand to see proof that you 're using
| data loss prevention (DLP) software. Such software does
| things like:
|
| - MITMing output email to make sure you're not sending a
| spreadsheet full of social security numbers.
|
| - The same but for posts to web forms.
|
| - The same but for instant messengers.
|
| ...etc. Netskope is a big player in that space. Go read
| up on what all their stuff can do sometime. As an
| individual, a donor to the EFF, and a vocal advocate for
| user privacy, those things make me shudder. As someone
| responsible for making sure our employees didn't
| accidentally upload PHI to Facebook from a work computer,
| I gritted my teeth and accepted that they're a necessary
| evil.
|
| There's no reminder that "your work laptop belongs to
| your employer" quite like working in healthtech. I'm
| willing to cut Microsoft some slack for offering those
| products to customers.
| skydhash wrote:
| You can enable some pretty strict policies with device
| management and general policies. But actually recording
| the screen is a big breach of information if the database
| is not secured.
| sneak wrote:
| iMessage and iCloud weren't designed for surveillance, but
| they allow the FBI to read basically every text and image
| sent to or from every iPhone without probable cause or a
| warrant.
|
| Something doesn't need to be designed with the intent to
| surveil to be used by the state for that purpose.
| razodactyl wrote:
| https://answers.microsoft.com/en-
| us/msteams/forum/all/tracki...
| HumblyTossed wrote:
| > This is a very cynical take.
|
| I think it fits reality.
| tomrod wrote:
| Given they have performed the strategy of user-hostile
| rollouts time and time again, why would you think they
| would behave any differently?
|
| Relatedly, do you like ads in the OS?
| markus_zhang wrote:
| With large corporations and governments the general rule
| is: assume a cynical take until proved as not.
|
| I actually think this is a pretty healthy mindset for
| anything that is political.
| fumeux_fume wrote:
| Cynical, that's cute. The only thing that's "very clear" up
| to this point is that no one wants msft taking screenshots
| of their activity.
| godelski wrote:
| > I've not seen anything to make me think this feature is
| intended for surveillance
|
| I think you may have forgotten about Chat Control[0].
| Regardless of its intent for surveillance or not, Relay
| would be an essential technology for making things such as
| Chat Control even possible.
|
| I must stress that this can come with all good intentions.
| That the developers and even Nadella see this purely from
| the utility perspective and have zero intentions to use it
| for increased surveillance. But like they say "The road to
| Hell is paved with good intentions." So I'm trying to
| distinguish between the potential harm of the technology
| itself and the conspiracies that are arising. Because we
| need to recognize that evil often arises with no malintent,
| and to be careful attributing malicious intentions to those
| who never had none. It can be incredibly hard to know.
|
| But regardless of the intent, I think we can now look at
| this and see how ripe the technology is for abuse. And I
| think we can ask the questions about how likely it is to be
| abused. And don't just ask how likely __you__ are to be
| subjected to the abuse, but include others. Because even if
| others are subjected to that abuse, it is not unlikely to
| affect you in some form (if you need that specific
| motivation). I think we can all agree that the likelihood
| of the technology being abused in authoritarian countries
| like Iran, North Korea, and many others, is quite high.
| Maybe this isn't on your radar or maybe it isn't a concern
| for you because those powers will already abuse their
| citizens. But certainly this gives them the ability to be
| more abusive and more invasive.
|
| [0] https://www.patrick-breyer.de/en/posts/chat-control/
| jart wrote:
| My take is more cynical. They actually want your soul. By
| collecting all the information that was ever used to train
| the neural network between your ears, they can create a
| synthetic version of you, to impersonate you, and some
| might even argue resurrect you, inside a computer, to
| torture you Clockwork Orange style with an endless display
| of ads, predicting what the fleshy version of you wants to
| buy, how to preempt your real life decisions, deny you the
| things you desire, and more.
| Gormo wrote:
| > I've not seen anything to make me think this feature is
| intended for surveillance as opposed to personal utility.
|
| The previous commenter was attributing malicious intent to
| Microsoft and other parties, but in the long run, I'm not
| sure that anyone's immediate intentions are particularly
| relevant.
|
| My concern is much less about how the creators of these
| tools currently intend for them to be used, and much more
| about how they will end up being used regardless. Well-
| intentioned people have often created things that were
| viciously abused by ill-intentioned others later, or
| created things that had negative unintended consequences.
| _heimdall wrote:
| Taking screenshots of everything a user sees, running it
| through image recognition, and cataloging all of it in a
| database is surveillance no matter what Microsoft currently
| intends to use the data for.
|
| If intent mattered, police could have us all wiretapped
| without a warrant. They wouldn't be actively sueveilling us
| for a specific case so there's really no problem, right?
| dylan604 wrote:
| How is this cynical? In what way have evilCorps of any
| name/brand shown you in the past that this is not exactly
| what will happen? Even Apple's CSAM back pedaling hasn't
| been long enough ago to see what the next attempt at it
| will be.
|
| I do not trust anyone attempting to make money on AI that
| will not ultimately just be a data hoover for whatever
| model it is they are using. That's being generous in their
| motives. Anyone that is trying to hide their ulterior
| motives of out right spying would use this as the perfect
| cover.
|
| So, am I an asshole in assuming everyone has nefarious
| intent or are you a good sheeple for giving people benefit
| of the doubt?
| WhackyIdeas wrote:
| I don't mean this to be rude, but wake up and smell the
| coffee already.
|
| The reason why Silicon Valley has got to where it is with
| the complete erosion of user privacy is naive individuals
| not being able to see far in front of them. Recall isn't
| just one event, it's an accumulation of a thousand tiny
| events to the point where Microsoft are so up their own
| arses that they assumed this would be an easy hole in one.
| Because it usually is.
|
| And they will just slip it in regardless. This is just a PR
| thing. Mark my words, Recall will be back with a new name
| and slipped in with an update at some point and it will be
| enabled without the user even wanting it. Or coerced out of
| the user. Microsoft want people's data, whether for their
| own greed or because they've been asked to by the NSA.
| Regardless, Recall is coming, and the public will be naive
| about its true intentions. Microsoft will win this in the
| end.
| mrangle wrote:
| Cynicism is forgivable. Smart, even. Given that it implies
| expectations from experience. Naivete, and possibly
| "willful naivete", on the other hand is not forgivable
| given perceived stakes by many.
|
| It's not cynical whatsoever to understand that features
| that enable surveillance are for surveillance. It's simply
| a realistic take.
| roody15 wrote:
| Explain the personal utility here... Ohh I cannot find that
| one website I visited but I know I had found it a couple
| weeks back? Really. The personal utility use case looks
| pretty weak IMO.
| kstrauser wrote:
| I disagree. I think having an easy to search database of
| everything I've looked at would be very useful.
|
| And if I ever want such a thing, I'll be happy to go and
| find one and install it myself. I don't want it anywhere
| near my computer unless I deliberately select and acquire
| it myself.
| RIMR wrote:
| I don't think that mistrust of tech companies is cynicism,
| especially not after we have seen them repeatedly
| prioritize profits over our privacy, including literally
| selling our privacy on the open market.
|
| It's hard for me to imagine that Microsoft would implement
| a "watches everything you do" program if they didn't want
| to look at what it sees.
|
| The entire internet, all of your personal information,
| every written text, and every photo uploaded to social
| media have been absorbed into these companies AI models,
| and they are all clamoring to one-up each other. They are
| going to acquire as much data as they can get their hands
| on, and this software is a clear way to do it.
|
| Even the AI features in MS Paint will send your data to
| Microsoft for "content safety", even though the model runs
| locally. They're already setting the scene for what they
| plan to do with Recall.
| tivert wrote:
| > Every major power broker wants something like Recall to
| become the norm - bosses to spy on their employees...
|
| Isn't that already the norm, or at least very very common?
| It's just a 3rd party package totally focused on
| surveillance, not built into the OS and used for some user-
| accessible features.
|
| > ...governments to spy on their citizens/enemies, and tech
| CEO's to collect training data for AI and target more ads at
| end users.
|
| These applications would be novel, at least on a widespread
| basis in Western liberal democracies.
| segasaturn wrote:
| >These applications would be novel, at least on a
| widespread basis in Western liberal democracies.
|
| How? We already know Google trains its AI on people's
| private emails and Five Eyes conducts mass surveillance on
| Western citizens (see: Snowden). You can be sure that the
| people behind the PRISM program are salivating at the
| thought of access to the unencrypted Recall databases, and
| that they'll be twisting Microsoft's arm for backdoor
| access.
| tivert wrote:
| >> These applications would be novel, at least on a
| widespread basis in Western liberal democracies.
|
| > How? We already know...
|
| I think you're making the mistake of interpreting this as
| a binary thing, which obscures the difference between,
| for instance, tapping phone calls and installing bugs in
| every room of everyone's home (a la 1984's telescreens).
| Or in this case, Google scanning the emails you
| sent/stored on their servers vs. Microsoft storing and
| scanning every action you take on your PC.
|
| It would be novel because most people outside a corporate
| environment don't have a keylogger/screen-recorder
| running on their system.
| lrem wrote:
| > We already know Google trains its AI on people's
| private emails
|
| Source?
| Hasu wrote:
| > They're retreating for now, but make no mistake that Recall
| will slowly trickle back into Windows under another name.
|
| Not even that. It's still coming, under the same name, just
| not as soon for everyone.
| swatcoder wrote:
| There's a much more mundane read:
|
| They invested a bunch of effort into a product the market
| loudly rejected.
|
| They're now withdrawing the product while they figure out what
| they can salvage from the effort.
|
| Key stakeholders may have a few ideas about how to proceed
| (ranging from "try again later" through "repurpose it" to
| "forget it"), but enterprises of Microsoft size make decisions
| very slowly so of course it's vague about what's next.
| Collectively, they almost certainly don't know!
| consumer451 wrote:
| In addition to direct market reaction, they must be a bit red
| in the face considering that Apple just laid out a complex
| and well thought out implementation of "AI", which focused on
| privacy.
|
| As someone who grew up near Redmond, who still has an
| emotional soft-spot for Microsoft for some reason, I feel
| truly embarrassed for their implementation.
| pjmlp wrote:
| From all three major OS vendors on the consumer market,
| Microsoft is still the one that pushes more C and C++ into
| production on their OS, in detriment of .NET, despite all
| the security discussions.
|
| All the efforts from other teams to have .NET reach Swift,
| Java, Kotlin levels of adoption on Windows, have always hit
| a wall against WinDev culture.
|
| Also the 90's spirit from features over security hasn't yet
| gone away from WinDev, so it isn't really surprising this
| turned out this way.
| consumer451 wrote:
| My personal feelings aside, Microsoft is Too Big to Suck
| like this, regarding security and privacy. At this point,
| their culture is a national security liability.
|
| We have seen some recent efforts, but how does one right
| such a large ship?
|
| https://www.theregister.com/2024/06/14/brad_smith_microso
| ft_...
|
| https://www.theverge.com/2024/4/3/24119787/microsoft-
| cloud-e...
| creshal wrote:
| Your post could've been written in 2004, when Microsoft
| was pinky swearing it was gonna refocus on security-first
| development, starting with XP SP2
| consumer451 wrote:
| To be a bit fair, Windows security has gone from a
| laughing stock in 2004, to having Windows Defender in the
| 2020s. I ain't no city slickin' infosec guy, but Defender
| appears to be state of the art end point protection
| today.
|
| They can figure this stuff out sometimes, right?
|
| How did they get from Windows/AVG/ESET to Windows
| Defender, and how can they make that happen on Azure?
| pjmlp wrote:
| Azure is much more secure than regular Windows.
| keyringlight wrote:
| To me this seems like a different aspect of security. The
| push with the winxp service packs onwards was to make it
| secure by default against the network (trying to be vague
| because I'll probably be wrong on the details), I'm
| fairly sure it was xp where you could be infected before
| setup was complete if the network was plugged in, or that
| acquiring third party AV was something you must do for
| anything that touches the internet or media from a source
| you can't 100% trust. Now with defender this is far in
| the background for most users that they don't need to
| think about it at all.
|
| The difference with recall is about blast radius of any
| unauthorized/unintended access, which still happens even
| if it's less common or via something like clicking a bad
| link in an email. That's in addition to mistrust of MS or
| large corporations sucking up data, and how secure they
| are (what would a Ashley Madison type breach look like
| with recall data?)
| pjmlp wrote:
| They did improve their story, with SAL exactly introduced
| for XP SP2, and having for many years having one of the
| few C++ standard libraries with bounds checking enabled
| by default in debug builds.
|
| However that was it, WinDev fought against Longhorn,
| Office folks redid the .NET ideas in COM for Vista, and
| so on.
| pjmlp wrote:
| The same way as .NET FOSS, MS <3 Linux and such happened,
| by having a captain on the bridge that actually cares to
| make it happen, not sure if that is still Satya though.
| consumer451 wrote:
| If I understand the modern security issues correctly,
| this is all happening on Azure, correct? Windows is
| relatively secure, but their cloud has too much legacy
| compatibility/tech debt?
|
| For example, Kerberos support in Azure AD led to the some
| of the latest issues?
| pjmlp wrote:
| On the contrary, Azure has a much better security culture
| than Windows business unit.
|
| Most stuff is built with .NET, Go, Java and Rust, while
| the hypervisors are based on Windows (Azure Host OS[0])
| it isn't the same as regular Windows, and most workloads
| are Linux based, officially > 60% [1].
|
| Finally, starting this year, Azure has new security
| guidelines, all new software is to be written in managed
| languages, if a GC is not an impediment, Rust otherwise.
|
| Writing code in either C or C++, is only allowed for
| existing products, with the related security guidelines
| in place[2].
|
| [0] - https://techcommunity.microsoft.com/t5/windows-os-
| platform-b...
|
| [1] - https://azure.microsoft.com/en-us/products/virtual-
| machines/...
|
| [2] -
| https://x.com/dwizzzleMSFT/status/1720134540822520268
| consumer451 wrote:
| Thank you, I really appreciate this response. I need to
| read all of this. However, the most recent compromises
| did happen on Azure, and not Windows, correct?
|
| edit: and of course that's where the threat actors put
| their focus, because that's where the data lived.
| pjmlp wrote:
| The whole issue is with Recall storage, and information
| gathering on Windows.
| consumer451 wrote:
| Yes, sorry, I had diverged upthread into the part where
| the CCP read the USA's gov emails.
|
| I can't get over that little tidbit.
| DaiPlusPlus wrote:
| Put DevDiv's bosses in charge of WinDev.
| pjmlp wrote:
| I fear they would riot. :)
| Gormo wrote:
| It's too bad that the rest of the "90's spirit" --
| consistent, well-organized UIs, users controlling their
| own computers, and software that runs locally without
| dependence on cloud servers -- seems to be receding at
| Microsoft, leaving everyone with the worst of both
| worlds.
| slashdave wrote:
| My suspicion is that Microsoft learned of Apple's effort,
| thus this rushed, skunkworks implementation, pushed to be
| released before Apple. The effort backfired spectacularly.
| dialup_sounds wrote:
| Intelligent search for your personal data is still a feature
| with broad appeal, and they're bound to come back with that.
|
| The critical blunder was in indexing that personal data by
| watching over your shoulder, which is both creepy and low-
| effort. They've got to put the work in to find a better way.
| pjmlp wrote:
| Currently I am still looking forward to when the Secure Future
| Initiative (SFI) will actually mean more .NET and Rust and less
| COM and C++ love by Windows team.
|
| So until this changes, take with a grain of salt how much
| secure Recall is actually going to be.
|
| Contrast this with Apple Inteligence, where not only are most
| local APIs made available via Swift, they have created special
| hardware and a unikernel like OS with sandboxed layers,
| exposing only what OS capabilities required for AI processing
| and cluster communication.
|
| Versus "Thrust us, we are going to do the right thing".
| AceJohnny2 wrote:
| You're assuming Microsoft acts as a singular, cohesive entity,
| which like any company it is not.
| gmd63 wrote:
| It's convenient for corporations to have this as an excuse,
| but they should be assessed as singular entities. They enjoy
| corporate personhood also.
|
| As the size and influence of an entity increases, it has more
| power in the economy and therefore should have more
| responsibility, not less, to act according to high standards.
|
| A gargantuan company that is 7% of the S&P 500 getting
| whoopsie-daisy passes because it is so large and nobody knows
| what it's doing is a dystopian situation that we should have
| incentives in place to discourage
| godelski wrote:
| > What were the security problems?
|
| > They don't even allude to the existence or detection of any
| specific security problems
|
| Arguably the product itself. Which is another reason they might
| be vague about it. Because to talk about those security
| problems would taint the entire product and they can't do that
| if they aren't willing to completely scrap it.
|
| People have been talking about how the data in here is similar
| to what may be already existing but that's far from the truth.
| Yes, these companies have a lot of data on us, but this is a
| significant step forwards in the granularity of that data. It's
| also worth noting that hackers could not get into your computer
| and assume that your computer not only has a keylogger that
| they can access to further compromise your system (and other
| systems/accounts) but that they can also obtain screenshots.
| These increase user risk significantly and greatly reduce the
| requisite technical skill needed for those infiltrating
| machines.
|
| Similarly, many have pointed out the potential connections to
| Chat Control[0] and how such systems can likely be used by many
| companies to be exploitative of workers. While you may trust
| your company/partner/significant others/government and so on,
| it is important to remember that not everyone has such
| luxuries. It is also important to remember that such things can
| change. Even in the US there are high risks of potential abuse:
| such as police obtaining a warrant to get this data to see if
| someone is trying to obtain abortion medication. Regardless on
| where you fall on that specific issue, you can replace it with
| any other concerning issue and I'm sure you wouldn't like that
| (guns, religion, gender identity, political affiliations, and
| so on). So even if you trust Microsoft to not give away this
| type of information nor to provide authorities access (which
| often includes authorities not in your home country), then you
| must ask if the benefits are worth the costs. And not just for
| you, but for others.[1]
|
| > It sounds to me like they're figuring out a new marketing
| approach
|
| I suspect this is correct and as segasaturn suggested, turned
| up the heat too fast. I also suspect that this type of data
| invasion can be much more easily understood by the general
| public, who often struggle with understanding what metadata is
| and how it is/can be used. It does require technical knowledge
| for this and is often non-obvious, even for people who are well
| above average in technical literacy (as is the average HN
| user).
|
| [0] Specifically we should note here that Chat Control would
| force Microsoft to use this system in a much more invasive way.
| We lambasted Apple over their proposal for CSAM detection,
| including the potential risks of abuse even if it were
| theoretically impossible to avoid hash collisions. Having Relay
| would require Microsoft to implement such a system and that's
| why there are many conspiracies arising that Relay is
| specifically intended for Chat Control, because true or not it
| would likely have similar outcomes. We'll see if Apple revisits
| the idea, and the recent WWDC doesn't rule out such a
| possibility https://www.patrick-breyer.de/en/posts/chat-
| control/
|
| [1] https://www.youtube.com/watch?v=goQ4ii-zBMw
| patmorgan23 wrote:
| Per one of the ars Technica articles, All the information
| collected was stored locally completely unencrypted, and would
| be accessible by anyone with local administrator rights.
| slashdave wrote:
| Nevermind accessible to other users, but accessible to any
| 3rd party application that the user executes. A nightmare of
| a security hole.
| ranger_danger wrote:
| That's already true for every desktop application though.
| All third party programs can spy on all _other_ programs
| and documents that user has available. This has been a
| seemingly criminally-overlooked shortcoming of desktop
| systems and this approach has fallen WAY behind current
| mobile security practices.
| shuckles wrote:
| This is not true on macOS.
| HumblyTossed wrote:
| They're totally waiting for the negative press to die down,
| then they'll try again.
| jmholla wrote:
| > It focuses on security, reiterates that security is their top
| priority (and we know that this is untrue).
|
| I think that messaging is a direct response to their hearing in
| from of the House yesterday. They were being grilled on their
| numerous security lapses and Brad Smith (president of
| Microsoft) constantly reiterated that they are refocusing their
| priorities to be security. They were also questioned about
| Recall specifically so it's not surprising to see this as one
| of the first places where they are putting out that messaging.
| rvense wrote:
| Security is a mindset and some people don't have it.
|
| I used to work for a company that made a rather popular
| database for mobile applications. An easy API to store data on
| your phone and have it synced to a server with no effort on the
| developers part.
|
| Two of my co-workers spent a few weeks making a nice looking
| chat application which worked by syncing messages from many
| users to different devices, and they wanted to publish it as a
| demo. Until somebody else pointed out that there was no
| security _at all_. The server just accepts the latest state
| from the client. This was fine for most of the current use
| cases, but for chat basically meant that any client could
| rewrite the entire history and the server would just say
| "thanks!" on next sync and distribute the changes to everyone
| else. These were adult humans with degrees from respectable
| institutions, and this hadn't crossed their minds at all.
|
| Basically, I think a combination of Hanlon's razor and nobody
| wanting to be a naysayer is a perfectly adequate explanation
| for this Recall thing. I think it's obvious that a lot of
| people would like their computer to work like that, and I can
| see them wanting to get it out without having listened to any
| internal criticism (if they even have a culture that allows
| that).
| ranger_danger wrote:
| > What were the security problems?
|
| I would argue there really weren't away, apart from the usual
| disaster/lack of security that desktop systems have.
|
| It wasn't uploaded anywhere, so the only threat would be from
| programs that would run locally and steal it, which is already
| the same for any other (even third-party) program stealing your
| local files, which they have always been able to do.
| 1vuio0pswjnm7 wrote:
| "It sounds to me like they're figuring out a new marketing
| approach, or they're softening the blow by "listening to users"
| and then rolling out more slowly, when outrage has dies down ad
| people will just accept it."
|
| Of course "listening to users" really means "listening in on
| users".
|
| Microsoft does not consult with users before adding code into
| Windows. Nor do users contact Microsoft to tell the company
| what code they want or don't want.
|
| Even if they did, the company does not operate based on user
| suggestions.
|
| The reaction to "Recall" by journalists, bloggers and
| commenters is not that they think it should be "delayed". They
| think it is a bad idea.
|
| Microsoft will do as it pleases. As it always has done.
| pcloadletter_ wrote:
| But hey, at least Microsoft got to increase their stock price
| from the initial, hasty announcement, right?
| ivanjermakov wrote:
| Overpomise first, underdeliver second
| nextworddev wrote:
| This is what happens when a 3 trillion dollar company moves fast
| and breaks things
| resource_waste wrote:
| It doesnt help that M$'s reputation is awful.
|
| How many different ad screens are on windows 11? How many
| privacy things did I need to check or uncheck for privacy? Why
| did the ads come back after I disabled it? Why did onedrive
| takeover my documents?
|
| Microsoft isnt trustworthy.
|
| I have begun my migration away. I only use Microsoft for
| programs my customers use. MSTeams(webapp isnt good enough for
| high stakes b2b), and Windows for a specific niche application.
|
| Everything Microsoft says is met with an anti-consumer lens.
| They earned it.
| FactKnower69 wrote:
| This feature wouldn't even be the worst thing in the world if
| it was strictly opt-in like every other piece of software you
| would run on your computer; the reason everyone is so fucking
| sick of Microsoft's rollouts is the way they trample over
| user consent by replacing every instance of "No" in their UI
| with "Not now" or "Remind me later", eventually hijacking
| your computer and forcing it to shut down and install updates
| while you were using it if you dare postpone their "optional"
| rollout for too long
|
| It's just extra funny when the software you're being bullied
| into nonconsensually installing on your own machine is also
| literally spyware that screenshots your desktop every few
| minutes
| wvenable wrote:
| > How many different ad screens are on windows 11?
|
| How many are there? Admittedly I use a Start Menu replacement
| so I don't see ads there but I don't see any ads anywhere
| else.
| skilled wrote:
| And why the corporate speak? They messed up and that's the end of
| it.
|
| Where is the acknowledgement of getting owned two days after
| announcement? Where is the acknowledgment of having an
| understanding of the issues this poses and how they are going to
| address them?
|
| Make no mistake that this feature was in development for a long
| time, with resources allocated to it. And throughout all that
| process, Microsoft thought this is a great and safe feature for
| the users.
|
| And yet here we are.
| ttyprintk wrote:
| If they're not careful, then the neural processor and even
| Pluton become a badge that the machine runs Copilot Windows,
| and new machines not meeting those requirements just run
| Windows.
| Rinzler89 wrote:
| What a dumb feature. They had to get all that backlash to
| understand why everyone wouldn't want it. Is someone at Microsoft
| taking crazy pills to think consumers would be into that?
|
| They pulled the exact same shit 11 years ago when they launched
| the Xbox One as a "home media center" instead of a gaming console
| and it came with mandatory always-on internet connection, disc
| games DRM tied to a single console unable to lend them to a
| friend, and with Kinect camera, and just like this time, it took
| community backlash to get them to roll back on this shit while
| Sony was having the time of their lives seeing how the succes of
| the PS4 was already in the bag from the start before they evens
| started.
|
| What is wrong with them? Does Microsoft think consumers are
| stupid masochists who enjoy being shit on by megacorporations
| while paying for the privilege? Does Nadella not look into the
| stupid decisions his execs are making and make necessary
| organizational adjustments to prevent stuff like this?
|
| People shit on Steve Balmer but I don't remember Microsoft's
| products having that level of anti-consumer disrespect during his
| tenure. Sure Microsoft Zune and Window Phone 7-10 eventually
| flopped, by not because they had anti-consumer features but
| because they were too late and not very popular. And the Xbox
| 360, despite the Red ring of death was still smash hit. Now,
| Microsoft is an even richer company that during Balmer's tenure
| but it's products seem way more anti-consumer.
|
| Edit: sorry for the overuse of the word shit, I'm just angry
| isoprophlex wrote:
| They keep confusing regular old customers with the stupid
| masochist enterprise customers they also sell to, forgetting
| that the experience of spending your own money on a poop
| sandwich is something entirely else than spending your bosses'
| money on one.
| yakz wrote:
| Adobe just forced through a EULA update (for creative software
| tools) that was at least somewhat widely interpreted as
| practically granting Adobe ownership of the work product of
| their users and their stock is (/checks notes) up 14% today.
| digging wrote:
| It's not as stupid as you're making it out to be.
|
| For almost all tech companies - hell, almost all companies in
| the modern world - customer abuse is a first-class strategy.
| Some push it further than others, some are more blatant than
| others. It's probably not about them being insanely out-of-
| touch with what people want, but about them miscalculating what
| people will tolerate. Microsoft seems to be willing to push
| things a little further because, why wouldn't they? They got
| people to install Vista, then 7, then 10, then 11, all
| increasingly abusive.
| zubspace wrote:
| Yeah, and if you do that long enough, eventually there will
| be generation of consumers which think that it is totally
| normal.
|
| I remember a time, when I set specific firewall rules for
| each application. A time where I would never allow to share
| my location. A time where I would never link my google
| account to other services. But as I grew older I stopped
| caring because I have other stuff to do.
|
| The problem is, that those companies have time on their side.
| They can do whatever they want, back out, constantly rebrand
| stuff and confuse their users until we eventually give up.
| And at some point a large part of the population stops
| caring, because it's a fight, which is very hard to win. I
| hate it, but I have not the strength, time and will to push
| back.
| staunton wrote:
| > Does Microsoft think consumers are stupid masochists
|
| Microsoft thinks their product has no agency (and they are
| mostly right, just not _always_ )
| resource_waste wrote:
| Lets be honest, if Apple did it, it would be hailed
| revolutionary.
|
| Different customer base.
| alt227 wrote:
| To enforce your point, rewind.ai has been doing it on mac for
| a while now and I havent seen anything but good reports about
| it.
|
| https://www.rewind.ai/
| Rinzler89 wrote:
| I'm not sure how I feel about a product whose page still
| says (c)2023
| slater wrote:
| A.I. is notoriously bad at math
| acdha wrote:
| That's the difference consent makes: I've heard criticism
| of that product but it was always "I will never use this"
| rather than "my root of trust is untrustworthy".
| jahewson wrote:
| To answer your question about the Xbox One, I visited Microsoft
| Research during the development of the 2nd Kinect and the
| researchers were excited about all the technology they were
| going to pack into it and the great success that it would be -
| compared with their usual business of making prototypes that
| never see the light of day or are quickly killed off.
|
| It's well known that Microsoft is a very divisional company
| with internal frictions, and I think what we saw with the Xbox
| One is that anyone who convincingly could shove their
| technology into the product lobbied hard for that. Perhaps
| because they knew the alternative for them was irrelevance.
| ahmeneeroe-v2 wrote:
| Minus the mandatory always-on internet and DRM, that sounds 10
| years ahead of its time. During covid I was really hoping that
| Microsoft would launch videoconferencing through Kinect (which
| was sitting unused in a closet in my home). Looking back the
| XBone wanted to become what my Apple TV has ended up becoming.
| Agree 100% on the awful delivery of the whole thing though
| nimbius wrote:
| In summary: the only customers that matter --corporations paying
| site licenses-- declared this to be an unacceptable business
| risk.
|
| Anyone who is still using windows in 2024 and isnt a
| multinational business or llc gets what they deserve.
| UberFly wrote:
| I'm neither of those things and Windows 10 Enterprise is
| working fine for me. Many of us (for now) are still able to
| corral our OS.
| rchaud wrote:
| What about when Win10 falls out of support in Oct 2025?
| jcfrei wrote:
| Not quite true: The other huge group of customers is simply
| gamers.
| chabons wrote:
| And more generally, consumers of Windows-only software, of
| which there is still a ton.
| JonathanMerklin wrote:
| Genuinely asking: is that huge in terms of their install base
| or revenue, or is that huge in terms of PR ramifications
| (like, "vocal minority" type of deal)? In my younger days
| I'd've had a heavily skewed pro-gamer and pro-authority-of-
| the-gamer-rabble viewpoint, but now at this phase of my life
| I can't help but feel the majority of the places I see
| Windows are all in business and education contexts (so just
| business, heyo). I'd be curious to know if the gamer-rabble
| still holds the kind of weight in the social media aggregate
| that, say, got the Kinect-as-mandatory stuff walked back.
| vsuperpower2020 wrote:
| Was "gamer-rabble" the word of the day?
| JonathanMerklin wrote:
| Perhaps not the hyphenated form, but I'd had a chat with
| a friend a couple days ago where we meandered around some
| surface level philosophy and I paraphrased a section or
| two from Thus Spoke Zarathustra about the rabble ([1]),
| so I'm sure that's why it was front of mind. I only used
| it twice just to be clear that it was referring to the
| same thing, I didn't intend for any semantic satiation or
| emphasis through repetition. My apologies!
|
| [1] http://www.literaturepage.com/read/thusspakezarathust
| ra-107....
| cortesoft wrote:
| There is an estimate 1.86 billion PC gamers worldwide.
|
| https://explodingtopics.com/blog/pc-gaming-stats#
| walterbell wrote:
| Windows 10 runs on > 1 billion devices.
| ARandumGuy wrote:
| Steam has a daily peak userbase of around 33 million
| users[1]. I haven't been able to find a recent monthly user
| count, but it's certainly a lot of users. The Steam
| hardware survey reports over 96% of surveyed users use
| Windows[2].
|
| Now, we can't say for sure how many of these users
| primarily use their PC for gaming. But it's probably a lot
| of them. PC gaming is huge, and it's one of the few areas
| where a general consumer actually needs a PC, and can't use
| a phone or tablet.
|
| [1]: https://store.steampowered.com/charts/
|
| [2]: https://store.steampowered.com/hwsurvey/Steam-
| Hardware-Softw...
| wruza wrote:
| And what should we choose instead? $$$$ set of adapters or
| Kubuntu that can't calm down with updates and sudo password?
|
| Before putting me in crazy fanboy fandom, I've used all three
| systems each for at least a decade now (and counting), and
| windows wins workstation pc award by simply being alone in the
| league of what works out of box with no additional expenses or
| headaches.
|
| Edit: don't get me wrong I hate ms, but I hate stupid bugs and
| restrictions much more.
| 999900000999 wrote:
| What if you can't afford a Mac, and you're not technically
| literate enough to install Ubuntu ?
|
| Speaking for myself, I dual boot mint and windows because I
| really like playing games and making music. Both of those are
| absolutely subpar on Linux.
|
| Outside of our nerd bubble, most normal people don't really
| want to run desktop Linux. Macs are great, but I can't really
| game on them.
| creata wrote:
| If someone isn't technically literate enough to install
| Linux, they have three options:
|
| 1. Become technically literate enough to install Linux.
| Distros like Fedora are very easy to set up imo.
|
| 2. Ask someone else (relatives, local computer store, etc.)
| to set it up for you.
|
| 3. Continue using Windows.
| 999900000999 wrote:
| Alright.
|
| What happens when something weird happens and you have to
| manually change the kernel or your hardware just isn't
| supported.
|
| I still wouldn't recommend Linux to most normal people. So
| your stuck with 3 realistic options.
|
| Mac. Chromebook. Windows.
|
| Chromebooks are actually really capable, but forget gaming
| or serious music creation.
|
| I've been using desktop Linux for over 15 years. It's still
| much more work than normal people want to do.
| Dylan16807 wrote:
| If by "change the kernel" you mean pick the backup one in
| the boot menu, that should almost never been needed but
| tech support can walk you through it.
|
| If you mean something else, you never need to do that as
| a normal user.
|
| Hardware just not working happens on other operating
| systems too, it just sucks. But normal people aren't
| swapping out important parts so at most some USB thingy
| doesn't work.
| talldayo wrote:
| > I still wouldn't recommend Linux to most normal people.
|
| Then I think you're making things hard on yourself. I'm a
| NixOS user, I know I cannot get everyone to install my
| specific system with all the bells and whistles. But you
| could walk a middle-schooler through installing Ubuntu or
| Fedora; it's easier than setting up an email account.
|
| Both Windows and MacOS are slowly rolling down a hill of
| bloat, surveillance and unusability that will eventually
| push people onto _something_ else. Modern GNOME is
| basically just an iPad with more obvious on-screen
| controls. With distros supporting Flatpak, it doesn 't
| even matter if you misconfigure your base system since
| all your apps are sandboxed anyways. I think the success
| of the Steam Deck kinda proves that people don't care
| _what_ your desktop is as long as you have recent Chrome
| /Firefox and let them sideload stuff.
| 999900000999 wrote:
| Ubuntu with it's Telemetry and bizarre proprietary Snap
| store?
|
| It's not just the initial install. Eventually for almost
| every distro I've installed things get rough and you need
| to use the command line.
|
| Want to play Fortnight, well you can't. How about Roblox
| , might be possible but it's a full comp sci project.
|
| The only thing that will ever change this is if Valve
| comes out with a full laptop. The Steam Deck is the
| closest thing we have to a mainstream adoption of Desktop
| Linux.
|
| In my personal life, Linux is where I go to when I really
| just need to focus and get things done. Less weird
| background crap going. It's much easier to enter a flow
| state with Linux.
| talldayo wrote:
| > Want to play Fortnight, well you can't. How about
| Roblox , might be possible but it's a full comp sci
| project.
|
| God forbid they want to entertain themselves _without_
| using spyware.
| HaZeust wrote:
| ZorinOS is catching up FAST and QUICK with out-of-the-box
| gaming support, many thanks to Valve's bankroll into the
| problem with Proton (primarily) and Wine (secondarily) for
| the Steam Deck.
|
| I look forward to see where developments can go from here,
| but Zorin is pretty good for a solid amount of games... Maybe
| not most.
| k8svet wrote:
| Give me a break. Its the kernel, drm, mesa, and proton. The
| distro haw scant all to do with it except a bunch of
| newbies loudly claiming "new distro" is the best because it
| includes one single extra package pre-installed or
| something.
|
| I will never stop being annoyed at conversations around
| distros. Ever.
| creata wrote:
| I get what you're saying, and I don't know much about
| "ZorinOS", but the discussion _is_ about people who might
| struggle to install Linux at all, so having the right
| packages preinstalled is important.
| Tarball10 wrote:
| I think you're underestimating how important the out-of-
| the-box experience is to casual users. Having Steam games
| "just work" and being able to do the familiar double-
| click of an exe file to install a Windows app in
| compatibility mode is valuable to those users.
| HaZeust wrote:
| The conversation started, to which I contributed to, was
| about what's easiest out of the box for casual users.
| What are you on about?
| kergonath wrote:
| > ZorinOS is catching up FAST and QUICK
|
| This is a perfect example of a frustrating problem with
| Linux on the desktop. There is always a perfect distro that
| my aunt can just use and that never breaks. The problem is
| that once it was Mandrake, then Ubuntu, then Manjaro, then
| Pop_OS!, and many others. Most of them fade into obscurity
| after a couple of years, to be replaced by $shiny_distro
| that this time will be perfect for non-technical users, I
| promise! And a year later, there will be another one and
| everyone will start raving about it and dismiss
| $shiny_distro for being broken.
|
| This does not work. To work with a general audience, a
| distro needs to look nice, behave well, be good at
| marketing, and last long enough to establish a presence.
| Maybe ZorinOS is good, I have no clue. But I never heard of
| it (and I am following what's happening in tech in
| general), and i have no clue whether it will be around next
| year. So I'll stay on Tumbleweed, and I still don't have a
| really good solution for normal people who might want to
| use Linux.
| jahewson wrote:
| What is this laptop that costs less than a Mac but is good
| for gaming?
| MeetingsBrowser wrote:
| A desktop, lol
|
| Most people playing games or on a desktop, not a laptop.
| FactKnower69 wrote:
| Steam Deck + bluetooth mouse and keyboard + external
| monitor if you want
| xcv123 wrote:
| There are cheap gaming laptops from Dell, HP, MSI, Asus,
| Gigabyte, Lenovo, Acer, Razer.
|
| Dell G15
| 999900000999 wrote:
| I just purchased a Amd 8845HS for about 750$ and I can run
| most games at mid spec.
|
| Tossed in a 4TB SSD and I'm very happy with my purchase. I
| have Mint installed along with Windows.
|
| Price out a 4TB Mac, you'll be spending an unholy amount of
| money. Plus in a few years when the 8TB SSDs are cheaper
| it's an easy upgrade.
| filleduchaos wrote:
| Honestly, pretty much every laptop that isn't an absolute
| potato is good enough for gaming.
|
| Contrary to what both people who don't really play games
| and people who make their gaming rigs their entire identity
| tend to think, the vast majority of games on the market run
| just fine on half-decent hardware with a concession here
| and there as far as resolution, particle systems, etc go.
| At $700+ you can get plenty of bang for your buck; even
| more so if you buy secondhand.
| dialup_sounds wrote:
| Your comment encapsulates why normies get iPads and
| Chromebooks in spite of the nerd rage they generate.
| grishka wrote:
| Then you install one of those slimmed down builds of Windows
| that removes almost everything that isn't required to run
| win32 software.
| pluc wrote:
| For anyone willing to try, the installers are exceedingly
| simple and Steam makes gaming a breeze. Getting away from
| that "it's for nerds" image you're referring to is exactly
| what Linux needs to do
| Gormo wrote:
| > What if you can't afford a Mac, and you're not technically
| literate enough to install Ubuntu ?
|
| Problem: Uber is expensive, and you don't know how to drive,
| so getting around is a challenge.
|
| Solution: Learn how to drive.
| segasaturn wrote:
| > What if you can't afford a Mac, and you're not technically
| literate enough to install Ubuntu ?
|
| Honestly, buy an iPad. You can get a new iPad for as cheap as
| $300 and it will adequately serve all of your basic needs. If
| you're not tech-literate enough to install Ubuntu (which is
| extremely easy and straightforward in my experience) then I
| don't think you will need the extra bells & whistles of
| owning a laptop.
| MrDrMcCoy wrote:
| I'm genuinely curious to hear an actual musician's take on
| the following Linux-compatible DAWs:
|
| - Reaper
|
| - Tracktion Waveform
|
| - Bitwig
|
| - Fairlight
|
| - Zrythm
|
| - Ardour
|
| As for games, I've been 100% Linux for several years now, and
| haven't had much trouble. I'm only aware of issues with
| aggressive anticheat these days, but I refuse to give money
| to companies that push ring0-spyware anyway.
| wilsonnb3 wrote:
| > Anyone who is still using windows in 2024 and isnt a
| multinational business or llc gets what they deserve.
|
| Yeah, enjoy your just desserts of games that work, HDR that
| works, variable refresh rates that work, sleep and wake that
| works, the ability to run the software you need to use, one of
| the best IDEs available, fantastic backwards compatibility, etc
| IshKebab wrote:
| Eh who needs more than 90 minutes of battery life anyway?
| Gormo wrote:
| You seem to be describing Linux, but the previous comment was
| about Windows.
| quickthrowman wrote:
| I work for an S-Corp with ~500 office employees and high nine-
| figure revenue (in dollars). _All_ of our industry specific
| software is only available on Windows.
| jahewson wrote:
| What's your industry?
| jmholla wrote:
| > In summary: the only customers that matter --corporations
| paying site licenses-- declared this to be an unacceptable
| business risk.
|
| I think it's more narrow than that. Yesterday, Brad Smith
| (president of Microsoft) went in front of the House committee
| for Homeland security and they were making the case that
| Microsoft is a national security risk.
|
| Corporate customers may react based off of that testimony, but
| given the timing, it feels like the US government is the
| motivating factor for this announcement today.
| barbariangrunge wrote:
| What is recall ai?
| tedivm wrote:
| It's a system microsoft designed that took regular screenshots
| of what was happening on the desktop, stored them in a sqlite
| database, and then allowed people to ask their "AI" questions
| that would take into account literally everything they user has
| ever done on their computer.
|
| People pointed out that this would record things like people
| watching porn, typing in banking credentials, viewing bills,
| filing taxes, etc etc. The thread of having these sqlite
| database leaked, combined with the amount of malware and
| randomware already out there, made a lot of security folks get
| very very concerned.
| simonw wrote:
| I didn't think Recall was about answering questions - there
| was no LLM component - so much as it was about being able to
| search your history, based on a combination of SQLite FTS
| against OCRd text plus CLIP-style embeddings-based semantic
| search against the content of those images.
| xcv123 wrote:
| https://support.microsoft.com/en-us/windows/retrace-your-ste...
| neogodless wrote:
| I'm a bit confused by the headline chosen for the submission (but
| the update doesn't do much to clarify).
|
| The original is this:
|
| _Update on the Recall preview feature for Copilot+ PCs_
|
| > Recall will now shift from a preview experience broadly
| available for Copilot+ PCs on June 18, 2024, to a preview
| available first in the Windows Insider Program (WIP) in the
| coming weeks.
|
| To be clear, it may be delayed for public release, but it is
| still shipping to Insiders (possibly on June 18, 2024 but _in the
| coming weeks_ indicates later).
|
| > With that in mind we are announcing updates that will go into
| effect before Recall (preview) ships to customers on June 18.
|
| Further...
|
| > ...we plan to make Recall (preview) available for all Copilot+
| PCs coming soon.
| Hasu wrote:
| The headline is correct. I have seen people believe that
| "indefinite" means "permanent", but it just means
| "undetermined". It is delayed, but we (and perhaps Microsoft)
| do not know for how long, so the delay is indefinite.
| SrslyJosh wrote:
| Relevant link: https://www.wired.com/story/microsoft-windows-
| recall-privile...
|
| TL;DR: Recall's DB can be accessed by any malicious app running
| with user-level privileges. =)
| ChicagoDave wrote:
| This is only the beginning of AI-centric offerings that were
| oversold and will be delayed or quietly abandoned.
|
| LLMs are nice for simple things, but they've already reached
| their limits. No amount of data will solve the iteration and
| complexity problems.
| surfingdino wrote:
| Every month I am in meetings where LLMs are being considered
| for applications they are absolutely not the right fit, but the
| answer to my concerns is "we need more AI advocates". These
| conversations are led by people who never actually read a
| single paper on LLMs or tried them in real life. They have no
| idea about risks, but plough on because their clueless bosses
| told them to come up with a plan to use AI.
| potatolicious wrote:
| I remain very skeptical that most companies or products can
| or should integrate with LLMs - and I say this as someone who
| works on a LLM-based product!
|
| Overall I feel like our industry has lost the plot to a large
| degree. Hype has always to some degree exceeded the merits of
| the technology-of-the-month, but the last few cycles have
| been truly extraordinary in terms of the gap between the
| breathless hype and the reality of the tech. It's LLMs now
| but before it was crypto.
|
| It just seems like we're stagnating as an industry, and
| rather focus our efforts on the hard R&D needed to reach the
| next Big Thing, we've decided it's much easier just to focus
| on cults of personality combined with vast over-hypedness.
| surfingdino wrote:
| Investors want their 10x returns. It's worse than you
| expect. They know nothing and reject scientific papers that
| discuss problems with LLMs. They were told by marketers
| that all problems with LLMs can be solved by feeding them
| good data... which is a sneaky way for LLM operators to
| obtain access to data they should never be allowed anywhere
| near. People with the collective brain of a Handforth
| Parish Council are working on strategies for using AI on
| PII data. Imagine the cretins from the Office discussing AI
| and you get the picture.
| jabroni_salad wrote:
| Honestly, people just need to touch a hot pan every now and
| then. Let them slap their LLM onto something low-stakes and
| experience the results for themselves.
|
| Everyone does, it's just that some of us have the decency to
| do it in a homelab or on a cheap proof of concept first.
| BriggyDwiggs42 wrote:
| Wait how do we know that they've reached their limits?
| wvenable wrote:
| Nobody has argued that this feature doesn't work. In fact, it
| probably works really well which is why Microsoft has been
| pushing it so hard.
| xcv123 wrote:
| The delay of Recall has absolutely nothing to do with technical
| limitations.
| 7thpower wrote:
| This is not a must have feature for me, but I am interested to
| see how it unfolds and I can definitely see it being useful in
| the future.
|
| I do think they bungled the launch by not thinking through the
| security implications, and particularly how many sensitive
| threads this crosses.
|
| That being said, they took a risk, it did not go over well, and
| they're adjusting. I am sure I will get flamed, but I appreciate
| the approach.
| bachmeier wrote:
| I think there's more to it than that. After a while, they say
| "We're going to send some of your information into the cloud to
| give you a better experience." Then a while after that, you
| have to click the button giving permission to send all your
| information to the cloud or you can't use Windows.
|
| In spite of claims often made on this site that nobody
| understands or cares about privacy, people do care and
| understand when it's something this obvious and this extreme.
| Thorrez wrote:
| Does Recall work locally? If so, why would it send data to
| the cloud?
| renegade-otter wrote:
| Because the whole point is to collect massive amounts of
| data to "train" their AI.
|
| AI is the new Big Data, but instead of just wanting your
| basic information, where you moved your mouse, and how long
| you stayed on a page, they want _all of it_.
| visarga wrote:
| I doubt that. If you want a data hoover, look no further
| than chatGPT. People bring their data on a platter to it,
| private documents, drafts, personal problems, how to deal
| with government bureaucracy, anything actually. A
| diversity of people, they have more than 180M users, and
| if you assume a measly 10K tokens/user/month, that makes
| for 2 trillion tokens. And they are already language
| based, an alternation of AI text and human responses.
|
| What can AI learn from human responses? They carry
| implicit feedback - did the user take the last response
| and build on it, or request a clarification, or pushed
| back? Did he try the idea and it didn't work? All that
| feedback served by the human helps the AI just as much as
| the AI helps the human.
|
| chatGPT is a data blackhole. Every fine-tune can include
| new human preference data and new knowledge. Imagine the
| security implications if they fine-tune daily, learn a
| skill today, use it to assist someone else tomorrow.
| Maybe your nice idea will be implemented by someone else
| first!
| johnfernow wrote:
| Windows user accounts used to work locally. At some point
| during Windows 10's life it became a hassle to use a local
| account on a new computer. Now in Windows 11, short of
| modifying the ISO or using other unintuitive workarounds
| (some of which Microsoft has patched out), you are required
| to be connected to the Internet and use a Microsoft account
| when setting up your new computer (even for Windows 11
| Pro!) If despite that you choose to work around that
| requirement, several features are disabled, including ones
| that enhance security!
|
| Notably, you lose out on full-disk encryption on Windows 11
| Home. On Home and Pro you lose out on facial recognition
| login (Windows Hello), which can be a useful tool for
| avoiding shoulder surfing attacks in public. But by using a
| Microsoft account, your computer's password can be reset
| remotely. There's no way (official or otherwise) to
| maximize security on Windows 11. Outside of Enterprise,
| there's not even an official manner to setup an air-gapped
| Windows 11 PC!
|
| Until they received massive backlash, Microsoft planned on
| requiring Xbox One users to have a Kinect (camera, mic, and
| motion sensing device) connected at all times when the
| console is on, as well as connect to the Internet once a
| day to use the console.
| https://www.pcmag.com/news/microsoft-xbox-one-wont-
| require-k...
|
| To an extent the theoretical concerns that people are
| stating about Recall sound like paranoia, but the examples
| above show Microsoft has a bad history when it comes to
| privacy. Connecting Recall to the Internet sounds like a
| terrible idea, but so does restricting/limiting local
| accounts on Windows and (planning on) mandating that your
| home game console has a camera and mic connected and is
| connected to the Internet each day.
|
| Unfortunately, they also have a bad history when it comes
| to security. Recent example:
| https://www.theverge.com/2024/4/3/24119787/microsoft-
| cloud-e...
|
| From the article, the US Department of Homeland Security
| claims that Microsoft has "a corporate culture that
| deprioritized enterprise security investments and rigorous
| risk management."
|
| So while on the surface the concerns about Recall seem
| unreasonable, I think the fear is more understandable given
| Microsoft's many previously unthinkable actions, in
| addition to their poor security.
| hbn wrote:
| Or at the very least, every other week when your computer
| forcibly updates itself as Windows likes to do, and you go
| through your 127th iteration of the onboarding process to
| your own computer that you've owned for 4 years, one of the
| new steps will be "Enable Copilot for an improved
| experience!" with a big "Enable" button and a tiny little
| piece of text that you wouldn't know was clickable for "More
| options" which spawns a button labeled "Leave off for now
| (not recommended)"
| disqard wrote:
| I don't know why you're being downvoted.
|
| This is Microsoft's enshittification, which crossed a
| personal threshold for me -- "don't worry, everything's
| right where it was", but subtle nudges to accept further
| "opt-in"s that are hidden behind UI Dark Patterns.
|
| I wonder if Satya is dancing right now...
| hbn wrote:
| I literally have to "set up my computer" like 10 times a
| year now every time there's a seemingly "big enough"
| update, and it's just carefully navigating menus trying
| to get me to sign up for Microsoft services and trick me
| into switching to Edge
|
| A couple updates ago they put a bunch of new shit on my
| lock screen, like stocks and news articles or something,
| which I disabled immediately. And then the last update
| made my clock disappear which I can't even be arsed to
| figure out if that's a setting or a bug. Just do whatever
| you want with my computer at this point I guess,
| Microsoft. I just want to play a game.
| layer8 wrote:
| What's damning is that they didn't foresee the obvious
| reaction. It's characteristic of the bubble that informs their
| product design decisions.
| ryandrake wrote:
| I would guess that many low-level workerbees in Microsoft
| foresaw the obvious reaction, but it's career-limiting to
| tell the emperor he has no clothes, when the emperor
| surrounds himself with sycophants who only tell him YES.
| disqard wrote:
| This is probably endemic to Big Tech now -- the chorus of
| AI, AI, AI is still growing, and that's all the execs want
| more of.
| upbeatlinux wrote:
| A total recall
| ofslidingfeet wrote:
| Maybe the powers that be will have to come to terms with how they
| have *completely fucking obliterated all public trust in any
| large institution*.
| wruza wrote:
| _Recall uses local AI models built into Windows 11 to screenshot
| mostly everything you see or do on your computer and then give
| you the ability to search and retrieve items you've seen. An
| explorable timeline lets you scroll through these snapshots to
| look back on what you did on a particular day on your PC.
| Everything in Recall is designed to remain local and private on-
| device, so no data is used to train Microsoft's AI models._
|
| https://www.theverge.com/2024/6/13/24178144/microsoft-window...
|
| Had to look it up, sharing to save someone a minute.
| beretguy wrote:
| > Everything in Recall is designed to remain local and private
| on-device, so no data is used to train Microsoft's AI models.
|
| Not yet.
| tmpz22 wrote:
| Newer Apple Intelligence features will require 16gb ram and new
| M-series chips to run on-device. How is Microsoft able to
| release wide-spread features on device when there is a much
| diverse ecosystem of lower-powered, low-cost, windows devices??
| wilsonnb3 wrote:
| This feature is exclusive to PCs designated as CoPilot+,
| which requires 16 gigs of ram and a NPU of a certain speed.
| chx wrote:
| > Recall snapshots will only be decrypted and accessible when the
| user authenticates.
|
| Question is, do you need to auth every time you try to access
| past snapshots? If not then this is still the mother lode for any
| infostealer.
|
| And I do not think the danger Recall poses in an abusive
| relationship especially to women is adequately answered by "You
| can disable saving snapshots, pause them temporarily, filter
| applications and websites from being in snapshots, and delete
| your snapshots at any time" -- you'd need to know this thing
| exists and figure out how to pause. And I wonder whether the
| pause itself would leave a trace...
| hehdhdjehehegwv wrote:
| This is why you need proactive privacy evaluations _before_ you
| ship.
|
| The standard of the past 25 years of "let's violate every privacy
| law and know it won't catch up with us" is over.
|
| You either ship privacy complaint product, which means painful
| and slow review and adjustment which is an obvious financial
| cost...OR you go to market out of compliance, get slammed by the
| press and regulators, and the entire project eats shit.
|
| What seems like short-term cost saving is really just torching
| the entire investment.
|
| The underlying reason Boeing planes fall out of the sky and these
| privacy hostile products fail is the same: speed and greed.
| chucke1992 wrote:
| Erm...But that's not what is written in the article though?
| finkin1 wrote:
| I wonder if MKBHD's podcast discussing the feature is the cause
| of the backlash: https://www.youtube.com/watch?v=kg8uJXSRhKo. I
| think they do a fairly good job talking about the pros/cons of
| the feature. It definitely seems insane that raw screenshots
| would just be accessible on the device.
| hnpolicestate wrote:
| You know what would be catastrophically bad? A Recall AI feature
| being baked into Android.
|
| Like most people don't actually use personal computers anymore,
| even laptops aren't common among demos younger than millennials.
| I can tolerate switching to Linux or buying a steam deck.
|
| But if this became a hard coded feature of android or iOS I'd
| have to give up smartphones entirely.
| Gormo wrote:
| I'm sure Lineage, Graphene et al would immediately remove it.
|
| Something like that would likely also motivate a surge of
| interest in pure Linux phones, like the Librem or PinePhone,
| which would accelerate their development, and might be a net
| positive.
| ngrilly wrote:
| That's a product recall.
| gnicholas wrote:
| I can see why they would want to hold onto this feature, since it
| would make their devices incredibly sticky. If you spent a year
| or two having an AI understand literally everything that happens
| on your screen, then you'd be hard-pressed to switch to a
| different platform that lacks that historical understanding.
| Assuming there's no way to port the data, this would all but
| guarantee that you're a customer for life.
|
| It's possible Apple could have pulled this off. But MS has shown
| itself time and time again to be user-hostile and privacy-
| agnostic.
| MP_1729 wrote:
| Satya Nadella's Microsoft is such a weird company. It's like
| there's one side of it that is running with Zuckerberg's "move
| fast and break things" and the other side is saying "wait, we're
| the most important software company in the world! Things can't
| break!"
| wvenable wrote:
| This is a pretty insightful comment. That's exactly how it
| feels. The core of their technologies have never been more
| solid, including Windows. But then on top of that solid core is
| a bunch of "move fast and break things" and short-term profit
| choices that make the whole thing seem awful.
| wikidickynuts wrote:
| 2 cultures? Doesn't sound too surprising to me... one that is
| feature oriented and another that is old guard trying to
| support legacy customers.
| cedws wrote:
| Microsoft don't want to miss out on another big industry so
| they're compensating by trying to frontrun everyone whilst
| trying not to fall over.
| rchaud wrote:
| Even before Nadella, MS took insane risks with Windows. Ballmer
| oversaw the disastrous Windows 8 wigh the fullscreen Start
| Menu, which was hated far more than Vista ever was. W8 didn't
| even last 3 years before being replaced by Win10.
|
| And that's to say nothing of the decade-long attempt to compete
| with Google and Apple in mobile with Windows Phone/RT/Nokia,
| which Nadella mercifully unwound.
| RcouF1uZ4gsC wrote:
| What is interesting is the contrast to Apple's AI announcements.
|
| Apple's announcements were accompanied by an acknowledgment of
| the risk of privacy and a thorough analysis of the threat model
| and detailed design and specific steps taken to mitigate them.
| You can tell people with deep expertise spent time looking at the
| problem and coming up with solutions.
|
| Microsoft Recall on the hand had the feeling of - Oh my, this has
| privacy implications, we never would have guessed???
|
| That approach my Microsoft erodes trust. Apples's approach builds
| trust.
| methuselah_in wrote:
| Well I guess got scared because people will install Linux?
| cybwraith wrote:
| Windows 11's disaster of changes had already pushed me to
| decide to go full linux on my PCs, this was the straw that got
| me to stop being lazy and actually execute on that decision.
| nashashmi wrote:
| Guess the sh!t they thought they could force down everyone's
| throat (like the Windows 11 bar) has a recoil effect.
| appstorelottery wrote:
| I'm impressed that Microsoft seems to be listening to the tech
| community - now if only they would address telemetry I'm back in!
| phyrex wrote:
| I work on dev tools at my company. Telemetry really helps a ton
| to figure out if you're prioritizing the right things and if
| changes that you made are really for the better
| nofunsir wrote:
| There was a post on HN not too long ago about a random 3rd
| party/open source tool that does exactly this, no? When I first
| heard about Recall AI, I immediately thought back to that HN
| article, but can't find it.
| janjones wrote:
| What an irony. If you had Recall or that tool you mention
| installed, you could probably find it easily :D
| nofunsir wrote:
| Ugg... that just made me think of the opposite case where
| you're looking for something and it feigns ignorance...[1]
|
| [1] https://www.youtube.com/watch?v=CD9YqdWwwdw
| frithsun wrote:
| What's interesting to me is that AI hype accidentally got non
| technical people thinking and talking more about their privacy
| and security concerns relating to software.
|
| There's nothing sinister about LLMs relative to the kind of data
| collection big tech has been up to for years and years. It's just
| that all the AGI spin has triggered a defensive response in
| people.
|
| Positive, in my opinion. People should be approaching tech
| privacy concerns with fear, uncertainty, and doubt.
| hbn wrote:
| There did not previously exist screenshots of everything my
| monitor displays any time I'm using my computer, and I don't
| want that data to exist. Sure, a lot of my activity could be
| pieced together from various other things that track my
| activity, but constant screenshots of everything that was on my
| monitor is a centralized goldmine of data that I don't want
| anyone to have access to.
|
| I'd say that is more sinister than most other data collection.
| WhackyIdeas wrote:
| As I said nearly three weeks ago on HN:
|
| "Even if they say that they'll be abandoning this idea as they
| have 'listened to user feedback' or some other bull, the complete
| damage has already been done here. Thank the lord there are an
| abundance of excellent OS alternatives."
|
| Get them to fuck. Sorry, for the language.
| eigenvalue wrote:
| Unless I'm understanding this wrong, 99% of computers out there
| wouldn't even be able to run this anyway, since it requires a
| special neural processing chip that supports 40 trillion
| operations per second (and this can't be the GPU). So basically
| only Microsoft's own brand new Surface models could even use it
| in the first place.
| knallfrosch wrote:
| Acer Asus Dell HP Lenovo Samsung
|
| https://blogs.microsoft.com/blog/2024/05/20/introducing-copi...
| jjcm wrote:
| Recall suffered from a classic Microsoft mistake they've made
| time and again, but never learned from - how to correctly market
| and package your feature.
|
| Microsoft always tends to "go big" with their integrations, often
| to their detriment, in order to increase adoption of new
| features. One notable time was with Windows 8. They really,
| REALLY wanted people to try out the new Metro UI, so they deeply
| integrated it into the OS, pushed it in every marketing campaign,
| and made it the first screen you saw on login. There were some
| great features in it - better performance and better search
| results, but it wasn't opt in. The reaction from customers who
| took a casual look was, "they removed the desktop!". It wasn't
| true, but because of how overzealous MS was to push the new
| feature, that became the takeaway.
|
| The same thing is happening here - Microsoft pushed what
| objectively is a great tool, but they did so in a way that never
| gave users a choice of whether or not they wanted it. They've
| also framed the messaging and marketing in a way that's confusing
| to what is actually happening. Look at the amount of talk in this
| blogpost dedicated to mentioning how important security is for
| them, without ever actually going into what the security issues
| are or how they're addressing them.
|
| Sloppy marketing + forced integration has bit Microsoft so many
| times now. I'm always shocked that they never learn from this.
| plopilop wrote:
| How is this objectively a great feature? This is a spyware that
| stores screenshots unencrypted (and thus accessible to any
| other spyware). I am also not convinced that the AI tools would
| have been offline, thus effectively sharing your whole data
| with Microsoft (even more than before).
|
| From a privacy perspective, this feature is an abomination
| NegativeK wrote:
| "Objectively" is very strong, but I'd love a tool like this.
|
| Except it's so thoroughly invasive and ripe for abuse that I
| can't imagine ever using something like this that isn't open
| source and thoroughly vetted. And I think your very valid
| points are stemming from that -- MS's implementation was
| hamfisted and halfassed, and people don't trust them even if
| they do it correctly. But those are issues with the
| implementation and the implementer, in my mind. Not the
| conceptual feature.
| jbotdev wrote:
| I'm not sure an "objectively great" feature exists, because
| "great" is such a vague and subjective term.
|
| I think it's more productive to discuss it in terms of the
| use cases and who they benefit.
| IAmNotACellist wrote:
| What's funny is if they had marketed it as Apple does (and had
| as much credibility as Apple does among their fans) then
| everyone would love it. I seriously doubt they intend to do
| much different than "Apple Intelligence." I.e., local access to
| all your data and uploads of data you use on cloud apps.
| ubermonkey wrote:
| >then everyone would love it.
|
| I do not think this is at all true.
|
| Recall as implemented is an absolutely security and privacy
| nightmare, and would absolutely become a tool of oppression
| for abusers. MS deserved to reap the whirlwind here, as would
| any firm that offered the same sort of feature.
| alsetmusic wrote:
| > as would any firm that offered the same sort of feature.
|
| I'm reminded of the backlash to Apple's plan to have on-
| device scanning for CSAM in (I think) 2021. It blew up
| badly for them.
| slashdave wrote:
| There is no equivalence. Apple has been building on this
| technology for years now, all with a focus on privacy.
| Microsoft neither has the engineering talent, the time, nor
| the development ecosystem to catch up.
| jrflowers wrote:
| I love all of the "I see how this could be useful software. I'd
| maybe use it!" comments.
|
| Since this functionality can pretty much be replicated with OBS
| Studio + a keylogger I would love to know what keylogger/screen
| recorder software combo everybody is already running on their own
| machines
| havkom wrote:
| Did they recall the recall product?
| Sparkyte wrote:
| AI needs more pot on the kettle to be useful. Everyone is trying
| to AI into some money making machine which it is to an extent.
| Just the same problem we experienced with the cryptocraze.
| midtake wrote:
| I don't think Microsoft understands security. They use phrases
| like "secure by default" as if Recall is anything but, and it
| looks like "just-in-time" security requires Windows Hello, which
| I also don't want.
|
| I'm sorry but what little faith I had in Windows has absolutely
| dried up. If I didn't use Windows for video games with an Nvidia
| card, I would have no personal use for Windows. MacOS and Linux
| have been amazing lately and it seems like a downgrade every time
| I switch to my windows PC.
| SpaceManNabs wrote:
| wonder how they managed to add all these security features so
| quickly to a product that they didn't think had security issues
| in the first place...
|
| If you are vague enough, you can say you did something.
|
| If you don't explicitly mention the issue(s), you don't have to
| mention what you changed, if anything.
|
| Classic M$.
| cedws wrote:
| If Apple did something like Recall, they'd run the whole thing on
| a separate secure chip somehow and encrypt the data with a
| (actual secure) enclave.
|
| Microsoft are doing this the quick, dirty, lazy way by just
| embedding it into the OS. Lack of vertical integration is also
| haunting them.
| skydhash wrote:
| Apple is already building the same set of features. But because
| everything is so centralized (Apple's frameworks and dev
| tooling are good) they can do stuff without recording your
| activities. Especially with so many people using the default
| apps, and the integration with Siri that already exists.
| catoc wrote:
| Microsoft Recalled
| dang wrote:
| Related. Others?
|
| _Microsoft to delay release of Recall AI feature on security
| concerns_ - https://news.ycombinator.com/item?id=40677424 - June
| 2024 (54 comments)
|
| _Microsoft will switch off Recall by default after security
| backlash_ - https://news.ycombinator.com/item?id=40610435 - June
| 2024 (523 comments)
|
| _Microsoft Research chief scientist has no issue with Recall_ -
| https://news.ycombinator.com/item?id=40594608 - June 2024 (87
| comments)
|
| _Microsoft Recall should make you consider Linux_ -
| https://news.ycombinator.com/item?id=40591141 - June 2024 (141
| comments)
|
| _Microsoft has gone radio silent on Windows Recall_ -
| https://news.ycombinator.com/item?id=40584190 - June 2024 (45
| comments)
|
| _Windows Recall demands an extraordinary level of trust
| Microsoft hasn 't earned_ -
| https://news.ycombinator.com/item?id=40577197 - June 2024 (35
| comments)
|
| _Security researcher discovers Microsoft 's Recall tool is
| woefully insecure_ -
| https://news.ycombinator.com/item?id=40573097 - June 2024 (68
| comments)
|
| _Windows AI feature that screenshots everything labeled a
| security 'disaster'_ -
| https://news.ycombinator.com/item?id=40570294 - June 2024 (42
| comments)
|
| _How the new Microsoft Recall feature fundamentally undermines
| Windows security_ - https://news.ycombinator.com/item?id=40433884
| - May 2024 (47 comments)
|
| _Microsoft 's AI chatbot will 'recall' everything you do on its
| new PCs_ - https://news.ycombinator.com/item?id=40425306 - May
| 2024 (167 comments)
|
| _Recall is Microsoft 's key to unlocking the future of PCs_ -
| https://news.ycombinator.com/item?id=40417837 - May 2024 (58
| comments)
| porcoda wrote:
| I'm not sure Microsoft will ever achieve the level of trust
| they'd need to make things like this feature ever be acceptable.
| I'm sure in parts of the company they care about user trust quite
| a bit, but those people will never be able to counter the actions
| that the "maximize revenue at all costs" people take that
| undermine trust left and right. I don't see them putting "build
| and maintain user trust" as a corporate goal that they ACTUALLY
| try to achieve (not just use as a corporate feel good statement),
| since "maximize shareholder value and revenue" will always win.
| SimianSci wrote:
| For those who have not been keeping up with recent events. The
| United States government, is currently reevaluating its
| relationship with Microsoft due to recent security issues related
| to Russian and Chinese state-funded attacks.
|
| [Microsoft Storm-0558 Incident, cited as a recent example]
| https://www.microsoft.com/en-us/security/blog/2023/07/14/ana...
|
| Microsoft recently pledged to improve its security practices
| through incentives to executive pay and other initiatives.
|
| [Microsoft Blog on recent Commitment]
| https://blogs.microsoft.com/on-the-issues/2024/06/13/microso...
|
| Despite these pledges, several members of Congress are making it
| known that they dont see Microsoft as being serious about their
| recent commitments around security. It is worth noting that
| several of these members of congress influence how much Microsoft
| gets paid. The Recall feature is often used as a lightning rod to
| bring to light the rushed rollout of Microsoft's features without
| concern for security.
|
| [Video with timestamp of Microsoft's President being questioned
| by Florida Congresswoman, Recall mentioned]
| https://youtu.be/kB2GCmasH4c?t=8217
|
| While I suspect there may not be any sole reason for the release
| delay, it would seem to me that having Microsoft's biggest
| customer using Recall this way, may greatly influence the
| company's decision to hold off on the release.
| lemonlime0x3C33 wrote:
| I have been dual booting for years but this has been my
| motivation to officially abandon windows at home, just need to
| figure out how to play civ 7 when it comes out next year...
| capl wrote:
| Please delay it indefinitely. The OS with the worst security
| combined with a queryable LLM recording everything you do?
|
| Yeah, no.
___________________________________________________________________
(page generated 2024-06-14 23:00 UTC)