Q. Is this really as harmful as you think?

A. Go to your parents house, your grandparents house etc and look at their Windows PC, look at the installed software in the past year, and try to use the device. Run some antivirus scans. There’s no way this implementation doesn’t end in tears — there’s a reason there’s a trillion dollar security industry, and that most problems revolve around malware and endpoints.

  • Mossy Feathers (She/They)@pawb.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    I’m really hoping valve does a public steamdeck OS release. I’d like to replace windows on my PC with Linux and have windows as a backup, but the Linux distro I’m the most familiar with is the steam deck’s distro, and that’s not available outside of steam decks yet.

    • GregorGizeh@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Check out bazzite.gg

      It is a very beginner friendly, gaming focused distro that essentially aims to be steamOS on PC. It even has rollback functionality if you accidentally break something.

    • HatFullOfSky@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      SteamOS is arch based and uses KDE Plasma as the default DE, so you could probably run Endeavour OS and be pretty darn close

    • foggenbooty@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Bazzite has been designed to be an out of the box SteamOS distro. It’s not based on Arch, so if that’s what you’re familiar with then that’s not the same, but give it a try.

    • Billiam@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      You’re gonna get lots of suggestions, lol.

      I’d say look at Zorin. It’s a Ubuntu-based distro so it has lots of support, and also has several baked-in themes to customize your desktop the way you want it right out of the box. You can make it look like Windows 7/10/11 or macOS without any other apps or themes, which might help your transition.

  • Churbleyimyam@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Even supposing I didn’t care about the security implications of this, why on earth would I want this functionality? I can barely keep up with all my activities in the present moment, let alone the past. It’s like a morbid and pathological unification of nostalgia and hoarding.

  • DarkSurferZA@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    I get the security issues, sure, those are valid, but the privacy ones are even worse. Imagine a teenager trying to search information on being gay, or possible intrusive thoughts on their family computer, only for their super maga right wing parent to find it in the screenshots.

    Or someone being abused at home and searching for support facilities, deleting history and being outed by recall.

    Wait, how about credit card fraud as a result of EVERYONE who has access to this computer can read your cc data?

    Or, my husband was looking at jewelry online yesterday and he hasn’t told me, he must be cheating, right? Oh sorry, I forgot, our anniversary is next week… Hahahaha, don’t be upset babe.

    Best one ever though, imagine your search history, your porn watch history accessible to anyone with access to your computer? The fucking horrific existence of having an employer process this data at scale using fancy staff monitoring program 7, and run stats on the fact that you had a toilet break while working from home, and they want to know if it was a number 1, or a number 2 so they can work a mean time to shit metric into your KPA/scorecard.

    Guys, whatever benefit you think this is. It’s not worth it.

    • ArcaneSlime@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Not that it solves the problem, but since I’m not the King of M$ this is about all I can do: you could easily get around all that by turning off secure boot and booting into a persistant live-usb containing a linux distro of your choice (Tails for extra privacy/ease, if you can use Tor) to do all your secret agent computing needs. The host PC can’t see shit of what happens on Tails.

    • uhN0id@programming.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Ultimately privacy is part of security so, if anything, everything you mentioned is just more reinforcements that this is a major security concern.

      As someone that has been obsessed with tech since being a kid in the 90s I think the tech side of this is super cool and very exciting stuff. As a user, though, I only like this if I’m the one implementing and using it. I do not trust a mega corporation (or really any company) to “leave it locally on my computer and totally not use that data for other purposes”. Right now it’s supposed to be (as far as I last heard) only on your machine but we’ve seen EULAs and TOS’ etc change many times over the years but especially over more recent years as data continues to be king and data like this is a literal bottomless diamond mine.

      I know this isn’t your point but it’s just worries I have in addition to your points. And let’s not even start about what this means for law enforcement abuse. No thanks, I’ll wait for a FOSS equivalent that at least gives me and the community the opportunity to evaluate how it works.

  • TalesOfTrees@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    As reasonable the concerns are… it seems like there’s quite a bit of fearmongering over software and hardware that haven’t even really gotten into the mainstream yet.

    • Spuddlesv2@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Do you think it would be a better idea to wait until it’s installed and active on every Windows computer before we start a discussion on how bad Copilot is?

      • Blaster M@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Only computers that can run it… are pretty much none of the computers running 11 today. The CPU needs to have an NPU, as the AI functionality is run locally on the PC.

        • Spuddlesv2@lemmy.ca
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Go look at all the Windows PCs announced in the last few months and you will see they have NPUs. So again, why would we wait until it is too late to try to stop this nonsense?

          Also the “AI” may run locally but it saves the info into an easily accessible and readable SQLite database in the users AppData. It will be trivial for malicious actors to access.

    • Someonelol@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I heard this same argument from people all the time. Until it affects you in a meaningful way to change your mind, it’ll be too late.

    • vext01@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      The writing style is a bit weird, but I think the concerns are valid. That sqlite file is a treasure trove for hackers/scammers.

    • exanime@lemmy.today
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Agreed that there is a bit of exgaerated dread… but honestly this has all the hallmarks of a monkey knife fight in an elevator, it’s hard to imagine how this won’t end in disaster

  • beefbot@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    THIS IS NOT CURRENTLY RUNNING ON MY WINDOWS COMPUTER, right?

    This obvious first question hasn’t been clarified (maybe by one comment in this thread, but not in the article)

    • beefbot@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 year ago

      From The Verge’s obsequious article:

      Recall won’t work with every Windows 11 computer. You’ll have to buy one of several fresh new “Copilot Plus PCs” powered by Qualcomm’s new Snapdragon X Elite chips, which have the neural processing unit (NPU) required for Recall to work.

      • asap@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        And from the article in the OP:

        I got ahold of the Copilot+ software and got it working on a system without an NPU about a week ago,

          • zod000@lemmy.ml
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            Most of the newer CPU’s have an NPU already, Microsoft just set a higher performance requirement for NPUs to be officially labeled an “AI PC” which they are pushing hard.

        • A_Random_Idiot@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          They are using that to sell NPU bullshit to the stupid people crazy enough to be excited by it.

          Then down the road they’ll push it in an update for everyone, I wager.

        • MacN'Cheezus@lemmy.today
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          1 year ago

          I think that’s just regular Copilot (without the plus). This is a newer version, at least that’s what this quote from the article leads me to believe:

          I got ahold [sic] of the Copilot+ software and got it working on a system without an NPU about a week ago

          The regular Copilot (without the plus) that sits in the taskbar was rolled out in an update about a month or two ago.

          Also, this part of the article gives a method to check if it’s running:

          Q. How do you obtain the database files?

          A. They’re just files in AppData, in the new CoreAIPlatform folder.

          Unfortunately there are at least two AppData folders (three to be exact, but one of them is rarely used), and it doesn’t specify whether it’s %APPDATA% or %LOCALAPPDATA%, but I just checked on my Windows machine (Win11 with all updates installed, including Copilot), and I can find no such folder in either of these paths.

          EDIT: the video in this toot clearly shows the location of the database folder, and it’s in %LOCALAPPDATA%, which makes sense given that it’s stuff that’s not supposed to leave your device.

    • dustyData@lemmy.world
      cake
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Not just enterprise. Some organizations handle extremely sensitive information of victims of crimes, survivors of wars, potential political targets, just to name a few. A feature taking a screenshot and registering all of that data is a nonstarter. MS will have to prove that the feature doesn’t run with certain gov clients, the privacy risk is way too high.

      • deweydecibel@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 year ago

        On the other end of the spectrum, the vast majority of home users have no idea how to disable this or that it’s even activated. There will be folders of Recall shit filling up everywhere, waiting for someone who knows it’s there to access it.

        If any of them access their work data on the Microsoft 365 web apps, it’s now sitting in that folder, and they will not know.

        This is honestly the biggest evidence yet of a need for some sort of regulation that certain privacy related things should not be allowed to be activated by default. They should always be opt-in, period.

    • BearOfaTime@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      It won’t.

      All the crap from MS only affects ignorant home users. (I say that with no criticism - home users often lack significant expertise in this stuff).

      Corporate has an IT team dedicated to image building, based on requirements gathering, which is well documented and well tested before it’s deployed to even a small test group (usually us fellow IT geeks get to be Guinea pigs first).

      Once it’s been certified, then they’ll deploy to a second, larger group, test and verify.

      Wash, rinse, repeat.

      Plus they’ll probably start with new hires and anyone with a machine that is falling off lease/aging out. This gives them a little room, in that new hires don’t have any local data (no one should have much in the first place), and people with aging machines can hold onto the old machine for a couple weeks as a fallback, just in case.

      I’ve seen it several times, been part of deployment and upgrade teams.

      Additionally, they deploy policies to redirect any MS network services to their own internally hosted services - windows is designed to do this, there are specific policies for everything, such us Windows Update services, even the MS App Store. Because no company wants machines pulling random crap from outside the company (they probably even block the access at the network level - I would).

      • TexMexBazooka@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Everything you’re describing is how it should be done. Realistically it isn’t done properly, all the time, and that’s why breaches happen.

    • ripcord@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      This will fly for corporations wanting to use it themselves against their employees.

    • jordanlund@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Enterprise will love it because it will allow them tinestamped access to everything their employees are doing during the day.

      They will have it set up to alert on a various things…

      “So, Bob, you were playing Minesweeper from 9:45 to 9:53, was that a scheduled break for you?”

      “Jane, your screen showed no substantive changes from 1:03 to 4:15, you weren’t in a meeting, what were you doing?”

      • Someonelol@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        The surveillance would be a double edged sword. If they were to be hacked, all sensitive information that was going through their PCs could be compromised.

        • jordanlund@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          They will convince themselves it can’t be compromised. Never under-estimate the stupidity of middle management.

          • Flying Squid@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            And no one was able to stop the White Star Line executives by saying, “maybe you shouldn’t be 100% sure the Titanic is unsinkable?”

    • pyrflie@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 year ago

      It already exists in the corporate environment. Teams is a keystroke logger, it stores everything you do down to the microsecond in a plain txt on the C drive. This just expands that to everyone that uses Windows.

      Windows is spyware now.

  • Opafi@feddit.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    As much as I lean to hate this despite it not even affecting me as a Linux user…

    I’m going to structure this as a Q&A with myself now, based on comments online

    What is that? “I’m going to pretend to ask questions that I’ll then answer myself the way I think it’ll outrage that most people do I’ll get a lot of clicks on this shitty article”? What crappy excuse for content creation is this? I hate it.

    • Ephera@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Eh, they could have written it differently, each time hypothesizing that someone might wonder XYZ, but I appreciate the brevity of this format. And I do not think that the questions or answers are unreasonable.

    • thesmokingman@programming.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Do you mind calling out the questions you think are inappropriate or exist for rage clicks? What constitutes a good article for you if this is a shitty one?

    • ColeSloth@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I rather liked it. I mean he was just re-phrasing questions he’s seen without having to bother with direct quotes and making sure the questions were articulate.

      It’s pretty important to get this info out there and make sure everyone and their 2nd cousin knows about it. If Microsoft can’t make this absolutely infallible on a security front it will almost be laughable at how many people could get completely fucked over by this. Every hacker and country in the world are going to be poking at the security of this feature. It would be the holy grail of infosec penetration.

    • SzethFriendOfNimi@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      You may not but the customer support rep at a company that had your info uses windows. Same for the insurance companies, various government agencies local with limited it experience as well as national.

    • Spuddlesv2@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I follow Kevin on Mastodon. He’s the real deal and is absolutely not interested in the clicks or outrage. He’s trying to make it accessible.

      • tal@lemmy.today
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Yeah, I gotta say that I read the article and it seemed pretty reasonable in terms of content. The fake-Q-and-A thing wasn’t quite my cup of tea either, but eh, I don’t think it was all that problematic.

      • JackFrostNCola@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Agreed. The way i took it was “i am going to write ‘questions’ based on the concerns people are commenting online and give the answers to those things people are interested/worried about”

    • capital@lemmy.world
      cake
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I saw that as anticipating the questions they’ll get regarding this article and pre-answering them.

  • Snot Flickerman@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    Unpopular Opinion: This is why Microsoft were such assholes about making sure Windows 11 required a modern TPM and this is also why they are forcefully rolling out Bitlocker encryption turned on by default on all Windows 11 PCs.

    Is Recall still a fucking stupid idea? Yes, resoundingly so. But they’ve half-ass considered the risks, it seems. The forceful rollout of Bitlocker is dumb and short-sighted in its own right, and it wouldn’t make a person completely secure from outside attacks rooted in a Recall exposure.

    • mil@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Because Windows not only encrypts the system disk (C:) but also all connected hard drives

      And they’re gonna just enable it without asking if i want all my hard drives encrypted first?

    • 0xD@infosec.pub
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      That’s not an unpopular opinion, it’s an outrageously stupid and uninformed one and you should keep it to yourself.

    • forrgott@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Umm, no. Just…yeah, no.

      The main problem with this theory is that Microsoft is absolutely abysmal at user end security, and they always have been. Frankly, they do not understand the issue.

      But, more to the point, the whole TPM/secure boot stuff is a compromise; originally (I think this was about the time of Vista), they partnered with OEMs to have them include a DRM chip that made it literally impossible to install any non-windows OS on your laptop. They’ve managed to still get an implementation of TPM that makes switching your OS too confusing/difficult for the average user.

      Anyway, bottom line is they only care about money, and they neither care or even understand the security needs of the end user.

    • trollbearpig@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Nah dude. TPMs have alwayd been about implementing DRMs. These companies hate that they can’t control our PCs, they want to be sure we can only run their approved apps. Like it works in iOS and (to a lesser degree for now) in Android. And even there they are pushing hard for even more restrictive DRM.

      For example, some years ago I worked with a SaaS that implemented and sold some security products. One of our customers was a big retailer (for specialized products, not going into more details to avoid doxxing) that was having a problem with scalpers buying all their inventory as soon as they released it. So they were trying to put a show for regulators about stopping scalpers because their customers were complaining. We suggested that the only real solution was to have some real life verification of purchases. But in the end they went with the awful attestation APIs offered by Apple or Google to “fix” this. And in case you are not familiar, these APIs are just TPM based DRMs. So now, if you have a rooted/jailbroken phone you can’t even buy with this retailer anymore.

      Note that this company wasn’t trying to fuck customers directly, they were just lazy and incentivised to not really fix the problem (a sale is a sale, even if to a scalper). But even then the end result is that their customers got their digital freedom rights restricted. It’s just a terrible technology IMO, the incentives from companies arr all terrible. And that’s before we start considering the real intentions of awful companies like Microsoft, Apple and Google. IMO they are actually pushing for techno feudalism, but that’s my conspiracy theory hahaha.

      So no, I doubt they were thinking about security woth this recall bullshit. As other people have explained in their comments it doesn’t really protect much in practice. Plus this whole AI push has just just a stupid scramble from this companies to grab a big piece of the stupid AI pie from other companies hahaha, there is no long term plan here, don’t lie to yourself and us.

    • boatswain@infosec.pub
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Hardware controls are meaningless if an attacker gets you to click on a dodgy link in a phishing email or you fall for a social engineering scam when “Microsoft” calls you because your computer has a virus.

      • GreyBeard@lemmy.one
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Theoretically, Microsoft could protect against most attacks. Apple has done it by making it increasingly impossible to touch kernel level stuff without an MDM. Every release they lock up more of the system. It means they are drifting toward iOS on their Macs, where the user doesn’t own their device, but it is an effective blocker to stuff like this, baring zero day kernel issues.

        I think that is where Microsoft is headed, but they also aren’t able to let go of backward compatibility, so they really aren’t getting any closer to a system that is secured enough to handle such sensitive data.

        • fartsparkles@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Most compromises live in user space. Locking down the kernel is great and all but “most attacks” are running as the logged in user doing operations that user is permitted to do.

          • qprimed@lemmy.ml
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            1 year ago

            I am shocked there is even a single downvote on this comment. parent is 110% right. a kernel level compromise in the vast majority of exfiltration events its just needless (but nifty) icecream on top of the pain pie being served to the user.

  • DirkMcCallahan@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    The full article is well worth reading. It’s good to find a lucid, logical deconstruction of why, precisely, this will be a complete disaster.

  • NoiseColor@startrek.website
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    This is a feature hundreds of millions of people will use and very likely won’t cause any security issues. These doomsday scenarios every Linux user here is predicting is a bit much, don’t you think so?

    • Adanisi@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Are you braindead? Yes yes taking regular screenshots of the desktop can’t possibly be a security risk, right?

      • NoiseColor@startrek.website
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        You can define almost anything as a security risk. But we aren’t children to play such stupid games.

        We are talking about someone gaining that information and the probability of that happening without even knowing what security mesaures will be in place. I think the risk is negligible even today with the limited information about it that we have now. Other People here, presumably you as well are hysterical about it.

        Thats what the discussion is. You actually believe Microsoft will launch this and then everybody will be hacked or something. I think that is… not smart.

        • Adanisi@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          No, I don’t think “everyone will get hacked or something”, don’t put words in my. I mouth for the sake of your argument.

          What it is, and this is undeniable, is a massive fucking privacy and security hole if someone gains control of your computer.

          • NoiseColor@startrek.website
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            I didn’t want to put words in your mouth, but wanted to clear up where each of us stand so there is no missunderstanding.

            If somebody gains control of your computer today, that’s a massive privacy and security hole in itself.

            • starman2112@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              1 year ago

              If you didn’t want to put words in someone’s mouth then you shouldn’t have said something like

              You actually believe Microsoft will launch this and then everybody will be hacked or something.

              • NoiseColor@startrek.website
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 year ago

                Oh a knight in shining armour trying to defend my dialogue partner?

                Did you ask anyone needed defense? Because I’m pretty sure they don’t.

                If you read carefully I wrote “or something” at the end implying that I don’t know exactly what they believe. It was not that subtle of invitation for them to agree with my first assessment or correct me. I will try to be really blunt in the future, so that you don’t missunderstand again.

                • starman2112@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  edit-2
                  1 year ago

                  ? I’m not defending anyone, I’m calling out bullshit when I see it

                  I don’t really care that you like watching kids through their bedroom windows or whatever

                  If that doesn’t accurately describe your views, no worries—I said “or whatever,” so it’s fine

            • Adanisi@lemmy.zip
              link
              fedilink
              English
              arrow-up
              0
              ·
              1 year ago

              Absolutely, but even with control of your computer, if you’re smart, other accounts etc will still be inaccessible by the attacker.

              Not when they get access to the Windows built in desktop spy saving everything it sees.

              • NoiseColor@startrek.website
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 year ago

                Not if it’s encrypted and if sensitive information is not saved.

                Main point is still that gaining control of someone’s computer against their will is practically impossible today. If someone manages to do it, they already have your files and all the sensitive information they could want. They won’t even bother with this recall. And if you are worried about it, you will be able to just turn it off.

                Much ado about nothing.

                • Adanisi@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  1 year ago

                  “If sensitive information is not saved” is doing a lot of heavy lifting for you there. The issue is that it saves everything.

    • Higgs boson@dubvee.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      very likely won’t cause any security issues.

      Hahahahaha. Oh wait, you’re serious? Let me laugh even harder. HAHAHA

    • BrowseMan@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Did you read the article?

      This system basically do a character recognition on EVERYTHING the user is displaying and save the results in a very small file not that well protected.

      The data is very small (I guess because it’s basically text?), seems easy to find. That means the history of all you did on your computer (apparently only for the last three feays by default,but well…) can be stolen at once, in a minuscule file.

      I’m not an IT specialist, but I don’t see in which world this can remotely be a good idea…

      • NoiseColor@startrek.website
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        As I understand not everything will be read and stored, storage will be encrypted. We don’t even know what exactly will be stored and everybody here is losing their mind.

        We already have a lot of sensitive information on our computers and nobody is panicking.

        I guess it’s hard to get used to new stuff. Or maybe Linux users are afraid that their favourite system won’t be able to compete anymore.

        • ocassionallyaduck@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          You didn’t read the article.

          We do know the answers to these questions. And if I can use a 2 line script to exfiltrate all your screen data for days/weeks in under a few MB of data.

          So better hope you, never, ever, ever run unauthorized or malicious code, because now it basically has a honeypot of top priority data, always stored in a known location and compressed for easy uploads.

            • ArcaneSlime@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              1 year ago
              Q. The data is processed entirely locally on your laptop, right?
              
              A. Yes! They made some smart decisions here, there’s a whole subsystem of Azure AI etc code that process on the edge.
              
              Q. Cool, so hackers and malware can’t access it, right?
              
              A. No, they can.
              
              Q. But it’s encrypted.
              
              A. When you’re logged into a PC and run software, things are decrypted for you. Encryption at rest only helps if somebody comes to your house and physically steals your laptop — that isn’t what criminal hackers do.
              
              For example, InfoStealer trojans, which automatically steal usernames and passwords, are a major problem for well over a decade — now these can just be easily modified to support Recall.
              
              Q. But the BBC said data cannot be accessed remotely by hackers.
              
              A. They were quoting Microsoft, but this is wrong. Data can be accessed remotely.
              
              Q. Microsoft say only that user can access the data.
              
              A. This isn’t true, I can demonstrate another user account on the same device accessing the database.
              
              Q. So how does it work?
              
              A. Every few seconds, screenshots are taken. These are automatically OCR’d by Azure AI, running on your device, and written into an SQLite database in the user’s folder.
              
              This database file has a record of everything you’ve ever viewed on your PC in plain text. OCR is a process of looking an image, and extracting the letters.
              
              Q. What does the database look like?
              
              A:https://twitter.com/GossiTheDog/status/1796218726808748367?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1796218726808748367%7Ctwgr%5E2eccf634534245a77c4f931d8722f1b8c6f23595%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcdn.embedly.com%2Fwidgets%2Fmedia.html%3Ftype%3Dtext2Fhtmlkey%3Da19fcc184b9711e1b4764040d3dc5c07schema%3Dtwitterurl%3Dhttps3A%2F%2Fx.com%2FGossiTheDog%2Fstatus%2F1796218726808748367image%3D
              
              Q. How do you obtain the database files?
              
              A. They’re just files in AppData, in the new CoreAIPlatform folder.
              
              Q. But it’s highly encrypted and nobody can access them, right?!
              
              A. Here’s a few second video of two Microsoft engineers accessing the folder: https://cyberplace.social/system/media_attachments/files/112/535/509/719/447/038/original/7352074f678f6dec.mp4
              
              Q. …But, normal users don’t run as admins!
              
              A. According to Microsoft’s own website, in their Recall rollout page, they do: https://miro.medium.com/v2/resize:fit:1100/format:webp/0*WGE1jcRzhe6WAGQS
              
              In fact, you don’t even need to be an admin to read the database — more on that in a later blog.
              
              Q. But a UAC prompt appeared in that video, that’s a security boundary.
              
              A. According to Microsoft’s own website (and MSRC), UAC is not a security boundary: https://miro.medium.com/v2/resize:fit:1100/format:webp/1*TTjYNH15IoP_d8JhhG3cEA.png
              
              Q. So… where is the security here?
              
              A. They have tried to do a bunch of things but none of it actually works properly in the real world due to gaps you can drive a plane through.
              
              Q. Does it automatically not screenshot and OCR things like financial information?
              
              A. No: https://miro.medium.com/v2/resize:fit:1100/format:webp/1*OZMjujpALL3IfAQYT64x7Q.png
              
              

              Do I have to continue or do you think you could actually read the article for the rest? It’s clearly a bigger deal than “linux users mad because windows better” and your poor excuse for a troll just makes it look like you’re too stupid to read the article laid out in front of you. Well, now you have no excuse so get good.

              • NoiseColor@startrek.website
                link
                fedilink
                English
                arrow-up
                0
                ·
                edit-2
                1 year ago

                Sorry I don’t take everyones word as truth. This guy is just one guy. One guy against the whole Microsoft corporation whose entire fortune depends on this not to fail in the way he said it certainly will. Absurd.

        • BrowseMan@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          1 year ago

          Based on what Microsoft themselves said we know: everything will be stored (except edge private session…). They specifically say they don’t do content moderation: they log everything.

          Did you read the article?

          Q. Cool, so hackers and malware can’t access it, right?

          A. No, they can.

          Q. But it’s encrypted.

          A. When you’re logged into a PC and run software, things are decrypted for you. Encryption at rest only helps if somebody comes to your house and physically steals your laptop — that isn’t what criminal hackers do.

          As a windows user I’m not delighted by this.

          Edit: at this point you must be trolling…

          • NoiseColor@startrek.website
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            If you are so afraid, you can just turn it of. You are aware of this are you not?

            OK if you think I’m trolling, why did you answer?

            I give you the benefit of the doubt you are a reasonable person who can go beyond their emotions of a feature of an os. And the emotions this article stirred.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      We’ve seen it before, it’s not idle speculation. Windows machines have been the hosts of the largest botnets in the world. Whenever a company does something stupid like this it invariably gets into the wrong hands. It’s not even a question of if it will happen just when it will happen.

      Oh and it’s not “Linux users” saying it, it’s everybody with an ounce of technical common sense. We’re all here shouting at Microsoft “it’s a bad idea” and they won’t care and it will go exactly as badly as predicted.

      • rottingleaf@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Oh and it’s not “Linux users” saying it, it’s everybody with an ounce of technical common sense.

        Which kinda correlate with each other. Which allows for a certain bad faith argument to be made.

      • NoiseColor@startrek.website
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Yes, we have seen it many times before. Much ado about nothing. New feature that will mean some new security measures. Everybody will move on and in a year nobody will remember how some people in the Linux community were panicking.

        • Flying Squid@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          I will never find out exactly when your bank data is stolen because of this, so I’m just going to laugh about it now.

          • NoiseColor@startrek.website
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            Go ahead laugh. Because you will indeed forget all about it and never remember your doubts and panic laughter as nothing will happen.

    • Nighed@sffa.community
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Oh it WILL cause security issues. It’s just a tradeoff against if they are worth the benefits.

      • NoiseColor@startrek.website
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        There likely won’t be anything major while 1. 4 billion people will benefit. Security measures will be adapted for this new feature.

        This same thing happened before, a lot of panic for nothing.

          • NoiseColor@startrek.website
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            I don’t know. We will both be able to discover them when the features are deployed.

            This is a senseless hysteria about how this is horrible and… I don’t even want to go into all the dumb shit I read.

  • TheTimeKnife@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    We should have let the government actually break up microsofts monopoly long ago. Now they will abuse it to force millions of Americans to use their spyware.

  • deweydecibel@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Are Microsoft a big, evil company?

    A. No, that’s insanely reductive. They’re super smart people, and sometimes super smart people make mistakes. What matters is what they do with knowledge of mistakes.

    I have no doubt there are smart employees, but they don’t call the shots. Case in point.

    • Grangle1@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Being super smart and super evil are NOT mutually exclusive. Intelligence =|= morality.

        • Hobo@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Why reach for a fictional example when so many real world examples exist? Just curious because I think of Bezos, Musk, and to a lesser degree Gates as examples of smart people doing bad things. I mean there’s several very smart people that have done good things as well but those are harder to come by. Even people like Alfred Nobel created something he thought would save the lives of miners for his invention to be used for war. Einstein also did a lot for the advancement of theoretical physics and his work was subsequently used as the foundation of the atomic bomb. It’s actually way harder to come up with a Tony Stark type smart “good guy” in the real world for me because reality is often far more grey.

          • AngryCommieKender@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            I don’t think of Bezos, Musk, or Gates as exceptionally intelligent. They are lucky and influential, sure. Intelligent? Musk is automatically out just because of his Twitter feed. The other two haven’t shown themselves to be particularly intelligent, just ruthless and efficient when it comes to generating profit.

            As far as the other side of that coin, I tend to agree. Most of the really intelligent people that have existed have been pretty grey morally speaking.

            Hence why I went with fictional examples. At least with Lex Luthor, there’s very little grey area in his moral stances.

            • Hobo@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              1 year ago

              Gates is insanely intelligent, like demonstratably so. Musk and Bezos are also very highly intelligent people. Do they have terrible, awful, even downright despicable views? Absolutely. But don’t be fooled, all three of those people are incredibly smart with actual high IQs (not in the braggart, “I have a very IQ.” sense either).

              Intelligence doesn’t translate to empathy or wisdom. Some of the least book smart people I’ve met have been profoundly wise at times, and some of those same people were incredibly empathetic. Unfortunately, I think all three of those people (Musk, Bezos, and Gates) are lacking in those traits, but saying they aren’t in fact measurably intelligent is only fooling yourself.

              I say this as someone who was raised by a measurably very highly intelligent person who could be, and was, a complete monster at times, and had some really twisted views on the world/other people. Lucky for me I didn’t inherit that innate Intelligence I guess!

              • Promethiel@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 year ago

                These totally normal human beings you sound like you deify…are you their psychiatrist, psychologist, therapist, counselor? Short of those professions or a former tutor who happened to treat all three…

                Well, interesting thing to devote anecdotal brain power to, I’ll tell you that.

                • Hobo@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  edit-2
                  1 year ago

                  Yeah totally that’s why I said they were basically morally corrupt and used them as an example of smart people doing bad things… Maybe your judgement is a bit clouded?

              • neclimdul@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 year ago

                Is musk really intelligent? He’s not dumb but honestly seems like most of his success is from buying things and or getting smart people under him who are able to succeed despite his medlling. The ideas he forces through tend to be bad. Giga factory was largely a disaster and he had to relearn manufacturing. Giga casting? Dead. A lot of the super heavy stuff he’s directly influenced failed or are drawing out the timeline as the struggle to address. Cybertruck and semi…

                • sugar_in_your_tea@sh.itjust.works
                  cake
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  1 year ago

                  Hiring smart people and seeing market opportunities and executing on those opportunities absolutely are skills. It’s the same sort of skills Hitler had, where most of the genius lies around organising people around a common goal.

                  A lot of companies either get the smart people, time market opportunities perfectly, or execute perfectly on a clear vision, but very few do all three at the same time and tend to fail. The first (lots of smart people) run out of money, the second is the “too early” group and their ideas get taken by someone else, and the third spends their resources going in the wrong direction.

                  Elon Musk wasn’t successful because he knows a lot about electric cars or rockets, he was successful because he saw an opportunity, secured enough funding, hired the right people, and focused those people in the right direction.

                  You can be incredibly smart in one area and incredibly dumb in others. Elon is great at pitching an idea to get funding, and using that funding to hire the right people. He fails when he overrides those smart people.

                • g_the_b@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  1 year ago

                  Musk and Jobs are/ were highly effective psychopaths. Not geniuses in an academic sense but incredibly shrewd and calculated.

                  Gates, Bezos, Zuck, Page and the likes are very intelligent and very confident. Like I wouldn’t be able to one up any of them in a debate, but I wouldn’t be afraid of them trying to destroy my life out of spite.

        • LordCrom@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          As we get older, I tend to agree with the supervillains.

          Lex Luther wants a weapon to counter this insanely strong, invulnerable Superman that can destroy the planet … I’m like: Yes we should

          Magneto considers mutants superior and if humans wage war, then mutants have the right to wage war back, and win. Survival of the fittest. If I was a mutant, I would be on Magnetos team.

          • sugar_in_your_tea@sh.itjust.works
            cake
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            Magneto wanted supremacy, not equality, and was willing to use genocide of non-mutants to get it. And Lex Luthor was a narcissist who was jealous of Superman’s power and popularity; he wasn’t acting for the benefit of humanity, he was acting in his own interests.

            Every good villain has mostly justifiable motivations, they just take it too far. Magneto would be justified if he sought equality, and Luthor would be justified if he developed but didn’t use the weapon until Superman did something evil.

            The only justifiable amount of force is just enough to neutralize an active threat, and no more.

  • RoyalEngineering@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    I keep hearing all the rabble rousing about this from a security perspective, but is there not an incognito mode to the Recall capability?

    • A_Random_Idiot@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      There cant be.

      It literally screenshots what you’re doing every few seconds, and builds a plain text database of any and all text it captures.

      Incognito mode is not having it installed.

      • RoyalEngineering@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Hmm that didn’t sound right so I had to look it up. Microsoft says there’s a way to pause the recall snapshot functionality for a set amount of time, like an incognito mode:

        Pause or resume snapshots To pause recall, select the Recall icon in the system tray then Pause until tomorrow.  Snapshots will be paused until they automatically resume at 12:00 AM. When snapshots are paused, the Recall system tray icon has a slash through it so you can easily tell if snapshots are enabled. To manually resume snapshots, select the Recall icon in the system tray and then select Resume snapshots.

        https://support.microsoft.com/en-us/windows/retrace-your-steps-with-recall-aa03f8a0-a78b-4b3e-b0a1-2eb8ac48701c

        I don’t understand why there’s so much FUD around this product…

        • ltxrtquq@lemmy.ml
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          You don’t understand why there’s so much fear, uncertainty, and doubt about an on-by-default program that records everything you do? Are you being serious right now?

          • RoyalEngineering@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            1 year ago

            Yeah not to be obtuse here, but I think the fear is over sensationalized. I haven’t seen it in person, but it seems like this is a totally new product that is similar to idea of browser history, but adds in some modern features. I would like to check it out.

            on-by-default

            That’s not correct. Based on the documentation, Windows Setup has an option to enable/disable the feature on first boot.

            The documentation also says it doesn’t capture incognito windows and I mentioned in my other comment that you can turn it off temporarily and permanently. It doesn’t run all the time no matter what, like some of the comments have suggested.

            Here’s a screenshot of the config page with a simple toggle to turn off:

            • ltxrtquq@lemmy.ml
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              1 year ago

              Windows 11’s Recall feature is on by default on Copilot+ PCs

              Disabling the AI snapshotter requires a trip into Settings for ordinary users

              Over the weekend, The Verge’s Tom Warren posted (on twitter) screenshots showing Microsoft’s latest Out-of-Box Experience (OOBE), in which the Recall feature can’t be turned off unless the user opens Settings after completing setup.

              Now, it’s possible things have changed in the last few days, but I wouldn’t really expect them to based on the last time I used windows. I also didn’t know this before I tried looking it up, so I’ll admit I’m a little biased against microsoft.

              But the real question is, what documentation are you looking at where you’re pulling all this information from? Can you provide a link?