Q. Is this really as harmful as you think?
A. Go to your parents house, your grandparents house etc and look at their Windows PC, look at the installed software in the past year, and try to use the device. Run some antivirus scans. There’s no way this implementation doesn’t end in tears — there’s a reason there’s a trillion dollar security industry, and that most problems revolve around malware and endpoints.
You must log in or register to comment.
deleted by creator
No major corp I’m aware of is excited about these changes. Legal especially would like there to be the minimum records retention required by law, and a months long AI searchable database of individual user actions on a PC is a nightmare scenario for them.
If the IT departments of any major corp allows anyone within their network to enable this feature, they and everyone the work for need a permanent waning label for idiocy and utter incompetence attached to their resume.
Can I forward your comment to my IT team? Because they’ve done worse than that already :(
I don’t know, if I was IT decision-making and I worked for a company I didn’t particularly like I might install this for the executive stratosphere and hope for subpoenas.
Can you elaborate on what “subpoenable information” means. Like I have a vague idea but im not super clear if thats like a legal term with special considerations or whatever. Elaboration would be helpful.
Not OP but the scenario described is say… A company and a specific manager gets sued for harassment. The plaintiff can be entitled to discovery related to the complaint, and that could now include the searchable screenshot database from the managers computer showing all the clear evidence that he harassed the plaintiff. Nightmare scenario for legal departments of companies.
On the other hand, this makes it much easier for a corporation to spy on its employees, so I think at least some of them are in favor of this.
If employees are using the corporate’s computers, they can already see everything the employees do, they don’t need this new window feature to do it
That is by no means necessarily the case. For example, if a notebook is taken into the field and is not on the LAN.
A lot of companies are implementing better VPN tech (like SD-WAN, Nebula by Slack, etc), or at the least Microsoft Intune to ensure your corporate laptop is reachable anytime it’s connected to the internet.
My work laptop is a brick until it establishes a VPN tunnel back to the home network. There are ways to ensure the device only works how the company wants it to.
Windows has some kind of built-in VPN feature that auto starts and will otherwise not give you any network access. Add on top of that some corporate firewall and you basically can’t sneeze around your laptop without IT knowing.
deleted by creator
If you’re suspected of something and law enforcement can get a subpoena, you’ll have to hand over the contents of your microsoft keylogger, actually microsoft will hand over your contents from their keylogger.
The damage is mitigated by the fact it only recalls last 3 days by default
deleted by creator
Forensic data recovery. How many 500GB drives ship to PCs that never use more than 20% of that?
deleted by creator
The article references family, domestic violence, employers, and fraudsters but doesn’t really focus on legal liability.
deleted by creator
Before you said that it was specifically addressed. Interesting shift of the goal post.
deleted by creator
deleted by creator
Are Microsoft a big, evil company?
A. No, that’s insanely reductive. They’re super smart people, and sometimes super smart people make mistakes. What matters is what they do with knowledge of mistakes.
I have no doubt there are smart employees, but they don’t call the shots. Case in point.
The dude set up a strawman argument, then didn’t even bother to burn it down properly.
Being super smart and super evil are NOT mutually exclusive. Intelligence =|= morality.
Wasn’t Lex Luthor supposed to be Tony Stark levels of intelligence?
Why reach for a fictional example when so many real world examples exist? Just curious because I think of Bezos, Musk, and to a lesser degree Gates as examples of smart people doing bad things. I mean there’s several very smart people that have done good things as well but those are harder to come by. Even people like Alfred Nobel created something he thought would save the lives of miners only for his invention to be used for war. Einstein also did a lot for the advancement of theoretical physics and his work was subsequently used as the foundation of the atomic bomb. It’s actually way harder to come up with a Tony Stark type smart “good guy” in the real world for me because reality is often far more grey.
I don’t think of Bezos, Musk, or Gates as exceptionally intelligent. They are lucky and influential, sure. Intelligent? Musk is automatically out just because of his Twitter feed. The other two haven’t shown themselves to be particularly intelligent, just ruthless and efficient when it comes to generating profit.
As far as the other side of that coin, I tend to agree. Most of the really intelligent people that have existed have been pretty grey morally speaking.
Hence why I went with fictional examples. At least with Lex Luthor, there’s very little grey area in his moral stances.
Gates is insanely intelligent, like demonstratably so. Musk and Bezos are also very highly intelligent people. Do they have terrible, awful, even downright despicable views? Absolutely. But don’t be fooled, all three of those people are incredibly smart with actual high IQs (not in the braggart, “I have a very high IQ.” sense either).
Intelligence doesn’t translate to empathy or wisdom. Some of the least book smart people I’ve met have been profoundly wise at times, and some of those same people were incredibly empathetic. Unfortunately, I think all three of those people (Musk, Bezos, and Gates) are lacking in those traits, but saying they aren’t in fact measurably intelligent is only fooling yourself.
I say this as someone who was raised by a measurably very highly intelligent person who could be, and was, a complete monster at times, and had some really twisted views on the world/other people. Lucky for me I didn’t inherit that innate Intelligence I guess!
Is musk really intelligent? He’s not dumb but honestly seems like most of his success is from buying things and or getting smart people under him who are able to succeed despite his medlling. The ideas he forces through tend to be bad. Giga factory was largely a disaster and he had to relearn manufacturing. Giga casting? Dead. A lot of the super heavy stuff he’s directly influenced failed or are drawing out the timeline as the struggle to address. Cybertruck and semi…
Musk and Jobs are/ were highly effective psychopaths. Not geniuses in an academic sense but incredibly shrewd and calculated.
Gates, Bezos, Zuck, Page and the likes are very intelligent and very confident. Like I wouldn’t be able to one up any of them in a debate, but I wouldn’t be afraid of them trying to destroy my life out of spite.
Hiring smart people and seeing market opportunities and executing on those opportunities absolutely are skills. It’s the same sort of skills Hitler had, where most of the genius lies around organising people around a common goal.
A lot of companies either get the smart people, time market opportunities perfectly, or execute perfectly on a clear vision, but very few do all three at the same time and tend to fail. The first (lots of smart people) run out of money, the second is the “too early” group and their ideas get taken by someone else, and the third spends their resources going in the wrong direction.
Elon Musk wasn’t successful because he knows a lot about electric cars or rockets, he was successful because he saw an opportunity, secured enough funding, hired the right people, and focused those people in the right direction.
You can be incredibly smart in one area and incredibly dumb in others. Elon is great at pitching an idea to get funding, and using that funding to hire the right people. He fails when he overrides those smart people.
These totally normal human beings you sound like you deify…are you their psychiatrist, psychologist, therapist, counselor? Short of those professions or a former tutor who happened to treat all three…
Well, interesting thing to devote anecdotal brain power to, I’ll tell you that.
Yeah totally that’s why I said they were basically morally corrupt and used them as an example of smart people doing bad things… Maybe your judgement is a bit clouded?
As we get older, I tend to agree with the supervillains.
Lex Luther wants a weapon to counter this insanely strong, invulnerable Superman that can destroy the planet … I’m like: Yes we should
Magneto considers mutants superior and if humans wage war, then mutants have the right to wage war back, and win. Survival of the fittest. If I was a mutant, I would be on Magnetos team.
Magneto wanted supremacy, not equality, and was willing to use genocide of non-mutants to get it. And Lex Luthor was a narcissist who was jealous of Superman’s power and popularity; he wasn’t acting for the benefit of humanity, he was acting in his own interests.
Every good villain has mostly justifiable motivations, they just take it too far. Magneto would be justified if he sought equality, and Luthor would be justified if he developed but didn’t use the weapon until Superman did something evil.
The only justifiable amount of force is just enough to neutralize an active threat, and no more.
https://www.middleeasteye.net/opinion/zone-of-interest-oscars-banal-dreams-nazi-settler-colonialism
On what morality is: This was a quick read about what enables dehumanization and mass atrocity, as relevant to both history and ongoing fascistic settler colonial imperialism.
A rotten apple spoils the bunch.
If this is a mistake that they made, they’re not smart. If anything, they super dumb.
They’re evil.
Unpopular Opinion: This is why Microsoft were such assholes about making sure Windows 11 required a modern TPM and this is also why they are forcefully rolling out Bitlocker encryption turned on by default on all Windows 11 PCs.
Is Recall still a fucking stupid idea? Yes, resoundingly so. But they’ve half-ass considered the risks, it seems. The forceful rollout of Bitlocker is dumb and short-sighted in its own right, and it wouldn’t make a person completely secure from outside attacks rooted in a Recall exposure.
Hardware controls are meaningless if an attacker gets you to click on a dodgy link in a phishing email or you fall for a social engineering scam when “Microsoft” calls you because your computer has a virus.
Theoretically, Microsoft could protect against most attacks. Apple has done it by making it increasingly impossible to touch kernel level stuff without an MDM. Every release they lock up more of the system. It means they are drifting toward iOS on their Macs, where the user doesn’t own their device, but it is an effective blocker to stuff like this, baring zero day kernel issues.
I think that is where Microsoft is headed, but they also aren’t able to let go of backward compatibility, so they really aren’t getting any closer to a system that is secured enough to handle such sensitive data.
Most compromises live in user space. Locking down the kernel is great and all but “most attacks” are running as the logged in user doing operations that user is permitted to do.
I am shocked there is even a single downvote on this comment. parent is 110% right. a kernel level compromise in the vast majority of exfiltration events its just needless (but nifty) icecream on top of the pain pie being served to the user.
Even on userland stuff Apple controls tightly. If they want to require a user to manually click, they will get that. If they want it to be a physical mouse and keyboard doing it, they will get that too. They own the device, and have complete control, not the user or “owner”.
Umm, no. Just…yeah, no.
The main problem with this theory is that Microsoft is absolutely abysmal at user end security, and they always have been. Frankly, they do not understand the issue.
But, more to the point, the whole TPM/secure boot stuff is a compromise; originally (I think this was about the time of Vista), they partnered with OEMs to have them include a DRM chip that made it literally impossible to install any non-windows OS on your laptop. They’ve managed to still get an implementation of TPM that makes switching your OS too confusing/difficult for the average user.
Anyway, bottom line is they only care about money, and they neither care or even understand the security needs of the end user.
Nah dude. TPMs have always been about implementing DRMs. These companies hate that they can’t control our PCs, they want to be sure we can only run their approved apps. Like it works in iOS and (to a lesser degree for now) in Android. And even there they are pushing hard for even more restrictive DRM.
For example, some years ago I worked with a SaaS that implemented and sold some security products. One of our customers was a big retailer (for specialized products, not going into more details to avoid doxxing) that was having a problem with scalpers buying all their inventory as soon as they released it. So they were trying to put a show for regulators about stopping scalpers because their customers were complaining. We suggested that the only real solution was to have some real life verification of purchases. But in the end they went with the awful attestation APIs offered by Apple and Google to “fix” this. And in case you are not familiar, these APIs are just TPM based DRMs. So now, if you have a rooted/jailbroken phone you can’t even buy with this retailer anymore.
Note that this company wasn’t trying to fuck customers directly, they were just lazy and incentivised to not really fix the problem (a sale is a sale, even if to a scalper). But even then the end result is that their customers got their digital freedom rights restricted. It’s just a terrible technology IMO, the incentives from companies are all terrible. And that’s before we start considering the real intentions of awful companies like Microsoft, Apple and Google. IMO they are actually pushing for techno feudalism, but that’s my conspiracy theory hahaha.
So no, I doubt they were thinking about security with this recall bullshit. As other people have explained in their comments it doesn’t really protect much in practice. Plus this whole AI push has just been a stupid scramble from these companies to grab a big piece of the stupid AI pie from other companies hahaha, there is no long term plan here, don’t lie to yourself and us.
Because Windows not only encrypts the system disk (C:) but also all connected hard drives
And they’re gonna just enable it without asking if i want all my hard drives encrypted first?
Yes.
24h2 will explicitly be using it by default.
That’s not an unpopular opinion, it’s an outrageously stupid and uninformed one and you should keep it to yourself.
TPM is not about giving you control over your computer.
As much as I lean to hate this despite it not even affecting me as a Linux user…
I’m going to structure this as a Q&A with myself now, based on comments online
What is that? “I’m going to pretend to ask questions that I’ll then answer myself the way I think it’ll outrage that most people do I’ll get a lot of clicks on this shitty article”? What crappy excuse for content creation is this? I hate it.
I follow Kevin on Mastodon. He’s the real deal and is absolutely not interested in the clicks or outrage. He’s trying to make it accessible.
Agreed. The way i took it was “i am going to write ‘questions’ based on the concerns people are commenting online and give the answers to those things people are interested/worried about”
Eh, they could have written it differently, each time hypothesizing that someone might wonder XYZ, but I appreciate the brevity of this format. And I do not think that the questions or answers are unreasonable.
Do you mind calling out the questions you think are inappropriate or exist for rage clicks? What constitutes a good article for you if this is a shitty one?
You may not but the customer support rep at a company that had your info uses windows. Same for the insurance companies, various government agencies local with limited it experience as well as national.
I saw that as anticipating the questions they’ll get regarding this article and pre-answering them.
Stopthatgirl7 and inflammatory headlines, name a more iconic duo.
Edit: Reminder to self: do you really want these kinds of posters in your media feed?
I get the security issues, sure, those are valid, but the privacy ones are even worse. Imagine a teenager trying to search information on being gay, or possible intrusive thoughts on their family computer, only for their super maga right wing parent to find it in the screenshots.
Or someone being abused at home and searching for support facilities, deleting history and being outed by recall.
Wait, how about credit card fraud as a result of EVERYONE who has access to this computer can read your cc data?
Or, my husband was looking at jewelry online yesterday and he hasn’t told me, he must be cheating, right? Oh sorry, I forgot, our anniversary is next week… Hahahaha, don’t be upset babe.
Best one ever though, imagine your search history, your porn watch history accessible to anyone with access to your computer? The fucking horrific existence of having an employer process this data at scale using fancy staff monitoring program 7, and run stats on the fact that you had a toilet break while working from home, and they want to know if it was a number 1, or a number 2 so they can work a mean time to shit metric into your KPA/scorecard.
Guys, whatever benefit you think this is. It’s not worth it.
Ultimately privacy is part of security so, if anything, everything you mentioned is just more reinforcements that this is a major security concern.
As someone that has been obsessed with tech since being a kid in the 90s I think the tech side of this is super cool and very exciting stuff. As a user, though, I only like this if I’m the one implementing and using it. I do not trust a mega corporation (or really any company) to “leave it locally on my computer and totally not use that data for other purposes”. Right now it’s supposed to be (as far as I last heard) only on your machine but we’ve seen EULAs and TOS’ etc change many times over the years but especially over more recent years as data continues to be king and data like this is a literal bottomless diamond mine.
I know this isn’t your point but it’s just worries I have in addition to your points. And let’s not even start about what this means for law enforcement abuse. No thanks, I’ll wait for a FOSS equivalent that at least gives me and the community the opportunity to evaluate how it works.
Couldn’t you use a separator to make it one line of code? That way it’d be even more dangerous
I did an interview where the candidate said that if it’s one line, it runs in constant time. And they were completely serious. And this was in the context of Python list comprehensions.
They claimed this ran in constant time:
new_list = [value for value in my_list]Whereas this ran in linear time:
new_list = [] for value in my_list: new_list.append(value)We asked clarifying questions, like what happens to the runtime if the list gets really large, and they doubled down.
And this was for a senior Python dev position… No, they didn’t get the job.
Runs in constant time doesn’t ring a bell to be honest…do you mean instantly?
No, constant time means it’ll take the same amount of time whether you have 10 items or 10,000.
A list comprehension will take roughly the same amount of time as a for loop, it’s just syntactic sugar.
deleted by creator
Thanks!
Not sure why you needed to downvote my honest question, maybe the candidate dodged a bullet there, he he he.
I didn’t downvote.
If this was a junior candidate or something, I may have let it slide. But this was a senior candidate, which means they are supposed to be a technical leader for the team. I can’t have someone in that role with such fundamental misunderstandings. There were more red flags than just that one, I also don’t fail people for one gaff (e.g. I just passed a senior that bombed the coding challenge, but it was obvious they were over-thinking it).
Are you… Are you saying EVERYTHING can be hacked with one line of code?
Ever since those Aliens brought us their ancient and mysterious line separator tech, we have all we need to do just that!
Independence day was indeed a great movie. Who would have thought they also use X86 architecture?
Even supposing I didn’t care about the security implications of this, why on earth would I want this functionality? I can barely keep up with all my activities in the present moment, let alone the past. It’s like a morbid and pathological unification of nostalgia and hoarding.
THIS IS NOT CURRENTLY RUNNING ON MY WINDOWS COMPUTER, right?
This obvious first question hasn’t been clarified (maybe by one comment in this thread, but not in the article)
From The Verge’s obsequious article:
Recall won’t work with every Windows 11 computer. You’ll have to buy one of several fresh new “Copilot Plus PCs” powered by Qualcomm’s new Snapdragon X Elite chips, which have the neural processing unit (NPU) required for Recall to work.
And from the article in the OP:
I got ahold of the Copilot+ software and got it working on a system without an NPU about a week ago,
They are using that to sell NPU bullshit to the stupid people crazy enough to be excited by it.
Then down the road they’ll push it in an update for everyone, I wager.
What even is a NPU, if it’s not necessary for the software to work?
Most of the newer CPU’s have an NPU already, Microsoft just set a higher performance requirement for NPUs to be officially labeled an “AI PC” which they are pushing hard.
deleted by creator
You’ll have the icon on your taskbar if it is. You can also hit Meta+J to check
deleted by creator
I cant believe they are including this in enterprise edition too.
They usually keep their dirty spyware out of the enterprise editions to avoid losing corporate clients who dont want their secrets easily pluckable.
My hospital will be freaking the fuck out about this right… about…. Now.
deleted by creator
They may not have a choice, depends on how aggressively they want to push this crap.
Maybe in the future it can be used by managers to keep an eye on what their underlings are doing at all times. I suggest calling the manager’s remote version Microsoft Panopticon.
Ask yourself what this feature is actually useful for. Ignore the concerns of privacy just what can this really do.
Its not really needed for copilot, if it wanted to capture what you were doing it would directly update the internal model, no reason for the slide show of your action.
No besides wasteing disk space this is for:
- Gaming youtubers to get a screen shot of something when they were not recording
- Some screen shots of history when searching not better than the file/website preview really
- Tracking and logging what the end user is doing so when audited by the manager/it they can use it as proof you are not doing it right/are inefficient /should ve fired
By all means a company can disable this in policy im sure, but its for the enterprise not the end user. (and yes stored locally, but if you delete the laptop when they want to inspect it that likely is all the excuse they need)
Benefit to my org is getting billers to look for untracked time, which would equate to some percentages of revenue increase in my opinion.
Just need to balance it with security concerns…
enable for roles with more locked down PCs and tasks the companies hope to automate, and disable on more core mission critical IT…
deleted by creator
The full article is well worth reading. It’s good to find a lucid, logical deconstruction of why, precisely, this will be a complete disaster.
I’m really hoping valve does a public steamdeck OS release. I’d like to replace windows on my PC with Linux and have windows as a backup, but the Linux distro I’m the most familiar with is the steam deck’s distro, and that’s not available outside of steam decks yet.
SteamOS is arch based and uses KDE Plasma as the default DE, so you could probably run Endeavour OS and be pretty darn close
You’re gonna get lots of suggestions, lol.
I’d say look at Zorin. It’s a Ubuntu-based distro so it has lots of support, and also has several baked-in themes to customize your desktop the way you want it right out of the box. You can make it look like Windows 7/10/11 or macOS without any other apps or themes, which might help your transition.
Zorin is excellent!
deleted by creator
Bazzite has been designed to be an out of the box SteamOS distro. It’s not based on Arch, so if that’s what you’re familiar with then that’s not the same, but give it a try.
thanks Microsoft
pleasetellmeyoucaninferthesarcasmfromthispost
We should have let the government actually break up microsofts monopoly long ago. Now they will abuse it to force millions of Americans to use their spyware.
Microsoft, stop giving me Red Star OS flashbacks. (If im not mistaken, it records your screen and stores it in a police-only folder)
It’s basically the same shit at this point
As reasonable the concerns are… it seems like there’s quite a bit of fearmongering over software and hardware that haven’t even really gotten into the mainstream yet.
Do you think it would be a better idea to wait until it’s installed and active on every Windows computer before we start a discussion on how bad Copilot is?
Only computers that can run it… are pretty much none of the computers running 11 today. The CPU needs to have an NPU, as the AI functionality is run locally on the PC.
Go look at all the Windows PCs announced in the last few months and you will see they have NPUs. So again, why would we wait until it is too late to try to stop this nonsense?
Also the “AI” may run locally but it saves the info into an easily accessible and readable SQLite database in the users AppData. It will be trivial for malicious actors to access.
@Blaster_M @Spuddlesv2 Apparently you can run it in an Azure ARM windows VM. Wanna try?
I heard this same argument from people all the time. Until it affects you in a meaningful way to change your mind, it’ll be too late.
The writing style is a bit weird, but I think the concerns are valid. That sqlite file is a treasure trove for hackers/scammers.
