• Mereo@lemmy.ca
    link
    fedilink
    English
    arrow-up
    163
    ·
    5 months ago

    They will just enable it by default later when the heat passes. They always do. You no longer own Windows.

    • lectricleopard@lemmy.world
      link
      fedilink
      English
      arrow-up
      26
      ·
      5 months ago

      Never did. It’s just more and more obvious with each new “feature” that it’s built for monetization, not for user functionality.

      • Mereo@lemmy.ca
        link
        fedilink
        English
        arrow-up
        18
        ·
        5 months ago

        In the '90s and early 2000s, Microsoft’s business model was the classic one of selling products to customers. Today, it’s all about the cloud, advertising, and AI, where the product is the user.

    • yeehaw@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 months ago

      My prediction is essentially one day windows pcs will be Linux that act like thin clients that go to windows 365.

  • Geyser@lemmy.world
    link
    fedilink
    English
    arrow-up
    89
    ·
    5 months ago

    “The ability to disable the…feature during the setup process…” does not mean opt in, that means opt out.

    Knowing windows setup, you need to click customize during the setup process and then go through several setup pages before you’re presented this option (or have to dig into additional/advanced settings to find it).

    Most people won’t do this, won’t know how to do this, or will receive the pc with the initial setup complete and won’t know if this is on or off.

    • Norgur@fedia.io
      link
      fedilink
      arrow-up
      51
      ·
      5 months ago

      And even if you find it, it will have an idiotic and obscure name, like “advanced history experience” or something absolutely nondescript

      • teft@lemmy.world
        link
        fedilink
        English
        arrow-up
        32
        ·
        5 months ago

        Also when you try to disable it they will use all sorts of dark pattern pop ups to dissuade you from disabling it.

      • MudMan@fedia.io
        link
        fedilink
        arrow-up
        13
        ·
        5 months ago

        The exact wording, which, again, is in the article you didn’t bother to read before posting, is “Quickly find things you’ve seen with Recall. Recall helps you find things you’ve seen on your PC when you allow Windows to save snapshots of your screen every few seconds”.

        Seriously, I don’t even like the feature. I will absolutely turn it off, just like I did Timeline, and I expect it’ll be gone in the next version, just like Timeline was.

        But I did look at the stupid article before posting. So there’s that.

        • Norgur@fedia.io
          link
          fedilink
          arrow-up
          14
          ·
          edit-2
          5 months ago

          So, are we done berating everybody passive-aggressively with just a sprinkle of condescension? Because maybe, just maybe, I was making a remark about the general practice of Microsoft to hide stuff behind nondescript bullshit names (especially in non-English versions where the English bullshit name gets translated literally most of the time, which yields even more nondescript results).

          Maybe, just maybe, you chose the wrong comments to act up on “PeOpLe NoT rEaDiNg ThE aRtIcLe” when all that was posted about was inconsequential stuff about the precise clicks needed to turn a feature off that’s not even in the respective menus yet. So this is not someone talking bullshit because they misunderstood the headline about a murder case or something.

          All that was said was about practices Microsoft has abused into oblivion: Hiding stuff behind obscure menus and hiding stuff behind obscure names. The comments made were a persiflage of exactly that.

          Maybe, just maybe, the precise placement and wording in a menu that doesn’t even exist yet is a topic inconsequential enough that people will not read the tenth article about the general subject (Copilot becoming “opt-in”) to make sure they wouldn’t miss this super irrelevant point to the story. A point which you guessed from screenshots that haven’t reached production yet (even if they are likely to go into production as shown, it can still change), so your condescending attitude is based on wobbly grounds.

          There are tons of articles where people post absolutely wrong and quite absurd stuff because they didn’t read the article. Some of them even matter (politics, world events). So let’s criticize people when they don’t read through actually important articles before posting, and agree that it’s okay to not read the exact article posted on unimportant sidenote stuff if one knows about the thing in general. Because if I’d be only allowed to comment on the article posted itself, I wouldn’t need Lemmy, I could just comment on the site that posted the article in the first place.

          Besides: You did notice that you commented on two different people, yes? Because you sure sounded like you didn’t read the usernames before commenting and thought you always replied to the same guy.

          • MudMan@fedia.io
            link
            fedilink
            arrow-up
            5
            ·
            5 months ago

            That is a very long rant to agree with me in that you care enough to rant about this online but not enough to read past the headline.

            So no, I have no intention to shut off the condescension, there is nothing passive about my aggression and people absolutely don’t read the article regardless of how important they feel the issue is. Yesterday this was all about the most important threat to the security of the average cosnumer, now it’s “unimportant sidenote stuff”. Somebody should have told MS how unimportant it is, could have saved the devs the crunch to fix it by the time it ships in 10 days.

            For the record, you’re right about how hard it is to find things sometimes in localized versions of OSs. That’s true of all of them, though, and I blame the fact that we’re all stuck here speaking the haegemonic language and reading about tech only in English while local journalists struggle to stay relevant, so we learn all the brand names and settings in English despite the software itself being available in localized versions. But that’s a whole other conversation.

            • Norgur@fedia.io
              link
              fedilink
              arrow-up
              4
              ·
              edit-2
              5 months ago

              So your reply is, “but other people don’t read…”? Yeah, I’m not “other people”, so stop making me a scapegoat for behavior you’ve seen elsewhere (and on which I agreed with you, btw).

              Yet, you misunderstood my comment: Copilot is important. It not being encrypted is important (and hilariously naive). Where they put the turn on or off option in the setup menu ultimately is not. I wrote that pretty clearly. Didn’t you read my answer? That was the only information I could have gotten from the article I didn’t have already. Thing is: If I had read it (from a Screenshot I wouldn’t have seen anyway because I normally use reading mode, no less), I would still have commented on the dark patterns Microsoft uses to get you to send your “telemetry” to them.

              I have since skipped through the article and literally the only thing in there I didn’t know were those stupid screenshots. So why the heck would I read the article when I had read others just like it?

              You just saw something you’d been irritated about in other places and treated me (and others here) as if we were the offenders behind the things you saw as well, lashing out without provocation and felt justified because “it happens all the time”. While some of that’s correct, the people you went and “showed’em” aren’t the source of all evil, so skip the scapegoat bullshit and be civil towards people you’ve never talked to before, will ya?

              • MudMan@fedia.io
                link
                fedilink
                arrow-up
                4
                ·
                5 months ago

                Yeah, see, here’s how I know I’m not scapegoating you and you also didn’t read it.

                The article clearly explains they WILL in fact encrypt it and require a passkey to access it once per session.

                So yeah, no, my condescension is exactly about you. And others. But also you.

                • Norgur@fedia.io
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  5 months ago

                  Are you really this dense? The whole opt-in thing comes because Researchers found that Recall wasn’t encrypting shit and there was already a tool out to scrape this data automatically (Totalrecall). That was what I mentioned there. Come on, you must be trolling now. This is just laughable. But so you can’t be half-read my comments and make it fit your argument again, it’s even in the bloody article:

                  Microsoft’s changes to the way the database is stored and accessed come after cybersecurity expert Kevin Beaumont discovered that Microsoft’s AI-powered feature currently stores data in a database in plain text. That could have made it easy for malware authors to create tools that extract the database and its contents. Several tools have appeared in recent days, promising to exfiltrate Recall data.

            • conciselyverbose@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              5 months ago

              This is still a huge threat, because their “mitigations” are a joke. The only possible way this can be an acceptable feature is if it is built from the ground up with security as the primary concern. You can’t “tack on” security at the end and get a secure product.

              If security was in any way a consideration, there is no path to shipping anything where the database is unencrypted at any point. Not in an insider build. Not as a tech demo. Nothing.

              • MudMan@fedia.io
                link
                fedilink
                arrow-up
                1
                ·
                5 months ago

                I mean, no, that’s dogmatic weirdness. The feature is secure if the feature that is live is secure. Software isn’t magic, it doesn’t have karma, it works the way it works.

                Now, this is as secure as whatever they ship, but even assuming it’s ironclad it’s still a bad feature. You do not need an automatic screengrabber to remember what you did yesterday. Every piece of work software you may need to reopen has a recent files list, Windows has a file search function, browsers have a history. You have a brain. You don’t lose track of so much stuff that you need to be recording your entire activity just in case. This is a bad gimmick that covers no use case, just like Timeline was. And because it’s a bad useless feature the logical thing is to turn it off and forget about it, which is why everybody seems to have memory holed that Timeline ever existed.

                You guys really don’t need to get weird about it for it to be a bad idea, but since they’re railroaded into shipping it, at least it’s better to ship it with proper encryption and authorization features. Still turn it off, though.

                • conciselyverbose@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  5 months ago

                  The feature that is live cannot possibly be secure. That’s the entire point.

                  If you do not design every element that interacts with user data very consciously and deliberately around controlling access properly, you cannot get a result that is not massively vulnerable to bad actors. Security is a core design principle. It cannot possibly be achieved after the fact.

    • umbrella@lemmy.ml
      link
      fedilink
      English
      arrow-up
      34
      ·
      edit-2
      5 months ago

      not to mention they are known to re enable telemetry on systems after updates.

      i doubt this will be any different.

    • MudMan@fedia.io
      link
      fedilink
      arrow-up
      11
      ·
      5 months ago

      There is a screenshot of the opt-in screen in the article. There is no default, just two buttons to say yes or no.

      I swear, outrage should only be allowed based on the amount of work one is willing to put in before expressing it. If you don’t do the reading, you don’t get to be publicly angry. It’d save us all so much trouble.

      For the record, the feature was always optional, as per the original announcement. Presumably the change is it is now part of the setup flow where it was going to be a settings toggle instead.

      Which is, incidentally, how this used to work the first time Windows had this feature, back when it was called “Timeline” in Windows 10.

      • Geyser@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        5 months ago

        The screenshot doesn’t show preceding flow to reach it, but I did miss the “requires windows hello to enable” bit, which does suggest that wherever it is, it would have to be opt-in.

        • MudMan@fedia.io
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          5 months ago

          It doesn’t because that’s one of the four or five screens during the initial Windows setup where you opt in and out of all the other spyware features. They all look the same and are prompted in sequence. Unless they’re doing something very weird you absolutely have to make a choice on each of them and they are unskippable otherwise.

          I mean, you don’t have to know, if you don’t know Windows you don’t have to recognize them. But if you do it’s pretty obivous, so you… you know, could have asked or looked it up.

          Or gone through the link, because come on, you didn’t. You were obviously just reacting to the headline.

      • Ibuthyr@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        The problem with MS is how they change these things in the future. It may be a clear choice now, but they will find a way to make it easier to “accidentally” opt in, or they’ll simply change it to an opt-out. They’ve been doing this sort of bullshit for quite some time now.

        • MudMan@fedia.io
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          They really haven’t. Their onboarding flow has included this exact type of forced option for advertising data, location data and bug reports for what now? A decade, give or take? They have a very specific design language for these.

          Plus, and I keep reminding people of this and they keep forgetting, they already made this feature once. It was on Windows 10, it was called Timeline, everybody turned it off and they never did much to change that, instead just adding a less intrusive offline version of it and ultimately removing it by the launch of 11 until… well, now.

          What I don’t understand is why you guys are so set on this specific list of grievances. You don’t need to dismiss the improvements they are making. They are improvements and they are a good thing.

          If you are set on rooting for or against OSs (and why would you, stop it, that’s weird) you can instead just point out that… well, the feature itself is still garbage. Even with a default opt out, even assuming it’s fully secure. It just covers no valid use case, unless you’re starring in Memento II. It remains a security vulnerability because social engineering and shared computers are a thing. It is exactly as dumb and useless as Timeline was, and there’s a reason nobody remembers that happened. The lack of AI search really, really isn’t why that failed.

          You don’t need to come across as a paranoid conspiracy theorist making up slippery slopes to keep criticising this about the things they are actually fixing. There are plenty of valid issues with it at a fundamental design level they are not changing. Being so wildly speculative about the eeeeevil corporate MS lying to us just makes the criticisms sound less valid when the actual thing they are doing is still pretty useless at best, and most likely really bad.

          • Ibuthyr@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            Look, I use Microsoft products. I have since PC-DOS became MS-DOS. You are plain wrong. Just look at the whole fiasco where MS is practically forcing users to tie their windows license to an account. It used to be easy to circumvent, nowadays it’s hidden like Waldo. They constantly do this shit. Stop shilling for corporations.

            • MudMan@fedia.io
              link
              fedilink
              arrow-up
              1
              ·
              5 months ago

              It is amazing to live in a world where pointing out that a feature is a trainwreck is “shilling for corporations”.

              That’s the part I just don’t get. Why you guys need people to be in denial or toeing a certain line, facts be damned. It’s not enough to be critical, people have to be critical at all times, of all things in the exact way everybody else is.

              The account crap is not a valid counterexample. Windows 11 (Home, at least) was always explicitly presented as requiring an account. The methods to install without it were always an usupported workaround. It does suck that they went the Apple path and traded up-front price for data mining, I would absolutely prefer the alternative on principle, even if I was already logging in on Win10 for work reasons. If there was a natively compatible Windows alternative without this requirement I’d default to that. My Windows installs have most of the related features disabled, where I can do that. I just recently got to a place where I can disable OneDrive now and I am incredibly happy about it, since we’re talking about it.

              But it’s not a slippery slope, it’s them gradually closing the unsupported loophole that was keeping some people from flipping out about it as it becomes clearer that vas majority of user are, in fact, logging in with a MS account.

              This is a datamining feature that is immediately unpopular and they are actively backtracking on it. There is clear precedent for this exact same functionality and it didn’t go that way. That’s not shilling, that’s just how reality worked last time this happened. Literally this. The same feature implemented in a very similar way.

              Again, there is plenty of legitimate stuff to complain about here. A lot of it is terrible even after the changes to opt-in and security. You don’t need to make up a fictional future scenario where they un-fix the stuff they are fixing. You can dislike the fixed version for actual, good reasons without having to sound like a weird online cultist.

      • tigeruppercut@lemmy.zip
        link
        fedilink
        English
        arrow-up
        11
        ·
        5 months ago

        Even without all the invasion of privacy implications, I’m skeptical it would even work. Source: 20 years of “Windows is checking for a solution to the problem” that has never worked even once.

        • FaceDeer@fedia.io
          link
          fedilink
          arrow-up
          4
          ·
          5 months ago

          I’ve actually had those troubleshooters work for me several times in recent years. Mostly fixing networking issues.

          • tigeruppercut@lemmy.zip
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            I guess for the basic stuff I do when I’ve had programs crash I’ve never seen it do anything, but nice to know it’s not completely useless

            • FaceDeer@fedia.io
              link
              fedilink
              arrow-up
              5
              ·
              5 months ago

              Frankly, this is one of the areas I’m most looking forward to seeing what integrated AI can do for Windows. A couple of months ago I was having trouble with getting my printer to work and what I ended up doing was taking a screenshot of the printer settings and pasting the literal image of the screen into Bing Chat to ask it what I was doing wrong. It was able to parse my settings out of the image and figured out what I needed to change to make the printer work.

              Having a troubleshooting AI like that that can actually “read” the entire state of my machine would be great.

    • gravitas_deficiency@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      5 months ago

      Remember when making a Microsoft cloud account was optional during Windows installs, and it was trivia to skip/opt out?

      Pepperidge Farm remembers.

      They are 100% going to do the same thing here.

  • NaibofTabr@infosec.pub
    link
    fedilink
    English
    arrow-up
    56
    ·
    edit-2
    5 months ago

    Ok, let’s assume (for the sake of argument) that everything is on the up-and-up, and Microsoft will behave in a completely equitable and user-friendly way with regard to this feature going forward. Where does that leave us?

    There is a spyware feature built into Windows 11. It is off by default, but a malware that wants to capture this kind of information doesn’t have to install anything, and it doesn’t have to run any background processes that might get caught by a system monitor or blocked by application whitelisting. All it has to do is turn this built-in feature on, and then exfiltrate the data later.

    Setting this off by default doesn’t remove the security issue.

    • sugartits@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      5 months ago

      Ok, let’s assume (for the sake of argument) that everything is on the up-and-up, and Microsoft will behave in a completely equitable and user-friendly way with regard to this feature going forward

      This is so fantastical that there’s no point in even having the hypothetical discussion about it.

  • DefederateLemmyMl@feddit.nl
    link
    fedilink
    English
    arrow-up
    50
    ·
    edit-2
    5 months ago

    They’re just going to do a classical boil-the-frog operation:

    • Step 1: Make it opt-in and present it as the new cool thing.
    • Step 2: Make it opt-out, and if the users opts out, show a scary warning about how the cool thing won’t work anymore.
    • Step 3: Silently opt-in, and hide the opt-out option deeply in a settings menu.
    • Step 4: Silently opt-in, remove opt-out, but it still works with a registry hack. Microsoft apologists will still thinks it’s cool because “just use this simple registry hack bro”.
    • Step 5: Remove opt-out alltogether, and silently opt-in everyone who had previously opted out.
    • Step 6: Enjoy their boiled frog!
  • rob200@lemmy.cafe
    link
    fedilink
    English
    arrow-up
    28
    ·
    5 months ago

    I still don’t trust Microsoft. I hadn’t bought a Windows since Windows 10, and this won’t change that.

    • kboy101222@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      30
      ·
      5 months ago

      Cause they’re going to show a pop-up that advertises some “cool new feature”, and the 99% of users who aren’t tech literate will say yes and never think about it again.

      People on this site severely overestimate how much the average person cares and their overall level of tech.

      • aStonedSanta@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        Yup. Average user doesn’t know what pop or imap is and can’t use their tv remote to change an input.

    • pixel_prophet@lemm.ee
      link
      fedilink
      English
      arrow-up
      11
      ·
      5 months ago

      People will be deceived into opting in via some UI anti pattern like they do with the online user accounts and onedrive now.

    • floofloof@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      5 months ago

      Because they’ll add it to the list of coercively and deceptively worded questions they force you to answer before you can use a WIndows account, phrase it so as to sound useful and harmless, and have a big friendly “Sounds great!” button and a tiny “No thanks, I prefer my life to be shit” link.

  • the_doktor@lemmy.zip
    link
    fedilink
    English
    arrow-up
    18
    ·
    5 months ago

    …says the company that wanted to destroy every bit of your privacy. I don’t care what they “promise”, don’t listen to them.

    Microsoft is finished. Install Linux.

  • MushuChupacabra@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    5 months ago

    If it’s an embedded feature, then I categorically refuse to trust that I the user will have sole control over the on/off toggle.

    I am basing my suspicions on Microsoft fucking around with my user settings over several decades and Windows iterations.

  • Autonomous User@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    5 months ago

    Do they really think we believe any of their lies? We don’t control Windows, anti-libre software (it fails to include a libre software license text file, like AGPL). Dangerous! 🚩

    • BearOfaTime@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 months ago

      I suspect Group Policy will be fully effective at disabling this, and there’s a documented way to prevent it being installed and to remove it.

      Imagine a massive corporation built on Risk Management, legal constructs and regulation, such as Wells Fargo, Capital One, CSC, Bank of America, etc, suing the pants off MS because this caused a leak of something, especially some data that’s strictly regulated.

      MS wouldn’t stand a chance. Those places have ruthless legal organizations that know their world inside and out.

  • tomkatt@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    5 months ago

    Microsoft will just enable it via an update once all the fervor dies down. They haven’t abandoned the plan, and won’t, not while your data is pure profit for them.

    Hell with them, no more Windows PCs in my home. I’m sick to death of everyone and their mother trying to both advertise to me and sell my data without my permission and at zero benefit to me.

    • towerful@programming.dev
      link
      fedilink
      English
      arrow-up
      15
      ·
      5 months ago

      Browser history was implemented before companies massively abused privacy.
      It was an honest feature for users.
      We also learned a lot about security regarding password/credential extraction from browsers.

      Windows Recall might be an honest feature. It might be super secure and really useful.
      But Microsoft doesn’t have the trust to pull this off

        • conciselyverbose@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          Exactly.

          Actual security happens from the ground up. It’s the first consideration of every step of every module of code that has any interaction with user data.

          The fact that there was any version anywhere near shipping to anyone that resulted in an unsecured database being accessible to other programs tells you that it’s not possible that it’s secure.

  • Sensitivezombie@lemmy.zip
    link
    fedilink
    English
    arrow-up
    6
    ·
    5 months ago

    No one is going to opt-in to having screenshots taken of their activities on the OS. If no one opts-in then it will hinder Microsoft’s original plan of collection such data for copilot. Along comes the new marketing language to soften the approach and they still collect data.

  • IninewCrow@lemmy.ca
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 months ago

    *Windows won’t take screenshots of everything you do after all (that the company will admit to without you knowing)— unless you opt in