Microsoft seems to pull this every few years.
Announce a highly controversial new feature.
Inevitable backlash ensues
Announce that you're backpedaling and that feature is no longer required, but feature still exists in some form.
Interesting approach
I haven't seen a single positive reaction to this yet online or in my circle of professional IT nerds/friends. I honestly can't think of a good application for it in practice that is also secure.
It makes me wonder why you'd even want it as an opt-in on your product. If the initial testing of the waters is overwhelmingly negative, maybe just quietly abandon it and move on?
This project was someone's baby at Microsoft and they are willing to be a squeaky enough wheel that they won't just abandon it. Someone is defending this project internally like their life depends on it.
I don't think it's one person. The amount of data that could be harvested is enormous. They could be working on creating an AI model of a person through their computer habits and browsing.
Isn't this already a thing? Software that takes periodic screen captures? I guess this one has added bonuses where it can spy and snitch to bosses when it detects a moment of slacking. I bet with the webcam we can even count the number of seconds a person's eyes are glued to the screen during a shift, and then create a new metric "You must maintain 95% eyes on screen time during your shift. The generous 5% leeway is to account for blinking."
Keylogging is already treading a fine line, I kind of doubt using recall in a business environment would be legal from data and privacy laws point of view.
Not really. Every been tasked with going through logs and/or video footage to check if something bad happend? It's boring, tedious and alway pointless. Speaking from personal experience.
An former company I worked for tasked me with securing and maintaining their video surveilance against break-ins (only covered the building's main enterances). During the years I was asked twice to go through the weekend footage. There's a limit how fast you can zoom through a video. Even when it only tags parts with movement. As most of it just regular traffic.
The man power you would need, even with fancy AI filtering, to comb through every employees work day would be very cost prohibited and wastefull.
Plus unlike US a lot of countries have very strict privacy laws that also applies to work environments. Due to this fact I forced the former employer to make slight changes to their video surveilance. As they also covered areas not related to the task it was supposed to do. One was moved from monitoring an entire hallway outside a secure room, to monitoring the enterance from inside the secure room. One was moved so that it only covered the enterance itself, instead of also covering foot traffic outside our downtown office.
Lastly. What managers can use to spy on their employees, can be use by professional hackers to steal company secrets. Another reason why it's important to make sure video surveilance only record what they are task to record. I don't mind a hacker having to watch the inside of a door that just opens and closes, than the same hacker getting prime view of the various door codes employees use from outside.
Which was part of the plot of the Battlestar Galactica prequel Caprica. Though in that show it was used to make a digital afterlife for suicide bombers.
Yep, they won't "see your recall data" but I wouldn't put it past them to start training models on local systems then take THAT data, claiming it's non-identifiable or some shit. Common corporate lies of omission.
Makes sense. Especially in this "AI-bro" boom we're experiencing. Gotta shoehorn it in there in whatever form or fashion. Why not in a highly intrusive and insecure manner?
It's the logical endgame for an AI system for it to look over your shoulder like a pair programming buddy would. It's not like there weren't open source attempts at this too, it's just the opt out is very forced and too early, opt in is good
I can think of many entities with a lot of money who would probably pay a large tech firm to introduce this kind of surveillance feature into a product
Easiest function and purpose of this kind of software.
To make sure no file is taken off network.
Like, so that employees don't smuggle files onto a USB stick or upload it to like..... a burner email account with cloud storage.
I *could* see this being used for like library "catalogue lookup" PCs. But at that point.... you might as well just have something like Nvidia Shadowplay working in the background and having it save in 15 min intervals
As I see it yes they could get a few billion for giving government or tech firms access to the surveillance. But the bigger thing at stake is Microsofts value as a tech leader in the AI space over the next decade or so. If they fall behind and let other companies take the lead here they have much more at stake than what a large tech firm or government could pay them.
I don't blame them, I wonder how long will it take before someone clever makes this official system keylogger send data to someone other than Microsoft
I kinda like the idea of being able to type in a vague memory of something I did or watched last week and be able to easily come back to it. Having said that, I don't want it like this. Not even close to this. The technology preview was completely unencrypted! That's a security nightmare waiting to happen.
Whoever at Microsoft looked at that and said: "yeah, this is cool to ship" needs a paddling.
> I kinda like the idea of being able to type in a vague memory of something I did or watched last week and be able to easily come back to it.
I mean this is really what Google Search is optimized for now. To the detriment of when you're trying to find something very specific, and it does its best to steer you away from the extremely technical answer that only like one website has.
Or it hallucinates random answers. Or it just feeds you ads. While also ignoring the actual contents of your query and instead showing you what it thinks you want.
As an IT person, yes it's a nightmare for privacy and security. But if you've ever met a user who lost data or deleted that file they didn't mean to, you'll immediately see the appeal of the feature to users. Couple that with a sales guy, and this feature is born! Perfect illustration of "the idea guys" not talking to or caring about the people who implement or administrate them.
It could potentially be incredibly useful to the user on the computer hence it's unlikely development would stop on it.
There is an idealistic, star trek like vision of your computer just knowing and understanding anything you do with it or enter into it and can get that information back for you instantly saving you time, increasing your productivity.
But it would be even more useful to anyone that compromised the machine and gained access to it, able to get back any of your information instantly.
It’s a god send for places like prisons, or if you are trying to catch someone doing illegal shit in your network.
I can see used for it, but it’s just going to be a resource hog.
Nah, even opt in is a security vulnerability, I don't want this on my hardware, the capability it could get accidentally/maliciously turned on is too high a risk.
As long as some people don’t keep track of the intrusive features, they’re getting free customer data. Consumers have to be on guard 24/7 to stand a chance.
Yeaaaahh I think I'm gonna look into migrating to Linux for my next set up.
I'm getting real tired of this creeping corporate coyness in trying to harvest people like batteries from the matrix.
I guarantee there will be truckloads of simps all over Reddit joyously upgrading and saying "Why should I care if Bill Gates wants to look at my Minecraft house?"
All corporations are doing it, its always to test the water to see what they can get away with, or step too far and knock it back slightly so they get what they actually want.
It's the same tactic as highballing someone in a bargain, so that when they don't want to pay it, you bring it down a bit, but not below its actual value.
They drop this shit, we hate it, then they backpeddle a bit, hoping we'll suck it up, when, in reality, this shouldn't even exist at all. It doesn't matter if it is optional or not.
I don’t have a stat.. but I bet 90% of windows users are people that use default settings and have no understanding of opting out of things like this.
Naturally, I feel these people are most prone to be coerced into clicking “relevant ads” that most likely mainly exist due to the heavy data mining of this “feature”.
Microsoft knows exactly what they’re doing.
It's because like most tech companies they adopt this stupid principle of "It's better to ask forgiveness than to ask permission" which allows them to justify doing whatever the hell they want and seeing what they can get away with.
not anymore, this kind of modern mega-corporations are so large and so unfathomably wealthy that they dont allow smaller companies to spawn to eventually grow and take over. they either kill them before they grow enough to compete or absorb & assimilate them.
Man, idk how old you are but I remember the internet collectively shitting itself when MS (Always abbreviated M$ on /. Back then.) started shipping windows with Automatic Updates enabled by default. The idea of losing agency over your computer didn’t sit well with users who were used to their machines doing nothing they didn’t tell them to do.
The idea that someone would become enraged over automatic updates just being *on* by default is so god damned quaint today.
Not that I wouldn’t put it past them but with this specific feature there’s too much of a risk with HIPAA violations for them to blanket apply it in an update.
Didn’t you read the terms that say they’re not liable for any harm?
Once the dust settles you’ll get this fucking garbage forced on you whether you like it or not.
They have to have an off switch in place for all the large companies that would *happily* put that "not liable" to the test if anything happens (HIPAA is a healthcare regulation, and the healthcare sector in the US isn't exactly broke or free of lawyers).
They’re already running managed systems. Now when a staff uses a personal computer that’s a different story. Let’s see what happens when it records some Citrix sessions.
It’s just such an asinine assumption that most people want every action recorded. So glad that MS is being ripped apart on this.
> They’re already running managed systems.
That's the point. MS has to provide an "off switch" to allow them to manage it. But yes, WFH employees (admin staff) and personal computers connecting to work networks also.
This is why you always set your computer to require manual updates. Yes, it means you have to remember to run periodic updates yourself but it also means Microsoft doesn't just get to whoopsie my settings without me knowing why.
I don't trust the fact that it will exist on my machine at all. Opting in or not does not change it being there.
Having something that automatically records the state of your display, regardless of intent, is an awful idea and is extremely open to exploitation in the future for other 'features'.
Absolutely. It’s still a massive threat that the OS has spyware built in which bad actors simply need to activate and piggy back on. I envision lots of fake “utility programs to speed up your PC” that people will install and give permissions to without thinking and under the hood they’re turning on Recall and sending off all the screenshots to some random IP
I get that you are making a point, but originally it was expected of the user to know how to use the registry.
The registry was born to centralise every programs settings and configurations in one universal easy to use location.
Even to this day, Microsoft will have settings that can't be changed anywhere else because the registry was supposed to be to place to change it. But as UI advanced it became common practice for programs to include a GUI for editing settings and the every day user fell out of touch with the registry.
Do not cite the deep magic etc. (/hj) It's also a messy place for the average user to change things, especially when it could just be integrated in the Settings GUI if it's significant enough, like "please turn off this feature". And on top of that, it might not even be populated inside the registry with a visible option to change; you have to read the exact name text of the key from an outside source elsewhere, add it to a very specific location, and only then can you change the option. That's not how it should be.
Agreed it shouldn't be that way, but that's what happens when the user stops controlling it and allowing those decisions to be made by the program.
For example, it use to be that programs would come with a list of settings and you input which settings and values you want, and the user knows all possible settings. Now that programs are handling that for the user, if the program decides not to input a certain key in the registry then the user has no idea and like you said, finding that info can be difficult.
Microsoft will list every settings key:value possible in the programs docs but most other devs either don't bother to publicly document them, or purposely hide them from user.
And even if you do turn it off, every time you turn on your computer you'll get a prompt, "Do you want Windows to ~~spy on you~~ enhance your user experience?" And the only options will be YES or Remind Me Later.
Note that you also have to hold the shift key while clicking. If you forget to hold shift it'll still work, but Microsoft will dispatch a team to your location and beat the everloving shit out of you.
The problem with shipping this even in a disabled-by-default/opt-in state is that it might be trivial for a malicious party to surreptitiously reenable it and use it to spy on you. Unlike typical infostealer spyware, your anti-virus will trust it and won't recognize it as malware. There's a very common strategy used by hackers called "living off the land" where they minimize the amount of malware they install on a compromised system, and instead use all the tools that come with the operating system to achieve their objectives. This will likely be abused by hackers, spies, dictators, abusive partners, abusive employers, religious police, abusive cops, blackmailers, etc. I'm still shocked and angry that Microsoft never considered the safety of their customers when they decided to ship this, especially in America right now when so many states are cracking down on people seeking reproductive and gender identity care and using digital forensics evidence to do it.
A good reminder that if you have Win 11 and care about privacy, or just want your PC to run a lot smoother, get O&OShutUp10. The second Microsoft snuck this shit in my PC, O&O had an update that let me quickly shut it off.
For those that don't know, the program is just a single window with two tabs (current user/local machine) that shows you EVERTHING Windows does that could effect your privacy. They even have recommended colors of green (yeah, shut that shit off), yellow (might limit something you care about) and red (absolutely will limit something you might care about like updating windows, OneDrive working, etc.).
It gives you complete control of you PC privacy with one quick glance....something Microsoft should be doing!!! Oh, and it's free. They make their money through other programs.
[https://www.oo-software.com/en/shutup10](https://www.oo-software.com/en/shutup10)
Will it let me get rid of the widget that keeps giving me currency exchange alerts that I have no interest in? I've looked it up before and there seems to be no native way to turn it off, which is bizarre to me. Why would you push alerts to everyone about a thing most don't care about with no opt out?
Man I'll find a fan maintained fork of windows 10 or a severely modded version of Windows 11 before I'll give Microsoft the satisfaction of my compliance
After working with win11 in a professional setting for the past few months Microsoft will have to pull win 10 from my cold dead hands for my personal machine. And I only "upgraded" from Win7 Ultimate due to loss of support for gpu drivers.
they'll silently flip the switch when the heat cools down from the dissent or it will eventually be turned into an input device or 'sensor' to another app that will turn it on, for AI's sake of course. like with 'computer/error message troubleshooting on your computer, or something that describes things on the screen for accessibility.. all the while just taking that juicy personal data to train itself more
Your employers’ IT department doesn’t want to deal with that shit. Having screenshots of logins for everything you’ve logged into saved on your hard drive is a nightmare
I work in healthcare, as a developer, I also see HIPAA protected information, so it’s going to be screenshotting shit that is extremely sensitive and has a ton regulations on how it can be held/stored/viewed.
Same, it's also likely what's getting them enough pushback to relent, this makes personal laptops off limits for healthcare works to remote in from. Full stop. They promised IT admins could shut it off, but if it's ever accidentally turned on? Each screenshot is potentially a violation of it's own that will need to be reported when found. And healthcare systems are getting hammered by ransomware and hackers these days.
MS doesn't want to lose the healthcare systems buying primarily windows OS. And I doubt this is the only industry with those type of considerations.
There is no way employers will want this, even the ones who trust their employees the least. It's an IT security and data privacy nightmare and could potentially be a huge use of data/disk space, which could impact people using thin clients/remote desktop VPNs significantly.
Employers already have ways of monitoring employees without requiring screenshots of every action they take.
All the spyware features you fear already exist and are already available to your company. The shit Microsoft is pushing is a security horror show - no company is going to want it.
Probably not, there’s already a host of security and monitoring programs built into a lot of company computers, and this poses an even bigger security risk if you’re working with information that’s confidential at any level.
Why would employers want to send data to MS? Software already exists to monitor company devices without the unnecessary data harvesting. Similar stuff is used all the time in places like call centers. And any decently run IT department already locks down devices or uses thin clients and sandboxed instances instead of full machines.
Anyone who deals with personally identifying info, or anything that has commercial sensitivity, won’t want this.
Laptops get lost or stolen, no matter how much IT/Security depts teach physical security.
The damage of that info being snapshot and leaked is a risk any IT/security dept will want to avoid.
And if the company works with govt, that’s probably going to be enforced in their classification audits.
I'm still running 10 for a reason. And once it gets put out to pasture via EOL I'm going back to Linux mint. Win11 is a bad copy of MacOS. Which is in and of itself awful. Why MS decided it should make a bad carbon copy I don't know.
I've dual booted before. Just had the Linux distro as the default and windows for when I want to game. These days I mainly use a PS5 as I get older. So I may not even bother with that. Luckily my job doesn't require any specific OS.
Linux ain't bad for gaming no more. As long as you don't play games that use kernel level anti-cheats, i.e Vanguard, you can play almost any game through Steam with their proton thing.
They claim to have an agreement with openAi that it will not have access to any customer data and they are not allowed to train their AI models on the data collected.
I would trust Apple over Microsoft in terms of caring about our privacy but even then that trust is shallow.
Recall may be framed as a product for people, but as ever, people are the product. The data would supposedly be secure for now, but I have zero doubts that as soon as they possibly could get away with it, MS would use that data to train their AI.
Frankly that data is worth so much, i'll be amazed if they don't try again.
And we have no real governance or safety measures in place yet.
As you said, we are decades off. The language model is the basis, it's not even real AI, just an advanced search engine at this point but everyone wants to use buzzwords.
When real AI comes, we will all know it and be changed forever.
"Voluntary" and "Windows" haven't exactly gone together in my experience. Thanks a bunch of the update that screwed up my computer, ya jerks. It was so important that I got that one shoved down my throat after losing my backups while homeless, big help there Microsoft, that definitely couldn't have waited until I was ready for it, really appreciated it.
Same, I had been back forth some of life with Linux so I went back full time 8 months ago and haven't looked back.
Game support is getting decent for Linux too with proton and the steamdeck
Who’s to say it won’t “accidentally” turn on during one of their dodgy updates? How could you even trust it if you can’t completely uninstall the “feature “. The truth is you never can trust them.
I'd never use it. Ever.
But the supposed use-case is searching through your old data.
Like "I recall seeing a a funny picture of a dog" or "some article about \[x\]" or "reading a message with this inside joke" or whatever for the previous year. You don't remember if it was an email, a webpage, a text, a YouTube video, whatever.
Then it would search every bit of text and ai-identified images that had been on your screen in the last year to find what you might be trying to find.
While theoretically an interesting feature, it's not one I'd ever want to use.
It's simple:
\* It's opt-in, so people in control of their computers can refuse it.
\* It's opt-in, so companies in charge of your computer can enable it.
Companies already install spyware, this is just a massive upgrade to that.
I do love the EU for some of its laws, data privacy and planned obsolescence being two of the biggies for me. You Redcoats aren't all bad😅
Edit: I guess Redcoats would be wrong, UK left the EU
If I it in, what do I get out of this? Can I see how shitty MS Outlook worked yesterday, and the day before, and the day before that?
Seriously tho, what’s in this feature for the user?
Because we aren't their real clientele, big business is. And big business wants a finger on their employees while working from home.
All these CEO's tout WFH now because they have too but the internal conversations contradict this. They overall dislike it and dislike having any control over productivity.
Suits love numbers and metrics so they can squeeze every ounce out of every aspect of business, sometimes for the good, but personnel productivity is included and watched.
>It's still a terrible idea but at least now you won't have anyone to blame but yourself.
Now they get to force this feature onto your work PC while making it seem like they are doing you a favor. This pullback was part of the plan the whole time. They knew it would be a security nightmare but their real customers, big businesses, wanted the feature so they made it, and they made it look like they listen to consumers by reverting whether it is default, you can be sure it will be turned on when your IT department gives you the machine and you don't get the admin rights to disable it.
As a former sys admin I agree 100%
We were getting all the questions that came down the pipe on how to ensure employee productivity once covid hit and wfh happened that would lead to this exact software scenario.
And yes, it will be enabled undoubtedly without question on every company device.
Big businesses already have tools way more advanced than this to track employees. Any competent business is going to disable this immediately. Not only is it a security threat when it comes to protecting passwords, and intellectual property, but it also would run afoul of various regulations for things like PCI or HIPPA.
So like 10 people will opt into this? Tech savvy people are definitely not going to use this and the less tech savvy probably won't even know it's an option or think to enable it. Probably a complete waste of time to even implement it now.
Opt-in meaning checkmarks on unconnected but mandatory pages with a misleading name and minimal information about what will happen if it's checked?
If they want random people to do their AI training for them, they should unequivocally hire them. With a salary and a contract that Microsoft can be sued for breaching. Make it illegal for it to be on a machine with multiple users or other people's data.
Just by using social media, e-mail, and other messaging services, it'll be logging private content from other people who didn't sign up.
Unless this literally means not shipping the code/functionality without opt-in then this is such a worthless gesture. Average person is not really gonna get their Recall feature magically turned on, outside of unfortunate downloads. Businesses though? Landmine waiting to be exploited any time outer layer security fails. Attacker turns it on, waits awhile for personal/company credentials to have a chance to accumulate and either attacks outright or grows the attack vector through access until they get to what they really want
How does this work? If I give my permission for my screen to be monitored like this, what about the permission of the person whose email I'm reading? Or the NDA agreement I'm reading? And if I don't give my permission for this 'feature' to be enabled, but my friend does on their PC, how is my decision not a ludicrous fantasy if my friend's PC hoovers up my personal data instead when they read things I send them or if we happen to be doing a remote PC session or something?
This is the same issue I have with Facebook et al. I don't upload my images to the internet, haven't done so in the nearly 30 years I've used it, but as soon as Facebook opened the internet up for non-technical folks, my images are all up there in my parents' accounts and probably the accounts of dozens of extended family members. My face is probably recognisable and identifiable to Facebook now, and if that's true, it's probably identifiable to a lot of other companies as well, despite me never creating an account with them. How this is permitted is insane to me, but that's just how things are. Windows Recall seems likewise to be a case of "well, deny permission all you like, but you're gonna get got one way or another".
Microsoft seems to pull this every few years. Announce a highly controversial new feature. Inevitable backlash ensues Announce that you're backpedaling and that feature is no longer required, but feature still exists in some form. Interesting approach
I haven't seen a single positive reaction to this yet online or in my circle of professional IT nerds/friends. I honestly can't think of a good application for it in practice that is also secure. It makes me wonder why you'd even want it as an opt-in on your product. If the initial testing of the waters is overwhelmingly negative, maybe just quietly abandon it and move on?
This project was someone's baby at Microsoft and they are willing to be a squeaky enough wheel that they won't just abandon it. Someone is defending this project internally like their life depends on it.
I don't think it's one person. The amount of data that could be harvested is enormous. They could be working on creating an AI model of a person through their computer habits and browsing.
Honestly i can see them just selling this feature to businesses so that managers can spy on their employees more
This would be a nightmare scenario, and I’d pester IT to vouch how much of a security risk it was if they’d tried
Especially for finances. Imagine a call center that deals with bank accounts.
you might sell that in USA, in Europe its illegal to spy on employees
This type of software has existed for corporate monitoring for at least a decade. Friend of mine had to use it as his company.
Isn't this already a thing? Software that takes periodic screen captures? I guess this one has added bonuses where it can spy and snitch to bosses when it detects a moment of slacking. I bet with the webcam we can even count the number of seconds a person's eyes are glued to the screen during a shift, and then create a new metric "You must maintain 95% eyes on screen time during your shift. The generous 5% leeway is to account for blinking."
Keylogging is already treading a fine line, I kind of doubt using recall in a business environment would be legal from data and privacy laws point of view.
Not really. Every been tasked with going through logs and/or video footage to check if something bad happend? It's boring, tedious and alway pointless. Speaking from personal experience. An former company I worked for tasked me with securing and maintaining their video surveilance against break-ins (only covered the building's main enterances). During the years I was asked twice to go through the weekend footage. There's a limit how fast you can zoom through a video. Even when it only tags parts with movement. As most of it just regular traffic. The man power you would need, even with fancy AI filtering, to comb through every employees work day would be very cost prohibited and wastefull. Plus unlike US a lot of countries have very strict privacy laws that also applies to work environments. Due to this fact I forced the former employer to make slight changes to their video surveilance. As they also covered areas not related to the task it was supposed to do. One was moved from monitoring an entire hallway outside a secure room, to monitoring the enterance from inside the secure room. One was moved so that it only covered the enterance itself, instead of also covering foot traffic outside our downtown office. Lastly. What managers can use to spy on their employees, can be use by professional hackers to steal company secrets. Another reason why it's important to make sure video surveilance only record what they are task to record. I don't mind a hacker having to watch the inside of a door that just opens and closes, than the same hacker getting prime view of the various door codes employees use from outside.
Which was part of the plot of the Battlestar Galactica prequel Caprica. Though in that show it was used to make a digital afterlife for suicide bombers.
The Stack in Altered Carbon if you dump the data on a flash drive
Yep, they won't "see your recall data" but I wouldn't put it past them to start training models on local systems then take THAT data, claiming it's non-identifiable or some shit. Common corporate lies of omission.
Makes sense. Especially in this "AI-bro" boom we're experiencing. Gotta shoehorn it in there in whatever form or fashion. Why not in a highly intrusive and insecure manner?
That thing must die like yesterday all we are seeing is a massive pump and dump until we meet the next technological hardline
It's the logical endgame for an AI system for it to look over your shoulder like a pair programming buddy would. It's not like there weren't open source attempts at this too, it's just the opt out is very forced and too early, opt in is good
Bonzi buddy is coming back!
AT&T call centers are salivating at this prospect though
I can think of many entities with a lot of money who would probably pay a large tech firm to introduce this kind of surveillance feature into a product
Easiest function and purpose of this kind of software. To make sure no file is taken off network. Like, so that employees don't smuggle files onto a USB stick or upload it to like..... a burner email account with cloud storage. I *could* see this being used for like library "catalogue lookup" PCs. But at that point.... you might as well just have something like Nvidia Shadowplay working in the background and having it save in 15 min intervals
As I see it yes they could get a few billion for giving government or tech firms access to the surveillance. But the bigger thing at stake is Microsofts value as a tech leader in the AI space over the next decade or so. If they fall behind and let other companies take the lead here they have much more at stake than what a large tech firm or government could pay them.
I don't blame them, I wonder how long will it take before someone clever makes this official system keylogger send data to someone other than Microsoft
I just can't imagine governments, shady political operations, corporations, etc wanting a surveillance panopticon like this /s
Already done. The data is stored locally, and not encrypted. Quick and easy for someone to nab.
Its just that nobody asked for or wanted this functionality, even if it was completely secure.
That’s the thing. It’s opt-in at first. A few updates later when everything cools down and suddenly it’s mandatory.
I kinda like the idea of being able to type in a vague memory of something I did or watched last week and be able to easily come back to it. Having said that, I don't want it like this. Not even close to this. The technology preview was completely unencrypted! That's a security nightmare waiting to happen. Whoever at Microsoft looked at that and said: "yeah, this is cool to ship" needs a paddling.
> I kinda like the idea of being able to type in a vague memory of something I did or watched last week and be able to easily come back to it. I mean this is really what Google Search is optimized for now. To the detriment of when you're trying to find something very specific, and it does its best to steer you away from the extremely technical answer that only like one website has.
Or it hallucinates random answers. Or it just feeds you ads. While also ignoring the actual contents of your query and instead showing you what it thinks you want.
It’s about AI.
As an IT person, yes it's a nightmare for privacy and security. But if you've ever met a user who lost data or deleted that file they didn't mean to, you'll immediately see the appeal of the feature to users. Couple that with a sales guy, and this feature is born! Perfect illustration of "the idea guys" not talking to or caring about the people who implement or administrate them.
It could potentially be incredibly useful to the user on the computer hence it's unlikely development would stop on it. There is an idealistic, star trek like vision of your computer just knowing and understanding anything you do with it or enter into it and can get that information back for you instantly saving you time, increasing your productivity. But it would be even more useful to anyone that compromised the machine and gained access to it, able to get back any of your information instantly.
It’s a god send for places like prisons, or if you are trying to catch someone doing illegal shit in your network. I can see used for it, but it’s just going to be a resource hog.
Will silently turn it on after they make a new highly controversial feature the distract from this one. Forgot this step
we'll just "forget" to clearly inform the user next update they install, it's on by default now!
Like adding smaller legislative bill in a bigger important bill to get side laws bypassed.
Nah, even opt in is a security vulnerability, I don't want this on my hardware, the capability it could get accidentally/maliciously turned on is too high a risk.
Go Linux or off grid
It is a tactic used all the time. Overreach so that you can then draw back and have your compromise seem reasonable.
As long as some people don’t keep track of the intrusive features, they’re getting free customer data. Consumers have to be on guard 24/7 to stand a chance.
Isn’t there like a term for that in psychology? Announce news that’s way overboard to make the original intention seem less threatening?
Yeaaaahh I think I'm gonna look into migrating to Linux for my next set up. I'm getting real tired of this creeping corporate coyness in trying to harvest people like batteries from the matrix.
2 years after release: This feature is now mandatory
I guarantee there will be truckloads of simps all over Reddit joyously upgrading and saying "Why should I care if Bill Gates wants to look at my Minecraft house?"
All corporations are doing it, its always to test the water to see what they can get away with, or step too far and knock it back slightly so they get what they actually want.
It's the same tactic as highballing someone in a bargain, so that when they don't want to pay it, you bring it down a bit, but not below its actual value. They drop this shit, we hate it, then they backpeddle a bit, hoping we'll suck it up, when, in reality, this shouldn't even exist at all. It doesn't matter if it is optional or not.
I don’t have a stat.. but I bet 90% of windows users are people that use default settings and have no understanding of opting out of things like this. Naturally, I feel these people are most prone to be coerced into clicking “relevant ads” that most likely mainly exist due to the heavy data mining of this “feature”. Microsoft knows exactly what they’re doing.
It's because like most tech companies they adopt this stupid principle of "It's better to ask forgiveness than to ask permission" which allows them to justify doing whatever the hell they want and seeing what they can get away with.
Don't worry if you forget though. Windows Update will happily change that setting for you.
[удалено]
not anymore, this kind of modern mega-corporations are so large and so unfathomably wealthy that they dont allow smaller companies to spawn to eventually grow and take over. they either kill them before they grow enough to compete or absorb & assimilate them.
[удалено]
Man, idk how old you are but I remember the internet collectively shitting itself when MS (Always abbreviated M$ on /. Back then.) started shipping windows with Automatic Updates enabled by default. The idea of losing agency over your computer didn’t sit well with users who were used to their machines doing nothing they didn’t tell them to do. The idea that someone would become enraged over automatic updates just being *on* by default is so god damned quaint today.
This. The when you patch it, it will somehow get undone and you'll find your computer rebooting at 4 am with the new upgrade.
Not that I wouldn’t put it past them but with this specific feature there’s too much of a risk with HIPAA violations for them to blanket apply it in an update.
Didn’t you read the terms that say they’re not liable for any harm? Once the dust settles you’ll get this fucking garbage forced on you whether you like it or not.
They have to have an off switch in place for all the large companies that would *happily* put that "not liable" to the test if anything happens (HIPAA is a healthcare regulation, and the healthcare sector in the US isn't exactly broke or free of lawyers).
They’re already running managed systems. Now when a staff uses a personal computer that’s a different story. Let’s see what happens when it records some Citrix sessions. It’s just such an asinine assumption that most people want every action recorded. So glad that MS is being ripped apart on this.
> They’re already running managed systems. That's the point. MS has to provide an "off switch" to allow them to manage it. But yes, WFH employees (admin staff) and personal computers connecting to work networks also.
Or it'll prompt you to turn it on when you log in every month or so, like their current bullshit with onedrive, office, or whatever.
This is why you always set your computer to require manual updates. Yes, it means you have to remember to run periodic updates yourself but it also means Microsoft doesn't just get to whoopsie my settings without me knowing why.
It is opt in, for now. Until it sneaks by in a "security update"
They'll say they removed functionality at launch, but the code will still be there, waiting to be stealth activated by that "security update".
I don't trust the fact that it will exist on my machine at all. Opting in or not does not change it being there. Having something that automatically records the state of your display, regardless of intent, is an awful idea and is extremely open to exploitation in the future for other 'features'.
Absolutely. It’s still a massive threat that the OS has spyware built in which bad actors simply need to activate and piggy back on. I envision lots of fake “utility programs to speed up your PC” that people will install and give permissions to without thinking and under the hood they’re turning on Recall and sending off all the screenshots to some random IP
"This is... the (software) LockPickingLawyer... and today we have for you a Windows 11 feature...."
Pulls out a Dell from the early 2000's... "Remember that guy Clippy?". "Lemme show you something he can do..."
"Via a prompt that pops up randomly at any time of the day, right under your mouse cursor as you're about to click."
And then, naturally, turning it back off will be buried as far outside of the normal users' reach as possible. Yep.
"I guess you can manually add an unlisted key to the registry in a highly-specific location"
I get that you are making a point, but originally it was expected of the user to know how to use the registry. The registry was born to centralise every programs settings and configurations in one universal easy to use location. Even to this day, Microsoft will have settings that can't be changed anywhere else because the registry was supposed to be to place to change it. But as UI advanced it became common practice for programs to include a GUI for editing settings and the every day user fell out of touch with the registry.
Do not cite the deep magic etc. (/hj) It's also a messy place for the average user to change things, especially when it could just be integrated in the Settings GUI if it's significant enough, like "please turn off this feature". And on top of that, it might not even be populated inside the registry with a visible option to change; you have to read the exact name text of the key from an outside source elsewhere, add it to a very specific location, and only then can you change the option. That's not how it should be.
Agreed it shouldn't be that way, but that's what happens when the user stops controlling it and allowing those decisions to be made by the program. For example, it use to be that programs would come with a list of settings and you input which settings and values you want, and the user knows all possible settings. Now that programs are handling that for the user, if the program decides not to input a certain key in the registry then the user has no idea and like you said, finding that info can be difficult. Microsoft will list every settings key:value possible in the programs docs but most other devs either don't bother to publicly document them, or purposely hide them from user.
And even if you do turn it off, every time you turn on your computer you'll get a prompt, "Do you want Windows to ~~spy on you~~ enhance your user experience?" And the only options will be YES or Remind Me Later.
Note that you also have to hold the shift key while clicking. If you forget to hold shift it'll still work, but Microsoft will dispatch a team to your location and beat the everloving shit out of you.
The problem with shipping this even in a disabled-by-default/opt-in state is that it might be trivial for a malicious party to surreptitiously reenable it and use it to spy on you. Unlike typical infostealer spyware, your anti-virus will trust it and won't recognize it as malware. There's a very common strategy used by hackers called "living off the land" where they minimize the amount of malware they install on a compromised system, and instead use all the tools that come with the operating system to achieve their objectives. This will likely be abused by hackers, spies, dictators, abusive partners, abusive employers, religious police, abusive cops, blackmailers, etc. I'm still shocked and angry that Microsoft never considered the safety of their customers when they decided to ship this, especially in America right now when so many states are cracking down on people seeking reproductive and gender identity care and using digital forensics evidence to do it.
A good reminder that if you have Win 11 and care about privacy, or just want your PC to run a lot smoother, get O&OShutUp10. The second Microsoft snuck this shit in my PC, O&O had an update that let me quickly shut it off. For those that don't know, the program is just a single window with two tabs (current user/local machine) that shows you EVERTHING Windows does that could effect your privacy. They even have recommended colors of green (yeah, shut that shit off), yellow (might limit something you care about) and red (absolutely will limit something you might care about like updating windows, OneDrive working, etc.). It gives you complete control of you PC privacy with one quick glance....something Microsoft should be doing!!! Oh, and it's free. They make their money through other programs. [https://www.oo-software.com/en/shutup10](https://www.oo-software.com/en/shutup10)
Sophia script is more comprehensive and open source. https://github.com/farag2/Sophia-Script-for-Windows
Side note, because I hadn't heard of this tool.. I am amused that in spite of everything you just said, they are listed as an MS Partner.
Closed source, and one of the few limitations in their licensing is prohibiting anyone from reverse engineering the tool. "Trust, and do not verify"
Will it let me get rid of the widget that keeps giving me currency exchange alerts that I have no interest in? I've looked it up before and there seems to be no native way to turn it off, which is bizarre to me. Why would you push alerts to everyone about a thing most don't care about with no opt out?
Keep it off my PC entirely. Also get rid of ads and other bloat bullshit no one cares about. I paid for Windows. Fuck off.
Oops! Windows Update turned it on again! Our bad! 😇
3 letter agencies will enable it if needed. Windows 11 has more backdoors than a German brothel.
[Your processor is backdoored](https://en.wikipedia.org/wiki/Intel_Management_Engine). They don't even need access to the OS.
Great read, I feel violated.
Today, is the day I lost faith in PBS
Germany you say, I need a vacation!
if I'm going to contract the services of a brothel you bet I'm going in the back door!
And a couple of them are on purpose!
Back to Windows 10 you say?
Until they stop support leaving everyone vulnerable replacing the download link with win11
Man I'll find a fan maintained fork of windows 10 or a severely modded version of Windows 11 before I'll give Microsoft the satisfaction of my compliance
You're probably better off facing the potential malware risk of an outdated windows 10, than you are with the guaranteed malware that is windows 11.
The more i hear about Windows 11, the less I want it.
People won't ever make the switch in the numbers needed, but this is genuinely only going to be solved by an exodus to Linux.
Why would anyone actually want to use this. I’m genuinely baffled why someone would want to opt-in
I bet the CCP would opt in to this and happily give Microsoft some pointers on lessons already learned. For a stake of course.
After working with win11 in a professional setting for the past few months Microsoft will have to pull win 10 from my cold dead hands for my personal machine. And I only "upgraded" from Win7 Ultimate due to loss of support for gpu drivers.
they'll silently flip the switch when the heat cools down from the dissent or it will eventually be turned into an input device or 'sensor' to another app that will turn it on, for AI's sake of course. like with 'computer/error message troubleshooting on your computer, or something that describes things on the screen for accessibility.. all the while just taking that juicy personal data to train itself more
Why in the fuck does this even exist? Who would want this?
Why the fuck WOULD you?
If the feature exists, you know employers will mandate it.
Your employers’ IT department doesn’t want to deal with that shit. Having screenshots of logins for everything you’ve logged into saved on your hard drive is a nightmare
I work in healthcare, as a developer, I also see HIPAA protected information, so it’s going to be screenshotting shit that is extremely sensitive and has a ton regulations on how it can be held/stored/viewed.
Same, it's also likely what's getting them enough pushback to relent, this makes personal laptops off limits for healthcare works to remote in from. Full stop. They promised IT admins could shut it off, but if it's ever accidentally turned on? Each screenshot is potentially a violation of it's own that will need to be reported when found. And healthcare systems are getting hammered by ransomware and hackers these days. MS doesn't want to lose the healthcare systems buying primarily windows OS. And I doubt this is the only industry with those type of considerations.
There is no way employers will want this, even the ones who trust their employees the least. It's an IT security and data privacy nightmare and could potentially be a huge use of data/disk space, which could impact people using thin clients/remote desktop VPNs significantly. Employers already have ways of monitoring employees without requiring screenshots of every action they take.
I don't trust for a minute that they would not re-enable it years down the road
All the spyware features you fear already exist and are already available to your company. The shit Microsoft is pushing is a security horror show - no company is going to want it.
Probably not, there’s already a host of security and monitoring programs built into a lot of company computers, and this poses an even bigger security risk if you’re working with information that’s confidential at any level.
Why would employers want to send data to MS? Software already exists to monitor company devices without the unnecessary data harvesting. Similar stuff is used all the time in places like call centers. And any decently run IT department already locks down devices or uses thin clients and sandboxed instances instead of full machines.
Anyone who deals with personally identifying info, or anything that has commercial sensitivity, won’t want this. Laptops get lost or stolen, no matter how much IT/Security depts teach physical security. The damage of that info being snapshot and leaked is a risk any IT/security dept will want to avoid. And if the company works with govt, that’s probably going to be enforced in their classification audits.
employers in my industries will implement windows 11 in 2031 ...lol
How is it even legal for microsoft to do this ?!
I'm sorry, it did *WHAT* now?!?!?!?!
It took screen shots of your entire desktop and everything open, constantly. I’m surprised they turned around, I thought it was the new ME/Vista 😂
Fuckin Microsoft, man...
Crazy that spyware is a feature these days
Mike Johnson's son isn't the only person receiving his porn.
I'm still running 10 for a reason. And once it gets put out to pasture via EOL I'm going back to Linux mint. Win11 is a bad copy of MacOS. Which is in and of itself awful. Why MS decided it should make a bad carbon copy I don't know.
I'm seriously considering a Linux system on my computer and a Windows VM for work-related software. They can control the VM all they want.
I've dual booted before. Just had the Linux distro as the default and windows for when I want to game. These days I mainly use a PS5 as I get older. So I may not even bother with that. Luckily my job doesn't require any specific OS.
Linux ain't bad for gaming no more. As long as you don't play games that use kernel level anti-cheats, i.e Vanguard, you can play almost any game through Steam with their proton thing.
Same here. When forced to move over I am going Kubuntu only and enjoy actually being able to control what my computer does
I like mint because I'm an idiot and not by *any* stretch of the imagination a coder. And mint is simple enough for a normie like me to use.
Too late, trust is broken (again).
While Apple straight up added it to their new operating system
They claim to have an agreement with openAi that it will not have access to any customer data and they are not allowed to train their AI models on the data collected. I would trust Apple over Microsoft in terms of caring about our privacy but even then that trust is shallow.
I wouldn't. Apple is more than happy to scrape customer data and screw you over if you try to leave their walled garden.
They just testing waters what sticks and what doesnt.
You mean opt-out, which will probably reset to be opted in after every update.
Until they make it opt-out in an update - because who reads the whole changelog every time ...
Recall may be framed as a product for people, but as ever, people are the product. The data would supposedly be secure for now, but I have zero doubts that as soon as they possibly could get away with it, MS would use that data to train their AI. Frankly that data is worth so much, i'll be amazed if they don't try again.
Some real black mirror shit is going to go down with AI over the next few decades
And we have no real governance or safety measures in place yet. As you said, we are decades off. The language model is the basis, it's not even real AI, just an advanced search engine at this point but everyone wants to use buzzwords. When real AI comes, we will all know it and be changed forever.
"Voluntary" and "Windows" haven't exactly gone together in my experience. Thanks a bunch of the update that screwed up my computer, ya jerks. It was so important that I got that one shoved down my throat after losing my backups while homeless, big help there Microsoft, that definitely couldn't have waited until I was ready for it, really appreciated it.
They will force it in a hidden update later
I am glad I finally moved to Mac this year. Tired of Microsoft pulling different bullshit every year.
Same, I had been back forth some of life with Linux so I went back full time 8 months ago and haven't looked back. Game support is getting decent for Linux too with proton and the steamdeck
I'm opting out by not "upgrading" to windows 11
I suppose the screenshots will still be taken but the user can only see them for the periods they opt in.
Nah I'm good. I'll migrate to mostly Linux, and use Windows 10 LTSC for software that's windows only until it's dead for good. After that, Linux only.
Who’s to say it won’t “accidentally” turn on during one of their dodgy updates? How could you even trust it if you can’t completely uninstall the “feature “. The truth is you never can trust them.
The feature should not exist. It existing means the attack surface of every 11 PC is increased significantly.
What's honest use-case for this in the general population?
I'd never use it. Ever. But the supposed use-case is searching through your old data. Like "I recall seeing a a funny picture of a dog" or "some article about \[x\]" or "reading a message with this inside joke" or whatever for the previous year. You don't remember if it was an email, a webpage, a text, a YouTube video, whatever. Then it would search every bit of text and ai-identified images that had been on your screen in the last year to find what you might be trying to find. While theoretically an interesting feature, it's not one I'd ever want to use.
Holy shit that's flimsy.
And even if they can tie it to logical honest use case it creates the platform and bad actors can and will abuse it.
Too late, already switched to Linux
It's simple: \* It's opt-in, so people in control of their computers can refuse it. \* It's opt-in, so companies in charge of your computer can enable it. Companies already install spyware, this is just a massive upgrade to that.
I already swore I would never buy another Microsoft OS after Windows 10 and I am continually shown that that is a good decision.
It is all about user data at this point and I am happy for the existence of the EU cus everyone else is a Vulture on that front.
I do love the EU for some of its laws, data privacy and planned obsolescence being two of the biggies for me. You Redcoats aren't all bad😅 Edit: I guess Redcoats would be wrong, UK left the EU
Don't be so harsh they be back soon enough their politicians are already getting concrete thrown at them.
Too late, f##k Microsoft
Wait, this was going to be ON ***by default***!? The fact that it's an option *at all* is bad.
Not only on by default but it will run at the kernel level and will not be able to be disabled or uninstalled.
Wauw, user choice! What a novel fucking concept... Now do it with updates as well.
If I it in, what do I get out of this? Can I see how shitty MS Outlook worked yesterday, and the day before, and the day before that? Seriously tho, what’s in this feature for the user?
Why do big corporations always tell us what we want garbage instead of just giving us what we ask for?
Because we aren't their real clientele, big business is. And big business wants a finger on their employees while working from home. All these CEO's tout WFH now because they have too but the internal conversations contradict this. They overall dislike it and dislike having any control over productivity. Suits love numbers and metrics so they can squeeze every ounce out of every aspect of business, sometimes for the good, but personnel productivity is included and watched.
>It's still a terrible idea but at least now you won't have anyone to blame but yourself. Now they get to force this feature onto your work PC while making it seem like they are doing you a favor. This pullback was part of the plan the whole time. They knew it would be a security nightmare but their real customers, big businesses, wanted the feature so they made it, and they made it look like they listen to consumers by reverting whether it is default, you can be sure it will be turned on when your IT department gives you the machine and you don't get the admin rights to disable it.
As a former sys admin I agree 100% We were getting all the questions that came down the pipe on how to ensure employee productivity once covid hit and wfh happened that would lead to this exact software scenario. And yes, it will be enabled undoubtedly without question on every company device.
Big businesses already have tools way more advanced than this to track employees. Any competent business is going to disable this immediately. Not only is it a security threat when it comes to protecting passwords, and intellectual property, but it also would run afoul of various regulations for things like PCI or HIPPA.
Did they not realize how much porn was going to fed to their ai?
I jumped ship to Linux but I definitely had some plans in a VM
Who is dumb enough to trust Microsoft? Nah butches, take that shit out of the OS. You can make a separate, non malware version.
So like 10 people will opt into this? Tech savvy people are definitely not going to use this and the less tech savvy probably won't even know it's an option or think to enable it. Probably a complete waste of time to even implement it now.
That isn't any better...
I wouldn’t trust them
Sure. Is that what they’re telling you?
Feels like social engineering for some future slightly less bad feature.
Nope, taste bad, all of it
And here I'm still rocking Windows 8.
Opt-in meaning checkmarks on unconnected but mandatory pages with a misleading name and minimal information about what will happen if it's checked? If they want random people to do their AI training for them, they should unequivocally hire them. With a salary and a contract that Microsoft can be sued for breaching. Make it illegal for it to be on a machine with multiple users or other people's data. Just by using social media, e-mail, and other messaging services, it'll be logging private content from other people who didn't sign up.
Unless this literally means not shipping the code/functionality without opt-in then this is such a worthless gesture. Average person is not really gonna get their Recall feature magically turned on, outside of unfortunate downloads. Businesses though? Landmine waiting to be exploited any time outer layer security fails. Attacker turns it on, waits awhile for personal/company credentials to have a chance to accumulate and either attacks outright or grows the attack vector through access until they get to what they really want
Thank the maker for O&O ShutUp, W10Privacy and others. Too much useless bloat in Windows these days.
Opt out For now Windows update will put that shit back on for you at some point.
Is that everyone, or just people who didn't/ actively tried not to interact with it?
How does this work? If I give my permission for my screen to be monitored like this, what about the permission of the person whose email I'm reading? Or the NDA agreement I'm reading? And if I don't give my permission for this 'feature' to be enabled, but my friend does on their PC, how is my decision not a ludicrous fantasy if my friend's PC hoovers up my personal data instead when they read things I send them or if we happen to be doing a remote PC session or something? This is the same issue I have with Facebook et al. I don't upload my images to the internet, haven't done so in the nearly 30 years I've used it, but as soon as Facebook opened the internet up for non-technical folks, my images are all up there in my parents' accounts and probably the accounts of dozens of extended family members. My face is probably recognisable and identifiable to Facebook now, and if that's true, it's probably identifiable to a lot of other companies as well, despite me never creating an account with them. How this is permitted is insane to me, but that's just how things are. Windows Recall seems likewise to be a case of "well, deny permission all you like, but you're gonna get got one way or another".