The new “Recall” feature really does look good on paper, but the taking in mind that it catalogues almost everything you do on your computer, it could turn out to be a privacy nightmare. “logging things you do in apps, tracking communications in live meetings, remembering all websites you’ve visited for research, and more,” according to the Verge. What could this mean for future computing? It would certainly make digital forensics a whole lot easier……

  • growsomethinggood ()@reddthat.com
    link
    fedilink
    arrow-up
    135
    ·
    6 months ago

    In case anyone read the headline and was worried it would pop up on your computer overnight, it does appear to need some hefty and recent processors and between 6-25GBs free in order to run at all, so I don’t think it’ll sneak up on folks any time soon.

    On the bad news front, I thought this was standard AI bad until I got to the part where it won’t obscure passwords. But, surprise, it will obscure DRM content (and private browsing, but just if you’re using Microsoft Edge).

    Terrible for privacy aware consumers but I really anticipate the worst of this will be in a corporate setting. Plenty of employers already spy on employees but this would be pretty next level.

    • Ottomateeverything@lemmy.world
      link
      fedilink
      arrow-up
      84
      ·
      6 months ago

      where it won’t obscure passwords. But, surprise, it will obscure DRM content

      Yeah, we all know where the priorities really are.

      How have our consumer protections gone so fucking far.

      • Adalast@lemmy.world
        link
        fedilink
        arrow-up
        26
        ·
        6 months ago

        I literally have a real “Consumer Protection Act” wishlist that I keep a running tally on in my head. Near the top of the list are things like “rent caps”, “strict opt-in for direct marketing”, and “strict opt-in for all data tracking”. On the last two, it is a “no purchase necessary” situation. Features and functionality are not allowed to be gated behind opting in.

        Oh, and big one here, no subscriptions gating features on purchased or leased property. If it is not directly paying for a perpetual service, fuck yourselves. If I see the word “subscription” tied to cars one more time I may start fomenting revolt. I have been seeing it more and more. Manufactured goods having their functions gated behind continuing to pay for the item is absolute bullshit and should be illegal. I’m wanting to lump SaaS in with that too. Consumers should be allowed to file suit to force companies to justify their subscriptions and there should be some pretty harsh guidelines on what qualifies. We need to be allowed to own things. Subscriptions and SaaS both do away with consumer ownership.

        Last one… EULAs need to be negotiable by individuals. Period. The idea that we can just “not use it if we don’t like the contract” is ludicrous in the modern world. No matter how careful one is, if you want to participate in the world, you must enter into a binding contract which can essentially take any rights and liberties they want with no recourse on the part of the consumer. And I don’t care if it would he prohibitively expensive for companies to do that. Just don’t make EULAs that people will feel the need to object to and you won’t have to worry. Costs nothing but all of the souls you harvest on a daily basis.

        • Omgpwnies@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          6 months ago

          A EULA is a contract and is by default “negotiable”. The buyer has the option to attempt to engage with the seller and negotiate an agreement. However, the seller has equal right to decline said negotiation with the understanding that the product will not be sold to the buyer.

          What would be far more productive is stricter regulation on what products can have a EULA attached, and what that agreement can contain (thus having the government pre-negotiate the contract on behalf of all the buyers collectively). These laws could also require a company engage a third party consumer advocacy group to negotiate the terms on behalf of the buyers as a collective, so as to keep that portion at an arm’s length from the government.

          This would still not preclude an individual from trying to negotiate, but a seller still has the right to say “I don’t want to sell this to you.”

          • Adalast@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            6 months ago

            This is all technically true and I 90% agree with the measures you suggested. My only issues are the fact that the ability for a seller to just ignore the negotiation request functionally means that EULAs are nonnegotiable contracts. Our rights mean nothing because their right of refusal is inherently more final. A consumer has no recourse to press the engagement of a seller who has refused negotiations.

            I agree in principal that the advocacy should be held at arms length from government agencies, but then you end up with well funded minority advocacy groups like the various right wing religious “parents” groups that push for censorship and other BS that most people are not for. The only way I would accept a civilian advocacy group would be if it were heavily regulated on how it can operate and absolute transparency on the books. I want to know who is funding them, who is directing their “advocacy”, and have the ability to collectively pump the brakes on them of they start working against our interests.

            I think the strongest idea is the one we share. EULA contracts need to be reigned in and be much more heavily restricted in what they can and cannot say. There also should be a legal framework for managing the whole “if any part of this contract is found to be unenforceable, all other clauses remain in effect” because it allows companies to put bullshit clauses that they know are outright illegal and violate consumer rights into the EULAs and just write it off when they get caught without consequences. There should be a limit somewhere. Some way for a judge or regulatory body to step in and say “OK, you have like 5 unenforceable clauses in here, the contract is void and all consumers who were previously party to it are released. Also, here is a $10,000/affected consumer fine, you have 30 days to pay it.” Idk, something with real teeth.

    • somethingp@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      6 months ago

      Yeah it takes screenshots periodically and all the storage and analysis is done on your local device, which is why it requires the newer CPUs with NPUs from Intel, AMD, and Qualcomm. There’s a setting to turn the whole feature off, and you can also choose to turn it off for only certain applications, etc. Microsoft seems to be making an effort to encourage chip manufacturers to make better NPUs so that their AI features can run as locally as possible. That’s likely why their new surface devices will be using the snapdragon x elite processors because they’re the only ones that have NPUs with enough TOPS to run all the AI features Microsoft wants on device, instead of having to send the data for processing to a Microsoft server. I think beyond trying to quell privacy concerns, it would be a huge cost for Microsoft if they had to have enough compute available to run all these AI tasks for users for free. I’m sure there’s still some way they are logging pieces of info here and there, but they’ll have to include some way to make sure the OS is secure enough for business operations that are handling secure information.

      People are acting as if auto saving, web history, reopen last used windows, etc aren’t already features on all modern apps and OSes. If the claim about everything staying on device is true then this is no different.

  • Ottomateeverything@lemmy.world
    link
    fedilink
    arrow-up
    52
    arrow-down
    1
    ·
    edit-2
    6 months ago

    it includes logging things you do in apps, tracking communications in live meetings, remembering all websites you’ve visited for research, and more.

    Yeah, uh, no thank you.

    Is Microsoft this out of touch? Or are we doomed to be constantly monitored by our corporate overlords?

    Seems we’re just still charging directly into 1984.

    • Baggie
      link
      fedilink
      arrow-up
      5
      ·
      6 months ago

      It can be both. Until the mass public starts caring or it starts affecting big business I don’t see things getting sensible any time soon.

  • AlexWIWA@lemmy.ml
    link
    fedilink
    English
    arrow-up
    34
    ·
    6 months ago

    The sad part is that this tool would be very useful if it wasn’t being made and operated by ghouls. If it was fully self hosted and encrypted then this would be amazing.

  • Dojan@lemmy.world
    link
    fedilink
    arrow-up
    30
    ·
    6 months ago

    I don’t know why people are surprised. They had a different version of this feature, “Activity History” in Windows 10. This is the same thing but they added “AI” to it.

  • CheeseNoodle@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    ·
    edit-2
    6 months ago

    For the last couple of years privacy on windows has basically been:
    Step 1: use strong passwords
    Step 2: third party company leaks your data anyway

  • affiliate@lemmy.world
    link
    fedilink
    arrow-up
    27
    ·
    6 months ago

    The default allocation for Recall on a device with 256 GB will be 25 GB, which can store approximately 3 months of snapshots.

    this comes out to about 2 GB / week. it’s honestly terrifying they could be generating 2 GB of activity data for just a weeks worth of computer use. it’s both a privacy nightmare and an optimization nightmare

  • Someonelol@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    22
    ·
    6 months ago

    How would companies that work on classified documents or HIPPA-compliant networks adapt to this bullshit? Surely Microsoft thought this through to prevent a massive data leak, right?

      • LifeOfChance@lemmy.world
        link
        fedilink
        arrow-up
        16
        arrow-down
        7
        ·
        6 months ago

        Linux isn’t the answer to everything. Linux users have become the vegans of the internet.

        Mind you I support Linux…

        • Flax@feddit.uk
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          1
          ·
          6 months ago

          I think it would be easier than relying on Microsoft. Or use MacOS

        • Linkerbaan@lemmy.world
          link
          fedilink
          arrow-up
          7
          arrow-down
          2
          ·
          edit-2
          6 months ago

          Well you asked how to get out of the windows privacy nightmare. He simply answered it. This isn’t like some vegan telling you that veganism is going to save global warming. It’s an actual solution.

          Within Windows you can guarantee that Microsoft will somehow auto activate these privacy nightmares as they always do. No matter the Sysadmins trying to fight Microsoft with Regedits.

          Linux is starting to get more and more usable each year, and the need to jump ship from Windows gets bigger and bigger each year. While software compatibility remains an issue for a lot of proprietary Windows software, companies might want to seriously consider moving to Linux for privacy related reasons.

        • yokonzo@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          4
          ·
          6 months ago

          Yeah this kind of blind proselytizing makes me cringe to be a linux user

    • Codilingus@sh.itjust.works
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      6 months ago

      Probably the same way they’ve done Windows in the past: Enterprise, IoT, LTS/B, and Education versions. All you can do at that point is assume and hope they aren’t lying about telemetry gathered in those variants.

      • Autonomous User@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        2
        ·
        edit-2
        6 months ago

        All you can do at that point is assume and hope they aren’t lying about telemetry gathered in those variants.

        This is a lie. Anti-libre software, Windows, bans us from removing malicious source code. So, we (1) remove it and (2, optional) replace it.

    • lobut@lemmy.ca
      link
      fedilink
      arrow-up
      17
      ·
      edit-2
      6 months ago

      I mean … I saw that for some reason when I logged into Windows 11 yesterday it had the NBA score in the bottom left. Who the hell asked if I wanted that?

      Went back to my Linux/Mint box as I rarely use my windows one but that pissed me right off.

  • DirkMcCallahan@lemmy.world
    link
    fedilink
    arrow-up
    17
    arrow-down
    1
    ·
    edit-2
    6 months ago

    We know this what the real purpose of this is, it seems like they’re going to sell it as a necessary tool for people who are too stupid to use a basic search function? Per The Verge:

    “Microsoft’s launching Recall for Copilot Plus PCs, a new Windows 11 tool that keeps track of everything you see and do on your computer and, in return, gives you the ability to search and retrieve anything you’ve done on the device.”

    Oh, and apparently “Microsoft is promising users that the Recall index remains local and private on-device.” Something something Brooklyn Bridge…

    • cerement@slrpnk.net
      link
      fedilink
      arrow-up
      10
      ·
      6 months ago

      “the ability to search and retrieve anything you’ve done on the device” combined with “people who save everything to desktop” …

  • kd45@lemm.ee
    link
    fedilink
    arrow-up
    15
    arrow-down
    2
    ·
    6 months ago

    Your computer already does all of this, It’s just that you are now able to access the data yourself

      • kd45@lemm.ee
        link
        fedilink
        arrow-up
        3
        arrow-down
        2
        ·
        6 months ago

        Does the ped in your username stand for pedantic? :P

        • Allero@lemmy.today
          link
          fedilink
          arrow-up
          2
          ·
          6 months ago

          Offer an important distinction to make in regards to tech-illiterate Windows users

          Which is barely a demographic for Lemmy though :D

  • Neato@ttrpg.network
    link
    fedilink
    English
    arrow-up
    11
    ·
    6 months ago

    Uhhhh. Governments use w11. I’m betting they get this disabled or freak the fuck out. If the former it’ll mean it’s able to be turned off at least.

      • M500@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        ·
        6 months ago

        Well if they stick to their promise of keeping it in device, encrypted, and only accessible to the user then it might be OK for HIPPA.

        But it’s still ripe to get hacked and will probably eventually be accessible to Microsoft or is accessible by then but they just say they won’t.

        • IchNichtenLichten@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          True. I wonder if it would be viewed as making an unauthorized copy of protected data?

          If they do screw up or get greedy and upload protected data they could be in very hot water.