Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned
- Thread starter JournalBot
- Start date
Our local hospital uses Windows 10. I am in the process composing a letter to the administrative and IT offices to express my concerns for using Recall - Windows 11 (Windows in general.) I am very interested in seeing their replies after they read the articles from the Ars site.
Upvote
3
(3
/
0)
- Add bookmark
- Featured
- #402
When this deploys, MS has effectively destroyed computer security altogether.
Sure, you can disable it on your machine. But since it's taking screen-grabs, you have to ensure that everyone else with whom you communicate has it disabled as well.
End-to-end encryption will be meaningless because it's taking screen-grabs at the end-points. That means Signal's security is borked, for example. For both ends, because the entire conversation appears in the app window on both ends. Doesn't matter if you exclude Signal from recording on your end.
You can't have any security unless you confirm that both ends have Recall disabled. Assuming it's really disabled when you turn it off, of course. And that the next OS update didn't turn it back on without telling you.
Sure, you can disable it on your machine. But since it's taking screen-grabs, you have to ensure that everyone else with whom you communicate has it disabled as well.
End-to-end encryption will be meaningless because it's taking screen-grabs at the end-points. That means Signal's security is borked, for example. For both ends, because the entire conversation appears in the app window on both ends. Doesn't matter if you exclude Signal from recording on your end.
You can't have any security unless you confirm that both ends have Recall disabled. Assuming it's really disabled when you turn it off, of course. And that the next OS update didn't turn it back on without telling you.
Upvote
25
(26
/
-1)
Also assuming that they even continue allowing you to turn it off on a non-Enterprise edition of Windows.
Even aside from that, I wonder how many people will wind up ultimately surrendering if this "update keeps turning it back on" thing happens. They might wonder what the point of turning it off even is if Windows just keeps turning it back on.
Upvote
8
(8
/
0)
I'm opposed to this service on multiple levels, but "people might find out their partners are unfaithful" is not one of those levels. My partner and I know one another's PINs and local desktop passwords. It helps that we're not worried about each other cheating.
Upvote
-17
(0
/
-17)
(It's unfair that my timezone's early evening means there have been 400 commets already, lol... Am still going to give my important opinion)
First and foremost: this feature is fundamentally incompatible with the claim that the company supposedly puts security at the center of everything. The proposal would fail within the first 5 minutes... unless The New CashCow is in need of milking, of course.
Let's take the maximum charitable position that they somehow manage to implement this in the magical theoretical sweet spot between security and convenience/usability (the "maximum security" implementation is not an option because people would outright reject it; in fact, they will probably also reject the '50% security focussed' implementation). AND additionally let's assume that users consistently follow best practices.
EVEN in that case, occasional general (Windows/computing) security holes will continue to pop up, and will be exploited. The very EXISTENCE of this feature at a wide scale means that a "bad" hack INSTANTLY escalades to a potentially DISASTROUS hack. It's like storing tons of fertilizer in a warehouse where people are doing welding from time to time. This is Russian Roulette, and for WHAT unmissable feature, exactly???
But what would happen in Reality?
- everything mentioned in the article: users being unaware of the status of the feature and the implications, updates changing settings, users losing the necessary focus to let the "opt out" approach NOT f*ck them in the ass, fundamental security far from water-tight... (all this assumes good faith approach from MS, resisting any temptation to "mine" the treasure trove of data)
Besides that:
Nope... Don't want this!!!!
Edit: even reading just a COUPLE of other comments shows that I already missed several other problems, lol.. Just totally baffling how they rushed this out.
First and foremost: this feature is fundamentally incompatible with the claim that the company supposedly puts security at the center of everything. The proposal would fail within the first 5 minutes... unless The New CashCow is in need of milking, of course.
Let's take the maximum charitable position that they somehow manage to implement this in the magical theoretical sweet spot between security and convenience/usability (the "maximum security" implementation is not an option because people would outright reject it; in fact, they will probably also reject the '50% security focussed' implementation). AND additionally let's assume that users consistently follow best practices.
EVEN in that case, occasional general (Windows/computing) security holes will continue to pop up, and will be exploited. The very EXISTENCE of this feature at a wide scale means that a "bad" hack INSTANTLY escalades to a potentially DISASTROUS hack. It's like storing tons of fertilizer in a warehouse where people are doing welding from time to time. This is Russian Roulette, and for WHAT unmissable feature, exactly???
But what would happen in Reality?
- everything mentioned in the article: users being unaware of the status of the feature and the implications, updates changing settings, users losing the necessary focus to let the "opt out" approach NOT f*ck them in the ass, fundamental security far from water-tight... (all this assumes good faith approach from MS, resisting any temptation to "mine" the treasure trove of data)
Besides that:
- encourages spying on/monitoring relatives, kids... No need to go through additional trouble/effort, the feature is RIGHT THERE. It's like having change rooms with standard security cameras
- how does the opt-out of particular apps and websites work exactly? It's highly unlikely that MS wants to annoye the user with too many dialogue boxes and pop-ups. That's bound to result in frequent oversight. A link on an "opt-out" website that leads to another similar site of the same company could be enough to trip you up. A reinstall of an app in a different path, an update that results in a different hash...
- leaving your PC unlocked for just a couple of minutes should make you a LOT more nervous from now on
- hack someone's PC remotely, leave no obvious trace but visit some... "darknet" sites. A month later, a "tip" for the FBI or local police department... Sure, it applies to browser history, too. But something about THIS feature makes it have a lot more punch. In fact, by clearing browser history you can dress it up like an oversight of someone who knows what's he's doing
Nope... Don't want this!!!!
Edit: even reading just a COUPLE of other comments shows that I already missed several other problems, lol.. Just totally baffling how they rushed this out.
Upvote
20
(20
/
0)
I don't have an answer, but my long experience as a professional paranoid leads me to ask the question: How will Recall help MS gather AI training data? I think that just has to be a motive, so the question is, what will the mechanism be? Are they going to tokenize these screen shots and then claim that is sufficient anonymization?
I'd be interested in other people's thoughts on this. The security aspect is kind of done and dusted, but the data scraping potential is IMHO worth looking into.
I'd be interested in other people's thoughts on this. The security aspect is kind of done and dusted, but the data scraping potential is IMHO worth looking into.
Upvote
7
(7
/
0)
What I don't fucking get is what is it even supposed to be for?
What can regular user hope to ever do with this data?
Get the printer working again, after you forgot how you got it working months ago, and it broke again for no reason? That kind of bullshit?
edit: also the whole enormous databases for training AI... training AI to do what exactly? Get the printer working, at least until some kind of update makes it fail differently?
I'm thinking just about the only use is to bolster some kind of vaporware AGI claims. Microsoft promising to train AI on what people see as input, with what people write and how they move mouse, as output. Except that all you'd get is overfitting to current versions of software and inability to cope with any changes.
Not to mention that it is a pure waste of time trying to teach AI how to use microsoft paint, when AI can just output pixel values directly, and same goes for anything you do on the computer.
Last edited:
Upvote
11
(11
/
0)
Upvote
7
(7
/
0)
I switched over to an M-series Mac for day-to-day use a couple of years ago, but the minute this can't be turned off, the Windows machines I still have will be retired for good (or switched to Linux).
Upvote
8
(8
/
0)
Only if you don't have Recall running (or forgot to opt-out Ars comments AND the forums...
Upvote
0
(0
/
0)
My impulse is to rant that I've been using MS OS's since DOS 3.0, and that this will finally be the thing that pushes me off their platform. But it doesn't matter, does it? Because anyone I communicate with will (unless they can assure me that they're either not on Windows or Recall is turned off) be recording every aspect of our communications "for me."
And how long until MS starts sending "anonymized" versions of the database back to themselves, "for product improvement purposes"? You know that's coming, and that it'll be anything but "anonymous." And MS pinky-swears that they won't share it with third-parties, or with law-enforcement. Until they do.
What an absolute fustercluck.
EDIT: Typo
Upvote
10
(11
/
-1)
Yeah. It's kinda like being the one guy driving a stick shift (me) around a bunch of cars with self-driving features. Bad actors might not be able to kill you by hacking your car, but they can definitely try to kill you by hacking the cars around you.
As far as the computers I use regularly and have control over, there's only one that runs Windows and I only use it for gaming and HTPC duties. And I'll do everything in my power to keep Recall off of it. But this will inform how I communicate with other people, for sure.
Upvote
6
(6
/
0)
Upvote
10
(10
/
0)
Yeah...I bought an $800 gaming PC with the reasonable understanding that it wouldn't record everything I use the computer for. It runs Windows Home, which I don't like in theory, but in practice the only real limitation is that I can't remote into it to copy files over, so I have one of those (defective) SanDisk drives for that.
If some signficant portion of this functionality cannot be disabled in the Home version of some future Windows update, is Microsoft going to reimburse me the cost of the PC, given that it was purchased with no expectation of becoming a total security and privacy nightmare?
Edit: Of course, my gaming PC doesn't have an NPU. But I would still be worried about some pieces of the functionality remaining, well, functional, even if the whole package isn't running.
Last edited:
Upvote
1
(1
/
0)
It's adorable that you think that argument would work. If UAC-controlled files were as impenetrable as you are trying to state, then malware, ransomware, stealth bitcoin miners installing themselves, etc. would not be possible. Have you never heard of permissions-escalation exploits?
Upvote
9
(9
/
0)
Exactly. And this was a big part of my consideration. Our Chief Privacy Officer had not yet heard about these things, but she was horrified when we discussed the privacy implications, and was 100% behind my banishment of these devices.
Upvote
7
(7
/
0)
DeschutesCore
Ars Scholae Palatinae
I'm going to let you in a on a secret. Unless you used BitLocker*, a user with a bootable LiveCD can read every file under every account on the storage device, all without ever entering a password or leaving an indication they were there. Many PC techs have a WinPE of some flavor, or a linux distro if they're REALLY technical.
Personally, I use Sergei Strelec's WinPE (https://www.majorgeeks.com/files/details/sergei_strelecs_winpe.html), but millions of us have access to these tools that ignore security entirely and freely duplicate or modify these files, leaving the owner completely unaware. As it's a WinPE (Win10 or lower) Recall / Copilot will never load or log anything, either.
And this is just the first attack vector I can think of. As others have said, Cloud Sync is a VERY real concern.
* BitLocker can be defeated as well, but that takes time.
Upvote
7
(7
/
0)
Did that include copilot? I've seen it start to show up uninvited on my Win10 PCs..
Upvote
0
(0
/
0)
Or, someone without morals could go to the library and steal a ton of information from people who don't have access to a computer at home for various reasons.
Upvote
6
(6
/
0)
Eh, hypothetically, yes this would be useful. I'm the kind of person who has no folders in his work Outlook, never deletes an email, and just searches everything
OTOH hand I run Linux at home and nothing would ever tempt me back to Windows, it simply can't be trusted. I have a dual boot installation but I've used it maybe twice in six months and I'm ever more minded to just delete it
Upvote
3
(3
/
0)
Agreed. I mean, forget about amazon remembering you bought a lawn mower and constantly pushing other mowers to you - getting a hold of your "Recall" database would be an advertiser's wet dream. (Potentially) every email you read, every site you visited (not just amazon, but lowes, home depot, etc, to compare mowers, etc), every google query, every game you played, every spreadsheet you worked on, every youtube channel you watched, etc. This level of integration makes google look like rank amateurs - I don't think they even have this level of snooping in Android!
Upvote
7
(7
/
0)
Upvote
4
(4
/
0)
This doesn't sound plausible.
But it also doesn't sound totally IMplausible, which is pretty scary!
Upvote
0
(0
/
0)
You fundamentally misunderstand end-to-end encryption. The point is to be encrypted between endpoints, not at the endpoint. If you encompassed the endpoint, the message wouldn't be readable. Unless you imagine the user would have to use a piece of paper to decrypt a message displayed on the screen.
You cannot ever trust that another party isn't recording or photographing their screen. Ever. Not 10 years ago, not now, not 10 years from now. The only carve-out is DRM'd video (only screenshots, naturally, not photography) because that has OS and hardware support, and even that can be bypassed.
Upvote
-11
(4
/
-15)
It's only somewhat useful in the way it was imagined, if you don't cripple it
It's only SAFE if you cripple it to the point of total user annoyance.
Upvote
2
(2
/
0)
The feature is a nightmare, but part of the reason is that you absolutely WOULDN'T have to check the screenshots one-by-one yourself...
Upvote
5
(5
/
0)
This is a legal discovery goldmine, imagine being a law firm able to charge hourly to review 90 days worth of each user's desktop. Easy millions before you get anywhere near trial.
Upvote
6
(6
/
0)
Lol, you can't even get rid on OneDrive, it keeps coming back.
Upvote
5
(5
/
0)
There are a couple utilities out there that let you pick and choose which updates get installed, similar to what you could do in Win7. If you are not on 10Home, GPO can set the updates to wait for approval to download and install.
If you are on 11 God speed!
Upvote
0
(0
/
0)
Is the use case targeted advertising? The data might stay local, but that doesn't mean Windows can't transmit interests pulled from the data to do targeting advertising on the web (forced to sign in to a Microsoft account these days) or pop ads on the computer itself. Microsoft hasn't really made inroads against Google in the search business, but could look at the vast data available on Windows PC's and think "We can mine what the users are doing and viewing in real time and use it for targeted ads"
Upvote
0
(1
/
-1)
I wouldn't be surprised if Microsoft has not been doing this 'recall program' covertly since Windows VISTA all along while partnering with government agencies and third parties protected by patriot act legal language. I think it is time we put very restrictive law on End User License Agreements and Software As A Service paradigms. These paradigms are causing the issues we have now as they allow Microsoft and others to modify your software environment or functionality at will for whatever reason whenever they want without consideration to you, the consumer.
I have no problems with companies salvaging their intellectual property like stuffing their applications into encrypted secure memory hardware enclaves but I don't want the software requiring mandatory Internet connectivity to run or authenticate. Why? Lets say I have a video edit I need to do. I open the application and it won't run because the authentication server is offline or I don't have an Internet connection (Yes, this happened to me). What if you have some older software that you purchased and the business is now gone. The company went belly up during COVID, the server is no longer online and now my vector drawing software will not operate. You are F__KED! There is nothing you can do.
I would like all software houses to turn back the clock and fix their products so without Internet or before becoming a defunct business, a customer can run the software they purchased.. Software developers you need to tell the hardware manufactures you want encrypted secure containers you can run your applications within without compromising your intellectual property as well as ending piracy concerns.
I know there are smart people that can do this. It makes me extremely angry when I purchased over $2500 in software with perpetual licensing and the businesses go under, they are gone and perfectly good operating software will not work anymore because the authentication servers are no longer there. I would prefer hardware dongles rather than authentication servers and Internet connectivity. EULAs and SWAAS are roadblocks to your privacy, security, freedom and using your property.
I have no problems with companies salvaging their intellectual property like stuffing their applications into encrypted secure memory hardware enclaves but I don't want the software requiring mandatory Internet connectivity to run or authenticate. Why? Lets say I have a video edit I need to do. I open the application and it won't run because the authentication server is offline or I don't have an Internet connection (Yes, this happened to me). What if you have some older software that you purchased and the business is now gone. The company went belly up during COVID, the server is no longer online and now my vector drawing software will not operate. You are F__KED! There is nothing you can do.
I would like all software houses to turn back the clock and fix their products so without Internet or before becoming a defunct business, a customer can run the software they purchased.. Software developers you need to tell the hardware manufactures you want encrypted secure containers you can run your applications within without compromising your intellectual property as well as ending piracy concerns.
I know there are smart people that can do this. It makes me extremely angry when I purchased over $2500 in software with perpetual licensing and the businesses go under, they are gone and perfectly good operating software will not work anymore because the authentication servers are no longer there. I would prefer hardware dongles rather than authentication servers and Internet connectivity. EULAs and SWAAS are roadblocks to your privacy, security, freedom and using your property.
Upvote
0
(2
/
-2)
I certainly understand all the negatives about Recall, what I don't understand are the supposed benefits. There is no positive use for this feature that I can see.
Upvote
5
(5
/
0)
It has a bit of a terrifying "No Real Wizzard of Oz Behind The Curtain" moment vibe...
Upvote
4
(4
/
0)
I don't think anything says "Year of the Linux Desktop" like Microsoft does these days
Upvote
10
(10
/
0)
Hmm a "still in progress" feature, not expected to be released for another 3-4 months, running under preview code, on an unsupported system.
Yeah.... I think I'll wait until the final code comes out before making assumptions or casting judgement.
I hope that this user has reported the current flaws back to Microsoft, though.
Yeah.... I think I'll wait until the final code comes out before making assumptions or casting judgement.
I hope that this user has reported the current flaws back to Microsoft, though.
Last edited:
Upvote
-11
(1
/
-12)