Also assuming that they even continue allowing you to turn it off on a non-Enterprise edition of Windows.When this deploys, MS has effectively destroyed computer security altogether.
Sure, you can disable it on your machine. But since it's taking screen-grabs, you have to ensure that everyone else with whom you communicate has it disabled as well.
End-to-end encryption will be meaningless because it's taking screen-grabs at the end-points. That means Signal's security is borked, for example. For both ends, because the entire conversation appears in the app window on both ends. Doesn't matter if you exclude Signal from recording on your end.
You can't have any security unless you confirm that both ends have Recall disabled. Assuming it's really disabled when you turn it off, of course. And that the next OS update didn't turn it back on without telling you.
I'm opposed to this service on multiple levels, but "people might find out their partners are unfaithful" is not one of those levels. My partner and I know one another's PINs and local desktop passwords. It helps that we're not worried about each other cheating.Maybe it could have certain moderation features built in like social media sites do. Think of a setting that automatically excludes nsfw content for you that is on by default. If an app or website has nsfw content, recall detects this and immediately disables recall for that app or website and deletes all history for that app or website.
Similarly you could have it exclude certain topics like medical records, sexual activity, drug use, anything that seems to deal with adultery or admission of a crime, discussion of politics, discussion of religion (or lack thereof), etc. Different toggles you can toggle to control how this "feature" works.
I mean, imagine a spouse accessing their partner's recall settings and seeing a ton of ashley maddison, tindr, bumble, and onlyfans listings there. It's as damning as seeing the actual details.
And don't get me started on the potential for abuse by employers.
That assumes opt-in.you’d have to be stark raving mad to enable this feature
What I don't fucking get is what is it even supposed to be for?you’d have to be stark raving mad to enable this feature
This is better than all that because it's "AI"!!!!!!Even supposing this was somehow 100% secure, is it even a useful feature? I can't think of a situation where I've forgotten something important I did on my PC that wasn't easily resolved through a file/web history search or a quick look at 'recently opened' in whatever software I was using. Which also sound a lot less painful than sifting through endless screenshots of whatever inane thing I was doing that the AI thought worth preserving.
That being said, it is a massive security nightmare and always will be. What sheer idiotic hubris from the Microsoft C-Suite.
I switched over to an M-series Mac for day-to-day use a couple of years ago, but the minute this can't be turned off, the Windows machines I still have will be retired for good (or switched to Linux).Also assuming that they even continue allowing you to turn it off on a non-Enterprise edition of Windows.
Even aside from that, I wonder how many people will wind up ultimately surrendering if this "update keeps turning it back on" thing happens. They might wonder what the point of turning it off even is if Windows just keeps turning it back on.
Only if you don't have Recall running (or forgot to opt-out Ars comments AND the forums...This should be a Featured Comment (IMHO).
My impulse is to rant that I've been using MS OS's since DOS 3.0, and that this will finally be the thing that pushes me off their platform. But it doesn't matter, does it? Because anyone I communicate with will (unless they can assure me that they're either not on Windows or Recall is turned off) be recording every aspect of our communications "for me."Also assuming that they even continue allowing you to turn it off on a non-Enterprise edition of Windows.
Even aside from that, I wonder how many people will wind up ultimately surrendering if this "update keeps turning it back on" thing happens. They might wonder what the point of turning it off even is if Windows just keeps turning it back on.
Yeah. It's kinda like being the one guy driving a stick shift (me) around a bunch of cars with self-driving features. Bad actors might not be able to kill you by hacking your car, but they can definitely try to kill you by hacking the cars around you.When this deploys, MS has effectively destroyed computer security altogether.
Sure, you can disable it on your machine. But since it's taking screen-grabs, you have to ensure that everyone else with whom you communicate has it disabled as well.
End-to-end encryption will be meaningless because it's taking screen-grabs at the end-points. That means Signal's security is borked, for example. For both ends, because the entire conversation appears in the app window on both ends. Doesn't matter if you exclude Signal from recording on your end.
You can't have any security unless you confirm that both ends have Recall disabled. Assuming it's really disabled when you turn it off, of course. And that the next OS update didn't turn it back on without telling you.
Or maybe just not have it in the OS at all?Maybe it could have certain moderation features built in like social media sites do. Think of a setting that automatically excludes nsfw content for you that is on by default. If an app or website has nsfw content, recall detects this and immediately disables recall for that app or website and deletes all history for that app or website.
Similarly you could have it exclude certain topics like medical records, sexual activity, drug use, anything that seems to deal with adultery or admission of a crime, discussion of politics, discussion of religion (or lack thereof), etc. Different toggles you can toggle to control how this "feature" works.
...
Yeah...I bought an $800 gaming PC with the reasonable understanding that it wouldn't record everything I use the computer for. It runs Windows Home, which I don't like in theory, but in practice the only real limitation is that I can't remote into it to copy files over, so I have one of those (defective) SanDisk drives for that.Also assuming that they even continue allowing you to turn it off on a non-Enterprise edition of Windows.
Even aside from that, I wonder how many people will wind up ultimately surrendering if this "update keeps turning it back on" thing happens. They might wonder what the point of turning it off even is if Windows just keeps turning it back on.
Browser history is unencrypted.
Anyone who has access to my PC can see everything I have on the system, unless I put it in the special encrypted OneDrive folder.
It's just another cache of system activity, with all the same risks of everything else stored on the system.
Yes they are. User files are by default owned by that user and other users do not have read permissions. They show the UAC prompt that is required for an admin to change ownership, but that's not something that non-admins can do, and without changing ownership those files are not accessible to other users.
Exactly. And this was a big part of my consideration. Our Chief Privacy Officer had not yet heard about these things, but she was horrified when we discussed the privacy implications, and was 100% behind my banishment of these devices.And if we extend your point into compliance, there is no way a business remains compliant with this feature. PII, PCI-DSS, ISO27001, SOC2, GDPR, HIPAA, and any other data privacy regulation or compliance, are all gone, instantly.
I'm going to let you in a on a secret. Unless you used BitLocker*, a user with a bootable LiveCD can read every file under every account on the storage device, all without ever entering a password or leaving an indication they were there. Many PC techs have a WinPE of some flavor, or a linux distro if they're REALLY technical.Yes they are. User files are by default owned by that user and other users do not have read permissions. They show the UAC prompt that is required for an admin to change ownership, but that's not something that non-admins can do, and without changing ownership those files are not accessible to other users.
Ars did a great article in February 2024
Wow when I first saw this I missed that another user could just grab the file. So any shared access computer can completely expose the history of a user.
This is beyond worrying. Parents could use this to spy on their kids or even the other way around. A kid could use this to steal the parents access to bank accounts.
Eh, hypothetically, yes this would be useful. I'm the kind of person who has no folders in his work Outlook, never deletes an email, and just searches everythingIgnoring security & privacy for a moment, is there anyone actually asking for recall as a genuinely useful feature?
I struggle to imagine why I'd want this. Monday morning, coffee machine broken, what did I do last Friday before I logged off? Eh. No.
I can see cases where being able to replay or rewind the system state may be useful IF one opted into it. A software developer attempting to reproduce a highly sporadic bug could something like this to record system state and be able to step back and forth to investigate what's going on could use a tool like this (but bigger. This just records screen state, I think.)
But one more point I want to comment on from the article:
For now. How long before you need to opt-into Recall to use other otherwise unrelated functionality in the OS?
Fire executives? WTF you talkin about Willis?There is no actual way to secure Recall against local attackers. The only real answer here is to can the feature and fire the executives responsible.
This doesn't sound plausible.Sadly, I can imagine the 'use' case. Well... at least Microsoft's use case. This isn't meant for mereplebscustomers.
Almost all internet data has been scraped to feed the AI (Artificial Idiocy) monsters. There's a risk of inbreeding as the AI wunderkind confabulate an internet with even more idiotic information.
With this new Copilot/Recall 'feature', Microsoft can hoover up everything on millions of local machines, thereby providing fresh meat for Microsoft's Artificial Idiocy beast. Isn't that great? For shareholders.
You fundamentally misunderstand end-to-end encryption. The point is to be encrypted between endpoints, not at the endpoint. If you encompassed the endpoint, the message wouldn't be readable. Unless you imagine the user would have to use a piece of paper to decrypt a message displayed on the screen.When this deploys, MS has effectively destroyed computer security altogether.
Sure, you can disable it on your machine. But since it's taking screen-grabs, you have to ensure that everyone else with whom you communicate has it disabled as well.
End-to-end encryption will be meaningless because it's taking screen-grabs at the end-points. That means Signal's security is borked, for example. For both ends, because the entire conversation appears in the app window on both ends. Doesn't matter if you exclude Signal from recording on your end.
You can't have any security unless you confirm that both ends have Recall disabled. Assuming it's really disabled when you turn it off, of course. And that the next OS update didn't turn it back on without telling you.
It's only somewhat useful in the way it was imagined, if you don't cripple itI can't really think of any reasonable way to make a feature like this even remotely secure unless it was set up with default settings that were basically the exact opposite of what they currently are. By default, it's off for everything. If I turn it on, I have to enable it for each individual app I want to use it with and it's permanently disabled for anything that includes any kind of login or password with no way to ever enable it for that.
So for instance maybe I want it enabled for a developer tool and the editor I use for it. So I enable those and it can potentially be useful for whatever I'm developing while having no access to anything else I do.
Unless I see drastic security improvements to it I will definitely just turn it off and that should be it's default state since that's what most users will just stick with permanently.
Do you believe in angels?Are you kidding me? I would LOVE the right capable implementation. Don't care if it's called AI, Whoopville, or Pastry.
I want a true copilot in my pocket and laptop, one that can actually remind me to do shit. One that can take a natural language input of a task/appointment without significant effort. One that knows what my home diary looks like for the next couple of months. One that can remind me the bins aren't out yet, but knows if I or my other half has already done it. Ditto groceries. Garage door is up at bedtime. Remind me to go to bed. Remind me no one has checked offsprings' lights are out. Actually silence my phone from notifications at night but ping when my mum or a medical service calls at 2am. Monitor this thing I want to buy and tell me when it's discounted. Change my music/podcast hands free while driving.
One that can gently use reinforcement learning to help me with repeated or scheduled tasks, slowly removing the reminders as appropriate but always backstopping.
One that makes my life much easier with shit I'm not good at.
First critical requirement: it's ONE app/ thing, not 17, and is across devices and OSs.
Second: it can pick things up, not require butt-tonnes of programming or tweaking.
Third: it's always got my back, not Google or Microsoft's and never leaks data.
Nearly all of these things have been implemented at some point, but it's never been a combined, portable package. LLMs and AI can, in theory, largely bridge the existing gaps, which are mainly getting the human input and needs into machine workable concepts.
The blockers are, largely and in no particular order:
#1: Apple - must keep people within ecosystem
#2: Microsoft - must sell to people
#3: Google - must sell people
The feature is a nightmare, but part of the reason is that you absolutely WOULDN'T have to check the screenshots one-by-one yourself...Even supposing this was somehow 100% secure, is it even a useful feature? I can't think of a situation where I've forgotten something important I did on my PC that wasn't easily resolved through a file/web history search or a quick look at 'recently opened' in whatever software I was using. Which also sound a lot less painful than sifting through endless screenshots of whatever inane thing I was doing that the AI thought worth preserving.
That being said, it is a massive security nightmare and always will be. What sheer idiotic hubris from the Microsoft C-Suite.
Lol, you can't even get rid on OneDrive, it keeps coming back.Can we hard disable Recall by GPO and uninstall the components?
There are a couple utilities out there that let you pick and choose which updates get installed, similar to what you could do in Win7. If you are not on 10Home, GPO can set the updates to wait for approval to download and install.already done you can only slow updates now for 4 weeks
so july 5th i have to get it, or migrate to linux by then....
you cannot turn off updates
It has a bit of a terrifying "No Real Wizzard of Oz Behind The Curtain" moment vibe...Looking at the implementation it feels like something a small team did a proof of concept for during a weekend hackathon and it then somehow ended up in production.