Do they really think we believe any of their lies? We don't control Windows, anti-libre software (it fails to include a libre software license text file, like AGPL). Dangerous! 🚩
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
I suspect Group Policy will be fully effective at disabling this, and there's a documented way to prevent it being installed and to remove it.
Imagine a massive corporation built on Risk Management, legal constructs and regulation, such as Wells Fargo, Capital One, CSC, Bank of America, etc, suing the pants off MS because this caused a leak of something, especially some data that's strictly regulated.
MS wouldn't stand a chance. Those places have ruthless legal organizations that know their world inside and out.
They will just enable it by default later when the heat passes. They always do. You no longer own Windows.
Never did. It's just more and more obvious with each new "feature" that it's built for monetization, not for user functionality.
In the '90s and early 2000s, Microsoft's business model was the classic one of selling products to customers. Today, it's all about the cloud, advertising, and AI, where the product is the user.
My prediction is essentially one day windows pcs will be Linux that act like thin clients that go to windows 365.
Lies but ok.
I'm sure it's corporate speak for 'unless you opt into opting out of Microsoft recording everything's
I have zero reason to trust companies who are known to not be trust worthy.
And who's to say they don't have this 'opt in' setting enabled for a week then upon the first update, whoops...it was auto enabled for everyone 'sorry...you must not out now and sorry not sorry but we already stole everything. See y'all next update!'
Still in the os...
Microsoft will just enable it via an update once all the fervor dies down. They haven’t abandoned the plan, and won’t, not while your data is pure profit for them.
Hell with them, no more Windows PCs in my home. I’m sick to death of everyone and their mother trying to both advertise to me and sell my data without my permission and at zero benefit to me.
I still don't trust Microsoft. I hadn't bought a Windows since Windows 10, and this won't change that.
“The ability to disable the…feature during the setup process…” does not mean opt in, that means opt out.
Knowing windows setup, you need to click customize during the setup process and then go through several setup pages before you’re presented this option (or have to dig into additional/advanced settings to find it).
Most people won’t do this, won’t know how to do this, or will receive the pc with the initial setup complete and won’t know if this is on or off.
This is the screen the user is presented during setup.
Even without all the invasion of privacy implications, I'm skeptical it would even work. Source: 20 years of "Windows is checking for a solution to the problem" that has never worked even once.
I've actually had those troubleshooters work for me several times in recent years. Mostly fixing networking issues.
I guess for the basic stuff I do when I've had programs crash I've never seen it do anything, but nice to know it's not completely useless
Frankly, this is one of the areas I'm most looking forward to seeing what integrated AI can do for Windows. A couple of months ago I was having trouble with getting my printer to work and what I ended up doing was taking a screenshot of the printer settings and pasting the literal image of the screen into Bing Chat to ask it what I was doing wrong. It was able to parse my settings out of the image and figured out what I needed to change to make the printer work.
Having a troubleshooting AI like that that can actually "read" the entire state of my machine would be great.
They've fixed an otherwise aneurism inducing audio problem a few times for me.
And even if you find it, it will have an idiotic and obscure name, like “advanced history experience” or something absolutely nondescript
Also when you try to disable it they will use all sorts of dark pattern pop ups to dissuade you from disabling it.
The exact wording, which, again, is in the article you didn't bother to read before posting, is "Quickly find things you've seen with Recall. Recall helps you find things you've seen on your PC when you allow Windows to save snapshots of your screen every few seconds".
Seriously, I don't even like the feature. I will absolutely turn it off, just like I did Timeline, and I expect it'll be gone in the next version, just like Timeline was.
But I did look at the stupid article before posting. So there's that.
So, are we done berating everybody passive-aggressively with just a sprinkle of condescension? Because maybe, just maybe, I was making a remark about the general practice of Microsoft to hide stuff behind nondescript bullshit names (especially in non-English versions where the English bullshit name gets translated literally most of the time, which yields even more nondescript results).
Maybe, just maybe, you chose the wrong comments to act up on “PeOpLe NoT rEaDiNg ThE aRtIcLe” when all that was posted about was inconsequential stuff about the precise clicks needed to turn a feature off that's not even in the respective menus yet. So this is not someone talking bullshit because they misunderstood the headline about a murder case or something.
All that was said was about practices Microsoft has abused into oblivion: Hiding stuff behind obscure menus and hiding stuff behind obscure names. The comments made were a persiflage of exactly that.
Maybe, just maybe, the precise placement and wording in a menu that doesn't even exist yet is a topic inconsequential enough that people will not read the tenth article about the general subject (Copilot becoming “opt-in”) to make sure they wouldn't miss this super irrelevant point to the story. A point which you guessed from screenshots that haven't reached production yet (even if they are likely to go into production as shown, it can still change), so your condescending attitude is based on wobbly grounds.
There are tons of articles where people post absolutely wrong and quite absurd stuff because they didn't read the article. Some of them even matter (politics, world events). So let's criticize people when they don't read through actually important articles before posting, and agree that it's okay to not read the exact article posted on unimportant sidenote stuff if one knows about the thing in general. Because if I'd be only allowed to comment on the article posted itself, I wouldn't need Lemmy, I could just comment on the site that posted the article in the first place.
Besides: You did notice that you commented on two different people, yes? Because you sure sounded like you didn't read the usernames before commenting and thought you always replied to the same guy.
That is a very long rant to agree with me in that you care enough to rant about this online but not enough to read past the headline.
So no, I have no intention to shut off the condescension, there is nothing passive about my aggression and people absolutely don't read the article regardless of how important they feel the issue is. Yesterday this was all about the most important threat to the security of the average cosnumer, now it's "unimportant sidenote stuff". Somebody should have told MS how unimportant it is, could have saved the devs the crunch to fix it by the time it ships in 10 days.
For the record, you're right about how hard it is to find things sometimes in localized versions of OSs. That's true of all of them, though, and I blame the fact that we're all stuck here speaking the haegemonic language and reading about tech only in English while local journalists struggle to stay relevant, so we learn all the brand names and settings in English despite the software itself being available in localized versions. But that's a whole other conversation.
So your reply is, “but other people don't read…”? Yeah, I'm not “other people”, so stop making me a scapegoat for behavior you've seen elsewhere (and on which I agreed with you, btw).
Yet, you misunderstood my comment: Copilot is important. It not being encrypted is important (and hilariously naive). Where they put the turn on or off option in the setup menu ultimately is not. I wrote that pretty clearly. Didn't you read my answer? That was the only information I could have gotten from the article I didn't have already. Thing is: If I had read it (from a Screenshot I wouldn't have seen anyway because I normally use reading mode, no less), I would still have commented on the dark patterns Microsoft uses to get you to send your “telemetry” to them.
I have since skipped through the article and literally the only thing in there I didn't know were those stupid screenshots. So why the heck would I read the article when I had read others just like it?
You just saw something you'd been irritated about in other places and treated me (and others here) as if we were the offenders behind the things you saw as well, lashing out without provocation and felt justified because "it happens all the time". While some of that's correct, the people you went and "showed'em" aren't the source of all evil, so skip the scapegoat bullshit and be civil towards people you've never talked to before, will ya?
Yeah, see, here's how I know I'm not scapegoating you and you also didn't read it.
The article clearly explains they WILL in fact encrypt it and require a passkey to access it once per session.
So yeah, no, my condescension is exactly about you. And others. But also you.
Are you really this dense? The whole opt-in thing comes because Researchers found that Recall wasn't encrypting shit and there was already a tool out to scrape this data automatically (Totalrecall). That was what I mentioned there. Come on, you must be trolling now. This is just laughable. But so you can't be half-read my comments and make it fit your argument again, it's even in the bloody article:
Microsoft’s changes to the way the database is stored and accessed come after cybersecurity expert Kevin Beaumont discovered that Microsoft’s AI-powered feature currently stores data in a database in plain text. That could have made it easy for malware authors to create tools that extract the database and its contents. Several tools have appeared in recent days, promising to exfiltrate Recall data.
Yes, I am aware. I read about that yesterday, and yes, I did read it again at the bottom of this piece. It was really bad.
Which is presumably why, a couple of paragraphs above, they explain that:
Microsoft will also require Windows Hello to enable Recall, so you’ll either authenticate with your face, fingerprint, or using a PIN. “In addition, proof of presence is also required to view your timeline and search in Recall,” says Davuluri, so someone won’t be able to start searching through your timeline without authenticating first.
This authentication will also apply to the data protection around the snapshots that Recall creates. “We are adding additional layers of data protection including ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates,” explains Davuluri. “In addition, we encrypted the search index database.”
Here's the thing, it shouldn't take somebody calling you out on it on the Internet and engaging in a defensive back-and-forth driven by pride for you to actually read the thing. Commenting should be secondary to following the link and figuring out what's actually happening. But it's not. That is the part that pisses me off. Not the stupid feature that is still bad even without glaring security holes. Only partially the stupid rooting for commerical products like they're football teams. Fundamentally that our consumption patterns when it comes to information are broken and we think it only affects everybody else but not us.
That part is terrifying and infuriating.
There is a screenshot of the opt-in screen in the article. There is no default, just two buttons to say yes or no.
I swear, outrage should only be allowed based on the amount of work one is willing to put in before expressing it. If you don't do the reading, you don't get to be publicly angry. It'd save us all so much trouble.
For the record, the feature was always optional, as per the original announcement. Presumably the change is it is now part of the setup flow where it was going to be a settings toggle instead.
Which is, incidentally, how this used to work the first time Windows had this feature, back when it was called "Timeline" in Windows 10.
The screenshot doesn’t show preceding flow to reach it, but I did miss the “requires windows hello to enable” bit, which does suggest that wherever it is, it would have to be opt-in.
It doesn't because that's one of the four or five screens during the initial Windows setup where you opt in and out of all the other spyware features. They all look the same and are prompted in sequence. Unless they're doing something very weird you absolutely have to make a choice on each of them and they are unskippable otherwise.
I mean, you don't have to know, if you don't know Windows you don't have to recognize them. But if you do it's pretty obivous, so you... you know, could have asked or looked it up.
Or gone through the link, because come on, you didn't. You were obviously just reacting to the headline.
not to mention they are known to re enable telemetry on systems after updates.
i doubt this will be any different.
Microsoft speaks.... thhhhe bullllshitttt -lazlo voice
This is the best summary I could come up with:
Microsoft had originally planned to turn Recall on by default, but the company now says it will offer the ability to disable the controversial AI-powered feature during the setup process of new Copilot Plus PCs.
Recall uses local AI models to screenshot mostly everything you see or do on your computer and then give you the ability to search and retrieve anything in seconds.
Everything in Recall is designed to remain local and private on-device, so no data is used to train Microsoft’s AI models.
TotalRecall extracts the Recall database so you can easily view what text is stored and the screenshots that Microsoft’s feature has generated.
“In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”
Davuluri references Microsoft’s SFI principles in today’s response, noting that the company is taking action to improve Recall security.
The original article contains 747 words, the summary contains 151 words. Saved 80%. I'm a bot and I'm open source!
If it's an embedded feature, then I categorically refuse to trust that I the user will have sole control over the on/off toggle.
I am basing my suspicions on Microsoft fucking around with my user settings over several decades and Windows iterations.
Ok, let's assume (for the sake of argument) that everything is on the up-and-up, and Microsoft will behave in a completely equitable and user-friendly way with regard to this feature going forward. Where does that leave us?
There is a spyware feature built into Windows 11. It is off by default, but a malware that wants to capture this kind of information doesn't have to install anything, and it doesn't have to run any background processes that might get caught by a system monitor or blocked by application whitelisting. All it has to do is turn this built-in feature on, and then exfiltrate the data later.
Ok, let's assume (for the sake of argument) that everything is on the up-and-up, and Microsoft will behave in a completely equitable and user-friendly way with regard to this feature going forward
This is so fantastical that there's not point in even having the hypothetical discussion about it.
*Windows won’t take screenshots of everything you do after all (that the company will admit to without you knowing)— unless you opt in
I feel like if browser history was invented today people would have the same reaction to it.
Browser history was implemented before companies massively abused privacy.
It was an honest feature for users.
We also learned a lot about security regarding password/credential extraction from browsers.
Windows Recall might be an honest feature. It might be super secure and really useful.
But Microsoft doesn't have the trust to pull this off
It might be super secure and really useful.
It's not.
...For now...
"For only $5.99 per month you can opt out of the service! Sign up today!" - MS in the likely near future
We had a good solid enraged mob going here, and Microsoft is ruining it! The bastards!
WHY THE FUCK WOULD SOMEONE WILLINGLY OPT IN?!
People will be deceived into opting in via some UI anti pattern like they do with the online user accounts and onedrive now.
Cause they're going to show a pop-up that advertises some "cool new feature", and the 99% of users who aren't tech literate will say yes and never think about it again.
People on this site severely overestimate how much the average person cares and their overall level of tech.
Until they flip the setting by themselves because ms tend to do that
...says the company that wanted to destroy every bit of your privacy. I don't care what they "promise", don't listen to them.
Microsoft is finished. Install Linux.
They're just going to do a classical boil-the-frog operation:
- Step 1: Make it opt-in and present it as the new cool thing.
- Step 2: Make it opt-out, and if the users opts out, show a scary warning about how the cool thing won't work anymore.
- Step 3: Make it opt-out, but hide the opt-out option deeply.
- Step 4: Remove opt-out, but it still works with a registry hack. Microsoft apologists will still thinks it's cool because "just use this simple registry hack bro".
- Step 5: Remove opt-out alltogether, and automatically opt people in who had previously opted out.
- Step 6: Enjoy their boiled frog!