Microsoft is reworking Recall after researchers point out its security problems
Microsoft is reworking Recall after researchers point out its security problems
Windows Hello authentication, additional encryption being added to protect data.
the company says that Recall will be opt-in by default, so users will need to decide to turn it on
I feel for the hundreds of engineers at Microsoft who have been yelling about these security issues since day one, but cannot say "I told you so" because they'd get fired.
I survived a similar incident, telling our CEO at the time "you know our product can't do that, right?" I had to show my receipts, present usability studies, and faced incredible pressure, but 2 CEOs later, I'm still here... :)
Document everything. Keep good notes. You never know when it will be useful.
This is exactly what I was thinking. There are plenty of smart people that work there that would have said something before release. They were told to not rock the boat by the yes men and now Microsoft has to backpedal and pretend no one there thought about THOSE implications.
Go easy on them, they're only a 3 trillion dollar company. It's hard for them to get the resources to build well thought out and secure software.
Pathetic, so glad I've been on Linux for years. I don't miss Micro$oft one bit.
Right? Before they even officially rolled it out, there are already python scripts on github that can extract your entire recall database. They need to just stop.
Wild for sure. It's pretty clear that M$ isn't interested in making their OS anything more than a portal for their cloud products.
The overall percentage of revenue that Windows produces for them directly has been steadily shrinking for years while their Azure and cloud services/licensing has grown dramatically.
I guess it makes sense from that perspective. Call me old fashioned, but I still prefer my OS to be a platform for me to compute locally on and use as I see fit. Not be a bloated ad-ridden portal to a walled garden of proprietary web software.
Windows has gotten so bad in the last year or so, that I've actually started telling people, "Try Linux, but if that doesn't work for you, just go with Apple."
Both are scummy, evil mega corps that try to lock you into their platform forever. But at least with Apple, the cage is 24K gold with a little cushion, and you're fed avocado toast & kombucha.
Windows is a rusty, filthy prison cell where the guards randomly come in to rough you up and you're fed a steady diet of stale bread heels and gruel.
The fact that it took people not involved with Microsoft to point out and initiate internal change should be everything anyone needs to know.
You're right, nobody should ever rely on external feedback for anything. 🙄
they needed researchers to tell them that?
Well . . . the smart people they ignored when CoPilot was first proposed.
It's PR bullshit to give an excuse for backtracking basically
Internally people probably talked about how there were huge issues. Others probably said those issues are over stated and it's no big deal. They decided to release it and the press says there are issues. Then, the company decides there are issues. That simple.
Having been the guy in an org shouting not to do something only for it to come back to us this way, the finger-pointing that begins is nuts. Often the people who tried to stop the "feature" from rolling out are the first to get blamed for it being shit.
Classic CYA, make sure everything you said is in writing somewhere.
I can never again log into my email or other private account on someone else's computer.
Too fucking late. I've already installed Bluefin on two machines and Bazzite on my gaming machine. I'm not going back.
Already installed Bazzite on my Legion go with my laptop and desktop next. No reason for me not to continue putting it on my devices just because they are going to rework it. Recall is always going to be a major security risk despite a few extra measures. They have definitely shown they can't think about these things. At least there was a heads up on this one for people to point out obvious issues, but that won't always be the case.
still dont understand why you would ever want to save screenshots of your desktop and also waste disk space
To get the idea of always being watched into your head !
Literally 1984. No, like, literally literally.
Bullshit.
This whole endeavour is looking like a careful plan to implement a smaller, slightly less horrible idea in Win11, and then creep forward from there.
Remember the model to move the goal line, folks:
- Overreach
- Capitulate publicly and fall back to your true target
- Repeat
Best of all, these large steps can be supplemented by nudging things forward with 'adjusttments.'
They'll probably come to the "logical conclusion" that storing the data locally on the machine poses "too much risk" and just move the storage to their servers "for your safety"...
The damage to their reputation is already done.
Don't be so sure. This forum is a bubble, 99% of Windows users have never heard of this feature in the first place let alone any of the details about how it works.
So, between the inherent security nightmare that is this feature and the myriad of other things in Windows that push ads, steal user data, and generally make the simple act of using the computer less secure, when do we give Microsoft an APT designation and start treating them as the world's largest vendor of malware on the planet?
I think you should take a calm and sober look at what Microsoft actually does.
You may be right, I don't know, but what I do know is any time I ask people for facts I get "read the end user license agreement" which is typically the furthest from factual a lawyers will get (it's filled with claims that are designed to not hold up, but give a legal leg to stand on for other moves) or "remember candy crush!?!?" But few things in the realm of concrete facts.
The candy crush thing, or more generally the fact that since Windows 8 they preload third-party applications, is a relatively speaking small problem. However, the fact the specific applications that get preinstalled are based on a targeted advertising profile for the user signed into the PC, assuming you sign in with a Microsoft account is a bigger problem. While I'm sure they take every possible effort to make those profiles anonymous the data in aggregate is impossible to anonymize. There is a setting in Windows to disable that data collection, at least for advertising purposes, but it gets toggled back on "accidentally" after some updates.
They also have a number of features, like copilot (the chat bot), previously they had Cortana, that do similar kinds of data extraction. Mostly, in order to actually process the user request, but also to be used to train the model. They store it in an anonymized form, but again, it's impossible to actually do that in practice.
That's just two things that are installed and enabled by default that: collect user data for, what I and many others find to be unwanted purposes, don't give the user the option to disable that data collection (only limit it), and seemingly doesn't even consistently respect the users choice in that matter. That is by definition spyware.
They also place advertising on the desktop for things like OneDrive subscriptions, MS Office, and other paid Microsoft services. Those preinstalled apps I mentioned before are effectively ads for those applications, many of which are paid apps or have paid components to them. That is by definition adware.
Spyware and adware are forms of malware. Which makes Microsoft a malware vendor.
Why would anyone opt in to this? What is the point of it?
So that you can find that one porn video you watched six months ago that really got you off but you don't remember how you found it.
It's like an automated tipofmytongue but for everything you do on your computer.
"the company says"? and you believe them? why?
Best Solution is to not use Microsoft, i just setup an old Laptop with Linux Mint to see if it can work for my requirements.
If all goes well ill just use that for my main pc.
Sounds more like a way to push Microsoft accounts and Windows Hello than consumer oriented.
The Microsoft accounts are already required (without resorting to increasingly convoluted methods) and I think the hardware for Hello might be too now for OEM built computers, I'm not sure.
I mean, technically Windows Hello also includes signing in with a PIN or passkey. It doesn't require biometrics, although it does support them.
Oh, yeah, thanks for these researchers to have provided insightful feedback such as "don't record private activity", "don't store data in a plaintext user-accessible sqlite database", and "don't do that automatically to everyone elligible, what are you thinking no stop". No way anyone could ever figure these out beforehand. Microsoft was totally stumped when these showed up and most certainly is very honest when they say they're reworking it now, and not at all abusing the PR outrage to slip us something as bad in the meantime.
Anyone who trusts Microsoft for anything anymore will get what they deserve.