A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel's back
A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel's back
The world is up-in-arms over Windows Recall, but why? It stems from Microsoft's seeming lack of care for Windows and its users.
It's a nightmare scenario for Microsoft. The headlining feature of its new Copilot+ PC initiative, which is supposed to drive millions of PC sales over the next couple of years, is under significant fire for being what many say is a major breach of privacy and security on Windows. That feature in question is Windows Recall, a new AI tool designed to remember everything you do on Windows. The feature that we never asked and never wanted it.
Microsoft, has done a lot to degrade the Windows user experience over the last few years. Everything from obtrusive advertisements to full-screen popups, ignoring app defaults, forcing a Microsoft Account, and more have eroded the trust relationship between Windows users and Microsoft.
It's no surprise that users are already assuming that Microsoft will eventually end up collecting that data and using it to shape advertisements for you. That really would be a huge invasion of privacy, and people fully expect Microsoft to do it, and it's those bad Windows practices that have led people to this conclusion.
Microsoft has built a number of safety features into Windows Recall to ensure that the service can't run secretly in the background. When Windows Recall is enabled, it places a permanent visual indicator icon on the Taskbar to let the user know that Windows Recall is capturing data. This icon cannot be hidden or moved.
Oh my, that one is really cute
I figured on my gaming and VR rig that I’d begrudgingly upgrade it to W11 when W10 stopped receiving security updates and support but at this point the recall feature (which will be used to train LLMs regardless of what Microsoft promises or guarantees) has ensured that I never install that kind of spyware as an operating system.
I’d rather spend forever troubleshooting and getting my Valve Index to work with Ubuntu than deal with a giant backdoor.
A lot of people here seem to be missing the nuance.
Sure, it’s problematic for their consumer market share, but you’re right that that’ll probably be forgotten by the mostly tech-illiterate populace over time. But that’s not the problem.
Step 0 of MS’s plan for this should have been “make sure there is an absolutely bulletproof and ironclad way to disable that stuff completely for enterprise customers”. And they didn’t do that. So now, enterprise IT writ large is going to… you know… just not buy any of these devices. Which is absolutely their right.
But the really frustrating bit is that MS may have significantly harmed the rollout of ARM-based laptops (as well as x86 chips with beefy NN-optimized tiles) with this, and additionally done real, massive harm to Intel, AMD, and Qualcomm by doing so. All three of those manufacturers have gone to ENORMOUS lengths to roll this tech out, largely at MS’s behest. They’re all going to take this on the chin if the rollout goes poorly. And the rollout is already going poorly.
But MS thought they could Apple-handwave away the details. And they can’t, because a lot of people who understand the absurd security implications of continuous capture and OCR and plaintext storage of the OCR output. It’s not something you can handwave away. It’s entirely a non-starter in the context of maintaining organizational security (as well as personal data security, but we’ve already talked about why that’s a bit of a moot point with the general public). But enterprise IT largely does try to take their job seriously, and they are collectively calling MS’s bluff.
The problem for the long term is that MS has pretty much proven to the IT industry with this stunt that they can’t be trusted to make software that conforms to their needs. That’s a stain that isn’t going to go away any time soon. It might even be the spark that finally triggers enterprise to move away from MS as a primary client OS. After all, Linux is WAY easier to manage from a security perspective.
TL;DR: the issue is that MS has significantly damaged their reputation with this stunt. And you can’t buy reputation.
Edit:
The article has an update:
Update noon ET June 7, 2024: Microsoft has released a statement noting it is making three significant changes to how Recal works including making it opt-in during setup, requiring Windows Hello to enable Recall, proof of presence is now required to view your timeline, and search in Recall, and adding additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so that snapshots will only be decrypted and accessible when the user authenticates.
It’s definitely a move in the right direction… but it also begs the question of why didn’t they do that in the first fucking place? Seriously, some heads are gonna roll over how badly this whole release was planned, and the very clear lack of due diligence.
Pfffttt, Microsoft has been there, done this, and got a whole closet full of tee shirts for stuff like this many times over the years. In the end the users don't care and can't stop it. And they are, by in large, too lazy to change to something else to completely avoid it.
It hasn't ever affected the bottom line enough to matter to them. They will just pull this
bugfeature and wait for a better day. Or perhaps they will figure out a way to introduce it piecemeal to disguise it better.It's also important to remember that Microsoft has no monetary incentive to force people to use Windows Recall.
With that in mind, there would be no reason for Microsoft to automatically enable Windows Recall in an update down the line. If it does happen, the user will be able to instantly tell thanks to that that visual indicator and turn it off again.
This article is nothing but propaganda. There is huge monetary incentive to force people to use Windows Recall and collect their data, and Microsoft routinely uses Windows Update to enable data collection. They began that practice years ago on Windows 7. It's a ridiculously simple matter for MS to disable the visual indicator and force This Week's Plan on their users to monetize their data.
Windows Central pretends to be critical of plans to enable a feature that can be made into malware by Microsoft in a couple of minutes, but then back peddles and says it can't be done (utter BS) and if it could be, it wouldn't be that bad.
This is status quo for every large corporation. Microsoft, Apple, Amazon, EVERY SOCIAL MEDIA PLATFORM, Roku.... They all, ALL, push boundaries to see what they can get away with to not only sell you something, but also make you the thing they sell. Sometimes they're bold enough to make it public what they're doing, sometimes, it's a leak that happens when people find out how little the company actually cares about it's users (Apple, so many user data leaks).
TL;DR:
- Windows Recall, part of Microsoft's new Copilot+ PC initiative, has sparked major privacy and security concerns.
- The feature uses AI to capture and store screen data locally, allowing users to search for past activities using natural language.
- Despite assurances that data is not uploaded to the cloud or used by Microsoft, user trust is lacking.
- Microsoft has a history of practices that have eroded user trust, including obtrusive ads, ignoring user preferences, and requiring Microsoft Accounts.
- Users are skeptical, fearing future misuse of the collected data for advertising or AI training.
- Windows Recall reportedly stores data unencrypted, making it vulnerable to access by third-party apps and potential malware.
- The open nature of Windows amplifies these risks, unlike more secure systems like iOS and Android.
- Users have compared Windows Recall to spyware, with many threatening to switch to other operating systems like Linux or Mac.
- Microsoft's attempts to keep the development of Windows Recall secret did not help build trust.
- Windows Recall will only be available on new Copilot+ PCs, requiring specific hardware not present in existing PCs.
- Users will have the option to disable the feature, but there are concerns about it being enabled by default.
- Despite security issues, the feature is effective in helping users find lost or forgotten data.
- It could improve productivity if trust and security concerns are resolved.
Outside of the "Microsoft bad" comments, this is a prime example of why big tech companies need to stop promoting AI leads to a position where they are able to have influence over initiatives outside of AI.
The worst thing to happen to basically every product/service in tech right now is AI. It's made Google unreliable in the eyes of normal people for the first time in decades, it's destroying trust in Amazon content across reviews and Kindle, it's adding features to Facebook that no one ever wanted, etc.
I finally switched to Linux Mint a week ago. I've just had enough of Microsoft and I couldn't think of any more reasons why I shouldn't switch.
I've got Libre Office for all my productivity needs. All my Steam games work under Linux. My VPN works just fine. Firefox for web browsing. Thunderbird for email. And Wine to run those 1-2 Windows programs that I just can't do without.
Microsoft: oh no we might loose 0.0000001% of users, it doesn't matter since we can shove our software down people throats
I know it's WindowsCentral but the article has some pretty naive takes. Given the propensity of threat actors to target Windows due to its market share it's impossible to not see a system that records user activity as a huge treasure trove for both malware and hackers.
It also doesn't mention that Microsoft claimed that it would be impossible to exfiltrate Recall data and of course researchers found it not only possible but trivial, with the data lacking even basic protections. Assurances that there are mechanisms to prevent Recall from secretly monitoring you mean nothing when prior assurances about safety have been found to be paper thin at best.
Further it ignores that telemetry gathered by Windows has dramatically increased in the last several years with methods to disable it being eliminated or undone by OS updates. Microsoft is hungry for user data and it would be absurdly naive to think that Recall won't be a tool they use to gain more of it. If not now, then definitely later.
The author does point out that Recall has been weirdly under wraps, avoiding the usual test bed for new feature rollout. Microsoft has been acting shady about the feature and then the feature itself does shady things (like record PII, credit card data, etc.), of course users are going to think the worst. At this point it's a survival tactic.
Microsoft doesn't have trust issues because of bad PR or a few missteps. Microsoft has trust issues because they have violated user trust repeatedly for decades. They have done nothing to make users feel like they care at all about keeping Windows secure and safe and they clearly have no regard for user privacy. This only question is whether this backlash will do anything to make Microsoft reconsider the way it treats its users. I predict they will learn all the wrong lessons from this.
TIL: There are still people that trust Microsoft.
I do think that the concept of recall is very interesting, I want to explore a FOSS version where you have complete ownership of your data in a secure manner
Man, there is a LOT of people in this thread hoping to normalize this, or pretend it will happen anyway, or that it's 'not really a PR disaster', or that people will ignore it, or-
Go make your money elsewhere, christ.
The switch to Linux will have to come from the bottom up. Corporations will NOT switch until Microsoft costs them serious money.
OH, it was been a long time coming seeing this type of headline again, it's....glorius!
Microsoft is most years a #1 and sometimes a #2 Funder of: Rust, Python, and Linux. Are those destined for an E^3 "rug pull" too? Will it ever stop this kind of behavior, consistently conforming our behavior to itself with the money and industry position it leverages?
Don't forget in calculating that industry position that OpenAI is now able to contract to the DoD for offensive capability.
dumb fucking corporations will still line their pockets with money.
The struggle is real for M$ - recall is a Security Incident waiting to happen.
I don't think this will bury MS because they can easily market this to enterprise clients ( if they haven't already ). Recall is a particularly useful tool for any employer that wants to keep track of everything employees do, especially in an age of WFH. They probably figured they can take the PR hit from users concerned about privacy and move on unaffected.
Microsoft has already taken a step back: Microsoft implements drastic changes to Recall after criticism
- Recall needs to be enabled during installation
- Windows Hello is needed so that only the users can view it's own screenshots
- Recall database will be encrypted
Linux!: Had set It up years ago when it was a slog. Came back recently after Windows did this— and it was so much easier.
Work? Yes. The comfort of knowing I’ve put off for one more day the tech ubergods carving my life open? Also yes.
I know that I shouldn't, but here's what I think about this whole deal, illustrated with a single image macro:
Get wrecked, Microsoft.
I think that the article does a good job highlighting how much of a trainwreck this is, because Microsoft is not to be trusted. The Windows users hysterically complaining about this are not expecting Microsoft to behave in some outrageous way; they're expecting Microsoft to behave as usual.
Aside from the security nightmare, I'm really curious what havoc the LLM can cause by hallucinating stuff, based on how suggestive a question is asked.
Wife on husband's account: "What dating sides did I visit this year?"
"Here are the 5 most popular dating sides you visited last year:...""When was the last time employee X watched porn and on what side?"
...Microsoft lost my trust a long time ago. For the last 10-15 years, my only relationship with them is, "how much sh*t am I willing to put up with before I switch to something else?"
And CoPilot/Recall was the breaking point.
As much as I liked Visual Studio, its privacy intrusiveness was my final straw.
Most male computer uses watch porn and would not want an AI to log that. Many women find porn sickening and don't understand it and will never understand male urges that result in watching it. The fact that this got into a finished product tells you a lot about Microsoft's corporate culture.
No one working there really cares about the company enough to bring up uncomfortable issues, they are all there just to get their paycheck and actual outcomes be damned. The culture their must be toxic for this product to have been put into a product enabled by default.
If this was a top-down decision and there was no input by others into it, it leads to questions over whether this feature was forced to be included by the government, which can easily require corporations to do anything and then issue gag orders and whether it was some sort of test to see how much intrusive spying bullshit that regular consumers will tolerate now. If this was a feature that was forced into the product, the plan may have been to turn it off by default after negative feedback, but then just keep it in the program for when governments want to turn it on. Governments may have realized it in any capacity such a terrible feature would result in outrage and may have thought this was the path of least resistance, like saying "Would you like to eat a bowl of shit? No, okay, we'll just give you these brussel sprouts"
Glad I switched from PC to Mac back in 2022 because I was pissed Microsoft was forcing me to upgrade hardware to switch to Windows 11 which I didn’t want. Apple to me is more private and will be more thoughtful with their AI tools to expand user functionality. Screw Microsoft. This is a user that had used PCs since the late 1980s…
The article was revised with a PR release from Microsoft saying they'll make the feature opt-in.
Let's of course not forget that things like upgrades to Windows 11, and use of an MS Account instead of local account, were opt-in...until they weren't. Require them to sign a contractual agreement that this feature will remain opt-in forever.
The average user is not even going to know this was a thing
This is the best summary I could come up with:
As CEO Satya Nadella described it, Windows now has a photographic memory that uses AI to triage and index everything you've ever done on your computer, enabling you to semantically search for things you've seen using natural language.
Your favorite web browser, video editor, or music streaming app of choice could release an update that begins scraping data from Windows Recall and uploading it to its own backend.
Many have already assumed the worst; that Windows Recall will eventually be used as a means to sell data to advertisers and train AI models, and that if it's not happening today, it's only a matter of time.
It's a feature reserved exclusively for new PCs shipping under the Copilot+ umbrella, which means if you want to use it, you'll have to buy a new device with a neural processing unit (NPU) that can output 40 TOPS of power first.
But there's a very dark cloud hanging over this feature right now, and a lot of privacy conscious people are simply not going to be able to subscribe to the idea of Windows Recall in its current form.
I suspect this means we will see new features and capabilities added to Windows Recall over the coming months, along with updates to ensure the data it collects is secure on the device.
The original article contains 2,259 words, the summary contains 219 words. Saved 90%. I'm a bot and I'm open source!
Well, getting their OpenID Signing Key for Azure Active Directory stolen was magnitudes worse in my opinion.
Why is Lemmy showing me news from the 00's?
For those of you that don't know about this OS and are tired of Microsoft's bullshit, you can look into supporting ReactOS as a true Windows alternative which needs it, and you feel you want to give the middle finger to Copilot, Copilot+ PC initiative, and Windows Recall. It can even be made to look like you have went back in time to the Windows XP era with the use of a theme and yet its not Windows, and could run things that you could already run in Windows 10. If even says you can fork it on Github, meaning you could choose to labor for months using it and Linux Technology to build a better OS to replace Windows using it and Linux Technology. And if you already going going FOSS by using Libra Office instead of Microsoft Office, LibraWolf instead of Firefox, and are currently looking to FOSS for your paint program and other things you use, why not look into going FOSS with your OS as well.
Microsoft has done nothing to earn any good will or trust. Everything seems to spite the user or just harvesting maximum user data.
It's not gonna affect their bottom line though. Microsoft are doing it because they know they can get away with it and drag the bar so low that they'd make RealNetworks circa 1999 look like privacy-respecting saints.
Your average Joe cannot afford the second mortgage needed to finance a MacBook purchase, and they'd have an aneurysm if presented with a Linux terminal.
And don't even get me started on business and professional use. Many businesses rely on proprietary or even bespoke software that doesn't run well, sometimes not even at all on Linux. Cheap (even FOSS) alternatives are often dogshit. And before you dispute me on that fact, can you name one web designer that would use Affinity Photo, GIMP or PDN over Photoshop? Or could you name one person that prefer AbiWord, OpenOffice or LibreOffice to Microsoft Word?
PC Gaming is one of those use-cases that has evolved by leaps and bounds... until you realize just how many multiplayer games rely on a form of anticheat. Many of these solutions are straight-up incompatible with Linux.
Seen gamers install things worse then Recall. So to them they won't care. Unless it hurts their latency or fps.
Forcing advanced keylogger to your system that anyone who has skills to break into your system can exploit freely does that
Probably not only for Mucroshit. The industry as a whole is intrusive. Soon there won't be a single place to run to between our home, our place of work, and everything in between. Churches, parks, roads everything is just micro spying on us constantly.