About a month ago we talked about the rumours, but now the feature’s officially announced: Microsoft is going to keep track of everything you do on your Windows machine by taking a constant stream of screenshots, and then making said screenshots searchable by using things like text and image recognition. As you might expect, this is a privacy nightmare, and the details and fine print accompanying this new feature do not exactly instill confidence.
First, the feature is a lot dumber than you might expect, as it doesn’t perform any “content moderation”, as Microsoft calls it.
Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.
↫ Privacy and control over your Recall experience
Well, Microsoft says Recall doesn’t do any content moderation, but that’s actually a flat-out lie. Recall will not show any content with DRM that happens to be on your screen, and private browsing sessions in Chromium-based browsers won’t be shown either. You can also exclude specific applications and websites – filtering websites, however, is only available in Edge. In other words, managing this privacy nightmare is entirely left up to the user… Except for DRM content, of course. The mouse must be pleased, after all.
It also seems Microsoft is enabling this feature by default for at least some business users, as machines managed with Microsoft Intune will have Recall enabled by default, and administrators will need to use Group Policy to disable it. There is no way in hell any company serious about data security will want Recall enabled, so I guess this can be added to the pile of headaches administrators already have to deal with.
My biggest worry is the usual slippery slope this feature represents. How long before governments will legally require a feature like this on all our computers? The more Microsoft and other companies brag about how easy and low-power stuff like this is, the more governments – already on the warpath when it comes to things like encrypted messaging – will want their hands on this.
This is such a bad idea.
“You get spied on by Microsoft, any asshole in the world knows what to do: you get a distro with a 25 year reputation, an indestructible economy shitbox laptop, you put the rest into a nice SSD and do weekly updates that’s your base, get me? That’s your fortress of fucking solitude. That puts you, for the rest of your life, at a level of fuck you. Shady website wants to install malware, fuck you. Boss wants to install telemetry, fuck you! Own your laptop. Have a couple flatpaks. Dont drink. That’s all I have to say to anybody on any social level.” -John Goodman, the Gambler
https://www.youtube.com/watch?v=zxmh6tEE3NQ
This is a privacy shitshow even by the miserable standards of Microsoft.
I simple don’t fathon anyone but paid hands doing astroturfing around that will defend or attempt to normalize that. It’s atrocious.
It’s so atrocious it makes me wonder whether it’s just a ploy to get some other, seemingly less wicked, version of this up and running, and that being their plan all along. You know. “we’ve listened to your feedback etc and so are making these changes…” but we all end up with something just as intolerable.
Oh heck no!
I’m so glad I moved to Linux 20 years ago and don’t have to deal with this crap at home.
*Le Sigh*…
I often tell my users not to worry whenever they get the typical scam mails following the form of «I am a hacker and have owned your computer. I have been monitoring you, and have a copy of your browsing habits. I have seen you _____ and _____. You can send me some bitcoins, or expect consequences».
Now… Windows users all over the world will really need to be wary of any phisher or scammer.
To be fair, it’s not Microsoft doing extra work for the “mouse must be pleased” thing. It’s that the modern DRM pipeline has no faith in the OS’s ability to protect itself from the user and offloads decrypting the content to the GPU.
Windows screenshots everything it can… it’s just that the video player really IS rendering a rectangle of solid color and trusting the GPU to composite in the DRMed video at a later stage in the pipeline.
I’m sure the private browsing windows being exempt is because of a “Don’t copy me, bro” flag apps will be able to set on Windows. I wouldn’t call that content moderation, either.
Private browsing is probably exempt because they do not want the legal responsibility of handling porn–especially non-consensual or under-aged. This is a nice clean way to filter most of it.
It’s disgusting but it doesn’t really matter if it is disgusting or is not. Nobody will do anything about it, at best somebody will threaten on the internet to now finally move to Linux, a typical meme joke. So from this point of view sure, why not and why wouldn’t Microsoft upload all this to their servers and sell the data. As what are you going to do about it.
Technology is not made for us. It’s made to serve the interests of the ruling class. (and by that I don’t mean the theatrical entities known as ‘governments’ That we get some benefit out of it technology (far less than we all think) is beside the point.
Georwell, Huxley and co. they weren’t imagining the future. They knew the future.
Orwell and Huxley were not cynical enough.
In 1984, one of the most shocking things was that there was surveillance equipment in every living room. Unimaginable. What Orwell thought is that, for this to happen, Big Brother would have to come and install it and strongly enforce compliance. Turns out that we all ran out, stood in line, paid for surveillance tech with our after-tax dollars, and came home to install it ourselves ( eg. Alexa, Siri, Google ). The same with propaganda. No need for paper slogans on the wall. We all went out and bought expensive portable devices that we insist on taking everywhere. We use them to download apps that stream “truths” to use relentlessly; we cannot keep our eyes off them.
It must be hard to be a dystopian author now. I mean, what futures are you supposed to imagine that will shock us?
My guess is the great majority of people under 20 will look at Microsoft Recall and think only “that is so handy” without any concern at all about the privacy.
I’m not sure what microsoft are up to, but Bing is totally offline. I noticed this because duckduckgo was returning errors.
“There was an error displaying the search results. Please try again.”
https://downdetector.com/status/bing/
https://downdetector.com/status/duckduckgo/
Downdetector suggests these have been offline all night and also lists teamviewer.
Anyone who can’t see we’re destined to live in a dystopian nightmare future is simply disconnected from reality.
Exactly. Digital prison is almost here and the groups pushing it are openly saying so. Though of course it’s sugarcoated (save the planet or whatever).
The reasoning is a little disingenuous in terms of privacy, it’s all kept locally and processed by the on-machine AI. It’s not beamed back to the mothership. That said, it’s still a nightmare simply for the fact that any malware will now have a nice singular location to just scrape unprotected images of your session. It’s also gross that only MS software integrates ‘privacy’, literally making every piece of 3rd party software less secure by default.
Under this rubric if I did my online banking in my privacy/security-oriented FF session, some piece of malware silently running on my machine could beam my banking history to a bad actor, just by scraping a folder.
Not to mention MS has a masters degree in finding ways to push their software even when you don’t want it, so I have zero doubts that within the next 5 years we’ll see a headline “AI screenshots silently re-enabled on millions of machines after [update]”
…
Beyond all this madness, there’s one other frustrating thing about all this: how wasteful is this feature going to be? Having an AI running in the background processing screenshots isn’t exactly going to be efficient. Is the switch to energy-efficient ARM-based processors going to be completely defeated when an hour worth of battery life is drained while background processing images in the vein effort to give users a search function they probably won’t be using? Or am I going to wait 20 seconds when I type while it goes through my history just for it to be like “You watched a cat video an hour ago. Would you like to know more about cats? [Bing link]”
I think there’s a lot of good things AI can do. I really do. I think AI could, theoretically, be the silver bullet to accessibility. But this is an answer looking for a problem to solve.
Kver,
Are we sure it’s not going to be processed in “the cloud”? Even if the initial processing is done on device, how do we know the data will never end up at microsoft? After all they’re going to want to use it for advertising purposes.
Somehow I expect all the data generated will eventually get tied to the user’s online MS account, which they are now forced to create in order to activate windows. On my work laptop I noticed that the management tools for my local accounts and software licenses are handled by a microsoft website. For some time now microsoft having been migrating away from windows as a local operating system towards windows as a service and I bet every new feature they are working on today incorporates this in some way, “Recall” is probably no exception.
I think AI, including LLMs, have awesome potential, but for me there are two primary detractors:
1. The displacement of people’s livelihoods is something we’re not prepared for.
2. It bugs me that so much of today’s technology is being designed to lock us into corporate data silos and taking away our local control.
I’m bothered by other thing. They want to have small language model meaningfully analysing the screen contents with various applications in real time? How are they going to pull that off? OpenAI starts to show something promising but thats on a huge model running on a server farm. For now it looks like standard MS practice of over promising and under delivering.
Search. For decades Microsoft, Apple, and yes even LInux have been obsessed with trying to improve local search. I don’t get it. Never have. I put things in folders so I can find them. If I can’t find something, there is grep ( yes even in windows, also I wrote my own version of grep before I knew what grep was). That is more than enough for me. Meanwhile all of these search helpers consume cpu, disk space and memory to do absolutely nothing useful for me. Furthermore this is on their brand new sparkling ARM processors with improved battery life and non upgradable memory… Just absolutely ruing things for me. No idea what to do before my current computer craps out and becomes a paper weight by mircorosft’s decree. I hope this is all a misunderstanding and like Cortana before it, it will suffer a quick death.
This right here. I remember first being puzzled by this when Windows Vista was in talks. They were talking about a ‘database file system’ that would revolutionize everything.
I do it. Finding files can be a pain. I’ve troubleshooted enough friends/family computers to know that many people are completely disorganized. However, I’ve yet to see the problem being of such scale that people can’t navigate their own systems, no matter how silly. They don’t even need real-time search. Chances are if you’re ‘regularly’ working on document, you know where it is. If you need to find something from long ago, computers are powerful enough that you can deal with a regular file search.
Advanced local search and everything is a solution looking for a problem; for the average home user and even the average corporate user.
Do you know that Microsoft already makes reports available to your employers about the time spent in Office 265 and Microsoft Teams? How long do you think until there are Recall reports sending “aggregated” data about what you are doing every 20 seconds and how that relates to your employers agenda?
Office 365 ( sorry ). No editing on OSnews.
Office 265 is probably more accurate actually; that’s about how many days per year it actually works properly 😀
Pure MBA brained idiocy. I hate it. Currently prodding all my friends to give Linux a try if they haven’t already.