Skip to main content


It just clicked in my brain. What I haven't been able to articulate about why I'm so anxious about #Windows Recall. I'm sure others have already gotten to where I am.

It's worse than "a system that tracks everything you do" and stores that info in a basic database that could be easily compromised.
It's worse than a nanny surveillance tool for companies to spy on their employees.

It's inescapable.

It doesn't matter if I make a dozen "how to disable recall" tutorials. The second YOUR data shows up on someone ELSE'S screen, it's in THEIR recall database.

It won't matter if you're a master #security expert specialist. You can't account for EVERY other computer you've ever interacted with. If a family member looks up an old email with your personal data in it, your data is now at risk.

If THEIR system is compromised YOUR data is at risk.

I just went from "vague feeling of unease" to "actively writing templates to canvas elected officials, regulators, and attorneys general."

in reply to SomeGadgetGuy

As far as I understood it - it was explained to me by a Microsoft Official - the database is secured in a similar way as your face-id data or fingerprint data is secured. It's bound to your account and even the admin can't access it, because it's not a password and stored locally. That's why only devices with certain security hardware and maximum enabled security features can even activate that feature. Which doesn't mean that won't change in the future.
Unknown parent

wizzwizz4
@droidboy @helgztech Off-the-shelf infostealing malware that is *known to Windows Defender* can exfiltrate the Recall database. (source: doublepulsar.com/recall-steali… via mjtsai.com/blog/2024/06/03/pri…)
Unknown parent

Droid Boy
@helgztech There is no safety. If it is on a device it can be hacked. The question is how hard is it. Do we have data about that?
Unknown parent

Droid Boy
@helgztech That's the thing. To be a nightmare, there should be way more risk. But with what I see how it's done, I don't see the nightmare component.
in reply to Droid Boy

@droidboy @helgztech It's an almost literal Pandora's box.
Inside may be any/all of someone's most private info, & anything their contacts have ever shared.
MS may claim that the lock they built is so strong that no one can ever break it.
But anyone with the barest hint of security experience knows that's laughably naïve.
And no one's laughing.
And we can't opt out.

Why build the box?? Everyone hates it except surveillance capitalists.

This entry was edited (5 months ago)
in reply to SomeGadgetGuy

remember the "timeline" feature in Windows 10? That was a bit creepy as well, this is timeline on steroids
in reply to SomeGadgetGuy

@mountdiscovery Microsoft depends on institutional clients, especially government agencies, many of which have stringent legal rules about access controls. There's no way Recall can be compatible with those rules.

What's astonishing me right now is that I would have expected a whole lot of Microsoft's clients to push back, "We'll have to stay with Windows 10", but I'm not seeing any hint of Microsoft backing down.

in reply to FoolishOwl

@foolishowl yup, and even though this feature is only available for newer PC with NPUs folks already hate this feature. No way it rolls out in the near future.

Microsoft should just fork Windows for consumer and professional i.e enterprises

A new OS from the ground up with all these gimmicks and Co-pilot bloatware and the other the continued legacy OS that is still compatible with all kinds of software and services.

in reply to Chirayu

@mountdiscovery @foolishowl how can it not ship?

Machines are rolling out of shops on June 18th. No way they are not already tanked with the shipping version. Hardware release is a slow process, you can't roll back on a whim.

in reply to gigantos

@gigantos @mountdiscovery I get a lot of advertisements from Lenovo, and all their new laptops have NPUs.

Intel has been saying that going forward, all their processors will have NPUs. I haven't looked as closely at AMD, but I know they're advertising gaming laptops with NPUs.

I think we have to treat hardware made after 2023 as unreliable. Probably after 2022 as well.

Also the Linux Foundation and OSI have public AI projects, and Red Hat, so I expect the Linux kernel will enable NPUs.

in reply to FoolishOwl

NPU's aren't inherently a negative. They're just a specialized co-processor for handling low precision float math quickly in parallel and with relatively lower power consumption than using a CPU or GPU for that task. From a hardware perspective it's a non issue. What software you choose (or are forced) to run that takes advantage of an NPU is where the potential problems are.
in reply to mnemonicoverload

@mnemonicoverload @gigantos @foolishowl @mountdiscovery Indeed, NPUs aren't the problem per se, the problem is Windows forcing this "revolutionary idea" on everyone by default, making Windows machines with NPUs a high level risk, Linux would still be reliable for newer machines as long as distros don't put "AI desktops" as they're main focus.
in reply to Gingerbread Nullkie

Yeah, exactly. There's also nothing stopping Microsoft from rolling out this same "feature" to Windows PCs that don't have NPUs. It would burn a lot of CPU cycles and negatively effect performance to some extent, but there's nothing exclusive to NPUs here.
in reply to mnemonicoverload

@mnemonicoverload @gigantos @NullTheFool @mountdiscovery I don't really understand what NPUs do. I'd thought they used GPUs for generative AI processing. What's most struck me is that Intel is making such a big deal of emphasizing that they will now include NPUs on their processors, implying they're as important as GPUs for consumer hardware. So part of my worry is seeing that they're going all in on this on the hardware side.
in reply to FoolishOwl

@foolishowl yes they are...

NPU becomes a great marketing tactic and differentiating factor from other chip manufactures.

in reply to FoolishOwl

@foolishowl @mnemonicoverload @NullTheFool @mountdiscovery the simplified explanation is that if you want to do the basic math operations that is used by LLMs, image processing, or machine learning, the NPU will do using less power than a CPU or GPU.
in reply to FoolishOwl

@foolishowl @mountdiscovery

When chatting with colleagues from the London Tech-Financing meet-up's about this, they said that people from UK financial regulator are already investigating. :D

From the initial conversations, it sounds like no regulated industry will be able to use this, so that cuts out 80% of MS's most profitable corporate clients. :D

in reply to FoolishOwl

@foolishowl @mountdiscovery >> Microsoft depends on institutional clients, especially government agencies, many of which have stringent legal rules about access controls. There's no way Recall can be compatible with those rules.

It’s incompatible with rules in the government and most regulated industries (including healthcare). It also screws with records management.

1/2

Unknown parent

FoolishOwl

@mloxton @mountdiscovery And as much as I advocate for the use of Linux, and for that matter, for radical social change, we're talking about institutions that people depend upon for their lives, and I can't see them all completely overhauling their internal processes overnight. Microsoft must fix this.

It reminds of Bruce Sterling's discussion of Bell Telephone being at once a for-profit company and a public service, a contradiction that was resolved badly.

in reply to SomeGadgetGuy

@SomeGadgetGuy I feel this way about Google and especially GMail! Holy crap - so much of the data consumption is a commons problem!