well good news, this feature can be 100% disabled by your IT team, and you dont need these snapdragon high end consumer laptops in your hospital anyway.
why am i having to defend microsoft? have we all lost our minds? or do we just shoot first, ask questions later for the lulz
You shouldn’t be and Microsoft deserves this kind of behavior.
This falls well into the category of a feature that nobody asked for and which shouldn’t exist. Microsoft will make this opt out (if we’re lucky enough) and if even then it will be difficult and hidden to do so, so they’ll trap all the normal users and harvest insane amounts of data.
I have no problems shooting first when the receiving end is Microsoft, because it’s pretty much always deserved.
It's opt out now, but they have a history of making 'options' into 'not optional'. They absolutely deserve all the criticism because all of their past actions gives us a pretty good sense of what they will do in the future - which is to screw over users by making the OS do things the user doesn't want the OS to do!
> This falls well into the category of a feature that nobody asked for and which shouldn’t exist.
I am curious what makes you say that. I don't use Windows any more, but I have been experimenting with setups that basically try to do the exact same thing a fair bit lately. I've tried multiple different projects from different authors/teams that solve the same basic problem, it definitely doesn't seem like something nobody is asking for/wants.
"Its easier to ask for forgiveness than ask for permission."
There are many other well known mantras that i can't recall right now. SV and VC companies do not care in the slightest about users and their data - only about making more money (which these days always seems to involve stealing^Wwarehousing more and more data).
If you search the page for telemetry you will notice that you have to create a non existing Registry key, under the promise many services will stop working...
Also: "Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working."
But they are referring to telemetry as in updating apps metadata so using weasel words.
It just ways to manage and minimize telemetry data Windows 10 and Windows 11 send to Microsoft, focusing on settings, Group Policies, and registry configurations. It explicitly states that certain data connections,cannot be disabled. This implies that completely removing telemetry is impossible.
They are also known to re-enable these settings with each Windows Update....
It doesn't show how to disable all of it, only some. (Not to mention that they deliberately change things between upgrades so your setting may or may not work tomorrow.)
This is about Azure Cloud and Office 365. No mention of Windows OS.
Also by the way...although unrelated to the question, does not by itself guarantee compliance, as addressed in the FAQ:
"Does having a Business Associate Agreement with Microsoft ensure my organization's compliance with HIPAA and the HITECH Act?"
"No. By offering a Business Associate Agreement, Microsoft helps support your HIPAA compliance. However, using Microsoft services does not on its own achieve HIPAA compliance..."
Not to mention that HIPAA compliance specifically protects health information (ePHI). It does not cover other types of data, so companies like Microsoft can collect and use telemetry data without violating HIPAA, even if this raises privacy issues.
Not sure if you’ve been following Computex but every manufacturer I saw promised Copilot+ support with the upcoming crop of x86 chips. This isn’t going to be a one-off thing on ARM.
You know how I said "our customers"? Yeah, so it's _their_ computers facing this issue, and we have no control over the computers they use our software on. Because, obviously.
> do we just shoot first, ask questions later for the lulz
Oh mate, this is so ironic that I'm also convinced you're doing it on purpose.
I work for a company that has a product that, as part of other functionality, can selectively block access to any file, so it could simply block access to the database, or even the Recall exe/dlls themselves. We’ve been debating about releasing a simple/free “always block access to these files” app because of all the BS Microsoft is putting in. We’d probably do it under a separate company to protect the main product from retaliation. Is this of interest? What else do we need to think of?
My understanding is that the Recall database is basically a plaintext local sqlite DB, and the only security measure is that it is stored in a folder for which you need admin rights to access?
If so, how is that excusable for a company like Microsoft? I'd say even a weekend hackathon project would implement more security than that?
What further security measures were you imagining? full-disk encryption is now standard in windows 11. So how would you secure the database further from a user with admin rights?
> Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11. Recall doesn't share snapshots with other users that are signed into Windows on the same device. Microsoft can't access or view the snapshots.
You can delete your snapshots at any time by going to Settings > Privacy & security > Recall & snapshots on your PC.
A. Every few seconds, screenshots are taken. These are automatically OCR’d by Azure AI, running on your device, and written into an SQLite database in the user’s folder.
This database file has a record of everything you’ve ever viewed on your PC in plain text. OCR is a process of looking an image, and extracting the letters.
Q. How do you obtain the database files?
A. They’re just files in AppData, in the new CoreAIPlatform folder.
Q. But it’s highly encrypted and nobody can access them, right?!
A. Here’s a few second video of two Microsoft engineers accessing the folder:
so official microsoft documentation vs infosec twitter.
that's not how you back up an argument with proof. there are no microsoft engineers in that video. i see a laptop. is that from tiktok? how are you taking this guy's word for shit without even thinking? its like 13 seconds taken out of context showing a folder click and authorization (what's even happening here, is this an admin account?)
Following this logic you really shouldn’t use Microsoft products. Or Apple. Or google. Or Mozilla. Either way, you are better off with a bug in this dumb as hell feature than you are with a bug in your web browser. Yet here we are, spurging out over recall.
> A. Every few seconds, screenshots are taken. These are
automatically OCR’d by Azure AI, running on your device, and written into an SQLite database in the user’s folder.
Heads up, Microsoft runs azure. They likely get it before the local users database does.
The whole drama around with how Recall store data is misguided. The problem is not how this data is stored, it is more fundamental i.e how windows doesn't have a proper app sand boxing. MS App store apps have sandboxing and permission model but most of other apps on windows are still just bunch of DLLs and EXEs that run with all the permissions that the current user have. Until MS solves this problem there is no way to secure such things.
I can't run with full authority on Android, however. My own apps can't access my own data from other apps that I run. This is not something I can forego on my main computing device. I'm willing to tolerate it in a phone because it's just a tool; I wouldn't use a phone to store data I wouldn't mind losing.
The ability to go in and grab your own data (which you have to do using some app or another), and do whatever you like with it, such as back it up, move it, inspect it, or try to get the data into a new app because the old app no longer runs for some reason.
As a user and programmer - good. Sandboxing is what is ruining modern software. I want to be able to reach into my file system with software. I want software to be able to integrate with other software even if those programs don't have APIs or weren't designed for integration. I want to be able to easily install mods for games. Most of all I don't want to manage annoying permissions screens and popups for every non trivial interaction. My computer, my choice.
As a user I'm not realistically going to audit every new line of code in a piece of software with every update (if I even can) and I do not at all like the current model where we have to trust software creators blindly. It's the reason anti-virus/malware software is necessary on Windows.
As a developer I would much rather that users don't have to trust us blindly, "this app only needs an internet connection and access to this one directory" would be a far easier sell than the current scenario.
Popups, in the Windows UAC sense, yes, those are utter shit and train users to automatically give permission. Giving specific permissions once, more like Android, is much better.
I am both of you - sometimes I want to do things in the main filesystem, sometimes I want to test an app in a sandbox - and I use a virtual machine for that.
There is Windows S Mode where you can only run Windows Store apps and only use Microsoft Edge. That should qualify for "proper sandboxing", shouldn't it?
Then again, no one who needs an actually useful computer runs Windows in S mode.
> Then again, no one who needs an actually useful computer runs Windows in S mode.
That's because of all useful apps for Windows are not sandboxed. This is where the apps vendor have to do the required work but they are too lazy to do that.
I'm reminded a little of Android's challenges with misuse of the accessibility service overlay by trojans, and how to handle that on the user side when applications hit you with permission requests.
If the same feature were built on Android or iPhone, the data would be encrypted, and the researchers would have had a hard time accessing the SQLite file itself.
Microsoft's takeaway from this negative news would be that it needs to lock down Windows 12 by adopting designs from Android and iPhone, effectively closing it off.
It would be good for security but horrible for usability.
I recently got an iPhone and had to migrate to it from my Android phone which turned out to be really unpleasant because I could not carry over WhatsApp data.
Turns out that the SQLite database is encrypted and I can’t easily carry it over, nor even get the encryption key in a non-rooted device.
Furthermore, there is also the issue that Android only backs up to Google Drive whereas the iPhone only backs up to iCloud so I could not restore from backup either.
A task that should have taken minutes took me hours and I had to buy some questionable software.
> Your iPhone must be factory new or reset to factory settings to pair with the Move to iOS app and move data from your Android phone
As I pointed out in the post, this was pretty much the dealbreaker for me. I had initially set up the iPhone without all of my accounts, just for development, but had gradually carried over my accounts and the apps I need to use. And then I find out that I’d basically need to wipe all of the progress and start over, just because the data move can’t be initiated with an already set up phone (which probably made developing the app easier, but at the same time limits its usefulness).
FWIW I did manage to decrypt the sqlite database with the encryption key that you create for google drive backups (and should have noted down somewhere).
It's been a while, but I think I used this github repo [0], that was the first search result, and it also mentions the 64 character long key.
We've launched a FOSS alternative with OpenRecall https://github.com/openrecall/openrecall to (hopefully) work towards addressing some of the concerns people have with Windows Recall. We think it could be a useful feature but it must be (1) fully auditable/open source (2) using open source local models (3) focused on privacy/security and (4) hardware/OS independent. We're working out the roadmap currently so any feedback is appreciated.
If it's completely open, local, and trustworthy, I would definitely use it as a database of my activities. To query for and find something you didn't bother saving, for example, or combine it with RAG would be incredible. Since it's screenshotting everything - passwords, sensitive information, etc. - it can in practice never be trustworthy, though.
Even the theoretical legitimate usage is just nothing I ever wanted, certainly not nearly enough to spend the cpu, disk, and attack surface on. The value is microscopic and the cost and risk are not.
I can think of no value in a mass of ocr'd screen shots that is remotely worth the cpu and disk cost of generating them or the security risk of them merely existing anywhere, even if the code to do it was gpl.
And the real problem is not me anyway. I use linux. But not one of my relatives I care about does. They are all going to have these terrible things. I can directly take care of a few of them but not most.
Some people think it coukd genuinely be a useful feature, just like you can rewind your TV or a live stream to go back. It should really be open source however to be auditable for anyone.
I'm sorry to be that guy, but capturing screenshots is anything but "focused on privacy/security".
It should be either:
- browser only and semantically understand and hide sensitive information like password fields (or even all input fields)
- or capture stuff from the display server and make it configurable which applications should be ignored (e.g. password manager), and even prompt with each newly opened window if the user wants to remember that session
...and that's just the basics, if we go into details I'm sure there's much more to it.
Give it a few years. MS will 100% be using data collected by Recall for advertising purposes. I'm sure it will be anonymized, or at least they will attempt to anonymize it. But it will happen.
Part of the problem is that MS has never realigned their internal incentives with their stated goals. The best way to get a good bonus or a promotion is to deliver "impactful" features. Once recall is out there, teams will be chomping at the bit to (ab)use its data to quickly and easily demonstrate impact.
Compounding the problem is that MS has no overarching product vision. No one there is really championing the sort of clean, functional, no-nonsense OS that we all know Windows could be. Or if they are, they are being drowned out by people who have dollar signs in their eyes. Compounding that problem is that ICs and teams are strongly encouraged to be "data-driven", which means a sense of product vision is outright ignored unless you can repeatedly and consistently make up metrics that work towards a clean, functional, no-nonsense OS. This is difficult when your metrics are things like, "did the A group click this button more than the B group".
I know. I know. Im hoping they secure it somehow without crippling it.
But honestly, it’s like it was designed for the way I work. I dont have a trillion tabs open any more.
I run multiple projects at once plus personal stuff throughout the day. Really really poor project management. But now I just go about what I’m doing and can pickup where I left off.
Literal use case: I was writing a report for a client and had done a bunch of research on a topic, then got distracted as I remembered I needed to upgrade the homelab and wanted new unifi gear. Then got back on another project where I needed provide a summary of similar other projects we had worked on.
So after I finished the last task, I quickly pulled up the research where and where I was at, it even found items I didn’t notice initially. Then at a day later I was able to pull up all the spec sites, reddit posts and recommendations and shopping sites I found for the cheapest place to buy my new gear.
Realistically, who would ever use this? An OCR of everything on the screen, saved every few seconds? I can’t imagine finding something useful in a haystack of that size.
I swear I saw a comment or link on HN where somebody bemoaned a lack of innovation in computer interfaces, and provided some suggestions. What MS calls Recall is one of the things they suggested. When I saw Recall being announced I wondered if somebody at Microsoft had seen the same thing as me.
Microsoft Research should really drop "research" from its name. We are not talking Bell Labs-level of research here. They come up with the most useless "inventions" like Multimouse https://www.microsoft.com/en-us/research/blog/multimouse-mak... so why are we surprised that Recall is criticised so much?
But how is multimouse useless? The researcher identified a problem, investigated and produced a plausible solution. The entirety of it was driven by a ‘use’. Besides that, what would you propose calling this org that operates somewhat autonomously in an enclave within Microsoft but focuses entirely on research and is staffed entirely by PhDs and PIs?
i dont understand why everyone is so confused and outraged. first off, it doesnt affect you. even if you do buy a microsoft laptop that is being marketed as the "ai powered technology revolotion" (or whatever), its shipping from the start with almost all the tools i can think of to help you only recall what you want. application exclusion by ifn, pause the stored data / purge stored data / or opt out forever. if you use edge, you can have it ignore incognito tabs or certain websites. The feature needs to be opt in without these restrictions set up because the people who might actually benefit here are people who don't want to be bothered with those power user features. like my grandma.
anyone who is worried about screenshots leaking, do you guys remember photoshop?
we already have keyloggers, banking trojans, infostealers, and for someone to access your recall screenshots they'll be in a position to infect your laptop with all the usual suspects in commodity malware. so they could start logging your keystrokes, pilfer your chrome browsing data, or they could start downloading a 25 GB file that they can't even decrypt, and (lets just allow them to decrpyt somehow). now they get the pleasure of looking through 25 gb of cat pics and reddit hoping they might find a picture of you logging into your bank where you toggle the show password field button. or maybe you don't ever reveal the password so he gets really mad because his ISP only gives him 30GB down / month and he just burned nearly all of it. he decides to dox you and your data, but there isnt anything connecting your real identity to these screenshots (which again, couldve been photoshopped, or you could create your win11 username as Sam Altman). And none of this is even going to happen this would be the first time ive ever heard of a hands on keyboard commodity malware controller who is targeting whomever he can breach and rather than just sitting back while keyloggers and bots phone home and exfil sensitive data as text in an automated way, he's at home dealing with these massive encrpyted archive files and bajillions of screenshots.
everyone be triflin' over some bullshit here, you guys know why they did this right, not because its useful or a good use of AI. all the big guys are racing to cash in on the consumer AI market and they want to tell wall st on the quarterly earnings reports that theyve got a new go to market strategy with AI and its going to lead to N revenue, and instead of slightly faster hardware the next surface launch is gonna be huge marketing event and if you guys in nyc want to bet on ai for consumers, buy more microsoft stock.
Would you rather your it department have a root cert trust authority installed in your trust chain or recall running? The levels are already astronomical if wanted.
The nsa doesn’t need recall to gather signals. They can gather higher fidelity data directly as text, network traffic. If the historical data is what concerns you, that assumes the nsa wants to sneak in and then sneak out, but they will just stay there forever. Why only 3 months when you could stay forever.
It’d be so much easier to have recall store the data and then have the processor power do the AI analytics on the data.
You also fail to remember the past. Microsoft has a history of changing security settings with updates. Just because the data is stored locally just now does NOT mean that in a few updates time that they won’t change it.
If you genuinely cannot see that it is the slow introduction of powerful NSA surveillance tech, it just means you don’t know Microsoft enough. NSAKey and Prism - Windows has always been about NSA.
This particular surveillance software is leaps better than anything which has become before it, because now they can make the users computers do all the processing and storage. It is vastly superior than their other techniques in so many ways than the methods you mentioned.
Another thing you seem to mix up is that why would NSA have to do all the hard work to surveil system like you mentioned? They can simply hop on to the connections Windows makes to it’s own Microsoft servers. In the same way that AT&T historically had a NSA room in their premises which the entire network went through.
And by hilarious, I mean bad. Screenshots of PHI? Sweet as, just chuck them in an SQLite DB, no worries there.