Microsoft will try the data-scraping Windows Recall feature again in October | Initial Recall preview was lambasted for obvious privacy and security failures

ForgottenFlux@lemmy.world to Technology@lemmy.world – 439 points – Microsoft will try the data-scraping Windows Recall feature again in October
arstechnica.com

Microsoft will begin sending a revised version of its controversial Recall feature to Windows Insider PCs beginning in October, according to an update published today to the company's original blog post about the Recall controversy. The company didn't elaborate further on specific changes it's making to Recall beyond what it already announced in June.

For those unfamiliar, Recall is a Windows service that runs in the background on compatible PCs, continuously taking screenshots of user activity, scanning those screenshots with optical character recognition (OCR), and saving the OCR text and the screenshots to a giant searchable database on your PC. The goal, according to Microsoft, is to help users retrace their steps and dig up information about things they had used their PCs to find or do in the past.

The problem was that other users on the same PC, or attackers with physical or remote access to your PC, could easily access, view, and export those screenshots and the OCR database since none of the information was encrypted at rest or protected in any substantive way.

Among the changes Microsoft has said it will make: The database will be encrypted at rest and will require authentication (and periodic reauthentication) with Windows Hello before users will be allowed to access it. The feature will also be off by default, whereas the original plan was to turn it on by default and make users go into Settings to turn it off.

72

They always keep trying again until we forget about it and it sticks forever

I saw a comment back when they announced they were "canceling" it, saying the same thing. It seems they were right. Microsoft will do anything to get their grubby hands on as much user data as possible; of course they're not going to give up that easily.

Remember how Microsoft went to court way back in the day over monopolistic practices? Yeah whatever happened to that...

"The feature will also be off by default, whereas the original plan was to turn it on by default and make users go into Settings to turn it off."

So it can be turned on again whenever another update comes.

Whoops, somehow it got turned on again 🤷‍♂️

Unless they intend on rolling this into home only there will have to be a policy to allow you to disable it from a corporate standpoint.

Yeah, like OneDrive which was supposed to be off by default, Skype which was supposed to be off by default. They love their "Off by defaults" , because for the first few updates they're off and then suddenly during a major update you have 20 new processes running because they all have services that run even if the program's off

For those who want to escape this bullshit, Linux welcomed you with open arms and gives you control of your PC. Microsoft doesn't respect you, ditch them and move to something that will.

None of these companies invent things for the user anymore. It's all tracking.

Guys guys, I think you're exaggerating a bit with this feature.

I mean, what's so bad in it to be hated like this?

Whatever is so wrong in giving a company known for their awful privacy respect and incredibly high data collection they do on the computes a history of literally everything you do on your pc, key presses included?

It's encrypted! They surely won't be able to do anything with it, right?

...

Right???

Edit: typo

Last I knew it wasn't even encrypted, unless they realized how stupid that was

So do they like plan to do something with the massive amount of hospitals using Windows?

Like it seems to me that scraping PHI might be a bad idea

Yes. They plan that all the HIPAA lawsuits they’ll fight off will cost less than all the money they’ll make from selling everyone’s private data

The solution: https://www.debian.org/

or better, MX 23 :)

Haven't tried it myself, but it looks interesting. I figure that GNOME and KDE are probably more comfortable than XFCE for general users and gamers, respectively.

I don't game so I'm using Xfce only, I love it

I game and I am using XFCE only, GNOME feels really bad for me and KDE I don't want to tinker with.

KDE has some advantages when it comes to VRR and HDR, but those features will probably make their way to Gnome and XFCE eventually too.

Or, please consider Devuan as well, to ensure there are distros without hard dependencies on systemd, an expansive attempt to cement IBM/RedHat's control over the direction of Linux through foundational changes to the init, filesystem, login, homedir, and other components...

Please don't bother replying to change my mind... never gonna like systemd no matter what. If it works for you, fine. Some of us still find it wholly unnecessary.

I specifically pointed out Debian instead of Fedora because of my discomfort with what happened to CentOS, even though Fedora comes with more out-of-the-box for desktop-users/gamers.

Linux has already switched to systemd, whether you like it or not. 99.9% of new users will only ever learn systemd, if they even learn what an init system is at all.

Debian switched to systemd in 2013, and IBM was not involved with systemd before 2019. Poettering works for Microsoft, not IBM.

The changes to init were necessary. The init scripts were legacy bloat, even in 2013. Furthermore, the work from the systemd project on creating separate daemons for other parts of the OS have brought a lot of new features and innovation to Linux.

Also, lots of nasty bugs are in systems, because of bloat. They are getting fixed slowly, but who doesn't know cases where you cannot shut down the machine, because of "bouncing stars".

I still need to look up how to write an own startup script or start two same daemons listening on different IPs. This is why I avoid systemd on servers and only leave it on workstations.

I'm a fan of powerful assistive solutions, but I'm not comfortable with something closed source and proprietary running this intimately.

In case anyone has to use Windows for certain things like I do,

HERE is a link that will provide ways to turn off Windows bullshit until you can either move over to Linux full time, or at least make your Windows partition slightly better.

I stupid. Is there somewhere that says everything this does?

You’re not stupid! I think they have a dedicated user guide that explains what the options do. You can also see what they do when you run the PowerShell command, and hover over one of the tweaks.

It’s like Microsoft doesn’t want people to upgrade to Windows 11.

No matter what, and at the cost of absolutely everything else, the line must go up. In no way, shape, or form does anything else matter. The line. Must. Go. Up.

I already have the registry entries added to disable that shit completely

O&O ShutUp10++ is a very good tool

Linux Mint is better. No hacking necessary. It does what you want exactly as you set it.

I'm well aware of how awesome linux is.

But there's too many things I use that won't work on linux

I am curious as to what that is? With how mature Linux and wine is, it's pretty capable.

the antivirus and other security things I use, mostly.

Contrary to popular belief, linux CAN get malware. And antivirus on linux and mac is watered down to just heuristics and signatures.

All very fair points. software security, its a big problem only getting worse for every OS atm.

Reflecting on recent events I have been impressed with immutibility and how nixos novel approach has really shined against the very big recent security incidents.

Edit: I should state clearly that nix is not for the faint of heart. I would only recommend it for technical IT professionals. Even then it has serious documentation problem and could do with some improvements around officially sharing configurations in the community.

software security, its a big problem only getting worse for every OS atm.

the differences on windows is that there's several antivirus programs that work well. Most are garbage, but there's several that are pretty good, and a small number of things you can add on to those setups that are awesome

Are you actually or just looking to have an argument over it in effort to prove something? Linux is definitely great. But it's still not the option for many, even if there are alt apps.

Are you actually

What wasnt clear in my comment?

It also wasnt to you, your injection is clear you need some self reflection.

Hazards of an open forum; other people will talk to you. If you don't like that, avoiding the internet or at least forums might be easier for you.

Looks like I hit a nerve though if you are already jumping to trying personal attacks though.

I asked you because too many tech people, not even just linux people, enter into this argument with bad faith. Never intending to actually hear someone out or accept their position. Setting out with the sole intention of trying to prove to someone that their platform is accessible or superior in some way. And that's just not the reality for many people when they delay leaving a platform. Evangelize all you like, but veiling it behind an attempt to help when you don't care to, is disingenuous and doesn't help anyone..

Do whatever you like, I really don't care. I was just trying to find out if it was a bad faith argument, and seems I have my answer.

Can't get me this time! Between last time and this time, I successfully removed Windows from all PCs in my life.

I'll start by saying my username is quite true, but, they're gonna have to send the data back to microsoft, so couldn't someone block the ports they use?

Ports? Hah, they'll send it straight through https if they want. To the base Microsoft domain so you can't block without basically disconnecting your install. Objectively that's what any security conscious user should do.

fair enough, just thought I'd ask smarter people.

Besides it might spoil the relationship with your local NSA agent.

No they won't (or at least they shouldn't), it's meant to be local

They should call it total recall and get Arnold Schwarzenegger to promote it.

So they fixed the major issues that people were complaining about. Let's see if people therefore stop complaining.

They fixed the most egregious oversights.

People still don't like the fact that there's built in functionality to so egregiously spy on your users.

It's Microsoft, there's always something to complain about.

Not much incentive for them to try to satisfy the complainers, then.

They don't need to satisfy the complainers, since they wouldn't be paying for Windows anyways. They need to satisfy their corporate partners who will be paying Microsoft for Pro licenses and yearly Office 365 subscriptions.

They dont care about Windows users corporate or otherwise. They care about their shareholders and the bonus pay. They make the most money by charging rent for everything. They make the most money of cloud and they steal your content to improve their products and services making them more money.

It seems to me that the major issue people were complaining about was the thing even existing in the first place (and rightly so). So by them still wanting to implement it, they have fixed absolutely nothing.

So now it's basically people who aren't going to use this tool complaining that other people who do want to use this tool will get to use it.