I've read the new "security" features they've put in place. There is an option to do X, an option to disable Y, an option to...
Look, it's all good and dandy, but when I hear "option" from Microsoft, I just _recall_ how often they are reset on every update. Do we have to list the number of "oups, that was a bug, sorry" incidents that have happened with Edge?
Microsoft did a pretty good job to ruin the little confidence we had in their name. They kind of dig their own grave.
In reality, no one will believe anything Microsoft says about Recall. All I know is this is yet another reason to avoid Windows no matter what.
The only way to make people believe Recall is not a privacy nightmare is to fully release the full source of Windows for examination by the Free Software Community. Anything short of that will be branded as "marketing speak" or even lies.
>Weston argues that this design protects against malware and unauthorized access through rate-limiting
What about "authorized access", who defines that. If Microsoft, there in lies the problem.
A TPM ensures the right software was run, not that the software is running right. Once the TPM unseals the key, software is free to do whatever with it. To imply that the TPM protects keys resident in the OS memory space is misguided.
That's certainly more than I expected and as much as one can likely do while keeping the feature useful. Only open-sourcing the whole thing would be a another step up from here.
Still not going to use that or windows for anything serious, but credit where credit is due.
Not being a security expert, this looks great at first glance and I am very happy Microsoft put in the security effort they told everyone they would. It does however raise a few discussion points:
This wasn't so hard, was it? Why wasn't it done before? To me, the fact that the new recall architecture wasn't in the initial release says that there are still huge security culture issues. But organizational culture is slow to change, and Recall has happened in parallel with the new security reforms, so you can't expect them to get rid of their old ways over night.
As others in the thread have pointed out, it seems Microsoft are promising things that are very non-Microsoft-y, like promising to never re-activate, promising an easy opt-out to never be bothered again, and promising that activating the service in the first place is an opt-in-during-install feature. Microsoft have a reputation for being a pushy company that doesn't take no for an answer, and coupled with the recent security culture issues, I have personally started recommending non-tech people to just switch to Apple now before things get worse. Can we trust that Microsoft won't backpedal on their promises? Fool me once, shame on you, fool me twice...
>Microsoft have a reputation for being a pushy company that doesn't take no for an answer
Exactly, this Recall feature exists in the context of all the user-hostile crap Microsoft has been pushing for the past decade or so. Those design decisions are a direct reflection of Microsoft's values and culture. Even if Recall itself is indeed perfectly fine, I wouldn't use it because the service operator is demonstrably disrespectful of their users' agency.
With Microsoft promising to fix their shit and promising no bad user patterns in only some cases where there has been enough backlash, it's an even worse situation than being outright bad. It makes them more unpredictable.
I bet it would also ensnare more well-wishing sysadmins and non-tech consumers who take singular instances of apologizing/fixing at face value.
That's been something I don't get. Someone at Microsoft must be aware that they've completely killed user excitement for new features over the last 10 or so years by pushing them relentlessly, the features mostly not being strictly a good deal for the users and them being hard to disable and even coming back after you've explicitly denied consent.
Surely that isn't good for MS in the long term? Having a userbase that likes using your product must be better for business than a userbase that has been taught to be wary of anything you do, and to dismiss anything you come out with based on previous "features".
Is it the typical hacker news theory of management looking for short term user number growth to get promoted, or something else entirely?
When apple releases features, most of their userbase is excited. They have learned that in most cases it's either something cool they can use straight away or an optional service that they might or might not need. Apple still does some annoyances to push their services, but not nearly as bad as MS.
> This wasn't so hard, was it? Why wasn't it done before?
Got to get the ‘feature’ out before the bubble bursts, regardless of how broken it is.
I'm very excited for this feature and bought a Copilot+PC for this feature.
I spend so so much time looking for information I saw in the past...a document, a conversation, a website, etc. This will be a big time saver and have a ton of utility.
To those that are scared of it: don't use it. I can make my own choices.
Yeah, Rewind is super useful and this is just a clone of it for Windows. It's your browser history but works for everything.
You can not trust Microsoft and that's totally valid, I don't, but I also don't use Windows. It's a really stupid line to draw if this is the straw. They control the entire OS, basically force online accounts, have been confusing the line between remote and local storage for years, exfiltrate local searches to Bing, track everything for in-app and in-os advertising and send undisableable telemetry. Does this feature just lay bare the reality you've been living under for years?
I think it's not that people don't trust Microsoft with their data (they obviously do if they use Windows, as you note), it's that they don't trust Microsoft to have performed basic diligence on data control within this feature.
> it's not that people don't trust Microsoft with their data
Let me fix that... People don't trust Microsoft.
Per the GP, there's a great deal of evidence that people have a revealed preference for trusting Microsoft, if they're already in the Microsoft ecosystem.
(I don't particularly trust Microsoft, but I'm also not in their ecosystem.)
It's on the user side of the airtight hatchway, that's good enough. If you could read my browser history you could read this and vice versa.
If I remember correctly, one of the original concerns was that the feature didn't respect user boundaries on the host machine itself. In other words: multiple users sharing a machine could inadvertently (or intentionally) retrieve information about each other.
That would be a straightforward example of "can't read the browser history for a user, but could read it indirectly via the agent."
[dead]
> “You can remove it completely, never be turned on in future,” Weston said.
That should be the headline, if true.
More aptly: they buried the lede.
An indication of the state of online publishing. Even when a story has a compelling point, it can be lost in getting it out quickly for clicks.
Honestly that sounds like how that one MS employee said that Windows 10 was "the last version of Windows" but that statement didn't actually have MS's blessing and everyone took it literally and flipped when Win11 came out.
I've heard differently. You can turn Recall off but not remove it. And if it's anything like other privacy settings, Windows Updates tend to, er, adjust those settings... to the ones Microsoft prefers you'd be using.
> I've heard differently.
From where?
Seems that this update also allowed people to uninstall it. Prior to this revamp Microsoft said the ability to uninstall it was just a "bug".
https://www.windowscentral.com/software-apps/windows-11/turn...
I want to know how this works for an enterprise work laptop. Can my employer choose to turn it on and access the information? It's the only time I am forced to use Windows.
I think you should assume that a company provided laptop is already using a tool to key log and screenshot your computer usage. That such tooling is now first party from Microsoft changes little.
You're already forced to use Microsoft's AI shenanigans. If you've been using Office suite, Microsoft recently installed an AI agent as an application update which launches on system startup. God knows what it does in the background.
How can I disable proof of presence?
That’s just making sure the water is lukewarm, so we all feel comfortable sitting in the pot.
I'm frankly stunned that Microsoft managed to turn this around (and so quickly). I think most of us were expecting this to quietly disappear, never to be heard from again. Time will tell whether the security features are what they're claimed to be, but things are honestly looking better.
Timeline suggests this has been in the works for much longer.
Microsoft needs this to work, else they’ll fall behind quickly in the personal assistant race.
The next jump in computer interfaces is going to be Star Trek style stuff and for that you need access to see what the user sees.
On the contrary, I expected that after the outrage last time, MS would just lie low until the fury died down, then plow ahead. We need some killebygoogle love for Recall here.
I guess for enterprise users this might be an olive branch, but I don't trust Microsoft. I'll stay with Linux.
Oh FFS we do not need this dystopian bullshit.
They shipped it, as terribly user-hostile, and stupidly insecurely, as they did, for some reason. Did they just not care? Think we wouldn't notice? Conveniently shipped a gaping hole for 3-letter-agencies?
That feature, with its shit security, was designed, aplroved, implemented, reviewed, and see by COUNTLESS PMs, engineers, and managers.
No one cared. That culture is rotten to its fucking core. Microsoft never gave a shit about good engineering when I was there, highly preferring to gaslight and go over peoples heads, dare they say that the entire (initial) design of VMSS is flawed, or that maybe just maybe Azure would benefit from a metadata service and machine identities. Literally "controversial" shit that resulted in my manager getting emailed.
Every, single engineer, bar one, that I respected at that company has left. Says something.
I know it's a hot take but people are out of their minds trusting a Microsoft platform if they care at all about personal or business privacy.
Lol how many times has AAD or Entra been effectively all-but fully compromised? Lol can you use an ed25519 key to deploy an Azure machine? (No)
Microsoft's entire org structure and mode of operation leads to these same results over and over across windows and azure.
When did they ship it? It was never shipped out to consumers iirc.
Honestly I think that Microsoft has such a stranglehold on the business (and therefore home because we're already familiar with it at work) market that they think they can do literally anything they want.
Are the millions of businesses that really on Ms products going to change systems? No.
Not sure what I'm getting at with this. Maybe just trying to logic my way through this decision?
When there is no alternative, your only choice is to bend over. That's what you're getting at.
Correct. Everyone wants to shit on new tech companies that corner the market at a loss just to drive up prices after they have their moat.
MS has the largest and most well guarded moat in existence. They're simply wringing out the profits now.
This reminds me of RDP. It's opt in. There's visibility. It's encrypted. So incredibly secure!
Yet it acts like an amazing built in tool for scammers that has fooled millions of people.
MS will never apparently learn that visibility and logging mean nothing to anyone unless they actually understand what the heck is going on. The same with that the countless "press yes now, no, don't read this box because it's meaningless, what you need to do is press yes to get on with life" boxes.
Giving people more complexity. More tools no one will understand or use. Like the ability to filter out specific websites. It's just the same ridiculous MS approach to everything. Except that now when people's machines are compromised it will be even worse for them.
The whole point of AI is to make things simpler for users. Not to add yet another massive layer of complexity.