• kahdbrixk@feddit.org
      link
      fedilink
      Deutsch
      arrow-up
      11
      ·
      3 days ago

      It sounds like a great idea if you don’t think too long about it and none else has it yet. People like that don’t care about security or privacy concerns, as long as there is no law against it. Gotta earn money and the competition is fierce.

      And with “people” I mean executives just as much as engineers. Gotta earn money fast > being ethically aware of the implications of your work

      • jjjalljs@ttrpg.network
        link
        fedilink
        arrow-up
        7
        ·
        3 days ago

        I guess. I mean I immediately thought “I don’t want it capturing the porn I look at”, but maybe people really don’t think about privacy at all.

        I don’t really see how it makes money, since it’s bundled into windows (right?).

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          arrow-up
          4
          ·
          3 days ago

          It makes money the same way anything like this makes money: selling your data. Maybe it improves ad revenue by giving more relevant ads, or maybe they’ll just outright sell your info.

          That said, porn is the least of your worries here, I’m thinking it might scrape sensitive info like social security numbers, bank logins, etc, and an attacker then scrapes Recall to get all of it and now you’re screwed.

          • jjjalljs@ttrpg.network
            link
            fedilink
            arrow-up
            4
            ·
            3 days ago

            I feel like it should be illegal to sell user information like that, but clearly I don’t make the laws.

            But yes that’s a good point that stealing bank info is worse than porn preferences. Though the way things are going, looking at gay stuff might be a hazard in some parts of the US.

            Man, what a stupid dystopia this is.

  • vrighter@discuss.tchncs.de
    link
    fedilink
    arrow-up
    70
    ·
    3 days ago

    well of course it does. There is no way for it to know what it is capturing. Best it can do is capture it, and maybe discard it if it manages to detect any sensitive info. Which won’t work every time

    • lath@lemmy.world
      link
      fedilink
      arrow-up
      5
      arrow-down
      23
      ·
      3 days ago

      Technically, it could be coded to recognize the various formats of strings and blur everything indiscriminately.

      • JackbyDev@programming.dev
        link
        fedilink
        English
        arrow-up
        34
        arrow-down
        1
        ·
        3 days ago
        1. OCR is never perfect.
        2. A partial credit card number or partial SSN wouldn’t match the format, but is still sensitive.
        • lath@lemmy.world
          link
          fedilink
          arrow-up
          3
          arrow-down
          29
          ·
          3 days ago
          1. Perfection is impossible. Demanding it is silly. Loopholes are unavoidable in everything.
          2. Context can be trained.
          • OutlierBlue@lemmy.ca
            link
            fedilink
            English
            arrow-up
            36
            ·
            3 days ago

            Perfection is impossible. Demanding it is silly.

            In this case perfection is very easy. It could avoid capturing 100% of credit card info by not taking screenshots of everything.

            • veee@lemmy.ca
              link
              fedilink
              English
              arrow-up
              6
              ·
              3 days ago

              Reminds me of my favourite quote:

              “You miss 100% of the screenshots you don’t take.”

          • Olgratin_Magmatoe@lemmy.world
            link
            fedilink
            English
            arrow-up
            21
            ·
            edit-2
            3 days ago

            Demanding perfection for a system as dangerous as recall is not silly.

            It’s like keeping an armed nuclear bomb in the center of a city at all times and being like “hey, it’s ok that it’s activation sequence isn’t perfect, it probably won’t go off”.

            The solution to make it perfect is to not install the nuke/recall at all.

            • ArchRecord@lemm.ee
              link
              fedilink
              English
              arrow-up
              6
              ·
              3 days ago

              It’s like keeping an armed nuclear bomb in the center of a city at all times and being like “hey, it’s ok that it’s activation sequence isn’t perfect, it probably won’t go off”.

              Obligatory mention that for 20 years the launch code for nukes in the US was 00000000.

            • lath@lemmy.world
              link
              fedilink
              arrow-up
              1
              arrow-down
              9
              ·
              3 days ago

              Even nuclear technology isn’t perfect, yet people are pushing for it in spite of the dangers.

              Is the solution to give it up completely?

              Please.

            • lath@lemmy.world
              link
              fedilink
              arrow-up
              2
              arrow-down
              21
              ·
              3 days ago

              Because malware is already using such methods to steal credentials, so by having something “legitimate” work towards preventing such situations, a countermeasure will eventually be born.

              Right now, all kind of applications take screenshots and send data without user’s knowledge. If something like blurring can trigger automatically and modify what is being sent, then the user will have some protection available instead of none.

              • vrighter@discuss.tchncs.de
                link
                fedilink
                arrow-up
                11
                ·
                3 days ago

                how will capturing screenshots prevent other software from capturing screenshots?

                And we all know countermeasures don’t exist. They can be used to train the ais out of their own existence.

                • lath@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  10
                  ·
                  3 days ago

                  Depends. Can anyone with the know-how create a custom way of taking a screenshot/capture independent of all others or do all methods have to use an immutable function as the base?

                  If the former, i agree with you. If the latter, you’re kinda wrong to believe so.

              • BCsven@lemmy.ca
                link
                fedilink
                arrow-up
                11
                ·
                3 days ago

                Recall is not anti-malware though, the mal-ware can still do its own data gleaning. This is just an AI feature solving a problem that nobody had.

                • lath@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  11
                  ·
                  3 days ago

                  Many problems in the past were solved by inventions that were meant for other things. Seeing something for what it is and ignoring its untapped potential is a narrow view of life.

              • JackbyDev@programming.dev
                link
                fedilink
                English
                arrow-up
                4
                ·
                3 days ago

                Programs can already be refused from being able to view screen contents. If malware is able to circumvent this, why do you believe it would abide by the filtering rules? Further, if you really do believe this is useful, Microsoft could implement this technology without also randomly screenshotting your computer.

                • lath@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  6
                  ·
                  edit-2
                  3 days ago

                  If a malware bypasses a function directly, then closing that loophole would force future versions to find more complicated ways of achieving the same thing, which makes them more visible in the long run.

                  Edit: Also, Microsoft sucks. But now that the ugly crap is out there, you’ll come to face it eventually. Why not be more prepared?

          • ArchRecord@lemm.ee
            link
            fedilink
            English
            arrow-up
            8
            ·
            3 days ago

            Perfection is impossible. Demanding it is silly.

            1. This isn’t even a matter of perfection, this is Recall barely managing to censor the most blatantly sensitive information (see: the article saying “I also created my own HTML page with a web form that said, explicitly, “enter your credit card number below.” The form had fields for Credit card type, number, CVC and expiration date.”)
            2. Demanding a system protect user data is not silly, it is necessary. And if a given system can’t do that, then it should never be used. Especially considering the fact this is likely going to make its way onto PCs handling extra sensitive data with strict privacy requirements, such as medical data protected by HIPAA.

            Context can be trained.

            1. Maybe Microsoft shouldn’t have released a tool until it had that context then?

            If a company releases a half-baked tool that doesn’t do what it advertises, easily fails in simple attempts at identifying sensitive data, and is almost impossible to guarantee data security with, then it should never be used or advertised for any context in which any sensitive data could ever be present.

          • vrighter@discuss.tchncs.de
            link
            fedilink
            arrow-up
            4
            arrow-down
            1
            ·
            3 days ago

            no, it cannot. It implies you having samples of every form possible so the llm can interpolate. And even then, something sensitive to me might be harmless to you. The llm cannot know your intent.

      • vrighter@discuss.tchncs.de
        link
        fedilink
        arrow-up
        23
        arrow-down
        1
        ·
        edit-2
        3 days ago

        that would require knowing the formats of strings. And it requires the text to be text.

        What if you had a photo of a handwritten piece of sensitive information?

        • dependencyinjection@discuss.tchncs.de
          link
          fedilink
          arrow-up
          14
          arrow-down
          1
          ·
          edit-2
          3 days ago

          I doubt that OCR (optical character recognition) is done on device so it likely being sent to some server for processing.

          As a software engineer, in any of our corporate applications when a user hits delete we toggle an archived flag, but the data is still there. So I wouldn’t trust any application to do what it actually says.

          There are so many technical barriers for recall to ever be able to not snipe your private data that I wouldn’t go anywhere near the thing.

          Edit: Furthermore, what happens when MS inevitably gets hacked again and someone steals all the data it has and then starts using that to commit fraud.

          • JackbyDev@programming.dev
            link
            fedilink
            English
            arrow-up
            16
            ·
            3 days ago

            As a software engineer, in any of our corporate applications when a user hits delete we toggle an archived flag, but the data is still there.

            What many people don’t realize is that this is how some low level data stores work as well. Even regular ol’ file systems do this (basically).

        • lath@lemmy.world
          link
          fedilink
          arrow-up
          2
          arrow-down
          6
          ·
          3 days ago

          I don’t understand your meaning. Screenshots of a photo are still screenshots and manipulating text on a photo is already a thing (you can use phone camera to translate text directly from a fixed surface).

        • lath@lemmy.world
          link
          fedilink
          arrow-up
          6
          arrow-down
          1
          ·
          3 days ago

          In that case, instead of blurring, let’s have it turn the device into an I.E.D.

  • Australis13@fedia.io
    link
    fedilink
    arrow-up
    76
    arrow-down
    1
    ·
    3 days ago

    Doesn’t surprise me one iota. This is why I will be abandoning Windows next year and moving to Linux and doing the same for my parents.

    • over_clox@lemmy.world
      link
      fedilink
      arrow-up
      27
      ·
      3 days ago

      Why wait? Hell, you can test out a live distro in a virtual machine to start learning about it right now before taking the big leap. Unless you’re already familiar with Linux anyways. 🐧

      • Australis13@fedia.io
        link
        fedilink
        arrow-up
        12
        ·
        3 days ago

        Indeed I am. I already have a dual-boot setup on my laptop (not yet on my desktop) but need to finish testing Linux alternatives and/or running under WINE for some of my Windows-only software. I’ve been slowly chipping away at that over the past few months and expect to continue to do so over the next few as well, after which I hope to be ready to completely switch over.

      • JackbyDev@programming.dev
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 days ago

        I’ve been trying to buy a new computer for years. I finally put the remaining pieces on my Christmas list lol.

    • DashboTreeFrog@discuss.online
      link
      fedilink
      English
      arrow-up
      9
      ·
      3 days ago

      Same boat! I’ve switched over two of my lesser used devices to Mint already (an old surface tablet and my work laptop), only hesitation is with my gaming machine. Everything has been set up just how I like it so I’m not eager to start from scratch there but once I’m confident and comfortable on my work laptop I’ll make the switch there too

      • LucidNightmare@lemm.ee
        link
        fedilink
        arrow-up
        5
        ·
        3 days ago

        While dual booting into Pop, I can see my Windows SSD and all of its contents. It might make testing a little easier for you!

        • swab148@lemm.ee
          link
          fedilink
          arrow-up
          5
          ·
          3 days ago

          Running games from the NTFS partition won’t work very well/at all, you’ll want to redownload those to a Linux filesystem.

          • LucidNightmare@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            3 days ago

            I was speaking more of any of their applications they were wanting to run through Wine for testing purposes.

          • Malgas@beehaw.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            3 days ago

            I’ve been running games from an NTFS drive through Lutris with no issues.

    • sem@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      7
      ·
      3 days ago

      I’m so mad that I’m going to call customer support, they’re going to look at my social security, phone number, password, whatever in recall, and I don’t have a choice except to not interact with other people on computers.

  • NaibofTabr@infosec.pub
    link
    fedilink
    English
    arrow-up
    42
    arrow-down
    1
    ·
    edit-2
    3 days ago

    The only way it could possibly censor sensitive information is if it captured it in the first place and then determined that it was in a sensitive category and then censored it. Recall still has to capture it first to make that determination.

    I don’t understand why this isn’t everyone’s immediate thought after hearing Microsoft say their system would censor sensitive information. How could it possibly know what to censor without reading it first? Of course it’s going to invade your privacy, and then maybe they’ll selectively delete some of it when you ask them to.

    I wouldn’t be surprised if it all gets uploaded to cloud storage first, and then the “sensitive” stuff gets deleted from the local storage only.

  • Eryn6844@beehaw.org
    link
    fedilink
    arrow-up
    17
    ·
    3 days ago

    how in the hell do they think this is going to go over in It for corporate America with sensitive data on everyone’s workstations?? what about the rest of the world ?

    • ArchRecord@lemm.ee
      link
      fedilink
      English
      arrow-up
      9
      ·
      3 days ago

      This will go over extremely well. (for the CEOs) Management, ignoring all advice by the company’s IT people, will order them to enable Recall to “improve productivity” because one guy on LinkedIn said it made him one quattuordecillion percent more productive, IT will protest but will be inevitably shot down. Everything will be fine for a bit until some attacker inevitably gets into their systems and steals the Recall data from all their active workstations, leading to the compromise of almost every system they have.

      They offer their customers 1 free year of credit monitoring, promise to do better, never get punished by the law, rinse and repeat.

      Meanwhile, the CEO’s paycheck will never take a hit no matter what they do.

    • BeardedGingerWonder
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 days ago

      I can’t imagine there’s any way someone with an enterprise license can’t either switch this off or, more likely, capture it internally. Will wait for a windows enterprise admin to confirm or deny.

  • JeeBaiChow@lemmy.world
    link
    fedilink
    arrow-up
    36
    ·
    3 days ago

    Im always astounded at how tech companies swing between ‘for your convenience’ and ‘for your security/ privacy’, and how often users just take them at their word, then wonder why the noose on the neck of their personal choices and freedoms keep getting tighter and tighter.

  • MajorHavoc@programming.dev
    link
    fedilink
    arrow-up
    27
    ·
    edit-2
    3 days ago

    PSA - It’s probably gonna capture religious and political affiliations and weird pornography fetishes, too. Lol.

    As was mentioned, it’s just a bad idea.

    Edit: Here’s a particularly cynical prediction: Joe Consumer angry to learn that Recall backups were used to lower his credit score, and (incorrectly) deny his insurance claim.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      arrow-up
      9
      ·
      3 days ago

      Benefits:

      • a little better local search?

      Downsides:

      • identity theft
      • more intrusive ads
      • loss of insurance coverage
      • ruined relationships
      • scammers draining bank accounts

      Seems reasonable.

  • BuoyantCitrus@lemmy.ca
    link
    fedilink
    arrow-up
    10
    ·
    3 days ago

    The new version of Recall is now opt-in rather than opt-out – I got prompted to enable Recall immediately after installing the Insider Build.

    This seems to be the important bit, hopefully it stays opt in.

  • Fizz@lemmy.nz
    link
    fedilink
    arrow-up
    4
    ·
    2 days ago

    What is the advantage that this is supposed to provide?

    Just make a history tab that shows all the programs I’ve opened and when. I opened them.

  • DaddleDew@lemmy.world
    link
    fedilink
    arrow-up
    18
    ·
    edit-2
    3 days ago

    Oh look! Microsoft is doing the thing they assured us they wouldn’t do! What a fucking shocker! What is it, the tenth time this year?

  • N0body@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    3 days ago

    The Windows 11 migration is mandatory, and there is no lube. They’ll gradually lower the tech requirements as it approaches to minimize people looking for alternatives.

    But make no mistake, Microsoft is asserting the leverage of its market share for full enshittification. Linux or Mac or eat the shit they’re giving you.

    • patacon_pisao@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      3 days ago

      They’re gonna do the most to get people to use Windows 11, but they really dropped the ball with the ads, surveillance, and how shitty it’s become the past few years.

      • BeardedGingerWonder
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 days ago

        You think the average Joe knows MS are now taking screenshots of their desktop and storing it somewhere on their server?