Microsoft's Recall

Oh, Microsoft, never change. This seems like a terrible idea on so many levels.

Yeah, this is a terrible idea. It captures everything on screen, including your passwords and other secret data. Who in the world thought this would be worth the security trade off?

I’m actually surprised Microsoft hasn’t killed it already.

This is going to be amazing for those people out there suffering domestic violence from abusive partners. Oh, sorry, I meant it’s going to be amazing for the abusers.

I assume and hope it will become SOP for shutup10 et al to nuke this shit from orbit.

Hopefully in a couple of years all that we’ll be recalling is how dumb this idea was.

I think about this feature like Google Glass. Yes, it’s a cool idea and solves some problems that some people have sometimes, but overall it creates more problems than it solves, and it’s not worth the privacy tradeoff.

We already have a name for software which might purport to do something useful, but which continuously monitors your actions to make your data available for exfiltration and can’t be removed: spyware.

If this feature is mandatory it would be enough to get me on Mac. Or… Linux shudder

It’s amazing this made it as far as it has. You can’t tell me no one in the organization didn’t take precisely 2 seconds to figure out how this could be used in bad ways.

They don’t care, because…AI!

This is peak executive not having any fucking clue how their business (and customers) actually operate.

Right? I’m not surprised some moron pitched it. It is surprising it got this far.

I can’t see my employer even allowing us to continue working on Windows machines if this goes live. Their constant fucking with people’s telemetry settings on OS updates isn’t going to do them any favors here, as I doubt anyone will have any faith that it can be turned off and will stay off.

I see a recall of Recall coming soon. My understanding was that this wasn’t a feature Microsoft was planning to implement by default, but a feature you could add or possibly even purchase. What a dumpster fire. Unbelievable that nobody at any point in development stopped for two seconds to think about how this could be exploited. This has all the hallmarks of executives demanding “How do we leverage AI into Windows as soon as possible for a marketing win?!”

I can also see hilarious unintended results from the AI as well, like during the launch demo : “Welcome back Mr. Nadella, would you like to resume watching the video Tiny Blonde Destroyed By Three Huge…”
‘RECALL STOP!’

Pretty sure I heard it would be on by default on Copilot Plus PCs.

So it is…wow, nice job Microsoft. At least it can be easily disabled.

Seems thematically appropriate, really. “PC built to use Grand Theft Autocomplete also makes it easier for other people to steal your data.”

MS did not include Recall in any of the Insider builds prior to announcement. If they had, they would have gotten all this feedback months ago from testers. Instead they wanted to make it a big surprise, a One More Thing, except it backfired spectacularly because they didn’t get any feedback from outside.

So now they have to do all this damage control. They’re going to encrypt that database separately and it can only be unlocked using Windows Hello, which means have to be present and give permission to unlock it. It will also be opt-in.

Second, Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall.
Third, we are adding additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.

Frankly, that should have been designed that way from the start. That’s what I assumed they meant when they said it was going to be encrypted. Instead, they just meant your entire PC is encrypted at rest via device encryption/bitlocker.

It isn’t s terrible idea, it’s a great idea that I can immediately imagine being useful. They just need to secure it.

The challenge is windows is an open operating system and the user can be root. The solution is some sort of secure enclave. The problem is it looks like those Qualcomm SoCs don’t support one. Neither do AMD or Intel. This requires dedicated hardware to be secure.

I suppose it could also be enforced via hypervisor. Whenever you activate hyperv on windows and are forced to reboot what’s actually happening there is windows itself no longer runs on bare metal, it’s hypervised. So that could be a solution there in software.

A lot of Microsoft’s idea of a Secured Core PC revolves around using virtualization and hypervisors for security. And the new Surfaces are classified as Secured Core PCs. Wouldn’t be surprised if that’s also a requirement for the Copilot+ certification.

image

I have seen a couple of folks who speculate that this is an essential component of a future rollout of a Windows AI personal assistant feature, since it generates a text corpus of all your personal bizness "OCR"ed and saved in its little database. That would explain why they are so eager to get it out there and collecting now, since it can expand how useful their new killer AI tool may be. But they sure didn’t think about privacy scenarios very deeply, or chose a different priority.

Yeah. That’s probably it. All the first-gen assistants like Siri sucked, and the race is on to actually make them useful to you. That will involve them actually knowing you. And that will involve a level of trust that MS needs to get serious about. They need to do stuff like stop wanting to introduce ads into the OS. They’re already the most valuable corporation in the world, ahead of Apple even. They don’t need to do shit like that.

This entire discussion leaves me wondering what the state of gaming on Linux is like these days.