Microsoft’s Windows Recall feature is attracting controversy before even venturing out of preview.

Microsoft said in its FAQs that its snapshotting feature will vacuum up sensitive information: “Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”

Mozilla’s Chief Product Officer Steve Teixeira told The Register: "Mozilla is concerned about Windows Recall. From a browser perspective, some data should be saved, and some shouldn’t.

Jake Moore, Global Cybersecurity Advisor at ESET, noted that while the feature is not on by default, its use “opens up another avenue for criminals to attack.”

Moore warned that “users should be mindful of allowing any content to be analysed by AI algorithms for a better experience.”

Cybersecurity expert Kevin Beaumont was scathing in his assessment of the technology, writing: “In essence, a keylogger is being baked into Windows as a feature.”

AI expert Gary Marcus was blunter: “F^ck that. I don’t want my computer to spy on everything I ever do.”

  • @disguy_ovahea
    link
    English
    -40
    edit-2
    7 months ago

    It completely depends on their implementation. Apple released Local Snapshots for OSX with Time Machine in 2007. Granted, they’re created hourly rather than every few minutes, but there hasn’t been a vulnerability or exploit as a result of the feature.

    https://support.apple.com/en-us/102154

    • @[email protected]
      link
      fedilink
      English
      637 months ago

      That’s pretty much a completely different feature though? It creates local backups. It respects passwords and encryption. It doesn’t take periodical screenshots of what you’re doing and reads their content to feed an LLM.

      • Ghostalmedia
        link
        English
        -227 months ago

        Recall is done with a local model. It’s not uploaded to the cloud.

        https://support.microsoft.com/en-us/windows/privacy-and-control-over-your-recall-experience-d404f672-7647-41e5-886c-a3c59680af15

        We built privacy and security into Recall’s design from the ground up. With Copilot+ PCs, you get powerful AI that runs locally on your device. No internet or cloud connections are required or used to save and analyze snapshots. Your snapshots aren’t sent to Microsoft. Recall AI processing occurs locally, and your snapshots are securely stored on your local device only.

        Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11. Recall doesn’t share snapshots with other users that are signed into Windows on the same device. Microsoft can’t access or view the snapshots.

        You can delete your snapshots at any time by going to Settings > Privacy & security > Recall & snapshots on your PC. Windows sets a maximum storage size to use for snapshots, which you can change at any time. Once that maximum is reached, the oldest snapshots are deleted automatically.

        • @CarbonatedPastaSauce
          link
          English
          407 months ago

          I just don’t believe them. And even if it works as described, they’ll change the terms quietly to screw you as soon as they need the next quarters line to go up. I’m tired of watching their every move to protect myself.

          • prole
            link
            fedilink
            English
            8
            edit-2
            7 months ago

            Linux is easier and more manageable than you think. Not to be the Lemmy stereotype…

            I’m actually rather new to Linux, but my experience has been great and it feels amazing to be free of Microsoft bullshit (outside of my work laptop ugh)

            • @CarbonatedPastaSauce
              link
              English
              57 months ago

              Been using it as my daily driver for a couple months now. And even though my day job involves Microsoft servers and enterprise applications, I’ve become an anti Microsoft advocate when it comes to consumer OS stuff.

          • tulth
            link
            fedilink
            English
            57 months ago

            I don’t believe them either. I watched the talk video, and there are some serious weasel words around local processing. Something like “the promise is this could be processed locally”

        • @[email protected]
          link
          fedilink
          English
          167 months ago

          So not only is it training AI on your data, but you’re the one paying for the storage and the energy to do so.

        • brianorca
          link
          English
          97 months ago

          But Recall is recording screenshots, not data stored on disk. That’s not the same as Apple’s hourly data snapshot which is just a automated backup of what you have already stored. Recall will be recording the videos or images you watch, even when you don’t keep them locally. It will store the things you decided not to save, and every time you have to open your password manager to check a password, or create a new one. It might be limited to your account, but that still means it’s accessible to anyone who can figure out your password or access your unlocked PC behind your back. Or to that virus you accidentally downloaded, if it’s not immediately detected.

      • @disguy_ovahea
        link
        English
        -22
        edit-2
        7 months ago

        I assumed the Copilot integration was elective. The article states it’s not on by default.

        Otherwise it’s the same. Local backups through Time Machine can be accessed a la carte through a screenshot-based GUI, so the screenshots are part of the Local Snapshots stored on your local drive. They’re password protected and decrypted at user login.