Microsoft is trying again to push out Windows Recall in October. This must be stopped.
Posted by naugasnake@reddit | sysadmin | View on Reddit | 830 comments
As the title says, Microsoft is trying to push this horrible feature out in October. We really need to make it loud and clear that this feature is a massive security risk, and seems poised to be abused by the worst of people, despite them saying it would be off by default. People can just find a way to get elevated rights, and turn the feature on, and your computer becomes a spying tool against users. This is just an awful idea. At its best, its a solution looking for a problem. https://arstechnica.com/gadgets/2024/08/microsoft-will-try-the-data-scraping-windows-recall-feature-again-in-october/
filippo333@reddit
Microsoft is fucking malicious, Recall exhibits 100% of the behaviour of spyware, therefore it is spyware!
zeroibis@reddit
Well now we know, it appears to be a mandatory service in order for the new explorer to run...
naugasnake@reddit (OP)
How did you figure that out?
zeroibis@reddit
Appears to be: https://www.youtube.com/watch?v=G9FRadIkkE0&t=1s
zeroibis@reddit
There was a video update about it today with more info: https://www.youtube.com/watch?v=jW6b4ObnYMY
Dariaskehl@reddit
Why is it so fucking complicated to not lie to your customers or steal from them?!
Ten years at least: why don’t you want a Microsoft account, why won’t you store your logins, why won’t you connect your phone?!
Because you’re not trustworthy.
The operating system should launch the applications I ask, and store the data I choose.
Steal start menu keystrokes, steal photos, steal data, act surprised that people get upset: classic Microsoft.
No, no one wants you to have an AI catalogue what’s on the screen every fifteen seconds. You SHOULD NOT have a full, indexed, searchable catalogue of the porn preferences, shopping habits, sexual fetishes, gaming choices, food tastes, financial health, romantic interests, political affiliations, reading, writing, searching, browsing, and sharing.
Especially when ITS ALREADY BEEN HACKED AND YOU HAVENT RELEASED IT YET.
Buy a fucking clue.
Phreakiture@reddit
On my disk, in my computer. That I have. Here.
DaHick@reddit
This. I love Greenshot. Every F'ng time they sway it out with snippet. I hate snippet.
HermitCat64@reddit
holyfuck, a fellow Greenshot user. I always thought I was the only one under the sun,
MairusuPawa@reddit
We pushed an update so all your documents are now in our OneDrive cloud service.
Yeah, you had your own Nextcloud client already installed, whatever.
Enjoy.
davew111@reddit
Then after uploading all your files it errors because your OneDrive is now full and starts nagging you to buy more space.
PRSXFENG@reddit
I hate this especially, because you're not using their approved service
I have my own backup setup, but noooo because I'm not using onedrive my data is at risk, you gotta start backup now!!!
it's not just ms too, google with android, apple with icloud as well
ReputationNo8889@reddit
Never mind OneDrive not actually beeing a backup, because the data saved there has no guarantee of availability/consistancy
PineappleOnPizzaWins@reddit
I ran an MSP for a decade - I ran backups of my clients O365 data back down offline and two things would always happen: first they'd laugh "what but it's in the cloud?!" and then at some point something they need would be gone and we'd go to the backups.
ReputationNo8889@reddit
Yes most companies/IT departmens dont realize that ANYTHING related to Storage in Azure/AWS/GCP has no guarantee of availability/consitency. You need to do seperate backups, because even backups stored on e.g. glacier can be deleted if someone messes up your AWS account. Same with SharePoint Sites and Google Docs/Drive stuff. It can be gone in an instant and the Could provider would basically be like "Oh no, anyways".
IBJON@reddit
I just bought a new laptop that has windows 11 on it. By default the quick access bar on the explorer is all OneDrive shortcuts. I edited the registry to remove the OneDrive shortcuts and they reappeared the next day
jkirkcaldy@reddit
We’re also going to change all our products to default to save to one drive and we’re going to add 17 more button clicks to change it, every time, and also, the button to store on your PC is now really small and doesn’t look like a button but a link.
jfoust2@reddit
Also we're not going to include your Downloads folder in your OneDrive. Yeah, we know that all sorts of programs put the stuff you wanted in the Downloads folder. Somehow, it's different to us than, say, your Documents folder.
Also we're going to take away the ability to add folders to File History, just because.
dawho1@reddit
And disable Autosave if you're not saving to OneDrive, as if that feature hasn't worked for decades no matter where you saved the file.
little_baked@reddit
You see saving to our cloud service is slower, more costly and requires far more infrastructure and maintenance than allowing you to save locally and here at Microsoft we like to challenge ourselves. Also, god damn advertisers pay us some good shit for that crap. Not to mention, we have Steve (you know Steve, right?) running the security and firewalls for us. The guy once got my computer out of safe mode so trust me when I say your info is safe. Can you believe he's happy to be paid in cigarettes and lube btw? Fuck it's great being a monopoly!
steveamsp@reddit
But... but... "Windows is a service"
BULLSHIT. It's an operating system. It should sit there and run the programs I put on it.
Sushigami@reddit
Windows was an operating system
Phreakiture@reddit
Windows is a disservice. LOL
jjolla888@reddit
they call me Linux
Phreakiture@reddit
And here we get to the real meat of the thing.
This discussion, overall, is the reason I run Linux on everything I own.
chaosgirl93@reddit
I knew vaguely that Linux is a thing and it's cool, for a good few years. Then some of the latest MS fuckery happened, and so I figured I'd do some further research.
I'm not even the "usual suspects" as it were for using Linux! I'm just angry at MS!
Phreakiture@reddit
I dig it.
I don't generally platform shame people, and honestly, if Windows works for someone, that's cool. That makes your position interesting to me, because it says that Microsoft is overplaying their hand.
chaosgirl93@reddit
Tbf, I'm not as bad and clueless with computers as, say, most people's 60 year old mums. So.
This probably always was eventually going to happen.
But... it's still an interesting data point that I'm saying this is because I'm mad and not just because I was curious.
MikeLinPA@reddit
The OS is supposed to be the environment I use to do my work, not the product itself, and not a platform for them to make me the product.
tkst3llar@reddit
“Jim, I know your angry but we are still gonna need you to order those 2500 windows workstations for new hires”
That’s why msft don’t care
PineappleOnPizzaWins@reddit
Yep. Enterprise runs Windows. "Oh but where I work we replaced it and it's great!", yep that's cool you're a rounding error and they don't care.
svideo@reddit
Also, the Enterprise versions don’t pull most of this shit as corporate data policies wouldn’t allow it, and what limited telemetry is enabled by default can all be policied off.
Just skip the home versions.
PineappleOnPizzaWins@reddit
The problem is that the "pro" versions are more and more becoming "home" versions... and most businesses don't need nor can afford enterprise editions.
OsmiumBalloon@reddit
I'm honestly a little surprised they haven't introduced "Enterprise Plus" or something like that by now.
JwCS8pjrh3QBWfL@reddit
Enterprise is included in E3 and E5, so "most businesses" probably already have licensing for it (depending on if you mean individual businesses or overall headcount globally)
cillychilly@reddit
This guy "most business" can afford E3.
JwCS8pjrh3QBWfL@reddit
What kind of barely solvent business are you working for that can't afford $34 a month per user?
cillychilly@reddit
Most businesses in the world.
PowerShellGenius@reddit
In M365 not O365 E3 and E5.
Greedy-Neck895@reddit
Edge now has AI tooling embedded into it. I'm not sure how configurable it is out of the box.
svideo@reddit
...and?
platypusofthesun@reddit
Replaced it with what?
pdp10@reddit
Capital One, IBM, Walmart, Cisco, and Google use mostly Macs. Well, Walmart might not be mostly Macs, but their Jet division was.
PineappleOnPizzaWins@reddit
Another OS...? They do exist.
Irverter@reddit
Linux? MacOS?
DEATHROAR12345@reddit
Dude we couldn't even replace our stuff even if we wanted to. The cost would bankrupt the company easy. And even if we had the money what would our options be? Mac or Linux? I'd rather have my teeth pulled without painkillers.
Tzctredd@reddit
I'm my last job we could choose Windows or Macs.
Nobody died.
gex80@reddit
Mac is perfectly fine depending on application needs as an end user. We are a media company at my place and close to 50% of machines in the wild are mac out of 800 or so employees. Me personally, I use a mac for devops (not coding) work and in 2024, almost everything has a mac version or it's a website at this point.
Status_Jellyfish_213@reddit
Ayup. And with configuration profiles on a Mac you get instant changes, especially useful for testing. Your productivity goes through the roof. After I’ve finished my jamf 400 I’m going to move to focusing and learning intune, and I cannot frigging understand why Microsoft with the entire leverage of azure can take up to half an hour for changes to sync. It’s really stupid.
videogamechamp@reddit
Sysadmins when they encounter an actual computer LOL
ARobertNotABob@reddit
"outliers"
KishCom@reddit
After enough "rounding errors" pile up they will care... and they are piling up.
BobbyTables829@reddit
It's not Windows, it's Azure
One_Stranger7794@reddit
If they win, they win, if they loose, they win.
lolpopculture@reddit
You think that’s bad? Just wait until your employer gets ahold of it. Imagine a future where every single action you perform at work is observed, recorded, and monitored to the nearest second, then evaluated by another AI.
dustojnikhummer@reddit
You know that aside from the AI part most employers do this, right?
botrawruwu@reddit
sysadmin subreddit discovers what a SIEM is
dustojnikhummer@reddit
Or what EDR can do. Not all employers do this. We don't and we told our management we would refuse to implement spying on people.
gex80@reddit
Work performed on a company issued laptop is not spying. You're not entitled to privacy on a computer you don't own and was given to you with the explicit understanding that this will only be used for work purposes. If privacy is a concern, use your phone or buy an ipad/personal laptop.
dustojnikhummer@reddit
I'm not American. Even on corporate devices employee must be informed of any spyware.
gex80@reddit
Not sure what being American has to do with the company's right to monitor company equipment.
dustojnikhummer@reddit
European privacy laws apply even in the workplace.
gex80@reddit
Those privacy laws do not out-right prevent employers from monitoring.
dustojnikhummer@reddit
No, but also doesn't allow unannounced spying.
gex80@reddit
No one said unannounced.
hzuiel@reddit
Most places already have it in their handbook that you could be monitored in your use of company property and they make everyone sign something saying they understand this and agree to use company property and infrastructure only for business purposes. I think even in europe this would satisfy employment laws for announcing. I am with you and i just can not fathom how anyone believes they have a right to privacy on corporate devices. It is absurd.
Sushigami@reddit
The problem is they bundle it in with a bunch of other compliance noise that nobody cares about.
gex80@reddit
Is your argument that people should never be held liable to what they agreed to because they can claim they didn't read it and yet signed it? Not only that, it's a condition of your employment if the company has a formal policy.
If you don't like the policy you are free to go find a job some where else.
Sushigami@reddit
I'm not saying you'd have a legal case if you were called up on it, I'm saying it's not presented in a way that is commensurate with the magnitude of the importance of the clause.
(Although it is often in the employee handbook rather than employment contract, and in that scenario you probably would have a legal case.)
hzuiel@reddit
They still sign it, thats how contracts work, they are binding even if you didnt read them carefully, but if you have any work experience at all you should expect this, it is normal.
Sushigami@reddit
Legality and Morality have only a tenuous relationship.
It should be legally mandated that people be aware of it.
gex80@reddit
If they signed the paperwork they are saying they are aware of it. Don't sign things you didn't read. Simple
Sushigami@reddit
I don't know about you but while I read my employment contract, I did not read every single other guideline handbook and ancillary piece of info they threw my way afterwards.
dustojnikhummer@reddit
To me this sounds like your justification to install corporate spyware without the users actual knowledge "But they should have known it".
No, I would not accept that. We are in a process of rolling better software management out and you can be damn sure I will want people to be aware of it. I'm not saying "give them a choice", because that is up to management, but they should absolutely be informed.
One_Stranger7794@reddit
People work at work.
If workers are doing the work they are paid to do, no problem.
If they are not doing the work they are paid to do, then you watch them.
I've never understood the idea of getting everything done ahead of schedule, and then being required to 'look busy'.
Sushigami@reddit
You create perverse incentives to work slowly and less efficiently.
When there's a monitoring system:
Finish early by working hard = you must engage with more work.
One_Stranger7794@reddit
THIS is how the government works. I worked for them briefly, the amount of times I was told to slow down, leave it to tomorrow, don't look at that yet was appalling.
It was actually more stressful trying to work slowly, then just actually dealing with the tickets.
It becomes a race to the bottom, what's the bare minimum I can do to be considered competent, but not given more work because I'm seen as more capable than my peers.
Sushigami@reddit
The simple way around it though is to not have a monitoring system. Then you work hard, get it all done in 4 hours and have 4 hours in hand to goof off.
One_Stranger7794@reddit
I've never head of Slay the Spire, seems like a perfect 'WFH' game actually! I think I may check it out, I'm just about bored of Helldivers now and need something new and exciting in my gaming life.
But yep completely agree, that's what managers are for! Why do we need a system tracking every keystroke? A manager's job is to make sure everyone they are managing is getting their work done, if there not then the managers raises an issue, no monitoring software needed.
Sushigami@reddit
It's the game that started the current indie deckbuilder craze and it's still the best of them.
One_Stranger7794@reddit
Ah! I love VR, and there is deck building (kinda) game called Demeo I really enjoy so I think this will be up my alley!
dustojnikhummer@reddit
I'm dumb as hell. I totally missed the fourth option button with giant blue FREE
Commentator-X@reddit
if you dont have edr youre at risk these days. Your security stack is incomplete.
dustojnikhummer@reddit
We have an EDR. We don't enable the fully spying parts.
hzuiel@reddit
There is no such thing as spying is a business, you are using business property and/or on a business network, you have no right to privacy under those circumstances nor should any employee be expecting privacy on their employers networks and property. You do private stuff on your own devices and networks.
dustojnikhummer@reddit
That is your opinion, one I disagree with.
hzuiel@reddit
There is nothing to disagree with, it is how it is. You are wrong.
dustojnikhummer@reddit
No, there are absolutely things to disagree with.
hzuiel@reddit
Yes there are things to disagree with. They are called opinions. This was not an opinion.
dustojnikhummer@reddit
I assume we are both talking about the same thing, that you can't spy on employees on corporate devices without their knowledge...
Well, you seem to think it is an opinion, so I'm just joining you.
Commentator-X@reddit
then you dont have full visibility into your threat landscape and at an increased level of risk for your organization.
botrawruwu@reddit
I think if we stopped our EDR from sending endpoint logs back to the SIEM then we'd be in breach of several different regulations. Our SOC would also have 0 ability to investigate potential security events.
72kdieuwjwbfuei626@reddit
It’s a sysadmin subreddit whose idea of „data that is on a PC“ is porn, gaming and sexual fetishes.
gex80@reddit
They've been doing that for over a decade now.
AlaskanMedicineMan@reddit
Crowdstrike can do this already
Commentator-X@reddit
DLP does it better lol
racermd@reddit
So…. Tuesday?
Seriously, the tech is already available. Don’t think for a second that some major multinationals aren’t already using it on the sly.
One_Stranger7794@reddit
I've been tasked with a installing a similar system on our Network, to more accurately evaluate the efforts of the people who work here, myself included.
Haven't been able to get around to it yet. Tomorrow's not looking great either.
killallhumans12345@reddit
And used to justify firing you whenever they need to cut budget, But Wait! Why not create comparison software that can rate the workers!! Cant wait to game the system
DarthtacoX@reddit
New to windows? There is a reason people used to call it Micro$oft
4t0mik@reddit
Meh kind of. The license rug pulls more than anything.
CALs no longer included. Terminal server licenses were revoked, and Exchange doubled in cost. Server retail almost tripled.
MS was turning in the monster they accepted to slay (a company that licensed every little feature).
The ONLY thing Microsoft hasn't moved on is their most hated licensed product (as far as cost). Always been 400.00
Heh.
pdp10@reddit
Office got traction because it was a bundle of mainstream applications, but at a price you'd usually pay for entry-level applications like "Microsoft Works".
When an individual buyer could usually get Microsoft Office for $99 OWM bundled with a new machine, and WordPerfect was still trying to charge $495 list, Office got the nod because it was cheaper than WordPerfect and 1-2-3, not because it was better. The Office spreadsheet was excellent, and the word processor was good enough for new users, and it obviated the need to obtain WordPerfect and 1-2-3.
Microsoft made back the lost revenue of those loss-leader OEM deals by making corporations pay much higher prices. But it was the cheap, ubiquitous bundle that unseated the current killer apps.
4t0mik@reddit
Yep, for sure. OEM deals were the key to basically all their products.
It was a struggle between businesses and home users; Office was not a part of Windows. Now, fork over 400. Heh.
With the success of Microsoft 365, people now understand what Office is (MS bundling it and simply asking for a login to license or pay).
Fallingdamage@reddit
This one has me scratching my head. I guess the $ makes the most sense, but the part about how this feature will only work if the device is using a single type of chip manufactured by one company is throwing me. Thats like making DirectX only functional if you use GPUs from a single manufacturer.
Once this thing gains traction, Qualcomm can and will jack up the price on these AI processors because they know system builders and OEMs will have no choice but to pay whatever premiums are demanded. Qualcomm will and has done this many times before.
EastLansing-Minibike@reddit
More like Micro$haft
JuanAy@reddit
Microshart
SenTedStevens@reddit
Winblows.
EastLansing-Minibike@reddit
Dariaskehl@reddit
It’s been Macroshaft among my friend group for the odd last thirty…
EastLansing-Minibike@reddit
Macro is giving them way to much credit.
Dariaskehl@reddit
Iunno…
It’s kinda sore by now; I had ME at one point.
Starting to walk funny; need one of those donut -cushions…
Valkeyere@reddit
M$
BoredTechyGuy@reddit
Used to?
thortgot@reddit
Hacked? No
It was determined they stored the data in plain text.
Microsoft has shown they abide by the config values. Disable it, this isn't a big deal.
Do you get this agitated about Chrome offering to store your passwords? (Also unencrypted btw)
The data is stored locally which means we as admins can trivially check to see that it's not on.
The amount of data stored is to high to hide in telemetry data so it would be discovered almost immediately if they tried to get sneaky about it.
darkfader_o@reddit
Microsoft has shown (within less than a decade) that they will neglibly re-enable telemetry after it was disabled, that they have bugs where they send stuff while disabled and so on.
the amount of data is not high if you transferred only query results.
if you don't grasp a pattern or don't try to foresee issues and do due dilligence on your assumptions, you are just not self-aware enough.
thortgot@reddit
If you disabled telemetry through reg hacks? Yeah they'll enable it again. Annoying I agree.
Disable it through the documented process and it never turned back on.
What stops Windows from using existing executables to do this perceived data extraction? Why would they need recall when they could simply add that into the kernel and extract the data they want.
darkfader_o@reddit
it even happened when you explicitely selected the knobs of the OOBE to "off" so, honestly just don't walk around stating it never happened.
thortgot@reddit
Source?
darkfader_o@reddit
why do i need to bring up a source because you don't have the memory or attention span? it's your job to be aware on your own.
thortgot@reddit
Perhaps we are talking about different things. Are you talking about Windows 11 Compatibility telemetry on Windows 10 Pro or Enterprise?
That has been analyzed to the hell and back and absolutely follows the values that are configured.
The toggles on Home aren't identical.
darkfader_o@reddit
Hi, sorry for the snark yesterday. It was around 20H2 from what I dug up, so 2018'ish, and the thing was not just on home, at least pro also was affected. There was also one KB that was pulled and re-released that was maybe related. There was no good narrative for what happened, they simply didn't port forward the original settings but there was also reports that the knobs stayed in 'off' positions. I can't say if it was incompentency or trying to get away with it, but the mode of operation is 100% identical to what we saw now.
In this case, it involves the most valuable data, and the one the OS has to protect on a very high level. None of that was put in place at the start which means the whole design process went forward without an inkling of protecting customers. That implies that any protective features have now been added after the fact, meaning they were not part of the design.
The risk level of Recall is so high it would normally need to be designed right up there next to the TCB like in some trusted system with mandatory access control. No matter if the search results end up in the user's search window or not, it is not OK to have this just as a normal application.
Where the industry not even (yet) has managed to get on top of credential dumping and kerberos theft we put this stuff right there as a normal OS component, then slap on a few security measures, which are at least our state of the art - but weren't part of the design.
so you can assume, they do unlock access to the frontend and/or unlock the database, but will not be in effect in the engine that evaluates the queries. so there's gonna be some lower layers that will not "know" what a valid access is or what other component just commited some data. So sure, I'm MFAed, and how does that stop an exploitable driver from commiting stuff in there that will change some rules, queries or just someone bulk exploiting stuff?
now that from a vendor who's been sloppy with keeping such features disabled, and even a day of this being enabled would be highly illegal for many purposes...
also a vendor who's security team got tin-can-opened just last year and we're not even sure yet that they fully flushed out their attackers. Not to mention that in a devsecops approach their mails will have enabled further 'research'. A vendor who's customer project data was found public and likely stolen.
And we rely on, at best, TPM modules for that which needs that january update for fixing bitlocker to ensure the TPM driver stays intact but people don't manage get installed (i documented the "how to fix" on stackoverflow literally days after release). TPM modules that we had to throw into trash less than 5 years ago.
You might say the issue with OOBE + Telemetry was years ago - but it was within the OS' lifetime, the fault wasn't detected by MS and the BIG difference is that it didn't concern data that gets persisted on the client computer in the same security layer. This is the really dark pit.
It's a helpful feature but I'd violate every NDA ever signed just having that on. Monitoring the changes, checking after an update is fine but honestly it's also cost imposed on the enterprises running windows clients... we'll see what it looks like next year, but really, please, keep in mind the bit about system design and slapping on security.
Personally I think any such thing enabled on Windows Home is even worse since private citizens have noone to ensure their tech stack fits their assumptions.
If they'd idk, have a keyswitch on the keyboard for turning it on and off that would be a fair level of user control for something that has this level of permanency. finding, again, that the opposite is the case, that design was not done to adhere to best practices, is disappointing on a personally techie level. In times of ransomware I don't care much about my disappointment though and more about the cost of the unavoid(ed) abuse.
I.e. think of a large botnet where people tried to fish for credentials. now they can run orchestrated queries against those "home" computers and have them extract that info.
How are we not responsible if that happens?
thortgot@reddit
I get the agitation about the potential for abuse on personal devices however this is an opt out feature. I would like to see a clear indicator for when it's in use on devices, perhaps a taskbar coloration or a Start Menu icon change?
A few things I'd clarify.
Yes, the user state control was overridden and set back to default under some scenarios (for home and unmanaged Pro). If you controlled the state through GPO (which were available prior to Windows 10 releasing) it did not change.
Local cred theft is a solved problem with the correct settings. Only allowing access at a rate limited component against the TPM from specifically signed code. It's wrapped up in Secure Boot.
On your TPM security comment, the TPM itself wasn't the issue it's the leak of a Secure Boot certificate that make a physical attack plausible to compromise Secure Boot by loading insecure UEFI data. This doesn't eliminate the security in the actual TPM.
Notably TPM 2.0 chips are secure and are the devices that are plausibly going to be running Recall since you need an NPU. No vulnerable TPM 1.2 chips are going to be running this.
NoncarbonatedClack@reddit
As far as documented processes, is there something other than group policy on the machine?
mcilrain@reddit
Microsoft abides by their own config values, you don’t have any.
thortgot@reddit
CSP and Group Policy are both available.
Manage Recall for Windows clients | Microsoft Learn
mcilrain@reddit
TWO SEPARATE SETTINGS
Windows cucks will unironically defend this.
thortgot@reddit
? They are 2 ways to set the same value.
mcilrain@reddit
Perfectly normal! Nothing to comment on! Please stop noticing!
bfodder@reddit
Dude you're really off base here. GPO is for domain joined machines and CSPs are for Entra ID joined machines managed by MDM/EMM. The two methods exist for a reason.
thortgot@reddit
I'm not sure what you are trying to say. They should only have 1?
This is very normal for Windows
mcilrain@reddit
Do you think more config options = better? Are you a fool?
The answer is obviously 0 (zero config options). Don’t have to turn anything off if there’s nothing to turn off.
72kdieuwjwbfuei626@reddit
Linux fanboys are so used to defending not having a feature that they now believe it’s a virtue to not have anything.
thortgot@reddit
You can disagree with the feature. Disable it. People got upset about the Microsoft Store when it was released. You're an admin, control your endpoints.
How many ways can you configure Linux settings? It's a lot more than 2.
mcilrain@reddit
Linux has no AI spyware to disable (0 config options).
Common Linux W.
Reflexes18@reddit
Are you trying to argue that Linux requires zero configuration to use?
mcilrain@reddit
Linux’s AI spyware requires no configuration to use. 👍
segagamer@reddit
Well that's incorrect, as many distro's ask you to submit telemetry to assist with development.
segagamer@reddit
Ubuntu enters the chat
thortgot@reddit
Sure. Windows needs config. This isn't a surprise, we wouldn't have a job if it didn't.
However, your argument was having multiple ways to configure something was a problem. Want to expand on that point.
mcilrain@reddit
Multiple ways to configure the same thing creates confusion in understanding and difficulties in communication.
The best config option does not need to be understood or communicated. Take Linux’s approach to its AI spyware configuration as an example to follow.
thortgot@reddit
You wouldn't use both in the same environment. It's a set of choices.
If you are running Intune you'd use CSP, if your on prem or another RMM you'd use GPO.
This is basic Windows administration.
Linux needs config to be secure too.
mcilrain@reddit
You thought Linux needed configuration to be secure from AI spyware.
thortgot@reddit
You are an admin right?
Read what I wrote
The_frozen_one@reddit
Yea, I don't know what the other person is talking about. There is software on Linux that can do all sorts of logging that could be considered spyware depending on the context. Anyone who has ever had to manage lots of systems would know that OS choice (broadly speaking) isn't a shield.
mcilrain@reddit
no u
naugasnake@reddit (OP)
Not to nit pick here, but its worth pointing out that chrome stopped storing passwords unencrypted several years ago. All passwords stored by chrome are encrypted now.
FullOf_Bad_Ideas@reddit
Not really, the encryption password is stored in plain text next to the encrypted file, it's a joke of a security. As far as I know Edge does the same.
https://ohyicong.medium.com/how-to-hack-chrome-password-with-python-1bedc167be3d
thorin85@reddit
But can still be trivially acquired by anyone with admin access to your system, just like the recall database.
The_frozen_one@reddit
Depends on the system and how the encryption is layered. Being able to pop out a drive and put it in another system to side-step security isn't as easy as it used to be (and funnily enough, TPM 2.0 is one of the things that can allow good FDE).
fresh-dork@reddit
well, i'm on a mac. it appears to be stored in the keychain there
thortgot@reddit
Not on Windows. It's stored in SQLlite DB, though as another commenter mentioned it is now encrypted with your user creds. Trivial to decrypt though in user space.
segagamer@reddit
I find it so weird that Google uses Keychain on Mac but not the Windows Credential Manager on Windows.
Google's incompetence I guess.
RememberCitadel@reddit
Microsoft has also shown they love to change your purposefully disabled setting to enabled without telling you repeatedly every update they feel like it.
narcissisadmin@reddit
ROFLMAO what now?
my_fourth_redditacct@reddit
It's because the real customers are the shareholders and the data brokers.
It's not accidentally spyware. It's spyware on purpose. They've run the cost-benefit analysis between a class action lawsuit and a gazillion dollars to sell the data.
Microsoft has a fiduciary responsibility to maximize shareholders profit above all else. Shareholders demand AI (they have no idea what AI is) so Microsoft is going to roll out any feature with a "NOW CONTAINS AI!" sticker on it that has the potential to make more profit.
YourMomIsADragon@reddit
I wish I could buy a million upvotes for this post. Even when I have an actual Microsoft account and a personal M365 subscription discounted through work, Windows is still nagging at you to "review settings" which I think is triggered by anything that isn't what they want you to do. I work as a sysadmin by day, but I've recently banished Windows entirely at home. I'm just so tired of the BS. Sure there are some things that are worse on Linux, but it's shocking how much stuff just works, games included due to Valve's work on Proton.
There's an awful lot of Zen once you're on an OS that does as it's told, instead of one that's trying to tell you how you should use your computer.
derpman86@reddit
I would love to know what actual percentage of people outright legit use a MS account the way it was intended vs people who got ambushed at setting up a new computer or post a feature update and got presented with an unskipable screen and they just wanted to use their computer.
rebornfenix@reddit
Sounds like it’s finally the year of Linux
Dariaskehl@reddit
I keep reading how many leaps and bounds they are making with gaming and stability - it might be time to roll a Linux box again…
Ihadanapostrophe@reddit
If the Steam Deck is any indication, most games run on Linux without any issue. Sometimes better than Windows.
There are some games that don't work. Those generally tend to be larger, AAA games with anti-cheat. Destiny 2, for example.
Elden Ring, Path of Exile, Cyberpunk, Hades 2, Rogue Legacy 2, all of these are games I'm currently playing on the Steam Deck.
I'd suggest setting up a dual-boot and trying Linux as your gaming/daily driver before making the decision. For games, it's ultimately going to come down to what you want to play.
Earthserpent89@reddit
My only gripe with Linux is audio drivers. Every time I’ve tried switching to Linux, I run into issue with my audio devices either not working or I get a bunch of hiss, crackle, pop from my speakers. I have onboard audio, a usb mic, and headphones over aux. the USB mic usually shows up as a speaker, even in windows, and in Linux these three devices show up as about a dozen different, generically named, devices that are a pain in the ass to configure and manage. All while I’m getting no audio or audio pops.
There’s still too much tinkering required to get a working system going. Windows, for gaming, is far easier to setup. And it can be installed with a custom ISO that has all the bullshit disabled using NTLite.
AnomalousNexus@reddit
Have you seen the latest Windows Update that breaks dual-booting?
72kdieuwjwbfuei626@reddit
I have seen the Windows update that breaks wildly outdated bootloaders on PCs that are configured to have a secured boot process. Do you mean that?
Just install security updates. It’s not complicated.
AnomalousNexus@reddit
There are environments that don't do as many updates because they are meant to be as stable as possible with as little change as possible to keep uptime, so not everyone installs every single update of every type. So when Windows drops an update that affects something as low-level as this, it's not expected to cause such an issue, especially when the Update description explicitly states that it doesn't affect dual-boot environments. And it's doubly as problematic when you don't/can't backup your entire bare-metal machines down to the boot-loader level.
72kdieuwjwbfuei626@reddit
Yeah, sure, the dual boot environments that need constant uptime. That haven’t updated grub in years, because they need to keep the environment stable, but install Windows Updates the day they come out.
AnomalousNexus@reddit
Hey I don't make policy for other people's wierd environments, but I do run into them all the time, so I try to keep an open mind.
72kdieuwjwbfuei626@reddit
You try to keep an open mind towards the complete nonsense you just invented to come up with an example where you not installing security updates is somehow Microsoft‘s fault?
Ihadanapostrophe@reddit
No, I haven't yet. Is it both 10 and 11?
AnomalousNexus@reddit
It's both versions as they use damn near the same boot strapping processes. Article
Ihadanapostrophe@reddit
I've had Windows bork the bootloader before, so I have grub on a different drive, thankfully. That sucks for most people, though.
KnowledgeTransfer23@reddit
Beyond Steam Deck, the ROG Ally looks to be getting a SteamOS option, at least from what Valve says! So maybe more handhelds will be able to run SteamOS as well, one day?
72kdieuwjwbfuei626@reddit
If only there was a way to show whether that’s true or just fanboys lying their ass off to paint an unrealistically rosy picture. Maybe some kind of DB of how games run on Proton. Maybe call it ProtonDB or something.
Ihadanapostrophe@reddit
That sounds downright blasphemous!
You're absolutely right. I should have linked it.
72kdieuwjwbfuei626@reddit
I think it’s important to mention that „Gold“ means that a game has issues, but they can be fixed.
McFlyParadox@reddit
Also important to mention that the ratings themselves might not have been updated. Some games have bronze, silver or even gold because that was their original rating, but have been worked on since then and compatibility has improved.
Sometimes the inverse is true - compatibility got worse - but if the rating is wrong, it's nearly always an underestimate.
killallhumans12345@reddit
I would even say gaming on the SteamDeck is probably 25 to 30% BETTER from when it was originally released, when it comes to windows based games. The seem to be continually improving
Ihadanapostrophe@reddit
Very probably true, but I only got mine recently so I can't speak about my personal experience with that aspect.
lightmatter501@reddit
It is true, if a game is more CPU bound than GPU bound it tends to run faster on Linux. Some GPU bound games also run better because of optimizations specifically for the game built into the graphics stack, like Starfield which runs at 1.5x the FPS on Linux for me.
Ihadanapostrophe@reddit
Yes, but the person I responded to was talking about how performance on the Steam Deck itself has improved over time. That's the part I can't speak about since I haven't owned mine "over time", if that makes sense.
cool_boy_mew@reddit
I don't exactly remember when I switched, it must have been 5ish years ago, just when it was starting to be good. Things has progressed so much with Proton that I don't even have to check pretty much most of the time, it's that good now
For outside Steam, and I'm talking about some old stuff, there's Bottles that's the best from my experience, as it can actually easily install dependencies for you, but the interface is still kind of a mess. However, if you need to override ddraw or something, I've found a surprising amount of answers on the web lately
jimbobjames@reddit
Steamdeck has a lot of work done by Valve to make sure that compatability is there though.
They vet games and are actively working to make games run on Steamdeck. You won't get the same experience just wanging a linux distro on a PC.
Blxter@reddit
From my experience "wanging a Linux distro" it is that easy if it works on deck it will work on any other Linux distro as well. Now if you mean stuff like Bluetooth controllers yea I gave up on that tbh lol
Ihadanapostrophe@reddit
That's true, but someone comfortable enough to dual-boot a Linux distro is likely able to make a reasonably informed decision about whether the games they want to play are too much of a hassle to play or not. That's kind of the point of setting it up.
I'm not saying they'll get the exact same experience, but it's not very far off either. Personally, everything I want to play on my SteamDeck also works on my personal system without any issues. That's largely because I'm running Ubuntu. There are definitely games that don't work or run poorly, but not really any that I care about. That's going to be up to each person.
dustojnikhummer@reddit
Steam games.
Adnubb@reddit
Nothing stopping you from running a non Steam windows game through Steam. Been doing that with Guild Wars 2 for years now, way before they had a Steam release.
Gaming on Linux has come a long way. If only this shift would happen on the corporate landscape, then maybe the year of Linux would finally be with us. But that will probably forever be a pipe dream.
dustojnikhummer@reddit
Yes but saying it is "easy" is just objectively incorrect. Especially if you are a FOSS fanatic and don't want to even use Steam. Or other 3rd party launchers, just visit the SteamDeck subreddit.
Also, GOG still refuses to release Galaxy for Linux, but at least they do officially acknowledge Heroic as an alternative.
Man, I need to learn how to work with realmd
Adnubb@reddit
Yeah, okay, if you care a lot about FOSS and shun external launchers it is still quite a pain. But even that has improved. I can see why you'd say it's not easy in your case.
But looking from the perspective of the average user who doesn't really care about FOSS or their OS and just wants to play games, it has never been easier. And with Windows becoming increasingly more adware infested and behaving like nagware, an argument can be made that it is the better option nowadays, even if some games still do not work due to anti-cheat measures. But then again, most people don't care enough about that to actively put in the effort to switch their OS. On the other hand if Linux would come pre-installed on their PC, it would work well enough for most people to not want to switch to Windows either. Which isn't something I could have said 10 years ago.
utan@reddit
I've been using Fedora for my gaming rig for over 6 months now without ever having to use Windows. Windows is no longer even installed at all.
VVaterTrooper@reddit
Just wanted to chime in. I got sick of Window 11 bloat, all the running processes and having it updated when I didn't want it to.
Been on Linux the past month and I'm loving it. I started with Debian, because I was used to it. Then switched to Manjaro because of the rolling release.
Oh yeah I am also a big gamer. No issues running games, so far.
RememberCitadel@reddit
I really do like the idea of linux, and use it often at work and a bit at home.
There is one major complaint I do have, and this is mainly a cli complaint. There is no damn standardization.
The commands for every application/module/package are all different.
I know this is the nature of something open source from a million different contributors, but there are only so many variations of help/quit/save I can take before I want to scream.
zeno0771@reddit
Just curious, which applications/modules/packages would you expect to have identical commands? If they're not doing the same thing, they probably won't behave the same way.
"Help" is almost always either
-h
or--help
; if it's not, it's because that option isn't available (and serves as a backhanded reminder to check the docs). You can get out of pretty much anything in a terminal with ᴄᴛʀʟ + ᴄ. When things are expected to result in a certain behavior, they are usually kept fairly uniform because a lot of keystrokes become muscle-memory.Now, if you're comparing vi to emacs...Tread lightly, you might start a war.
segagamer@reddit
It's a gamble as to whether recursive is -R or -r
I think CHMOD uses = for separators while setfacl uses :
It's things like that. I can't remember them all and I've learned a lot of them to the point where it's a little less annoying, but Powershell is nicer to use.
ManyHatsAdm@reddit
PowerShell is cross platform now, you can install it on Linux...
segagamer@reddit
I know. I have strongly considered using it instead but... Dunno. Feels weird to do that, like using bash on Windows lol
chaosgirl93@reddit
You can do that?
segagamer@reddit
Of course. Windows is pretty flexible.
zeno0771@reddit
chmod
doesn't really use separators. "+" adds a permission, "-" takes that permission away, and "=" assigns the exact permissions you add, wiping clean whatever was already there (that last one really shouldn't see much if any use in a modern Linux environment).With
chmod
the lowercase R already serves a purpose: Permissions can be octal or mnemonic so-r
can mean to take away read permissions. There are only 26 letters to choose from so a compromise had to be made somewhere. With ACL, the double-colon is for a similar reason; it's so the results of agetfacl
command can't be interpreted to mean thatrwxr-xr-x
is a username. Again, since ACL deals with permissions that can be set recursively, the-r
can be construed to mean taking away read permissions so an uppercase R must be used for recursive operations.I'll grant you a recursive command switch shouldn't be rocket-science and it unsurprisingly follows a trend of "That's what made sense to the developer", but when it comes to dealing with *nix permissions, it's good policy to just think of it as a separate entity anyway since the effects of a change can be unintentionally far-reaching. For most other programs or shell commands however, a lowercase R will do the deed as long as you're not dealing with permissions specifically. It's an exception that the command will remind you about so it really shouldn't result in more than about 15 seconds of annoyance; instead of retyping the entire command, you can just arrow-up to show the previous command, then change the R to the appropriate case (or any other changes you may have needed). If you make the mistake often enough--as I did and I'm sure many others have as well--you have the shortcuts committed to memory in short order.
Remember that a lot of *nix shell commands have history dating back decades when time was of the essence and you couldn't just copy/paste a command from a browser because GUIs didn't exist. Comparatively, Powershell is so verbose it gives COBOL a run for its money. On the user end of things, they are of two different philosophies; if you don't see a practical benefit in an environment that favors typing
pwd
rather thanGet-Location
(not to mention hasgrep
andsed
, the absence of which are the final nails in the coffin for PS as far as I'm concerned) then the verbosity won't matter, and most shade-tree PS users are just copy/pasting commands from a browser anyway. Don't misunderstand; I'm not a Luddite who hates change, but whether Microsoft wants to admit it or not, they're not talking to the same audience. The staid DOS command-prompt running batch files is a more accurate comparison to the bash shell, and in that light bash walks all over the alternative. PS is closer to what I expect in a Python environment, and you can have that in Linux as well but again, I see different use-cases there.RememberCitadel@reddit
Well, the last one to prompt my annoyance was setting up a new netbox installation.
Postgresql, vi, nano, python, nginx, django, netbox, gunicorn, and redis are all the packages it uses. About half those packages use something other than --help for it. Most also have different ways to quit.
But just the fact that you said it's almost always -h or --help is problem enough.
Everything should really just be universal unless there is a function that wouldn't allow it (for instance like a text editor.
PoopingWhilePosting@reddit
Every time I let my laptop onto linux and think "this is it" some ball-ache issue pops up. The current one is that my wifi adapter isn't detected. I'll probably get that fixed after reading through dozens of vague articles only for another ball-ache issue to pop up.
RememberCitadel@reddit
Yep, fantastic when it works, but the moment something doesn't, it is generally harder to resolve than any other platform.
HexTalon@reddit
Might check out NobaraOS - it has a GUI updater that handles both standard packages and flatpaks, and pulls the correct Nvidia drivers for your system without any hassle.
I recommend the KDE version over GNOME, it'll feel more like the Windows/OSX you're familiar with.
McFlyParadox@reddit
Gaming feels like it is nearly there, finally.
2D graphics work is still a massive weakness. Yes, Gimp, Darktable, and RawTherapee all exist. They all frankly suck compared to Photoshop+Lightroom in terms of UX, workflow, and digital asset management (especially digital asset management). They all work as independent pieces of software, and that is their weakness compared to the way Photoshop and Lightroom are tied so closely together. That said, I am hoping that Graphite really does succeed and do for 2D graphics what Blender did for 3D graphics: be so good, and so successful at being a "broad spectrum" FOSS tool, that it kicks all the existing corporations in the space square in their nuts as everyone switches from them (Adobe, in this instance) to the FOSS tool.
And CAD is just a straight up black hole. Your options are:
And that's it.And anyone who has used either can tell you that both massively suck compared to modern CAD software. You could use OnShape, which is online only and through a web browser, and at least has pretty solid drawing tools, but you still can only use it at their mercy. Someone pointed Ondsel to me the other day, and looks interesting, but it's new and it's a fork of FreeCAD. It's UI/UX looks like FreeCAD with a dark mode applied and slightly updated icons, and it's rendering looks really poor compared to pretty much any other CAD packages.
Linux is in a weird spot right now. If all you're looking to do is browse the web, you're golden already: just install Ubuntu or Mint. But most people looking to just do that aren't power users and want familiar instead, so they reach for Windows or Mac. If you're the most powerest of power users, who prefers CLI, you're probably already on Linux. But if you're just a "regular" power user - the computer equivalent of someone who wants a performance car and can do their own maintenance, but isn't looking to rebuild an entire engine for a laugh - then Linux isn't quite there yet. Yet.
DaHick@reddit
At home, except for this box, we have Ubuntu (non-technical wife) or other variants of Linux (all my other toys), and ChromeOS, which I am not proud of, but more proud than if it was the fruit-flavored OS.
slickeddie@reddit
ChromeOS is fantastic for kids and browsing the web. Nothing wrong with it.
agoia@reddit
Beaides the enshittification of Chrome
slickeddie@reddit
That’s fair.
jimbobjames@reddit
Aside from Google hoovering up all your data, which seems to be peoples bone of contention with Microsoft right now.
dawho1@reddit
Why in the world would you be proud or shamed because of an OS choice?
Use what works for you and your family and fuck anyone who gives you shit about those choices.
NexusOne99@reddit
Building my first personal PC in over 6 years this fall. Will be attempting to do as much as I can booted to linux.
Dr_Passmore@reddit
I finally made the jump.
The only 2 issues
15 year old printer (still the best I have owned) has no Linux driver support - CUPs failed me however a windows virtual machine with the printer passed though to it and a shared network drive works.
Battlefleet Gothic 2 randomly kicks me to main menu losing progress. That's the only game I've had any issues with.
I went with OpenSUSE Tumbleweed for my OS.
Necessary_Taro9012@reddit
Linux isn't that restrictive anymore. In my bubble, there are a scarce few tools that are Windows specific. And many (if not most) newer games come with native Linux support. Not to mention the myriad that you can play using Proton (Steam integrated) or Wine.
slickeddie@reddit
I switched to Fedora the last time this nonsense came out. I don't miss windows at all. everything is stored on my computer. no cloud login. no bullshit. I can do everything I need to do here, and play all the games I want to play as well.
topromo@reddit
Just like every year for the last ten years
mrbnlkld@reddit
I went with Ubuntu for a good 8 years on a very old pc. I only upgraded to my new desktop when the old one died. I used the old and new one strictly as a media pc, no gaming. About the only thing Windows does better than Ubuntu is print to my Samsung laser printer.
If Windows gets too radical, I'll go back to Ubuntu.
zeno0771@reddit
That ship sailed years ago.
mrbnlkld@reddit
How so?
72kdieuwjwbfuei626@reddit
Yeah, Linux - just the operating system for people who are too incompetent to not turn Windows Recall on.
rebornfenix@reddit
The “Year of Linux” is a meme from the 2000s dot com crash.
It will never happen.
chaosgirl93@reddit
Some people do like to say "the Year of Linux is when you started using it" which is also pretty funny.
One_Stranger7794@reddit
What holds Linux back is that
1) The ecosystem just isn't there.
You want to put in the testing and research and learning time, sure you can build a patchwork that will sort of look like a quilt
2) Linux is technical. You can't be a Linux Sys Admin without being pretty comfortable with Bash. In windows, 98% of it can be done in the GUI, and honestly even people who don't understand what they are doing can accomplish some pretty in-depth tasks just by following along a guide with appropriate screenshots.
SideScroller@reddit
Yup, already spun up one instance of Debian and working on cutting over as I finally get more accustomed to it. Also been managing Apple systems for the last 5 years after growing bored of Microsoft Infrastructure and I must say that their security focus is actually pretty solid.
kennyj2011@reddit
macOS has entered the chat
Dariaskehl@reddit
MacOS need not apply until they actually pick an architecture.
2017 machine; roughly par of the gaming rig, yet younger: completely worthless. Gee thanks.
SideScroller@reddit
Switching around from Intel to Apple Silicon was definitely a pain but the performance gains on it is incredible. MacBook Air with Intel was crap but the ones running Apple Silicon run like champs. Software is slowly playing catchup but I can't wait to see what the future potentially holds once it does.
PineappleOnPizzaWins@reddit
If you don't need x86. ARM is getting a lot of traction which is great, but I need to work on x86 and if you need to do anything intensive then Macs don't do well.
I think ARM has a great future but it's not one I'm interested in being an early adopter of.
bfodder@reddit
Rosetta works really well, but at this point if you're using a Mac you don't need x86.
PineappleOnPizzaWins@reddit
Using maybe, developing or managing large systems... not so much.
It's why I don't consider one an option. As ARM matures they'll become one though.
bfodder@reddit
What are you even talking about here?
PineappleOnPizzaWins@reddit
Literally what I said? Try running a serious x86 container load on Apple Silicon and see how well it goes (the answer is very poorly).
bfodder@reddit
You have to elaborate on what it is you're talking about here.
PineappleOnPizzaWins@reddit
I really don't actually, unsure what exactly is confusing you?
bfodder@reddit
You're being incredibly vague
PineappleOnPizzaWins@reddit
I'm really not. I assume you know what containers are? And what running a lot of them means?
What is tripping you up?
bfodder@reddit
Why the fuck would you try to run containers on a Mac?
notHooptieJ@reddit
Having survived the 040 to PPC transition, and the classic to OSX transition, and the PPC to intel transition, and the intel to Apple silicon transition..
Dude has a serious point.
every single time, its been learning a new whole system (Hardware, OS aAND software, and little or nothing made the transition)
there's a reason im still lukewarm on the M series macs.
because in another 3-5-7 years we'll be transitioning back to intel or off to quantum or whatever..
and i really cant be assed to relearn everying on apples behalf without a paid training again.
I'll wait for work to swap and soak them to train me instead of tinkering on my own time as in decades past.
LibertyMediaDid9-11@reddit
Breaking support for 32 bit apps even on Intel machines is unforgivable to me.
segagamer@reddit
So like Windows on ARM then.
And then MacOS will jump to another architecture once more wiping your purchase history.
Plus if you don't like Microsoft forcing things on their OS, I don't see how switching to MacOS is a good move when it's a dictatorship that forces things on their OS that you cannot remove lol
SideScroller@reddit
Dictatorship?
I'm getting "I have a personal hatred against Apple\macOS" vibes from that comment. Which is fine in your personal life, but for those of us who actually want to support a vendor agnostic environment and not go through another inevitable outage ala Crowdstrike, macOS is a solid option. Ideally I would also like to add Linux workstations, as an option in the future too.
segagamer@reddit
Yes, dictatorship. Their way, or no way. Many things they roll out and you cannot change, remove or disable permanently.
I don't see how you can want a "vendor agnostic platform" yet opt for MacOS, the famously closed platform of the lot.
If you want to switch from Windows, you switch to Linux. That's the vendor agnostic, flexible platform you'd want if Windows is too "for the noobies" for you.
Tell that to the 32bit applications we had to ditch and pay for upgrades for.
Tell that to the 64bit applications that leaned on the OS's Python 2.7 to run.
Heck tell that to the number of applications that simply come up with an error message when trying to run and doesn't function with Rosetta.
Netstaff@reddit
Had you considered not using Microsoft accounts?
hidepp@reddit
It's getting harder every update...
gex80@reddit
Not if you're on a Mac ;)
hidepp@reddit
But the topic is about Windows.
gex80@reddit
And all throughout the topic people are saying they are willing to switch to different OSes.
Library_IT_guy@reddit
Makes me think of the movie Ex Machina, where Oscar Isaac plays sort of an ultra creepy "alpha" parody of a combined Bill Gates + Zuckerberg, and has created an IA girl that he keeps in a cage, and brings in a random employee to test out the AI - to see how lifelike it is, see how the guy reacts to it, etc. He had done the exact same thing - he had hundreds of thousands of datapoints harvested from the employee's home PC and work PC, and the employee even says at one point something to the effect of "holy shit, you designed her face based on my porn preferences". Sick as fuck.
Excellent movie that flew under a lot of radars, definitely worth a watch.
Dariaskehl@reddit
I love this movie; it’s one of my tops. It gets deeper and creepier every rewatch when you realize ‘how much’ and ‘who’ knows what.
Library_IT_guy@reddit
It's bizarre because like... the tech guy in charge kind of deserves what he gets... but maybe not quite so much... and then the realization that they've just unleashed a monster onto the world and who knows what will happen next. Feels similar to Westworld, but I stopped following that show mid season 2 because it just got too weird for me.
hotfistdotcom@reddit
It's simply not profitable to do what the consumer desires, and there is no punishment for doing what is more profitable, regardless of the cost. Sort of like those warranty void if removed stickers, except slowly it became clearer and clearer that if businesses spent money on bribing the people who punish them, the punishments no longer apply. What sucks is I can't imagine we're even close to the very stupid endpoint of that specific mindset, but I think we'll get a glimpse when the boeing investigation is closed with "well it turns out they uh, they did a murder, but you see they are a really big company... lot of jobs.... We uh, we can't have the planes stop flying. We just can't. So we're uh, we're not saying nationally vital companies can't murder exactly but uh.... well we've decided that they will do what is best for america. And we stand by that."
One_Stranger7794@reddit
Whatever the result of the investigation is, we know what the result of the investigation will be.
hotfistdotcom@reddit
It's nice to not need to worry! Plus, you know, that guy who died, he worried... so maybe... worrying is... dangerous. Nevermind, I shouldn't have said anything
Party_9001@reddit
At this point I'm only going to believe them if they execute the entire C suite, plus the guy who made the suggestion.
They're eventually going to run out of people lol
roflsocks@reddit
Thats easy. The answer is money.
Someone has a spreadsheet that projects enough extra revenue to make up for relatively minor losses from upset customers.
mikehaysjr@reddit
Not to mention they straight up block you from accessing certain folders on your own drive.
Gjond@reddit
And not just financial health, also physical health. Think of the insurance websites you visit, doctor emails you read, prescription drugs you order, etc.,
temp_account_namelol@reddit
Microsoft apparently is wealthy enough to buy a clue. Go figure.
72kdieuwjwbfuei626@reddit
You tell me. Throughout this entire comment, you’re lying your ass off about what Recall is and what it does.
Seicair@reddit
I don’t currently have a computer of my own set up, but next time I do, I’m thinking it’s time to look into Linux distros again… Ubuntu or something.
BananaMangoMeth@reddit
Once windows 10 dies I am moving to linux fulltime. Steam did a great job porting shit over and fixing the gap of gaming on linux.
TONKAHANAH@reddit
its not hard at all, its just not in their interest to do whats good for US. They have their own agenda and they're taking advantage of the fact that the world wont take the time to invest in open or custom systems but will instead just continue to use microsoft software.
thorin85@reddit
There are some people who want this, and a whole lot more who don't only because they don't realize how useful it is. I've had my own personal "recall" set up on my personal PC for over 15 years at this point, with almost the same method (regular screenshots run through OCR and stored in a text database) and the ability to instantly find any specific article/book/web page that I remember reading, but don't know exactly where I read it is very useful to me, and something I do regularly.
Sharpman85@reddit
Very good point sir.
kind_vibe_hate_nazis@reddit
Website offering clues for sale opens in edge
Dariaskehl@reddit
🤣☠️
OutsidePerson5@reddit
It's hard because (short term) profits come by stealing and lying to your customers.
Smh_nz@reddit
There the only profit that's count! Why should I generate profits for the next CEO?
esabys@reddit
A raging clue?
DeadThronex@reddit
lmao, I laughed way too hard at this
ObtainConsumeRepeat@reddit
Daddy Microsoft is giving me such a raging clue rn
AHrubik@reddit
> Daddy Microsoft is giving me such a raging clue rn
zeroibis@reddit
We already know if they roll it out at all it is just a matter of time before it defaults to on after a random windows update with no way to disable.
DefinitelyNotEmu@reddit
"This setting is managed by your organisation"
ChumpyCarvings@reddit
I'm waiting for them to outright force Windows 11 on Windows 10 users at this point, the amount of suggestions, please, cmon now, hey full screen box with tiny "no thank you" hidden is occurring more often and harder to find
AgarwaenCran@reddit
that's why I made sure to not have this security chip on my MB when I build my current PC: MS really does not want to install win11 on PCs if that chip is not there. This way there is no way for MS to upgrade me against my will because by their own metrics, my 12 core, 32 gb ram pc is not able to run win11 lol
lael8u@reddit
Are you talking about TPM ?
AgarwaenCran@reddit
yes, that was the name lol forgot the term
ProgrammingOnHAL9000@reddit
Iirc, that's something they did do when 11 released. Forcefully updating select Windows 10 users as part of a security update.
Sushigami@reddit
I'm pretty sure that it is not coincidence that on my gaming pc, it crashed several times and then on reboot it popped up with the HEY YOU WANT TO INSTALL 11 RIGHT? full screen ad that tries to dark pattern you into it.
neveler310@reddit
Just use LTSC
sainsburys@reddit
Yup, thats what happened on my gaming PC. I hit update and restart and before I could stop it I had windows 11. Fortunately the computers job is basically just running steam so I was not too annoyed, but its still not good!
fogleaf@reddit
It broke a number of users' workflow before I could get it blocked. I had to have people do the roll back.
in50mn14c@reddit
Windows 10 final support patches happen in October right before 22h2 goes end of support. They'll force everyone over at that point.
There are already several malware groups hoarding exploits to immediately attack Win10 users when it happens.
PowerShellGenius@reddit
Force people over? So does that mean they are going to automatically do "unsupported" upgrades on <8th gen boxes?
in50mn14c@reddit
In the case of Windows 11, lack of supported status still provides functionality but doesn't provide the "secure" status that some markets require. Once they figure out a way to thread the needle on legal obligations and realize they need the telemetry and recall data for the market share that holds out on upgrading they'll make an excuse to force people over or start removing functionality for the sake of "security" until people move
PineappleOnPizzaWins@reddit
You're right, because Windows users worldwide all update on time and there has never been a single example of unpatched systems being exploited months after exploits were resolved.
Malware groups who find exploits use them. They don't save them for another year hoping nobody else finds them.
in50mn14c@reddit
You're an idiot
They're not utilizing the good exploits because if a product is end of support there will literally never be a patch for the exploit. Why would they burn one now and give MS the chance to patch it in the final patch for the OS when they can wait 60 days and own the systems forever?
Your logic doesn't logic.
PineappleOnPizzaWins@reddit
Good point, that's why it's happened for every single OS to go out of support so far.
Wait.. no.. the other thing.
in50mn14c@reddit
Except it happened for right after XP sp3. And the last service pack for vista. Eternalblue mean anything to you? No? wannacry? No? Tell me you haven't been in the industry long enough to see an end of support OS without telling me you haven't been in the industry long enough to see an end of support OS.
Just take a look at the DB and filter after 2020. https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-17153/Microsoft-Windows-7.html You think basic risk assessment would allow for that many holes in security for an OS? I get that your mom and pop repair shop will say it's ok, because that's obviously the tier of skills and knowledge you're working with.
TrekRider911@reddit
Everyday I boot my computer is says I should update to windows 11, but then tells me I do t have the hardware for it. I’m not looking forward to buying and building a new box.
in50mn14c@reddit
They'll cave and support tom 1.2 and older cpus when they have 60% of the market share unprotected and not giving them that sweet sweet telemetry and recall data.
ChumpyCarvings@reddit
I'm not convinced by this.
TechieWasteLan@reddit
Why not ?
Sounds kinda like console modding. Find exploit, wait till end of life so it's not patched, use exploit, ???, profit.
ChumpyCarvings@reddit
Microsoft even patched Windows 7 for a particularly nasty one a couple of years back. If it's bad enough they'll go and look after it.
PineappleOnPizzaWins@reddit
What, it's happened with every single other OS that's been retired right?
Wait no, the other thing.
unapologeticjerk@reddit
A) There's no real difference between EOL Windows 10 22H2 and the latest Win 11 in terms of telemetry (I'm assuming the paranoia is over that). You also have no more access as admin in 10 then you do in 11.
B) They already forced it, you just see a revision number next to your major release number (10 23/24**). It's the same Flighting as 11 Basic gets.
tk42967@reddit
In a lot of specific industries, anything newer is a no go. Do you think a company with a 5 million dollar CNC machine is going to want to throw it out and get a new one because the controller software only supports Windows 7?
PowerShellGenius@reddit
Do you have at least 150 M365 users? If so, you're probably (depending on plan, but the most common ones have it) eligible for App Assure.
If you have never heard of App Assure, basically...
tk42967@reddit
So our use case is alittle different. We have some PLC's in some giant tanks to measure liquid levels. THe PLC's are like 25 years old. We have a project to replace them. The replacements will run a version of the vendor software that supports Windows 10/11.
I just need to keep them on life support until next spring.
unapologeticjerk@reddit
I could re-write not just their software but their entire goddamn code base for a lot less than 5 mil.
Odu1@reddit
well that's already happened. the deadline is october next year. They said all windows 10computers wont be supported. and any processor gen below Gen 8 wont work with windows 11(or wont work well) So i have replaced 400 computers on my site. just finished the last 120 last week. project started in summer last year.
Mean_Variation6298@reddit
Linux Mint! Time to change 😊
Vallamost@reddit
And then randomly gets re-enabled from another update after you've already disabled it.
DoctorOctagonapus@reddit
We have detected a problem with your configuration, and have fixed it by turning it back on.
ColorfulImaginati0n@reddit
“Your Organization has turned on Windows Recall. This action cannot be undone. Thank you for being a good employee.”
DoctorOctagonapus@reddit
We have turned on Windows Recall for your organisation. This action cannot be undone. You want what we say you want.
goferking@reddit
or oh we updated things and now the configuration settings are controlled by y not the x you have blocked
Funkenzutzler@reddit
Or... You need at least a Enterprise E3 to be able to manage this.
tk42967@reddit
Scheduled task on startup that disables the service.
Vaxcio@reddit
What, you don't want your links in outlook to open in Edge after explicitely telling us that you don't want those links to open in Edge three times? Well, we made it convenient for you and switched your settings to open those links in Edge.
capital-minutia@reddit
Found the Microsoft SWE
Fallingdamage@reddit
Guess we need to identify the folder that the screenshots go to then change permissions to deny system access.
MegaOddly@reddit
I am gunna prepare a Group Policy to disable it in my domain if my manager allows it
5redie8@reddit
Anybody got an over/under on the number of weeks before the Intune settings catalog item to disable it suddenly "stops working"?
Great-University-956@reddit
nothing random about that
curiousMrBrown@reddit
All of that behavior can be controlled. I hope you dont just allow MS to automagically update lol - amateur mistake.
Donkey-Main@reddit
We were talking about that today in our CMMC compliance meeting. The Fed has a dim view of AI from a CUI standpoint.
AlexIsPlaying@reddit
that's the thing, is there a way to disable?
72kdieuwjwbfuei626@reddit
You just don’t turn it on. That’s it. You literally do nothing.
AlexIsPlaying@reddit
it's going to be installed on the machines like any updates and popup. You can't stop it. ;)
72kdieuwjwbfuei626@reddit
Stop making shit up.
Nesman64@reddit
Direct link to the post
https://reddit.com/comments/1ey2bs7/comment/ljacwoy
Algent@reddit
And at the first rant here about that you'll have 10 smart ass explaining how it's your fault for not being informed and how you are incompetent for now knowing about that undocumented registry key that work to disable it.
72kdieuwjwbfuei626@reddit
I’m not calling you incompetent for not knowing about „the undocumented registry key“. I’m calling you incompetent for thinking that you need an undocumented registry key to turn off a feature that you would need to turn on.
longlivemsdos@reddit
or ambiguous term for 'turning' off can't remember which setting it was but remember at the time thinking am I turning off or hiding
BarelyAirborne@reddit
Or Microsoft just uses it "in situ", and has it rat all your secrets out to M$ using your own CPU cycles to do it.
croutherian@reddit
Did anyone else notice copilot quietly getting installed on Window 10 machines.
No-Business3541@reddit
No, are you on a Home or Pro version of windows ?
OffenseTaker@reddit
yes, and is the reason i will shortly be moving to Debian
thewhitewolf_98@reddit
You moved because of the "copilot" app? Typical linux user not unlike vegans.
OffenseTaker@reddit
its ok, not everyone will understand the implications
thewhitewolf_98@reddit
"implication", try explaining cause you sound full of shit.
Netstaff@reddit
"Written from my Windows Machine".
zopiac@reddit
Yup, was helping a friend upgrade some computer parts on her personal PC, and when it booted up she basically yells out "What the hell is that thing???" as if it were my fault, pointing at the copilot logo on the taskbar.
I just shrugged and said to curse Microsoft.
thewhitewolf_98@reddit
The Co pilot app bothers you that much? Come on, stop overreacting.
0xSadDiscoBall@reddit
It does.
DoogleAss@reddit
Why you don’t have to use it lol… that’s like going to a comedy show and getting mad at the jokes.
No one made you go to the show… no one is making you use copilot is it annoying they install things at will sure is it that big a deal not really
CoffeeSubstantial851@reddit
Listen if i took a dump in your kitchen you don't have to clean it up.
DoogleAss@reddit
You’re exactly right I don’t but I also never had to let you in my kitchen either we all have choices my friend.
Just because you don’t like something doesn’t make you the end all be all
CoffeeSubstantial851@reddit
What? How are you confused by people wanting Microsoft to STOP installing shit they don't want on their computers?
Dont have to use it? Mfer I deleted the fucking operating system when they installed co-pilot on my machine without fucking asking.
DoogleAss@reddit
lol bro they along with every other company has been doing it for years and will continue to do so. They are a company that literally exists to continuously make more and more money. How do they do that without these tactics. Is it right no but it’s the world we live in you just yelling at the sky at this point
You mean nothing to them the corporate world is the foundation of windows market share
As a side note don’t call people mfers when they were respectful to you… I at no point was aggressive or disrespectful. Do better and have fun with you Linux if that’s what you want to run I don’t give a shit
Synstitute@reddit
You’re increasingly becoming the minority as more people become angry in late stage capitalism. It’s why us 20-40 year olds will unfortunately experience very painful and traumatic times.
Status_Jellyfish_213@reddit
Yup.
zopiac@reddit
It wasn't me, it was a generally tech-illiterate friend
She didn't know that it was "the copilot app", she thought something nefarious may have happened since random shit popping up is one sign.
Windows adding shit at will to my desktop always irks me.
72kdieuwjwbfuei626@reddit
Of course it does. They don’t want it, therefore it shouldn’t exist. These are people who think the world revolves around them, and Copilot is a painful reminder that it doesn’t.
bregottextrasaltat@reddit
nope
jefwillems@reddit
Same for gemini on Android
laserdicks@reddit
To be fair they owe us for stealing Cortana. Yeah it was shit but I could set a timer without touching my mouse.
TheDunadan29@reddit
Been there for a while.
r0n1n2021@reddit
lol. Imma make so much money moving people to Linux in 2025.
Caeremonia@reddit
Just wondering, what's the Linux analog of OneDrive?
Bobjohndud@reddit
I think with the dolphin file manager you can fairly trivially integrate many cloud services into it. You can also very often mount anything under the sun as a directory on Linux.
Caeremonia@reddit
I missed this reply the other day. Thank you!
Lorric71@reddit
There are several. Dropbox has a Linux client. Owncloud, Nextcloud, Syncthing and Synology Drive (requires you to have Synology box) are also worth looking at. These all work on Windows as well.
There are also a project to make a OneDrive client, but Microsoft isn't making one themselves.
Caeremonia@reddit
Thanks for the info! Do you have to host your own storage space somewhere accessible on the internet? I mean for a DIY solution, not one of the paid services.
RandomPhaseNoise@reddit
I have a tiny pc above my kitchen cupboard. It runs proxmox. There is a lxc container wich runs syncthing on it. My phone synchronizes my photos there. My laptop and desktop synchronizes my documents there.
As the proxmox has zfs under, I have snapshots of my data for months.
But you can try nextcloud too. It's also nice. I use it to share data with other people.
hiimjosh0@reddit
I mean just start doing it where you can. Many things are done as web apps anyway.
r0n1n2021@reddit
Yes but M$ is going to drive people away with this idiocy.
Gogogodzirra@reddit
2025: The year of the Linux desktop!
r0n1n2021@reddit
Eventually even a blind squirrel will find a nut
FireLucid@reddit
I understand people being upset about this for their home use, I don't get the corporate worry. If someone gets elevated rights, it's already game over for that system.
Just install the latest GPO to your central store and turn it off, or the setting that will be in Intune. Not to mention it's off by default anyway?
Am I wrong here?
MelonOfFury@reddit
I think the biggest problem is that EVERYTHING is saved, which means EVERYTHING is discoverable if something happens that includes courts and lawyers.
descender2k@reddit
Except it's not actually EVERYTHING it's not even anything IDENTIFIABLE really.
wrcu@reddit
Encrypted at rest. Which means anytime is running it's not encrypted. Or anytime the data is being accessed at all by the user it another process, it's not encrypted.
descender2k@reddit
Go read about how Bitlocker works.
wrcu@reddit
Again, encrypted at rest. Bitlocker does fuck all if the days is actively being accessed. Go read how encryption works before running your mouth.
descender2k@reddit
Again, in your brainless world encryption doesn't work on any machine in any format.
If your computer is compromised then a browser and clipboard history is the least of your problems.
You're complaiing about a locked door because someone has to be able to open it eventually.
This is what happens when you read chicken little trash like ARS and then parrot it without understanding what they are talking about.
wrcu@reddit
Got proved wrong now you're deflecting and changing the subject. Data encrypted at rest is only encrypted when it STAYS at rest. The point I was making is not that encryption doesn't work. It's that the way it's used in Recall isn't really very secure at all in day to day usage so shouting from the rooftops "BUT IT'S ENCRYPTED" means fuck all in reality.
The point isn't "Recall bad cuz all in one spot". The point is Recall is bad because we don't trust M$ to not harvest that info even more than they already do. All Recall does is put it all in a nice easy to digest package for their ad services and bot trainings.
Are you a dev on the Recall project or something, because you're defending it REALLY hard for someone not invested in its success....
elitexero@reddit
There's no point.
Dude has all the arrogance of some kind of L1 helpdesk guy who thinks he's the smartest one in the org.
descender2k@reddit
When you two brainless moops learn how encryption actually works... don't bother telling me. I don't give a shit.
descender2k@reddit
It's merely the best way we are capable of? Oh.
The point is that you're all throwing a hissy fit over something that A) Won't even be enabled by default B) You're supposed to administer properly C) Doesn't contain the scary data you think it does and D) It's as compromisable in it's current form as you think it is
I have absolutely no interest or care for Recall. It just find it hysterical how you are all acting about it.
elitexero@reddit
Cool. Is it ever decrypted on the same machine? Then the encryption is worthless.
Coffee_Ops@reddit
Hey guys what's credential guard and dpapi?
elitexero@reddit
Oh, you mean the historically fully hardened and never exploited credential guard and dpapi systems? I seem to have forgot how incredibly bulletproof these were.
Coffee_Ops@reddit
I'm not sure what an exploit would look like for an encryption system, but you're aware of a weakness in DPAPI-NG?
And the only credential guard weaknesses--not exploits-- I'm aware of attack NTLM specifically and would not be generalizable to other aspects of cred guard / VTL1.
But I would love to hear more about these exploits.
elitexero@reddit
I'm not going to pretend to be intimately familiar, I don't work in cybersec and I don't professionally work with Windows hosts.
That said, a brief google search has turned up what seem to be a lot of past exploits and what look like current potential exploits if things are not implemented properly within a corporate network. It looks like Paula Januszkiewicz has been doing a lot of work when it comes to DPAPI for quite a few years when it comes to dumping secrets with DPAPI. Again, not intimately familiar, this could be on a different layer than this decryption would be handled by - but it seems like the consensus I can see is that it's not exactly rock solid.
My concern primarily lies not with current exploits, but the storage of this data, the history of general exploitation within operating systems and the potential pandora's box it could lead to if some private 0day makes it easy to get access to these files. The risk/reward of this system does not seem remotely worth it.
Coffee_Ops@reddit
I walk the line across OS administration, cyber, and identity. I'm familiar with the attacks.
They aren't exploits that I'm aware of. They're ways of sometimes working around the protections, which are still robust and often far more than anything Linux has.
From a brief review of Januszkiewicz' work it appears to require root access and does not appear to be an exploit. What's more, my (shallow) understanding is that some of the secrets she requires are not easily available with Credential Guard turned on.
The fact is, if you get root on a system whether it's Windows, Linux, or Mac, they can generally compromise everything for all users. Recall does not change that threat profile at all. You might as well complain about browsers keeping history.
elitexero@reddit
For the most part I agree, except it could allow exfiltration of historical sensitive data. I would more contrast it to users saving all their passwords in the browser password safes. Sure someone could sit there and monitor/capture passwords live, but having a large amount of data to dump is always nice for bad actors.
Like, my large concern here is identification of access. If someone were to breach systems and get detected 24h later, they would effectively be able to exfiltrate weeks or months of data without access.
Coffee_Ops@reddit
Malware already sits resident, waits for password vault unlock, and dumps the credentials.
Folks in the /r/sysadmin sub should understand well that, once you get admin on a box, everything there is liable to compromise. Arguing against a new capability because that might also get compromised by an admin is silly.
They probably have your browser history, session cookies, and maybe a full password dump at that point.
Recall is the least of your worries.
mnvoronin@reddit
Can you guarantee, with 100% confidence, that there will no exploit discovered for DPAPI-NG ever?
Coffee_Ops@reddit
Dpapi is a local API with almost no attack surface I'm aware of.
Do you have some intelligence here you'd like to share or are you just saying words because attacking Microsoft is popular?
mnvoronin@reddit
Do you believe there is a way to make something totally unattackable beyond covering the device with a cubic meter of concrete and dropping it down the Mariana Trench?
Coffee_Ops@reddit
I don't think that such a discussion is useful in this or any context.
You might as well say "what if AES has exploits". The question itself is irredeemably flawed.
descender2k@reddit
That isn't how it works
elitexero@reddit
How so?
If a local instance of the tool wants to view that encrypted storage, it has to perform a decryption function somewhere in memory on that machine.
descender2k@reddit
So in your brilliant assessment of security nothing can ever be decrypted on any machine ever? LOL
The hash isn't stored locally, you're not decrypting anything without it. If the machine is compromised already... then you had a different problem.
Chicken little's shouldn't pretend to be a sysadmin.
elitexero@reddit
Your point of it being encrypted at rest doesn't mean shit if it's encrypted at rest on the machine doing the encryption.
The entire point of encryption at rest is that the item that's encrypted is not encrypted by the machine it's stored on. That way if anyone gets ahold of the data in bulk, it's largely worthless.
If someone were to get access to the machine, how far fetched would it be to hook the process that's doing the encrypting to get the necessary data to then encrypt it.
descender2k@reddit
They aren't releasing the version you read about 3 months ago.
elitexero@reddit
I know they aren't - that one wasn't even encrypted.
descender2k@reddit
Coffee_Ops@reddit
Modern windows 11 installs use VBS to have the "os" as a VM under the hypervisor, and restricts it's access to some sensitive memory.
It is simply not true that just because something gets decrypted on that box, that admin can view it. That's literally one of the threat models countered by credential guard.
And both AMD and Intel support memory encryption with multiple keys that can be used to thwart both evil admins and evil maids from getting at the plaintext memory.
Whether that applies here depends on implementation.
elitexero@reddit
Look, you're actually right here. I'm being largely alarmist, but with intent.
Looking back at .. how many decades of Microsoft OS releases and the bananas amount of elevation style exploits that have come out rapid fire - there's no way in hell the level of responsibility that comes with housing information that this godawful tool is going to harvest should be left up to an OS, especially on consumer machines. Regardless of how the layered security implementations look right now.
One exploit away from attackers being able to exfiltrate not only whatever they can grab at the moment, but a historical diary of screenshots and various other extremely personal items just being stored on your machine for the pointless purpose of some crappy Microsoft advertising focused LLM training on your data to sell you shit and then firing valuable telemetry and training data to Microsoft.
zero0n3@reddit
Or God forbid the companies that use MS products use it so their engineers can better assist other teams and each other?
Like for fucks sake. MS isn't the only company getting a benefit, it's a net positive.
And again, what additional data from a personal or corporate perspective would this data get them compared to the access they already have on your machine?
99% of the shit in the screenshots will be available in logs, cached files, browser history, etc.
Hell, those locations are probably more valuable too! since it could have passwords or cookies that could be used to get to your bank account. Also, a lot smaller file size wise, and easier to go unnoticed.
BUT PASSWORDS?
Oh wait, screenshots will never show passwords unless you yourself show it on screen.
elitexero@reddit
Will it really get used though? Problem steps recorder has done similar for over a decade and most people don't even know it exists, granted it's not automatic, but still.
What they can get until discovered +history as far back as the recordings go. Smash and grab malware would just need to exfiltrate those files and they have so much more than they could get in a single instance or without having to set up long term surveillance/exfiltration. Caveat == provided they can get the decryption key.
I mean hell, this post has quite a lot of people concerned about the security risks of such a thing, it's not like I'm some random outlier here.
Some things I can think of off the bat - client lists, confidential internal communications among executives, finance teams have sheets open with information that could be concerning if they were leaked and the company was public. They may be cached, they may not. Screenshots guarantee visibility however. Internal communications between operations team members that could be used to better understand the scope of security across the network... the possibilities are endless, especially with web client based chats like Trello or Slack - there aren't local chats stored for those, so dumping someone's tmp directory wouldn't be nearly as useful as having a visual diary of conversations.
All in all, the juice doesn't seem worth the squeeze. Enterprises can implement a host of 3rd party solutions to do the same thing if needed - I don't see the need for Microsoft to hammer this peg into the Windows hole across the board.
Corporate users should never have an expectation of privacy on machines they do not own, however they should have a reasonable expectation of corporate privacy in relation to the confidential information on their screen.
Maybe I'm not getting how this is all going to work, but my main concerns really line in where the encrypted databases are stored. If they're stored on the local machine, I stand by my concerns/claims/bitching/whatever. If they're not, and are streamed/uploaded to another centralized network storage, I have much less concern. That said, with this product's intent seemingly to be pushed to all builds, not just as a corporate option, I'm pretty sure these are going to be stored on a per-machine basis.
fresh-dork@reddit
discovery is a cast iron bitch. "show everything that user X did on august 14 during business hours"
zero0n3@reddit
They already do this.
Citrix, VMWare, RDP, Parallels. They can all be setup to record the session.
Hell, companies make us go through jump boxes to access our sensitive systems so they can record and control what goes each way.
This shit isn't new in the corporate world. It has massive benefits to troubleshooting.
Someone calls my team about a fucked up app? Ok, approve this request for me to access the last 2 hours of your recall data and lets take a look.
elitexero@reddit
I think you and I can both agree that user tracking has much better options than scuttling the entire OS across both corporate and retail users.
TU4AR@reddit
Someone tell this dude that bit locker is worth less because it can decrypt it self on the same machine.
elitexero@reddit
And someone tell this dude that a TPM chip decrypting a volume pre boot is not the same as a running OS performing continuous encrypt/decrypt functions.
accidentlife@reddit
Encryption won’t mean anything if you have a court order to turn over the files during discovery. That alone is a huge corporate risk.
descender2k@reddit
You always have to turn over all files during legal discovery. The files being encrypted has nothing to do with reality.
naugasnake@reddit (OP)
Because one of the core tenants of network security is to limit exposure as much as possible. In this case, this product, unnecessarily stores basically everything. Every piece of activity. Every single thing you do. That is a massive exposure posture that in turn, gives you very little benefit compared to the risk.
FireLucid@reddit
But this does not apply in a corporate setting where you have it turned off. And apparently the new release will be off by default. Just because all your devices can give uses local admin doesn't meant you are going to turn that on etc. I sure as hell am not going to use it, I'll just ensure it is off as promised if I ever have a machine that uses it and carry on with life. And we'll have it locked down at my job so it cannot be turned on.
Big_Emu_Shield@reddit
The issue is that some update is going to toggle it on and won't tell you. This is a thing that has happened before.
Netstaff@reddit
When?
Big_Emu_Shield@reddit
https://www.reddit.com/r/Windows10/comments/lu1kor/windows_10_telemetry_keeps_re_enabling_itself/
Literally top Google search
Netstaff@reddit
So it didn't, instead, what was is that some machines broke due to an error, and errors are unavoidable. BTW, if you are really that obsessed with telemetry(Why? MS is binded with legal contract, people trust them entire clouds they are more trusted by customers than you are), you should block it externally an not with some sort of no-warranty third party software.
Big_Emu_Shield@reddit
Yeah and look where that consistently lands people. I professionally do NOT recommend cloud-based solutions.
Netstaff@reddit
Well, as everything is in the cloud, i can conclude that you are unenployed.
Big_Emu_Shield@reddit
Currently managing the networks of several small businesses in NYC. Only one of them uses anything cloud-related.
BatemansChainsaw@reddit
Let's get to the real problem here: it shouldn't exist. it shouldn't be a default inclusion. it shouldn't have a default of being ON.
it just shouldn't
FireLucid@reddit
Yeah, this is the one thing that has really made it hit for me, thankyou. Get rid of it!
Jaereth@reddit
I'm also thinking of stuff like - High value laptop gets compromised now - ok, maybe the thing starts scanning the file system. Maybe it starts scouting the network. A lot of EDR and SIEM systems would be like "hey this is suspicious activity" and isolate the endpoint.
But now that one compromised endpoint had a dossier of info from that user. If this is enabled it basically guarantees (in a business world) ANY compromised laptop will now contain a treasure trove of recon info for lateral movement within the org at that point.
The spearphishing from this is going to be nuts lol.
TheDunadan29@reddit
It kind of sucks for worker privacy. Which let me be clear, I have zero expectation of any privacy on my work PC, I only do work on my work machine, and I do my personal stuff on my personal machine.
But consider some manager decides to use this to track worker productivity. So now they are tapping into recall to see literally everything you do, when you do it, and for how long. Maybe it's not there yet, but Teams is already a tattle tale being used to track productivity. This just seems like another invasive thing.
Also, if I'm a corporate Sysadmin, security is a big concern. If I've got users dealing with proprietary information, it's just always the question of how data is being tracked. And the other issue people are posing here, if malware, or a direct attack is happening, is this sufficiently hardened to prevent elevation? Or what if it just steals the screenshots? Working on some confidential info, and now the OS is screen shotting your data?
There are just still way too many questions about how it works, what data is stored, and ways it can be abused.
Personally, if there kernel was more hardened, and recall didn't have access to anything that exists in the hardened space, and you could also block apps that contain sensitive data from being tracked, that would be ideal. But then we're just carving out space to the point it begs the question of why you'd enable it at all? Just disable it.
pdp10@reddit
That class of functionality (e.g., Intel SGX) has existed for years, but it's literally only used for Digital Rights Management of media.
disclosure5@reddit
No, it's not off by default. Here's the setting:
https://learn.microsoft.com/en-us/windows/client-management/manage-recall#configure-policies-for-recall
And quoting the text: "Organizations that aren't ready to use AI for historical analysis can disable it until they're ready"
Assuming people proactively deploy that setting, are you naive enough to believe a Windows update won't "accidentally" break it like all Microsoft's previously configurable telemetry options, or the way Copilot accidentally showed up on desktops?
fish312@reddit
That's such a shitty wording
Organizations that aren't ready to use AI for historical analysis can disable it until they're ready
Not "organizations who don't want this feature". Why, everyone wants this feature. You all just aren't ready for it.
"Until they're ready". Not if, but when.
jmbpiano@reddit
https://pbs.twimg.com/media/BKvTd4XCcAAH-pb.jpg
FireLucid@reddit
My mistake, when it is released, not insider, it will be Off by default according to Microsoft. I guess we'll see if that is the case.
darkfader_o@reddit
what could possibly go wrong over the, say, next 10-15 years with that.
Coffee_Ops@reddit
The arstechnica article linked by OP states that it's off by default.
RikiWardOG@reddit
I really can't believe you see no risk here for corporate devices. So many places where a gpo can fail to reach the machine or for w.e fucky reason the configuration fails or you know someone gets exploited or someone in the firm is malicious etc this is a feature nobody asked for and it's ripe for abuse
zero0n3@reddit
BECAUSE:
If you are an attacker, and you are on this person's device as this user, YOU ALREADY HAVE ALL THIS FUCKING DATA AVAILABLE TO YOU WITHOUT RECALL. THE MOST VALUABLE DATA ISNT EVEN IN RECALL!!!
Do you really think an adversary gives two shits what app or doc or code you were working on 2 years ago? fuck no. They care about what you are doing now and what they can do to move along or extract value from you via blackmail, ransomware, etc.
Anything a skilled adversary would want, is better off going to the source of the data. Recent docs, corporate shares, company websites you go to blah blah blah.
Also guess what's easier to exfiltrate? The big 1FPS video file of your entire desktop, or only the pieces you find interesting based on file name or location or recency? Which one is going to ring more alarm bells in all the corporate info sec systems?
FireLucid@reddit
The new version is supposedly off by default but if you read my parent comment, I have changed my view.
narcissisadmin@reddit
You mean like how you can hide CoPilot but you can't actually get rid of it? That's the issue.
Big_Emu_Shield@reddit
You can disable it though.
Bruskmax@reddit
More software developers need to write their applications for Linux. Linux is user friendly as windows.
This_guy_works@reddit
RIP to anyone who keeps their passwords saved to a spreadsheet and looked at it. Or works with any kind of sensitive information. Now it's on recall for anyone with access to see.
ZMcCrocklin@reddit
People still do that? Ew. No thank you. I'll use my password manager to generate 64-character passwords (or less if maxchars is lower) & store it encrypted in a database. Just don't use LastPass. 😋
ChevyRacer71@reddit
Name one thing that Microsoft has ever fucked up or implemented poorly. Can anyone think of even just one single thing??
ZMcCrocklin@reddit
Windows ME & Vista.
fadingcross@reddit
It really must not. It's a fantastic feature. Stop pretending like your data is that important. No one at MS gives a fuck about your excel sheets of current number of plywood in stock.
techtornado@reddit
When the CP database gets hacked again, all of that data can be mined by a ransomware expert to harvest someone’s entire life and empty bank accounts
fadingcross@reddit
A) 99% of the worlds companies doesn't have any sensitive data.
Sensitivie to competitors - OK. But they're not important enough that anyone will hack them.
B) The data is on MS systems.
So you're counting on someone hacking MS, and then they should care ABOUT YOU.
Yeah, if your company name is JP Morgan Chase or the National Security Agency. Sure.
Joe's Truck and Tow LLC? Yeah no one that is capable of hacking MS gives a fuck.
And if they did, they'd hack you in 2585825 other ways than co-pilot.
You're just making up shit to avoid getting with the times. Enjoy being left behind I guess.
techtornado@reddit
I refuse to support this AI invasion
I support multiple PHI/PCI and Soc2 organizations, so yes, sensitive data is a big topic for us and no, Copilot is not allowed because it’s just too invasive vs. the claimed productivity benefit “offered”
fadingcross@reddit
Cool.
Just remember that a lot of people refused to adapt virtualization too. And IaC. And coding.
Guess what happens to this people's careers.
You do you!
techtornado@reddit
I love virtualization and idk what IaC is
ZMcCrocklin@reddit
IaC = Infrastructure as Code (i.e. Terraform)
fadingcross@reddit
You're missing the point, completely.
techtornado@reddit
Stop being a rude gatekeeper, this is your only warning… ⚠️
There is a proven benefit to virtualization whereas AI has no benefit other than filtering out data based on bias and influence algorithms
fadingcross@reddit
You've clearly never used chatgpt. How many examples do you want?
techtornado@reddit
Again, offensive, why must I repeat myself?
I’m talking specifically about the AI in Windows Recall how it’s not compliant with sensitive information and therefore businesses should be able to remove it entirely
And with Microsoft’s terrible track record of turning optional things on or forcing Windows upgrades without user consent, that is why I don’t trust it
Other AI’s seem to be ok for novelty image generation or making a video, but no AI on my Windows, full stop
fadingcross@reddit
So you and your users never use snipping tools in windows, ever?
You don't use browser history to go back to a page and read what it said, you got photographic memory I guess?
If the to these two questions are anything else than "Nope" - You've got a massive use case for recall.
techtornado@reddit
Screenshots are largely used to highlight all of the Office365 errors Microsoft keeps creating for us
That is an intentional process where I can control the capture of said information so that private says that way
All that to say, it is a really bad analogy for justifying recall...
My memory is stellar when it comes to websites and articles read and/or it can be found very quickly from the browser's history and that is the only place that should be stored
I use a Mac, that is how much I trust the reliability and stability of Windows...
Kiernian@reddit
"Infrastructure As Code" I think, in this case.
andrew_joy@reddit
Stop using windows. How many times to that have to abuse you before you fight back? Dont tell me that you need xxxx software, no you dont there will be an alternative , it may not be as good but it will get the job done.
In corpo wold you may have to but that's business data and its the businesses problem.
Kiernian@reddit
That, right there, makes this:
A super annoying post to a large number of people.
We use it at work because we have to, we often use it at home because that's how you stay current.
So, unfortunately, it is not that simple.
ZMcCrocklin@reddit
You don't need to be on Windows to stay current. However, the majority of consumer machines come with Windows pre-installed. Most people don't know enough/can't be bothered to switch to an alternative like Linux. As I work in IT focusing on Linux, I'm actually on a M1 Macbook (currently no way to put any other OS on there but MacOS), but it's better than windows. Previous employer issued Dells with Windows, but we were allowed to wipe it & put Linux on it (unsupported by helpdesk).
MarineJP@reddit
https://practical365.com/protecting-your-enterprise-against-microsoft-recall/
Manage it
MairusuPawa@reddit
This is like continuing to tolerate the orphan crushing machine instead of shutting it down.
topromo@reddit
I'm so fucking glad Microsoft doesn't cater to this subreddit, they would never release anything. Manage it.
Caeremonia@reddit
What is so difficult to understand about admins not wanting random apps pushed to the operating system without their sayso. It should be a standalone product, not something that is installed by default that we then have to opt-out of. Why not just make it opt-in?
DoogleAss@reddit
I think most admins would read up on the feature and if they did they would realize it’s only supported on ARM and not a single x86 CPU currently
In other words do you plan on replacing your fleet with ARM cuz if not it’s a null point
At least until Intel/AMD decide to integrate NPUs into their products
MairusuPawa@reddit
If you're a decent admin you plan for impact 5 years down the line, and it's obvious you'll be fucked.
Just because you can't see past three weeks in the future doesn't mean you should also fuck everything up for everyone.
72kdieuwjwbfuei626@reddit
It is opt-in.
Pilsner33@reddit
"manage the e coli, don't fix the broken source"
topromo@reddit
Yes. Some people want to drink unpasteurized milk. Good for them, they're accepting the risks. You? You probably don't want to drink unpasteurized milk. So you don't.
Manage it.
Pilsner33@reddit
Standards are a thing.
Try again.
BUTSBUTSBUTS@reddit
Milk sold to consumers isnt unpasteurized by default, you have to seek it out and knowingly accept the risks. Your scenario would be if someone was scheduled to come to my house and force feed me unpasteurized milk without me asking and I had to send them a notarized letter to make them cancel the appointments
Jaereth@reddit
But 5 months later, they "Update" their forcefeed policy and your letter you sent is just disregarded and they show up again.
I can't fucking stand the Microsoft cucks. You buy the hardware, you buy the OS, you run the system. If you switch something "OFF" it shoudl be an EGREGIOUS breech of policy to turn it back on automatically.
DasGanon@reddit
What, you mean you don't like the "Yes!" vs "Maybe later?" options that companies are giving you?
chron67@reddit
You mean "Yes!" versus "Also Yes! but in a different font or size"
Turak64@reddit
Man, what an over reaction.
Tower21@reddit
They want to shut down the orphan crushing machine.
I mean, how dare they. The orphan crushing machine is a staple of our world.
Not on my watch, we will have the biggest orphan crushing machines if I become redacted
I can promise you that much, they will never take our orphan crushing machines away.
Can you imagine, no orphans being crushed, I can't imagine, not if I'm voted redacted
JustInflation1@reddit
Yeah, let’s crush the orphans
Tower21@reddit
See, ... Finally, someone talking sense.
I always said I like /u/JustInflation1, they said his name is weird, it's not weird.
He's an upstanding member of society, can you believe they said that, I can believe they said that.
They are horrible people calling JustInflation1 weird, I've never said that.
ChumpyCarvings@reddit
I'm so tired of coming to this sub allthese years and poor sysadmins need to find the next thing, to remember to block.
Learn to block xbox game bar
Learn to disable solitaire installs
Learn to stop X
Learn to stop this on updates
etc.
abr2195@reddit
If an sys admin is using security baselines and keeping them up to date, they don't need to worry about blocking things that threaten the security of the company.
If a sys admin is blocking things as a means to exercise control over users without any material benefit to the company or the security of its users, perhaps they should reevaluate their priorities.
Mindestiny@reddit
It's kinda the job, not sure what people expect. Technology is going to keep moving, in no world do sysadmins get to configure once and then just sit on their thumbs forever because everything is perfect and evergreen
hoeskioeh@reddit
One downvote for disabling my Solitaire :-P
MairusuPawa@reddit
In case you haven't realized yet, Solitaire is now a money grabbing scheme pushing ads and DLCs.
hoeskioeh@reddit
O.ô WTF?
I'm getting old...
Dekklin@reddit
Remember the days when solitaire was just the case game, no DLC or ads?
The_Wkwied@reddit
Ah yes, thank you, Microsoft, for making more work for us.
Thank you for giving us a task to do, to turn off something we didn't want. Something that our org doesn't want, something that our users don't want, and something that we will be inevitably tasked with turning back on org-wide because some C-suit thinks its pretty neat on their home laptop, which is actually their org's laptop, which you gave them local admin because the C-suits demanded it.
Yes. More work. Yay.
abr2195@reddit
This sounds like an organizational issue, not a Microsoft issue. If it is difficult for you to apply a single configuration policy to your computers, that reflects poorly on your organization's ability to manage its computers. That's not Microsoft's responsibility.
KnowledgeTransfer23@reddit
So... it is something the org wants, then?
The_Wkwied@reddit
Just like steam and discord, on the c-suits laptops, right?
SpiritualSpaceGolem@reddit
I feel like we have worked for the same companies our entire careers.
Wolfram_And_Hart@reddit
Because the same boring places cranked out the same boring C levels.
The_Wkwied@reddit
We all wear different hats, but we are all part of the same circus.
I_T_Gamer@reddit
I've supported MS for over 20 years. I hate them at my very core. Linux is finally getting some gaming support, maybe I can rotate my gaming PC over before I retire....
Heavy-Lengthiness947@reddit
that happens when there is barely any competition on the software
TU4AR@reddit
Just because you don't want it. Doesn't mean everyone else doesn't either.
The_Wkwied@reddit
Then lets meet at a fair medium, and make copilot a standalone app that isn't baked in to windows at all.
EraYaN@reddit
That would require the DoJ to actually care about anti trust again… and they seem to be trying a little bit these days. But it’s not very popular politically it seems.
VeryRealHuman23@reddit
just mention e-discovery and that should be enough to never turn this on
Kinglink@reddit
Great for your office, but whose managing it on every normal person's computer.
The feature shouldn't exist.
ArchusKanzaki@reddit
Microsoft is everyone else’s syadmin. That’s what Home version is.
Kinglink@reddit
Kind of my point. They won't disable it themselves. When you have something this dangerous, hopefully they don't roll it onto the home version... but they will.
72kdieuwjwbfuei626@reddit
It will be off by default. Why do you think you can contribute, if you can’t even be bothered to read the article.
ShitslingingGoblin@reddit
Yeah just like onedrive used to be.
72kdieuwjwbfuei626@reddit
It will be off by default. If you have evidence to the contrary that isn’t blind speculation, feel free to share.
As for the question, I think correcting misinformation is a contribution to a debate. If you disagree because you believe that certain lies should stand unchallenged, maybe fuck off to a conspiracy subreddit of your choice.
ShitslingingGoblin@reddit
Lies like “Microsoft automatically enables features through windows updates”? And “Microsoft doesn’t always tell the truth”?
72kdieuwjwbfuei626@reddit
So nothing then.
ReputationNo8889@reddit
This would have been released to the Home versions first if not for the shitstorm
MarineJP@reddit
Personally, I avoid using Windows at home. It has had almost no negative effect on my life.
72kdieuwjwbfuei626@reddit
Everyone manages their own machine and makes their own decisions. Sorry that you don’t get to turn a feature off for the entire world.
ledonu7@reddit
Thank you for the links too 10/10 comment
YouandWhoseArmy@reddit
Ah yes the "If you dont have enterprise windows and all the licensing cost associated with it, you're enrolled in microsofts shit tier MDM."
fedexmess@reddit
At this point, I want them to swing for the fence and finally get intrusive enough to kick off another antitrust probe. Maybe this time the government will do what they should've done the first time and break them up. Not holding my breath...
Maraxius1@reddit
Something tells me the government is all in on this, as they can leverage actual MS processes to spy on our PC use. If anyone still believes our government doesn't do warrantless and constitutionally illegal spying on its citizens then they never will.
No_Radish578@reddit
I'll just go Linux if that happens. I can't bother with this AI bullshit.
andrew_joy@reddit
And we will welcome you, we are not as mean as everyone says, we just want you to read the man page first before asking :).
universepower@reddit
I would really love it if Microsoft would make a Windows edition which is more expensive but has none of the guff. For enthusiasts. Call it Enthusiast Edition. It can’t join a domain or use hyperv, it can have a Microsoft account but it doesn’t need to.
Mindestiny@reddit
What's "enthusiast" about disabling huge swaths of functionality from the product?
universepower@reddit
For many years, nerds have worked to strip their operating environments of anything deemed unnecessary in the search for one or two more tasty frames.
Windows today has many features which are unnecessary for the holy frame. True, patches and security suites are not those things, but recording my every move on the desktop is indeed one of those things.
Mindestiny@reddit
Ah, that's not "enthusiast" at all, that's weird pc master race gamer kool aid lol. I had assumed you were speaking about the actual "enthusiast" space who are doing interesting things with their hardware. The distributed computing, overclocking, benchmarking, etc folks.
I've seen sooooo many "gamers" totally brick their systems trying to cut out OS functionality with no actual understanding that the function will have no impact on their gaming framerate over the years. Such an odd subculture.
universepower@reddit
There is no reason why you couldn’t do those things on a platform which also would work for gaming. I think you’re reading more into my comment than was actually there.
Mindestiny@reddit
I never said you couldn't.
I was only looking to clarify what "enthusiast" definition you were using, since those two subcultures are very different beasts (with some occasional overlap)
pdp10@reddit
You're going to have to roll your own distro like tiny11.
universepower@reddit
Yeah totally. There’s a bunch of great tools out there - VMware had this tool to strip stuff from windows desktops to increase the density of virtual desktops
darkfader_o@reddit
Win 10 IoT/Ent LTSC + N is reasonably close.
universepower@reddit
Yah, it’s just hard to get a copy.
MasterSplinter9977@reddit
Microsoft is a shit Spyware company now like Norton lol lol
TheBoatyMcBoatFace@reddit
Let it. I’m so jaded. Let everyone get hacked. Maybe, just maybe, they will realize it is a bad idea. You can lead a horse to water but you can’t make it drink.
Jaereth@reddit
If people in your environment can "just find a way to get elevated rights" you've got bigger problems than recall.
free-4-good@reddit
He means hackers not users.
KnowledgeTransfer23@reddit
Still. A hacker with elevated rights can get the information they would from Recall any other ways. They have for decades already.
chron67@reddit
But why make it even easier? There is very, very little valid benefit from a feature like this but plenty of downside. Also this argument is kind of like why should I lock my house doors when they can just break the window or kick the door down?
KnowledgeTransfer23@reddit
Are you serious? You can find no valid benefit from a feature like this? Near-eidetic memory for your computer?
Your analogy doesn't matter because the premise set up is that the intruder is already in the house. More appropriate would be, do you spread out all of your important documents and any cash you have throughout your entire house at great inconvenience to you just in case a burglar breaks in? Like, one necklace in the jewelry box, one pair of earrings in the sock drawer, one bracelet in the bottom of the bag of flour?
nyanf@reddit
Fuck windows.
cashMoney5150@reddit
Isn’t this monopolistic behavior?
bleuflamenc0@reddit
They're already spying on you. Recall is just showing you some of it.
Brondster@reddit
This kinda decision seems to beg the question why do we pay for a OS premuim to be spied on?
we dont wanna know what program we used last Smarch (lousy Smarch weather)
we want Full control of what we want to disable /uninstall and get rid of Bloatware that we Never going to use.....
bukkithedd@reddit
This is the equivalent of a stiff fart in a thimble, not the F5 tornado people make it out to be.
Don’t like it? Don’t turn it on.
Zocdoo@reddit
My plan is to keep on using W10 until EOL and then Linux + proton for gaming. I’m using Windows for a long time, had my fun with DOS as well, but Recall is a bit too much for me to handle.
greetedwithgoodbyes@reddit
Yeaaaaaaaaaaaaah righhhhhhttttttt
xixi2@reddit
Sooo... am I the only one that does quite a bit of stuff on my computer that I don't want any trace of? Like what are they thinking? Does this thing respect incognito mode even?
72kdieuwjwbfuei626@reddit
Don’t turn it on then. It’s not complicated.
abr2195@reddit
From Microsoft:
And
DoogleAss@reddit
So don’t buy an ARM based windows Pc and you won’t have it simple solution
KnowledgeTransfer23@reddit
Sorry to tell you, but there's still plenty of traces on your computer of the things you do...
xixi2@reddit
Nuh uh I use nordvpn
Mindestiny@reddit
I hope this is sarcasm...
SquareWheel@reddit
It respects private browsing in Edge, Chrome, Opera and Firefox, yes.
223454@reddit
I'm not sure I would trust that to be true.
bisectional@reddit
Even Google doesn't respect incognito mode.
nostradamefrus@reddit
Google’s an asshat but it’s been well established for years that all incognito does is not store cookies
Lemur_storm@reddit
I wonder what this means for Citrix presented applications.
Yes, people could always take screenshots of business data on their personal devices, but that's not a big target.
Recall on personal devices accessing business data via Citrix makes me worried about that target being centralized and exploitable outside of my control.
One could say "don't allow Citrix users to access sensitive data". But profiling what sensitive data is and then attempting to mitigate that is ... just yuck.
It'd be ideal for companies to signal to recall "disable or MS pays for business damages" on their websites.
Seriously, this feature is peak stupidity and I hope opens up MS up to serious financial damages because they siphoned off data, had a recall breach, and found liable. Would it work that way, probably not, but I can only hope.
72kdieuwjwbfuei626@reddit
You can either give out company devices or stop pretending that you give a shit when you actually don’t.
thortgot@reddit
Don't allow unmanaged devices connect to your Citrix environment if you want actual data security.
Malware keylogging/screencapture is already occurring and data exfiltration blackmail is the new ransomware.
avarageone@reddit
When I worked via citrix our office machines had to be checked and certified by the client's IT. Probably whenever citrix is run it or other app will check if recall is disabled, maybe even antivirus software will do it, or some management suite.
ThatITguy2015@reddit
They are still planning it? That is fucking impressive. Infuriating, but impressive.
F0rkbombz@reddit
AI platforms are running out of data to train their models on, and the AI generated data they are trying to train LLM models on just isn’t doing it.
They need real people to generate real data for their models, and I suspect that’s why MS is trying to force this despite the huge pushback.
It’s not just “we don’t care, we want to deploy this feature”; there’s a reason they are willing to do something this unpopular.
itazillian@reddit
This is restricted specifically to ARM devices marketed for AI stuff. That's insignificant.
I mean, you prolly have a point about that, i just dont think MS is doing that right not. Maybe they're anticipating something like this and are positioning themselves for a future opportunity, but right now they wouldnt be able to even if they wanted.
F0rkbombz@reddit
Oh for sure, it’s not like they will jump right into it. They will do it the same way as every other company; gradual updates to their privacy policy / EULA that slowly grant them more and more access to consumer data.
ThatITguy2015@reddit
That makes a ton of sense. Never thought about it that way.
CoffeeSubstantial851@reddit
What better way to train Agents than to monitor and catalog every task completed by every worker on every computer on the entire fucking planet?
Devatator_@reddit
I'm baffled by the fact people would believe this. Microsoft isn't dumb enough to blatantly just, send everything you do on your PC. Do you know how many laws and regulations this would break? (Depending on the country)
F0rkbombz@reddit
You’re assuming Microsoft actually cares or isn’t drinking their own KoolAid. For example, there are no data privacy laws in the US at the federal level, so any fine they will receive for violating the privacy of their US based customers will just be a cost of doing business. What are Americans going to do, stop using Windows or M365 products? Not a chance. MS knows they are “too big to fail”.
The recent CISA report on MS’s abysmal internal security practices should make everyone re-evaluate what Microsoft says. It’s very clear they don’t prioritize security internally, so why would they prioritize security or privacy externally when they can make more money instead?
DeifniteProfessional@reddit
Unfortunately, some companies, such as Microsoft, are too big to fail. A few fines here and there, but Governmnts can't stop MS
thortgot@reddit
Governments absolutely could stop Microsoft. Have you seen the EU's fines against Google?
Let's imagine this was the case. There are quite a few problems with it.
Bringing attention to the public feature would put more scrutiny rather than less. They could have implemented an equivalent feature as part of the kernel with no notice to anyone.
The amount of data you'd need to capture to be useful wouldn't be possible to hide. It would be immediately identfiied. Data exfiltration identification is quite straight forward and many security groups are constantly looking for it.
They already have access to the majority of this data if they chose to do so through services like OneDrive, Sharepoint and M365 and could do so on the backend.
Let's theorize a much more plausible set of reasons.
Computer hardware sales have been sluggish. This features only works on "NPU" enabled devices (coprocessors) meaning to utilize it you need new hardware.
Microsoft's attempting to obtain/maintain a public perceived "AI" lead
Windows 11 adoption has been much slower than they want. This is solved by pushing for a new cycle of hardware adoption that only works on 11.
A product manager demoed it and got the nod for it being "revolutionary".
pdp10@reddit
Microsoft: too big to fail since 2001.
Intel: still trying hard.
lightmatter501@reddit
But think of the shareholder value generated in places where it’s legal! /s
nostradamefrus@reddit
Might make sense but makes it worse
TotalCourage007@reddit
This just makes me want Halo on PlayStation out of pure spite if Recall goes through.
nostradamefrus@reddit
Why, that’ll just make them more money
CB_Eric@reddit
It's like shitty bills in Congress. They only have to get it through once, no matter how many tries it takes.
sardine_lake@reddit
Windows 11 X Lite 64bit (fbconnan) all the way. Strips windows of the bullshit and makes it the same as windows 7. 3rd year running it.
Overdraft4706@reddit
and how safe is it? Do you do your internet banking on it? And buy things using it??
sardine_lake@reddit
3 years, been doing everything
leeburridge@reddit
They want companies to use Intune to control this (at a cost) for home users it’s how they will make money from them going forward. Data harvesting to feed CoPilot.
Zamorakphat@reddit
This moved me to Linux on my personal machine
rocktsrgeon@reddit
I sure hope there is going to be an Intune config setting for this.
UndeadCircus@reddit
My guess is that Microsoft already KNOWS it’s a massive security risk, and is going to do it anyway. I really don’t know that anything any of us say or do is going to change their decision in moving forward with it. We’re still going to need Windows, so no matter what, we’re still going to have to cope with their backend decisions.
SteampunkLolcat@reddit
Do we, though?
UndeadCircus@reddit
If you want to be philanthropic about it, sure, we don't need them. Nor do we need to use computers at all. Do we REALLY need to use e-mail when faxes can work just as well? But then again, we're probably buying into big telecom by using faxes, so fuck it, let's just send pigeons to each other and hope that the banks get our payroll reports in time to send payroll out to our employees.
On a more real note, do you have the time to retrain your ENTIRE workforce to use Linux, and then spend an ungodly amount of time finding software specific to your industry that works in the environment?
Yeah, we kind of need Windows. At least in my environment.
ScoobyGDSTi@reddit
The irony is some users will want these sorts of features.
The ability to go back in time and recover or find lost work or actions can be useful.
Also this is nothing new for Enterprise environments, we've already got extensive OCR and DLP controls going on. I know everything my users copy to their clipboard, create in Office documents and even every internal and external recipient they sent files to.
BradChesney79@reddit
...Linux is like 95% less scummy.
Come to the dark side.
thewhitewolf_98@reddit
No, linux sucks.
BradChesney79@reddit
Nuh-uh.
I'm telling your mom.
sekazi@reddit
This may be the feature that forces me to Linux. Gaming has gotten much better over there. Honestly I have little reason to stick with Windows anymore.
VVaterTrooper@reddit
Gaming on Linux is just fine. Value did an amazing job with Proton.
holiday-42@reddit
Insiders only in October. I hope this gets squashed before going into mainstream.
I don't want it installed and "Disabled".
I don't want it installed at all.
BoredTechyGuy@reddit
It’s what finally drove me to Linux for my home machines. I’m just done with the crap.
For work, not much choice except lock that crap down the best I can and hope M$ doesn’t turn it back on for me.
amcco1@reddit
Why would this, of all things, drive you to Linux on your home computers?
Are your home computers running AMD or Qualcomm with an NPU? If not, then the update doesn't affect you.
Why are you so concerned about it on your personal computers, when you are fully in control of the security of, you don't have to worry about end uses messing it up. You can disabled the feature if you don't like it.
BoredTechyGuy@reddit
It’s the principle of the thing.
I shouldn’t HAVE to opt out of all that garbage. Period.
It makes no difference if my hardware works on it or not. I won’t continue to support companies who pull this shit.
amcco1@reddit
You're still not making any sense. You don't have to opt out of it. It's disabled by default. Though that may change at some point, which could then make your point vaild. But at this time, it's disabled by default, and only available on certain machines.
That being said, why would you be worried about having to opt out of it? It's diabled, there's no opt out option. It's opt in. What shit are they pulling on you? They've literally done nothing new to you. You're being completely irrational.
You consider it trash, but to others it's treasure.
I would use on my personal computer it if I had a device capable of it. I understand the security and privacy implications and why people are afraid of it, but it could actually be super useful to me. With bitlocker and a good password, the only real concern becomes malware using it.
VVaterTrooper@reddit
That is the thing. It will come disabled by default. Then once everybody forgets about it Microsoft it enables it in some future update.
Finn_Storm@reddit
Even though Microsoft has changed their stance in June to be opt-in for Recall, it is still a massive attack vector for malicious actors because they could enable the feature silently.
I didn't ask for it, nor do I want it. Microsoft has no right to alter the contents on my pc (even Windows) without my explicit consent. I have bought a copy of Windows (not a license or subscription for indefinite length, due to EU laws) and I should be able to do whatever the fuck I want with it without interference from Microsoft.
TheDunadan29@reddit
I love Linux, Linux is just awesome. But I have had the worst time getting biometrics to work on my hardware. I guess Windows Hello has kind of ruined me, it's just so easy to setup and use. I tried installing Howdy on Ubuntu and just could not get it to detect my hardware.
I know it's a silly thing, but it's just one more thing Linux just doesn't do well unless you have hardware that just works. When it does work it's magic! I barely have to do anything. But when it doesn't work I'm digging through the CLI, installing packages, inspecting hardware, configuring via CLI because there's no GUI, then I find someone's custom script with drivers on GitHub that should be safe (but not like I took the time to inspect the code before trying it) and after a couple of hours it's just still not working.
I think I've figured out a solution for MS Office compatibility, OnlyOffice is my go to. And I just play one game on Linux that can be installed with Proton, and it's about the same as on Windows as far as I can tell. So if I really wanted to go Linux, I could. But there's just always some thing that just doesn't work right and it becomes a whole thing. Then I distro hop because last time it worked on Fedora even when it didn't work on Ubuntu, but this time neither works on the select hardware I have.
Maybe someday I'll try a System 76, or other bespoke Linux system where everything should just work out of the box. But if I can't get it to work on the Dell (that should have Linux drivers) or my ThinkPad, it's just going to be a struggle.
In theory I'd love to just switch to Linux and never look back. But I pretty much just run on the extra PCs I have for testing, and not my main machine.
BoredTechyGuy@reddit
PopOs by System76 is what I’ve been running and so far it’s pretty solid.
TheDunadan29@reddit
I've tried PopOS in a live session, and I tried to install it once. It's not my favorite distro. Stock Gnome isn't great imo. And I know they are working on their own bespoke DE, but I haven't used it long term enough to really make a call. These days I'm gravitating toward stock Ubuntu because I like what they've done with Gnome, and I like their aesthetics and feature set out of the box.
Though the trash thing is getting hardware. Linux PCs are kind of expensive. And I have a hard time wanting to drop that kind of cash when I'm still trying to figure out if Linux makes sense as a daily driver yet. And the distro hopping continues, I haven't quite found the one to rule them all for my personal use yet.
If I had the perfect hardware and it just worked flawlessly, I might actually still be on Linux Mint today.
KishCom@reddit
I like that we've come full circle. Installing Windows 11 without a Microsoft account now requires an esoteric CLI command during install.
I plugged an old scanner into Ubuntu 22.04 and nothing happened or popped up. "Here we go" I thought... Nope. It was installed perfectly just worked flawlessly in the photo app. The truest "plug and play" experience I've ever had.
MegaOddly@reddit
my only stopping point to swap is not enough free time to actually reimage the machine to linux and reinstall all my games again
DeifniteProfessional@reddit
I'm getting closer to it too, or even Mac. Apple are far from innocent, but most of the software I use is compatible with Mac
FiskalRaskal@reddit
If it’s rolled out at all it should be disabled by default.
darkfader_o@reddit
if they'd be playing a fair game it would be an installable feature...
72kdieuwjwbfuei626@reddit
Maybe they could even tie it to specific hardware requirements so that even the most incompetent Reddit users can’t enable it by accident.
DoogleAss@reddit
It is tied to hardware requirements… it is only slated to release on Copilot+ PCs and some surface models aka not devices running ARM
jezevec93@reddit
Why? I would be happy to have it if it will be stored in encrypted state... The problem was it was ON by default and the files TPU used was accessible as plain pictures/text.
tatiwtr@reddit
I think I'm going to install Win7 on my next personal PC
102Mich@reddit
Don't even dare try it; you'll be forced to use Windows 10 or Windows 11, both on Education Editions.
tatiwtr@reddit
Nice try Microsoft.
DunamisMax@reddit
Can y'all relax lmao. Jesus Christ. Acting like this is inserting the antichrist into our computers. First of all it won't even work on 99% of machines. Secondly you can just turn it off.
itsthehawke@reddit
is this same for all countries? i guess EU for example would have problems with this, right?
Maegurillion@reddit
I've been using Windows since Windows 95 and I have never, not once, needed a feature like this. If someone wants it, it should be a separate downloadable feature that they CHOOSE to install.
Sovey_@reddit
Gotta keep those install numbers high to justify the absolutely insane spend on AI infrastructure. This bubble needs to burst.
DoogleAss@reddit
It is called don’t buy an ARM based windows PC… boom solved your issue
CaptMelonfish@reddit
entirely agree, never needed this function since 3.11, this is entirely a corporate BS thing and should be an optional download as you say.
chron67@reddit
This is entirely a "I want to be able to snoop through your dirty laundry even more easily" thing with a dash of "we want even more data to train our AI" sprinkled on top for that nice shit aftertaste.
DerekWeyeldStar@reddit
I record my work desktop, and this feature would do wonders for me. I've using computers since 1981, and recorded some of my c64 sessions.
Lots of crap in an OS some people use, others dont. For someone like me, even if I have to use a hack to turn something off, I'm good. Someone wants it, and if not, well, not much skin off my back.
Alert-Main7778@reddit
This level of bullshittery from Microsoft cannot continue to push the line even lower. We must be very loud.
They better be REAL upfront with enterprise on how to turn this feature VERY off via GPO and Intune options. Either way, boys, we gotta be loud.
breid7718@reddit
They haven't listened to customer feedback in ages. I encourage the open source communities to create some sort of bundle where we run copies of Windows 11 in a VM and script user behavior to pollute their AI data collection. Maybe even do something like the old SETI project where you can donate CPU cycles to help. Let MS train their models on a year's worth of users who do nothing but type gibberish and visit microsoftsucks.com.
harley247@reddit
Everytime the community gets loud with them, it seems their feelings get hurt and then they release something even dumber than they originally planned. For example, Windows 8.
Natural-Nectarine-56@reddit
I begged Microsoft to make windows server solely function on a tablet. Didn’t you??
trekxtrider@reddit
I will use group policy to block it and destroy as much as I can across the C drive
Hoggs@reddit
I don't even care about the security risk, and I'm just going to turn it off. For everyone.
It's just more fucking OS bloat that no one asked for, and I don't want.
If I want some bullshit AI spyware, I will install it myself, tyvm.
The operating system's job is host applications. They shouldn't bake in any additional software that isn't essential.
DoogleAss@reddit
Do you manage many ARM based windows PCs because if not then you have nothing to turn off
I can’t figure out if everyone here has just failed to read the hardware requirements and thus extrapolated that this won’t affect them most likely or are they just bitching to bitch
Now what happens in the future no one knows but currently if your running x86 then Recall isn’t even a thing
Hoggs@reddit
Inevitably I will be. Just like how M chips took the mac market by storm, I'm putting my money on snapdragon x doing the same to the windows market.
The battery life benefits are just too good to ignore.
DoogleAss@reddit
Huh that weird didn’t know the desktops I manage have batteries in them
I also wasn’t aware we didn’t have a choice of what hardware we buy… even if ARM does well doesn’t mean it going to eliminate x86 out right
Your planning for a scenario that may never happen
Hoggs@reddit
Ok? What's your point? Managing "some" is still more than managing none.
DoogleAss@reddit
My point is don’t buy ARM based solution if you don’t want the AI feature they are building on top of it and you will be managing none… pretty simple solution my friend
Hoggs@reddit
Read my response again. There's alot more benefits to ARM than AI. There's good reason apple's M chips took over without any AI features.
Buy ARM, disable AI. I don't even know what we're debating here? It's a completely moot point to the original argument
DoogleAss@reddit
What benefit does arm provide currently over x86 beyond battery life which ofc its has better battery life it doesn’t perform at the same level.
Now will that change in the future maybe but you don’t know this for sure and using Apple as the baseline is a it disingenuous as their M chips are good sure but partly because of their ecosystem. The chip means nothing if the OS isn’t optimized to use it to the fullest
So your are arguing points that one have not been proven and very well may be a fair tale
Muffakin@reddit
To be clear, this doesn’t affect anybody who doesn’t have a CoPilot+ PC. Which is likely 0 people here. This isn’t PCs that have CoPilot, this is a very select few number of OCs with a very specific chip for processing the AI requests. While you may find reasons to complain, this will never be pushed in its current state to standard windows devices, due to the need for a specialized AI chip.
Link about CoPilot+ PCs: https://blogs.microsoft.com/blog/2024/05/20/introducing-copilot-pcs/
Link about systems that support Recall: https://learn.microsoft.com/en-us/windows/ai/apis/recall
HexTalon@reddit
For now.
After the LLaMa code got leaked there have been a rash of optimizations to get it running on smaller and smaller machines - there's a GitHub page about running it on Raspberry Pi and blog posts about how to batch the LLM layers and run them through your VRAM - they are absolutely slower than something like Copilot, but they do work.
We're early days yet for what optimizations are possible, and if it gets to the point that an NPU chip isn't needed to run the Recall feature do you think Microsoft will hesitate for a second to push it to a larger install base?
It's not a slippery slope fallacy when we've seen it happen over and over again.
GremlinNZ@reddit
Colleague has a laptop with NPU chip, had it for a couple of months already?
BoredTechyGuy@reddit
Dell is already rolling them out. Copilot button on the keyboard to boot. It won’t be long before they are common place.
JustInflation1@reddit
Can’t stop my company from using it but damn I think it’s about time to switch to Linux. How’s gaming on there? Does wine work pretty well? I haven’t tried wine in probably 10 years.
HexTalon@reddit
ProtonDB keeps a running list of how well stuff runs on Linux, and it has the ability to look at your public steam profile and display the list of games in your library.
It's getting better and better as time goes on, with the notable exception of some multiplayer games that use kernel level anticheat (Valorant, Apex, Tarkov). Helldivers 2, while also having kernel level anticheat, apparently works with Linux so it's always worth checking so long as you're willing to run KLA for the game you want.
pdp10@reddit
Single-player gaming is excellent, and emulation closer to superb. Some competitive multiplayer games have NT kernel anti-cheat, or the gamedevs refuse to enable an off-the-shelf anticheat to work on Linux, and those don't work. Those multiplayers are your Tarkovs, your R6 Seiges, your Valorants. Valve competitive multiplayers like Dota2, CS2, TF2, all work.
It's plug-and-play with Steam on Linux. Basically the same as Steam Deck, except you may have to handle graphics driver install if you're not using AMD or Intel graphics. It all also works with non-Steam games, but it's not so plug-and-play there.
fragerrard@reddit
No it does not.
Perhaps if you try SteamOS, otherwise not as easy and smoothly on a gaming rig with Windows.
abr2195@reddit
You are welcome to not use the feature if you don't think it is secure. Microsoft is also providing administrators with the ability to block this feature for users and devices they manage.
If you don't like it, don't use it. If you don't think your organization should use it, then block it.
ImAStupidFace@reddit
I mean I agree that Recall is a horrible abomination, but this is such a silly argument. If a bad actor has admin privileges on your computer, it's already beyond game over.
102Mich@reddit
We'll let Microsoft push Windows Recall out, the resistance will be futile! :)
Outside_Public4362@reddit
What do you mean they are trying to push it when I downloaded all the updates I got that copilot widget, although it's useful I don't have to open a browser when I want to search something and click links.
Koios777@reddit
I have nothing to hide and work flat out 8-10+ hours a day, if anything, it will show corporate how hard I'm working compared to any dead wood in the org going to the gym, watching YouTube and playing golf ect...
matt95110@reddit
Let’s just sit back and let the EU fine the shit out of them. It won’t stop them, but it will make me feel better.
Coffee_Ops@reddit
Fine them for what?
matt95110@reddit
For being an evil company!
But if Recall isn’t opt-in by default then there are issues in the EU with saving screenshots without consent.
Coffee_Ops@reddit
Not if they aren't shared off-device.
matt95110@reddit
Microsoft has already demonstrated with this feature that they aren’t taking security seriously with everything being stored unencrypted. If you compromise a Recall PC you will get a lot of information.
Coffee_Ops@reddit
Unless I'm mistaken that was a preview on insider builds.
The final build they are claiming is encrypted which probably means dpapi.
matt95110@reddit
Not necessarily. They haven’t demonstrated how they have fixed it yet and what they are going to do to keep it secure. They also haven’t stated what they are going to do to prevent it from being activated without the users knowledge. This is important, as you can potentially activate the feature to spy on someone without their knowledge.
YMMV on compromising a users PC and getting their credit card information. I have family members that never buy anything online or check their bank accounts. If you compromise their iPad then you’ll get something useful.
Coffee_Ops@reddit
Missing the point.
Recall doesn't give you anything you couldn't already get, if you had that level of access.
matt95110@reddit
No I didn't miss the point on Recall. If someone misuses Recall you can literally steal anything you want. It will record their bank sessions, their confidential emails, their private messages, etc.
thortgot@reddit
Right, but if you have local admin on the device you can do the same using any number of tools or methods. SquirtDanger being one of the older (6ish years I think) strains.
The main additional risk is that people who opt into this when compromised will leak more data.
matt95110@reddit
The issue is not about third party tools that you can use on Windows, or if you have local admin access to the machine. The issue is that Recall is a Windows native feature that can be exploited and can be enabled without the users knowledge.
thortgot@reddit
If they have local admin, you've already lost is my point.
It takes an admin to enable it and is off by default. It requires an NPU.
Could it be enabled without a user knowing? Plausibly but I'm not sure if you actually have used it in the Insider build. It's very obvious when it's in use.
Coffee_Ops@reddit
You know what else records their emails?
Their email client. Which an admin can peruse at their leisure.
This is a stupid threat model. Admins can install keyboard hooks and just steal your password as you type it, and they can install video drivers that dump everything to a remote server.
matt95110@reddit
I have zero expectation of privacy with email.
I however do have an expectation of privacy when logging into my bank account, government websites, medical sites, etc. Recall doesn’t know the difference and will record everything which is the issue.
Coffee_Ops@reddit
Your browser records all of those. It keeps session cookies, history, etc. An admin can get any of that.
Again: This is a stupid threat model that hearkens back to the 'cookie' hysteria of the early 2000s.
matt95110@reddit
A browser cookie is not going to record all of the details of my bank account information. It will record that I was there, but it is not going to contain all of my transactions or account information.
I think you missed the point of the issue. It’s okay, I really don’t care at this point.
topromo@reddit
Wouldn't trust anybody on this subreddit to answer that in good faith.
Great-University-956@reddit
10 yeras later after its so deeply ingrained in the OS it cant be removed.
meanwhile the 1 trillion dollar fine is nothing as they just up the price of windows to 1000 bucks as no one has any choice. the modern world uses windows only and all linux OS are prevented from access due to them being insecure.
Training-Swan-6379@reddit
It's like the terminator- the liquid metal dude
dhgaut@reddit
Remember when Microsoft came up with Shadow Copy, where a backup of your unmodified files would be stored in case it was needed? And then they made it REALLY SIMPLE to shut it down and wipe it. Which is the first thing ransomware pirates do. Microsoft could've locked it down. It could have been great but they blew it.
NathanDerulo@reddit
Sorry if this has already been but how do we voice our concerns that we don't want this? I vaguely remember someone leading the charge against this but can't seem to remember who it was.
Coffee_Ops@reddit
Not to get into the recall discussion but the proposed attack scenario is absurd.
If someone gets elevated rights they don't need recall to get everything. There are a ton of ways to do so.
And recall doesn't necessarily make things easier. You still need to set up an exfil path and if they're using DPAPI-NG you don't just automatically get data access either.
Maybe I'm missing something but the "bad guys could use it" complaint has always seemed absurdly flimsy to me.
F0rkbombz@reddit
Sadly, people falsely equate Security and Privacy all the time.
This is an absolutely horrible feature, but security is not the main issue with it.
tejanaqkilica@reddit
Privacy isn't an issue with it either. If Microsoft is to be believed, this feature can be turned on or off as needed and the data storing and processing happens on the device.
F0rkbombz@reddit
Key words: “If Microsoft is to be believed”.
Microsoft is turning Windows into a data collection platform that treats their users as the product, I’m sure that they will tie other features to this and require it be enabled & send data to them in order to use those features. This will not exist in a vacuum.
Mindestiny@reddit
"the device I used to access my private data has access to my private data! The horror!!!"
Yeah there's a lot of fear mongering going on surrounding this tool lol
Fantastic_Estate_303@reddit
I'm thinking it's like Amazon's 'on this day', but it's a snapshot of that one time in teams where you had your balls out
Frothyleet@reddit
Unless something has changed, there is no issue unless you are buying PCs with the NPUs that are purpose-built for this feature.
Vengeful111@reddit
First comment with sense.
This feature is ONLY for those machines that are only now starting to appear in stores.
Frothyleet@reddit
Yeah. Dell started showing them in Premier and I was like nooooooo thanks.
Of course, just like how standardized purchasing practices get real flexible when the C suite is demanding [shiny new thing] (e.g., we're a dell shop... unless you are one of the department heads who "must" have a Surface), you always have the risk of someone high up finding out they can get "AI ON my computer????" and asking for these.
thortgot@reddit
NPU marketing is mostly BS. They are just coprocessors that run power efficiently.
In my testing they do a good job at offloading EDR.
Frothyleet@reddit
I can't speak to their fundamental value, but MS says they are a prereq for "Recall" to be enabled.
It's possible they'll engineer around that limitation in the future, but at the moment most of us are safe unless we are ordering devices with them. Or allowing BYOD, god forbid.
Dadarian@reddit
It's funny reading about this feature and there being another post about how much money the OP's company started making just for doing something as simple as reduce the amount of versioning done in Sharepoint which dramatically lowered costs, by removing something simply unnecessary.
It's probably not a conspiracy theory to say that MS is looking charge for compute, then push out a ton of new features that nobody asked for consuming more compute.
Clearly seems to be in some sort of effort to just squeeze the Fortune 500s for more money.
72kdieuwjwbfuei626@reddit
This is a feature that is local to your machine. You don’t pay Microsoft for storage built into your machine.
Dadarian@reddit
Sure. Local to your machine. But what about your VM? Microsoft wants to sidestep the issue of hardware and just have everyone using thin-clients, and instead just paying for compute.
72kdieuwjwbfuei626@reddit
Stop making shit up.
pdp10@reddit
Just like you don't pay Microsoft for a TPM or a new CPU with recondite features required to run Windows 11. You pay Microsoft's close business partners for a TPM and a new CPU required to run Windows 11, bundled with a new OEM license of Windows!
72kdieuwjwbfuei626@reddit
No, you don’t, and I’m pretty sure that Microsoft doesn’t get kickbacks from Lenovo for getting you to replace an ancient computer.
pdp10@reddit
Most assembled non-server PC-compatibles are bundled with an OEM license of Windows. New hardware sales make Microsoft a lot more immediate revenue than no-charge upgrades from Windows 7 to 10, or 10 to 11.
Interestingly, the new hardware requirement is such that any OEM-license machine old enough to get the no-charge upgrade from 7 or 8.1 to 10, is not new enough to also get the upgrade from 10 to 11.
72kdieuwjwbfuei626@reddit
We’re talking about storage, asshat. First a fake link, now a change of topics - just go away and stop wasting my time.
dqxtdoflamingo@reddit
Not only that, their latest update broke dual boot by breaking grub for any Linux users after saying it would not. (Fixable, but they've been radio silent about the problem. Seems intentionally oblivious to push people away from it.) https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/
Zandarkoad@reddit
HOLY SHINTOISM THIS WAS ME! I can't believe you just exactly described what happened to me a few days ago. Bless you stranger.
nefarious_bumpps@reddit
Don't feel bad. I had the same problem and just learned it was Windows Update yesterday. Unfortunately, I already nuked and paved the laptop.
72kdieuwjwbfuei626@reddit
How long has it been since that vulnerable version of grub was fixed? A year? Two?
whatThePleb@reddit
Install Linux.
The-BEAST@reddit
Literally no one wants this feature. I haven’t seen a single person say they want this.
thewhitewolf_98@reddit
I wanna try it out for sure. But I guess, I'm not whining like little brats like most ppl on this sub.
Mindestiny@reddit
Yeah, honestly I need to unsub from this place. Every thread seems to boil down to people crying that change is bad, they hate their job, and waaaaaah I have to do some form of work.
It's super, super toxic in here
Vengeful111@reddit
I can see the use for office work tbh. Do I want microsoft to control me to that level and data scrape everything? No
But think about the possibilities like "Hey copilot where did I save that file where I wrote down quick notes"
Or "Hey i just did something, could you write a documentation for me on how to do it?"
It COULD lead to a big performance improvement if the company is small enough that massive cloud solutions are just not affordable.
All that said, the feature only works on specific machines with specific parts, so I wouldnt worry that much.
sh41reddit@reddit
I'm fucking done with Microsoft. Win11 is basically malware at this point.
clybstr02@reddit
Yeah, I take the opposite approach. They already sell comparable software for employee monitoring or insider risk management (if they don’t, others do), so this is leveraging the same code to give end users the ability to search. For corporate owned or managed systems, I really don’t get the concern here
JoustyMe@reddit
Where data is stored might be the issue. If emplyee has access to some information that cannot be stored in cloud then recall can force it in to cloud. (If recall is not using the cloud then i am sorry dont have time to read about it)
Mindestiny@reddit
So .. disable it via policy as part of your endpoint hardening strategy?
Like theres not really anything new here in the compliance realm
redit3rd@reddit
Recall doesn't use the Cloud. It's why it requires top of the line NPU chips. All of the processing is done local.
wrexsol@reddit
mmmm all that delicious, yummy HIPAA data, just there for the taking!
50YearsofFailure@reddit
PHI, PII, CUI, PCI... all of it delicious and carefully indexed by your very own operating system. What luck! Surely no one would ever attempt to get into this fortress of an OS and break into that.
zero0n3@reddit
Because surely an LLM can't be setup with proper guardrails and policies that would block it from answering with PII it found in your past actions.
for fucks sake.
Tf1ght3r@reddit
Made the screaming blue thing nosie after I read this.
Mindestiny@reddit
To be fair, if someone already has a way to elevate rights on an endpoint, Windows Recall is not the predominant security threat.
jwrig@reddit
This isn't that hard. If your organization's appetite for risk requires turning this off, then please turn it off. Refrain from assuming that every company should or will feel the same way.
Caeremonia@reddit
This is even less hard: make it a standalone product to which we may OPT-IN.
thortgot@reddit
It is opt in? It's an integrated product like Notepad is an integrated product.
mdhardeman@reddit
Any significant enterprise should be terrified of the feature being enablement by the litigation discovery risks. This will create so much more easily discoverable information than is presently feasible.
jwrig@reddit
Any significant enterprise is already subject to discovery in a multitude of ways. With volume shadow copies enabled, extensive use of office 365, it isn't as big of a concern as people think.
mdhardeman@reddit
I don’t concur.
Plaintiffs’ experts will be able to construct queries for the recall captures of the memo an employee edited for 30 minutes in which the employee kept revising away more admissions to torts.
There will be years of cat and mouse games in attempting data minimization around these captures, and once those still on for that journey arrive at the endpoint, they’ll realize they destroyed essentially all the new data recall made available, all cost no upside.
jwrig@reddit
Time will tell.
Hot_Surprise8370@reddit
Time has already told us though.
Fact 1: data is always abused at mind boggling levels
Fact 2: more data means more to abuse
Fact 3: It’s already almost impossible to scrub data that has seen movement through the internet.
Now imagine: not only is your “finished” document/photo-edit/email data, but now the process itself and what previously would have been omissions from the “final data” are data
Back to Fact 1: Data is always abused.
jwrig@reddit
Alternative fact 1. Data captured by recall is not sent to Microsoft and does not leave the PC.
Hot_Surprise8370@reddit
No, for sure, it’s not like Snowden fled to Russia because of petting zoo scandals
Big_Emu_Shield@reddit
I wonder what kind of mongoloids would want this feature on their computer...
jwrig@reddit
People who aren't afraid of technology and willing to see how useful or awful it really is?
Big_Emu_Shield@reddit
Please describe to me the use case of this technology. Then give me a recipe for bran muffins.
jwrig@reddit
With a lot of this, you won't know the use cases until you start playing with it.
For the best bran muffins start with high quality wheat germ. It is recommended that you purchase it from a reputable seller who practices sustainable and organic farming methods.
Once aquiring high protein content wheat germ, use a stone mill to grind to the appropriate consistency.
Preheat oven to 350 Degrees.
For every four cups of ground wheat germ, combine 8 oz of cold butter, one large egg, 1/2 cup of light brown sugar, and 1/4 tsp of vanilla and a pinch of salt.. Mix your dry ingredients then combine with wet ingredients taking care to not over mix. Fold in any fruit or nuts you like.
Spoon mixture into greased or lined muffin tins and cook for 12 - 18 minutes until a tooth pick comes out clean.
If desired you can add crystalized sugar on top for an additional crunch.
For alternatives to muffins you can pour the mixure into a greased bread pan for a tasty treat.
Serve with high quality salted butter, feel free to enjoy and pound sand.
Big_Emu_Shield@reddit
lmao
naugasnake@reddit (OP)
Typically, I don't think that way. But this is so universally dangerous in countless environments, that its worth screaming as loud as we can that this is a feature nobody was clamoring for, and very very few people see the upside.
jwrig@reddit
So they encrypted the database at rest. Requires windows hello to open recall, requires periodic reauth. Sounds to me like they are addressing the risks.
Again, most people don't know what it is yet so anyone saying their is no upside is talking out their ass.
Not_A_Van@reddit
Are they addressing the risks? Technically yeah, but I could debate that point easily.
It's the fact that they are introducing risk with no say or consent. I don't care if I can 'disable' it, it still goes in the risk register and there's nothing I can do about it.
Machine gets hacked = bad, machine gets hacked and actor can see everything done on the machine = worse.
I won't argue saying this doesn't have some potentially useful features - but it absolutely should not be deployed by default. Enabled or disabled. Should Hyper-V, IIS, or any of the other optional features be installed by default? No, that's why they are optional.
We should not need to mitigate risks if the simple answer is to not have them at all.
zero0n3@reddit
attacker can already see what you are doing on the machine without recall.
I'd go so far as to say Recall isn't that valuable to attackers except for maybe getting an idea of their victim's value, but they already have methods for that.
This isn't storing passwords you type. It likely will be smart enough to (or have features to turn on or off) for DLP type stuff, like say not answering 'what is my bank account number' (and instead respond with, 'You can log into your bank website at XXXX, with username YYY, and find that information out by clicking here here and here'
So in that regard, the attacker is likely going to continue to value your browser history, saved password files, documents, pictures, event logs, etc. a lot more than recall.
narcissisadmin@reddit
Microsoft already has Microsoft Defender, they don't need another one of you.
jwrig@reddit
Zomg Micro$haft sux.
That better?
descender2k@reddit
We're doing chicken little here and you're not doing it right.
NDaveT@reddit
That comment makes a lot more sense if you rephrase it like this:
pseydtonne@reddit
The only good news is that it requires a system that meets the Copilot+ specs. No Intel x64 version of Windows supports the NPU (neural processing unit) requirement... yet. It also means any x64 more than three years old won't pass muster.
...so hang onto that i7 11th gen!
Temporary-Exchange93@reddit
Spicy take: microsoft is actively trying to kill Windows so they can focus on cloud.
223454@reddit
That type of theory popped up back when W10 was first rolled out. That they were trying to move Windows to a type of service, somehow. It would no longer be a downloadable program that you installed, but rather streamed, or something like that. Several flavors of that theory existed, but I don't remember details.
DeadStockWalking@reddit
Already have the GPO in place to block it.
User Configuration --> Administrative Templates --> Windows Components --> Windows AI --> Turn off saving snapshots for Windows setting to “Enabled.”
Fallingdamage@reddit
Which policy templates are you using? I have the most recent 23H2 Windows 11 ADMX files installed and I dont see this setting. There is no 'Windows AI' option available. Even on my Windows 11 Pro laptop thats not domain joined and full up to date, I dont see that option under gpedit.msc.
jameson71@reddit
Why do I not have "Windows AI" under User Configuration --> Administrative Templates --> Windows Components ?
spectrumero@reddit
Argh, this is a pet hate of mine (double negatives in configuration options). A better configuration option would be "Save snapshots for Windows [Enabled|Disabled]" rather than "Turn off snapshots [Enabled|Disabled]" because essentially you're disabling the turning off of something to turn it on which doesn't read comfortably and is more likely to result in an incorrect setting.
naugasnake@reddit (OP)
Wow. This kinda blew up. Thanks everybody for chiming in.
iamtheweaseltoo@reddit
At this point, you argue windows itself can be considered malware
Latter_Tank5344@reddit
It's not really meant to help users. It's clearly a data gathering tool to see what users are doing with their sessions (applications, how they interact with the system). It's likely also feeding a GenAI model somewhere.
I'm sure this violates one of my company's data retention policies and needs to be removed ...
jwrig@reddit
It will easy to be detect and considering the terms around this are clear that it doesn't leave the device, does not send any of the recall info to Microsoft. This will be pretty easy to figure out if it does too.
Sylphiiid@reddit
And I totally agree it's all about feeding IA in a way or another.
Sylphiiid@reddit
I wouldn't be surprised that it will be an additional argument to make mid/large company buy the "pro" version, in which they can disable this. it will help them sell pro licences, and "only" individuals will be impacted and won't be able to be loud enough to have any impact on a removal of the feature
ickarous@reddit
Anyone here in healthcare concerned about the privacy breaches this is going to cause?
jwrig@reddit
Healthcare Privacy officer here. Initially on by default with no way to disable it, no authentication needed, no encryption at rest, ysuper risky, very limited use so the answer was no.
Now, with the changes that it is off by default, requires windows hello for business to open the recall app and periodic auth challenges, the database is now encrypted, we can now discuss using it some cases.
In other words it went from no to schmaybe. We will be doing limited testing, and we will start with a couple groups who have no access to phi, or only with deidentified data. We will have to understand how it works with retention periods and other controls we will have access to.
DehydratedButTired@reddit
How can you legally push this out in any industry that has laws governing them and compliance standards? Financial, Goverment and Medical devices would literally have to move off windows to be complaint.
jwrig@reddit
Because in every single one of those industries the regulations require the company to assess the risks of using tools like this. Microsoft makes it available, you decide whether the risk is appropriate based on what you think and what you can convince your auditors on.
chemape876@reddit
Vote with your feet.
*tap tap tap*
*penguin waddles away*
unapologeticjerk@reddit
The paranoia Reptile Overlord brain rot crowd is in deep on this one. Guys, I get it, AI is kinda scary. I really, genuinely get the fear people have if that is why you wish to not use Recall. Or it's the potential security risk if you do not understand how to change settings and/or monitor them in order to verify they are unaltered by an update you've allowed. But this "Microsoft is gonna force this on us to give the gov'ment our secretz!" shit is kind of insane. The idea that Microsoft would actually push and install a non-security update onto a system explicitly disallowing updates through a GPO is not happening unless they want an FBI investigation and public trial - because that's what happens when you change a setting enforced through a GPO (not sure it's even possible to do that remotely without first altering several things in the registry as well as disabling security stuff that gets set in UEFI BIOS before Windows ever boots). It'd be malicious if done, literally something the US Attorney's office prosecutes when actual threat actors do it (alter your explicitly configured system options, change your BIOS, and push some program and run it).
-Alevan-@reddit
Then disable it when released. Nobody is standing at your back, pointing a gun to your head.
Professional_Chart68@reddit
I don't have a problem with that.
Qontherecord@reddit
That's why my company is switching to Linux (TAILS).
KnowledgeTransfer23@reddit
Interesting! I wouldn't have guessed a company would switch to TAILS. Any insight you can share about that decision?
Lazy-Function-4709@reddit
This is why I’m trying to get out of technology altogether, or make a move into a sales type role. If this kind of thing doesn’t nauseate you, then you have no morals.
bfodder@reddit
This is a weird take.
Lazy-Function-4709@reddit
Just one more step on the ladder to the Microsoft Windows Copilot with Clippy^TM brain implant.
bfodder@reddit
Sure, I'm the weird one, not the guy quitting his job because Microsoft is releasing a feature he doesn't like.
bfodder@reddit
This too.
JerikkaDawn@reddit
So you're moving to sales? 🤣
Lazy-Function-4709@reddit
Need a paycheck. I’d rather sell the shit and wash my hands of it than try and maintain it.
thewhitewolf_98@reddit
Well, if this makes you not able to manage technology, maybe, you shouldn't be in tech in the first place. And probably stop whining.
Marble_Wraith@reddit
I'm late... but my 2 cents.
The history of big tech is littered with corporations doing whatever the fuck they want. Even in the case things go sour, no matter what damage it causes, in the worst case they get a "slap on the wrist" (some $billions) most of which isn't even paid out to the victims, maybe replaces a few C-level execs, and carry on like nothing happened.
If you accept this as being true.
It's better to discuss what we can realistically do to mitigate this, rather then trying to appeal to Microsoft's non-existent ethics / sense of social responsibility, which won't do anything except waste time and effort.
I'll start...
Big Hard Strategy
Cuz we're hardening windows, opposite of micro soft. I'm sure the rest of you have imaginations, so i'll leave it there 😏
\1. We need the way to bypass having a "microsoft account" to remain an option. I am reasonably confident it will, because being a dev myself, i can understand the mentality behind the people actually responsible for windows OS code (credentials are a pain in the ass when testing). Furthermore some installations of windows are "air-gapped" so they need to account for that possibility.
Nevertheless it's possible this mechanism could be changed in future away from
oobe\bypassnro
to something else, or they could still strip it out completely via a CI/CD process.In the case of the latter, we need an easy way to alter win ISO image files and keep using it.
\2. We also need a way to prevent device fingering... sorry my old unix habit kicking in, i mean fingerprinting. This will have the side effect of making windows activation codes more valuable / clean installing windows more of a hassle, but worth it.
With this and omitting a windows account, it should make all Microsoft's "traditional" telemetry functionally useless.
\3. Copilot. From what i've seen copilot mostly still has a big cloud component, because the hardware requirements for fast AI results aren't something the average laptop / PC will possess. That being the case, if it needs an internet connection, block it. Could be something as simple as a hosts file, or you could get into it with dedicated rules in your hardware (switch / router).
\4. Recall... beats me? 😅 I'm not a windows insider, and i've only taken a cursory look at Recall. From what i can see there seem to be exceptions you can set for when it's allow to capture (being MS i wouldn't trust those either). Drastic measure, someone make a new compositor / window manager?
MichaelParkinbum@reddit
Pitchforks!! Torches!! AAARRRGGGH!!!!!
progenyofeniac@reddit
The outrage over this is nuts to me. It’s only being rolled to:
a) Copilot+ PCs b) which are enrolled in the Insider program
Tell me where the overlap with enterprise exists.
Stewge@reddit
The new Intel and AMD mobile chips coming out shortly have the requisite NPU onboard and ~50 TOPs that is required.
MS also confirmed it's partnering with both so we'll have x86 copilot+ PCs before long. Maybe even before Recall is released since the AMD AI HX line of mobile chips is already trickling out.
unbearablepancake@reddit
Considering how technology works, it's just a matter of time this gets rolled out on regular PCs.
The whole world is pushing boundaries lately, this is just one of them.
Not_A_Van@reddit
Enterprises who utilize the copilot aspects of the machines? Just because a company may utilize a subset of features doesn't mean they want every available one shoved down their throats.
progenyofeniac@reddit
I don’t mean this to be mean or rude, but do you know what a Copilot+ PC is? Maybe start by Googling that, but I’d wager a month’s pay that your company doesn’t own one.
People are going nuts over something that Does. Not. Affect. Them.
santaclaws_@reddit
This is why God made Linux.
joefleisch@reddit
Can I connect Recall to Viva Engage with some sort of Copilot and measure employee productivity at a macro level and view the metrics in Power BI with Copilot, Copilot, Copilot. So many Copilot SKUs it is making me dizzy.
I can already see what bad things are happening in Microsoft Defender 365 E5 with all the extras!?!
72kdieuwjwbfuei626@reddit
No. It’s explicitly designed so you can’t do any of that.
zero0n3@reddit
I mean I am hoping for a way to securely share a copy of say 'my last 2 hours' to a Microsoft support engineer instead of having to go over the same thing for a 3rd time in a troubleshooting call. They'll still ask us to run the troubleshooter though!
This then can be used for your internal staff. Share me the last X hours to see the error you are reporting.
I_Stabbed_Jon_Snow@reddit
Ubuntu 24 can run virtually any Windows program natively now. It’s also free and far higher quality than windows 10 or 11.
hornethacker97@reddit
I’m sorry, what?
I_Stabbed_Jon_Snow@reddit
You tried it yet? It’ll run basically any windows programs. Office suite, all Steam games, Teams, it all works. Some need settings changed, but they’ll work.
I have far more faith in Linux devs than I do Windows devs.
hornethacker97@reddit
Is this achieved by making Wine a pre-installed package? I wouldn’t consider that to be “[running] any Windows program natively”
I_Stabbed_Jon_Snow@reddit
To my knowledge it doesn’t involve Wine at all. Feel free to not believe me and have a look for yourself, I’ve been enjoying playing Steam games on it for a couple weeks.
Stewge@reddit
Steam uses Proton, which IS Wine with a gaming focus.
stprnn@reddit
bro what the hell are you talking about XD
Not_A_Van@reddit
In that persons defense - Games, Teams, and a whole host of other 'Windows' applications do indeed have native Linux packages.
Office running natively on the other hand is not something that I'm aware of.
hornethacker97@reddit
Which is not a defense of u/I_Stabbed_Jon_Snow, it actually proves them even more incorrect about their very specific claim.
AlexIsPlaying@reddit
yeeaahhhhhhh, not quite.
fish312@reddit
How's that possible? Don't say wine. Also, how's that possible if I'm not even on x86
digsmann@reddit
it will stop or very few people will use it, definitely. nobody needs that spyware crap. :)
NoneSpawn@reddit
Don't buy Copilot+ PCs.
XanII@reddit
As expected. mickey...uh, AI investors want their money and push will turn to shove. Too much money involved already.
KnowledgeTransfer23@reddit
If attackers can get elevated rights on your computer, your computer can become a spying tool for them, copilot or not.
Crafty_Train1956@reddit
I can't fathom how some of you are so unaware of what the Windows OS already keeps track of and still be working in systems administration.
Forsaken_Instance_18@reddit
I am actually for it but as long as it’s controlled, like I want my students to be able to turn it on to protect themselves from being accused of not cheating with AI for coursework
Papabear3339@reddit
Screen grabbers are a spyware feature. They litterally only exist to steal sensitive data from your screen. Microsoft can only possibly be doing this for one reason. Whatever bs they are telling people, they want to steal and sell your data, and this is just an extremely distopian way of doing it.
t_darkstone@reddit
Yep. It is just a matter of time before Microsoft steals extremely sensitive IP and trade secrets from other companies, and classified government data.
And when they do...the entire weight of the world is going to come crashing down on them
CaptainZhon@reddit
Microsoft’s answer “get LTSB”.
welcome2devnull@reddit
"just don't install O365 Apps on it as they are not supported (even if they work)" :D
Proper-Obligation-97@reddit
Do we have the new ADMX available for download for this?
https://learn.microsoft.com/en-us/windows/client-management/manage-recall
welcome2devnull@reddit
I guess it's only in the Win11 Insider builds where the "feature" is tested.
Checked on up-to-date Win11 Enterprise and didn't had the "WindowsAI" menu.
boli99@reddit
you wont stop it.
you might delay it, and it will hit the news everywhere
and maybe next time there will be a bit of news
but the time after that - the news will be bored of it, so they'll be devoting their time to some worthless celebrity wardrobe malfunction instead.
...and MS will slip the new 'feature' in quietly... and then it will be ... everywhere.
so, don't fight it. it's a waste of effort.
find an alternative instead.
welcome2devnull@reddit
"you wont stop it." - www.debian.org :D
temp_account_namelol@reddit
Just watch, the indexer for WinRecall will be better than Search lmfao
Da_Sigismund@reddit
I use Windows since 3.11
Only time I actually had a genuine copy was during Windows 7.
Microsoft don't deserve my money and won't get it.
PomegranateSignal882@reddit
If somebody can get elevated rights they can already do way more intrusive things than Recall
nexus1972@reddit
But the point is from time to time microsoft gets zero days. Now add in a 'feauture' that could be enbaled from one of those zero days which wont be detected as any kind of malware and you have a hackers wet dream for collecting information to perform identity theft/blackmail on people using a built in 'feature' I can think of a tiny handful of compliance roles where this feature could ever be wanted.
chaosphere_mk@reddit
If none of you are paying for Copilot+ or Copilot+ PCs, then what are you worried about? This is a paid feature that is only enabled if you pay for it. This is for enterprise machines, where you dont have privacy in the first place.
This feature requires a specialized computer with an ARM based CPU and it's way more specific than even that.
Nailhimself@reddit
I believe it when I see it...
Jaz1140@reddit
Yet another reason to stay on windows 10
sampero989@reddit
the single solution is to vote with your money, don't buy windows licenses and don't buy new computers at all.
danielyelwop@reddit
Even if they're aiming for an October release that would just be general public availability, I wouldn't expect it to be rolled out to any professional environment for a while at least due to the fact you would first need compatible hardware i.e. "Copilot+ PC" to begin with but if your organisation does buy compatible machines and you don't want the feature enabled then that's what Group Policy/ MDM policies are for.
BakedShake@reddit
There's a lot of people in the comments saying how MS could use certain parts of the OS for stealing data or other nefarious things. Aside from the way these items COULD be used and can become vulnerabilities. I'm genuinely asking, what has MS done that proves ill intent was behind their choice?
I'm gonna go Google this rn too.
ChampionshipComplex@reddit
I like it
rohmish@reddit
honestly I like a lot of things about recall. But Microsoft can't really be trusted even when they say it's running on device. And it always recording all apps makes things iffy too. something like how the new pixel screenshots app works with an option to have it always watching certain apps (like game recording in steam, Nvidia, etc.) would be better.
dustojnikhummer@reddit
So do I. The concept looks awesome, as long as I'm the only one in control of that data (that applies to user profiles). But we don't trust them, the security shown so far has been a joke, breached in a matter of hours
RZ_1911@reddit
Your computer does not belong to you .. after windows 8
My computer-> this computer
Expectable move to expand what already is a thing
redit3rd@reddit
Is it possible to just not buy computers with sufficiently powerful NPU's?
hankhillnsfw@reddit
I swear to god I wish the average user was semi competent so we could just throw a fleet of Ubuntu workstations at em.
I imagine managing them at scale would be a nightmare but I’m sure there some halfway decent MDM - esque thing for Linux OS and if not capitalism will see to it should the market exist.
thewhitewolf_98@reddit
Oh no, another linux user preaching. Get a life.
HurricaneFloyd@reddit
Malware, plain and simple. MS is just supplying the payload for hackers and making their job a whole lot easier.
thewhitewolf_98@reddit
stop whining. This sub is full of them.
Bootlegcrunch@reddit
How is that shut even legal
aamfk@reddit
You're crazy I can't wait for this.
Whether it's optin or opt-out I don't give a fuck
This is going to be awesome.
Your paranoia is stupid. Are you a heroin addict?
wrootlt@reddit
Or maybe it would just die off like Timeline feature did because not a single person used it.
SceneDifferent1041@reddit
Another thing people are angry about for no reason other than they heard they should be cross.
voc0der@reddit
Lol, more yelling at the wind. Alternatives exist.
rekage99@reddit
I’m already on the verge of dropping windows. If they push this malware on us I’ll never touch a Microsoft product again.
crosenblum@reddit
Without making unprofitable for them to do so, why would they care how loud you are, they still make money.
Clearly after the debacle of telemetry in Windows 10, they clearly no longer care or respect the common consumer.
Wasn't Windows 10 the first operating system you can get for free or free-ish?
They say if the price is free, then you are the product.
So stop using free products and services, that only sell the data they collect on you.
SirFoxPhD@reddit
Just waiting for Linux to have games like destiny 2 playable natively and I’m done with windows. Switching everything as much as possible to a yubikey, and disappearing as much I can from prying eyes. I like AI, but it’s gotta be on my terms that I use it. I look forward to the day where we can make our own LLM that are as good as gpt4o running locally in a secure environment.
Frothyleet@reddit
I mean, if someone can arbitrarily gain administrative rights, the computer is compromised anyway, no?
Elektrik_Magnetix@reddit
Who the fuck cares, if they really enforce this a million apps will appear to disable it.
quesnt@reddit
The most practical response is to just use Linux. Why are you all still using windows? The fact that any company can still make money in the year 2024 on a terrible OS that is built to steal from you baffles me
thepurplewitchxx@reddit
It is a terrible, terrible idea to implement. And I’ve seen people get excited about this. True that “it’s only copilot pcs” for now but I’m pretty sure it’s gonna weasel into every windows pc soon (as if they’re not accessing enough data of yours anyways).
Gogogodzirra@reddit
If your users are finding ways to get elevated rights, Recall is a lot less of an issue than your inability to manage it and your users.
darkfader_o@reddit
lol right, it's not like there are any issues with escalation of privileges on windows and how would that matter if you persistently store confidential data along with a searchable frontend.
zero0n3@reddit
Because if its corporate, that front end will also have policies in place to say not respond with PII, log all search convos, etc.
because a company wouldn't even want end users to be able to do that.
Again, everyone makes it sound like this data is somehow magically infinitely more useful than the actual data the user has access to at this moment. Not saying it can't be useful, but in the vast majority of cases, attackers will continue to find more value in what's on your shared drives, in your email, documents, recent websites and cookies, etc.
topromo@reddit
Manage it. Control your users.
immortalsteve@reddit
I would imagine if all of us in here started attacking this tool from all angles the security risks would be in the news by the end of next week.
Virtual_Dog7774@reddit
I think i'll have to learn how to use another OS.
Perfect timing since i'll be upgrading before december.
ArchusKanzaki@reddit
I thought this is a sysadmin subreddit?
flummox1234@reddit
TBH using Windows is a choice. There are better and less intrusive options. They already are collecting a shit ton of telemetrics on you, this is just more of the same.
The year of the Linux desktop has arrived. /s
Silverr_Duck@reddit
Microsoft can't even get their own fucking search bar to actually search stuff. yet they think I'm gonna tolerate some half baked AI surveilling my desktop 24/7.
Human__Pestilence@reddit
Microsoft is kinda forcing themselves onto us. Can we file a restraining order?
No_Size_1765@reddit
Jesus christ
whiskeytab@reddit
christ you guys are dramatic, it's not even on by default and is something that will be controllable via GPO / Intune.
spend 5 minutes blocking it in GPO and then move on with your life
kagato87@reddit
Unfortunately it's not that simple.
The smaller businesses most likely to be targeted in general are also more likely to think this might be a good feature and turn it on.
So a small business, not yours, turns it on. At some point in the future they get hacked by some zero-day targeting this feature (and you can bet they'll be trying). Within seconds their history is retrieved.
You don't care, it's not you. Right? Well, except that's one of your vendors, and their crm or accounting software isn't properly ignored by recall, and you had a few transactions in that intervening period.
They now have everything. By the time AV definitions update 4 hours later (if they're even on that release schedule) it's too late. The hackers have it all. Names, contacts, billing habits, account numbers. Everything they want, for YOU and for all their other clients.
Its a gold mine well worth prospecting, and you can't fully protect yourself because someone else can screw it up for you.
Ihaveasmallwang@reddit
It will be an optional feature and off by default.
The sky isn't falling.
rohmish@reddit
honestly I like a lot of things about recall. But Microsoft can't really be trusted even when they say it's running on device. And it always recording all apps makes things iffy too. something like how the new pixel screenshots app works with an option to have it always watching certain apps (like game recording in steam, Nvidia, etc.) would be better.
rthonpm@reddit
Because there's zero chance of new ADMX templates to block the features? Grind your axe all you want, but lay off the hysteria.
F0rkbombz@reddit
I wish Apple would put some skin in the Enterprise game to give us some actual options for endpoints in medium to large companies.
Regardless of one’s opinion on Apple as a company, MS is burning Windows to the ground by making it a platform that treats the consumer as the product. Windows feels like it only exists to give MS your data while pushing ads down your throat.
The difference between MacOS and Windows could not be greater at this point.
And yes, Linux is wonderful, but it’s just not practical as an Enterprise option for endpoints.
Fallingdamage@reddit
Just dont use PCs wirh Qualcomm chips. Problem solved?
Kinglink@reddit
Making it real hard for me to support Windows 11 to get all those new updates and features, Microsoft...
Well besides the fact you say I can't but taunt me with it.
rochakgupta@reddit
Microsoft: the shitter that keeps on shitting
Dariaskehl@reddit
I know - it’s crushing. 🤣
At least the newly-promoted admin in charge of such things at work has vowed to change my workstation last; that’s a blessing. :)
‘… nope; mostly just the database, the compiler tools, and the main system I watch for me!’
I keep doing the fifty-fifty on the new gaming replacement at home; as mine’s passed ten years and is showing its age vs. building a forge in the backyard and realizing: need more data…
kconfire@reddit
When are they getting a new CEO? lol
I'm sick and tired of Microsoft.
And those that pushed my company into D365, what a dumpster fire pile of shit.
MyMythicalMycology@reddit
Fucking stupid-ass Microsoft knock this shit off. Lick taint.
PrettyAdagio4210@reddit
Oh look, another layer of bloat added on to the Microsoft circus tent of crap!