Microsoft is trying again to push out Windows Recall in October. This must be stopped.

Steal start menu keystrokes, steal photos, steal data, act surprised that people get upset: classic Microsoft.

No, no one wants you to have an AI catalogue what’s on the screen every fifteen seconds. You SHOULD NOT have a full, indexed, searchable catalogue of the porn preferences, shopping habits, sexual fetishes, gaming choices, food tastes, financial health, romantic interests, political affiliations, reading, writing, searching, browsing, and sharing.

Especially when ITS ALREADY BEEN HACKED AND YOU HAVENT RELEASED IT YET.

Buy a fucking clue.

[-]

Phreakiture@reddit

The operating system should launch the applications I ask, and store the data I choose.

On my disk, in my computer. That I have. Here.

Also we're not going to include your Downloads folder in your OneDrive. Yeah, we know that all sorts of programs put the stuff you wanted in the Downloads folder. Somehow, it's different to us than, say, your Documents folder.

Also we're going to take away the ability to add folders to File History, just because.

[-]

dawho1@reddit

And disable Autosave if you're not saving to OneDrive, as if that feature hasn't worked for decades no matter where you saved the file.

[-]

little_baked@reddit

You see saving to our cloud service is slower, more costly and requires far more infrastructure and maintenance than allowing you to save locally and here at Microsoft we like to challenge ourselves. Also, god damn advertisers pay us some good shit for that crap. Not to mention, we have Steve (you know Steve, right?) running the security and firewalls for us. The guy once got my computer out of safe mode so trust me when I say your info is safe. Can you believe he's happy to be paid in cigarettes and lube btw? Fuck it's great being a monopoly!

[-]

steveamsp@reddit

But... but... "Windows is a service"

BULLSHIT. It's an operating system. It should sit there and run the programs I put on it.

[-]

Sushigami@reddit

Windows was an operating system

[-]

Phreakiture@reddit

Windows is a disservice. LOL

[-]

Tbf, I'm not as bad and clueless with computers as, say, most people's 60 year old mums. So.

gex80@reddit

Mac is perfectly fine depending on application needs as an end user. We are a media company at my place and close to 50% of machines in the wild are mac out of 800 or so employees. Me personally, I use a mac for devops (not coding) work and in 2024, almost everything has a mac version or it's a website at this point.

[-]

Status_Jellyfish_213@reddit

Ayup. And with configuration profiles on a Mac you get instant changes, especially useful for testing. Your productivity goes through the roof. After I’ve finished my jamf 400 I’m going to move to focusing and learning intune, and I cannot frigging understand why Microsoft with the entire leverage of azure can take up to half an hour for changes to sync. It’s really stupid.

[-]

videogamechamp@reddit

And even if we had the money what would our options be? Mac or Linux? I'd rather have my teeth pulled without painkillers.

Is your argument that people should never be held liable to what they agreed to because they can claim they didn't read it and yet signed it? Not only that, it's a condition of your employment if the company has a formal policy.

If you don't like the policy you are free to go find a job some where else.

[-]

Sushigami@reddit

I'm not saying you'd have a legal case if you were called up on it, I'm saying it's not presented in a way that is commensurate with the magnitude of the importance of the clause.

(Although it is often in the employee handbook rather than employment contract, and in that scenario you probably would have a legal case.)

[-]

hzuiel@reddit

They still sign it, thats how contracts work, they are binding even if you didnt read them carefully, but if you have any work experience at all you should expect this, it is normal.

[-]

Sushigami@reddit

Legality and Morality have only a tenuous relationship.

It should be legally mandated that people be aware of it.

[-]

gex80@reddit

If they signed the paperwork they are saying they are aware of it. Don't sign things you didn't read. Simple

[-]

Sushigami@reddit

I don't know about you but while I read my employment contract, I did not read every single other guideline handbook and ancillary piece of info they threw my way afterwards.

[-]

dustojnikhummer@reddit

You're not entitled to privacy on a computer you don't own and was given to you with the explicit understanding that this will only be used for work purposes.

To me this sounds like your justification to install corporate spyware without the users actual knowledge "But they should have known it".

No, I would not accept that. We are in a process of rolling better software management out and you can be damn sure I will want people to be aware of it. I'm not saying "give them a choice", because that is up to management, but they should absolutely be informed.

[-]

One_Stranger7794@reddit

People work at work.

If workers are doing the work they are paid to do, no problem.

If they are not doing the work they are paid to do, then you watch them.

I've never understood the idea of getting everything done ahead of schedule, and then being required to 'look busy'.

[-]

Sushigami@reddit

You create perverse incentives to work slowly and less efficiently.

When there's a monitoring system:

Finish early by working hard = you must engage with more work.

[-]

One_Stranger7794@reddit

THIS is how the government works. I worked for them briefly, the amount of times I was told to slow down, leave it to tomorrow, don't look at that yet was appalling.

It was actually more stressful trying to work slowly, then just actually dealing with the tickets.

It becomes a race to the bottom, what's the bare minimum I can do to be considered competent, but not given more work because I'm seen as more capable than my peers.

[-]

Sushigami@reddit

The simple way around it though is to not have a monitoring system. Then you work hard, get it all done in 4 hours and have 4 hours in hand to goof off.

[-]

One_Stranger7794@reddit

I've never head of Slay the Spire, seems like a perfect 'WFH' game actually! I think I may check it out, I'm just about bored of Helldivers now and need something new and exciting in my gaming life.

Yes there are things to disagree with. They are called opinions. This was not an opinion.

[-]

dustojnikhummer@reddit

This

I assume we are both talking about the same thing, that you can't spy on employees on corporate devices without their knowledge...

And used to justify firing you whenever they need to cut budget, But Wait! Why not create comparison software that can rate the workers!! Cant wait to game the system

[-]

DarthtacoX@reddit

New to windows? There is a reason people used to call it Micro$oft

[-]

4t0mik@reddit

Meh kind of. The license rug pulls more than anything.

CALs no longer included. Terminal server licenses were revoked, and Exchange doubled in cost. Server retail almost tripled.

MS was turning in the monster they accepted to slay (a company that licensed every little feature).

The ONLY thing Microsoft hasn't moved on is their most hated licensed product (as far as cost). Always been 400.00

Heh.

[-]

pdp10@reddit

Office got traction because it was a bundle of mainstream applications, but at a price you'd usually pay for entry-level applications like "Microsoft Works".

When an individual buyer could usually get Microsoft Office for $99 OWM bundled with a new machine, and WordPerfect was still trying to charge $495 list, Office got the nod because it was cheaper than WordPerfect and 1-2-3, not because it was better. The Office spreadsheet was excellent, and the word processor was good enough for new users, and it obviated the need to obtain WordPerfect and 1-2-3.

Microsoft made back the lost revenue of those loss-leader OEM deals by making corporations pay much higher prices. But it was the cheap, ubiquitous bundle that unseated the current killer apps.

[-]

4t0mik@reddit

Yep, for sure. OEM deals were the key to basically all their products.

It was a struggle between businesses and home users; Office was not a part of Windows. Now, fork over 400. Heh.

With the success of Microsoft 365, people now understand what Office is (MS bundling it and simply asking for a login to license or pay).

[-]

Fallingdamage@reddit

This one has me scratching my head. I guess the $ makes the most sense, but the part about how this feature will only work if the device is using a single type of chip manufactured by one company is throwing me. Thats like making DirectX only functional if you use GPUs from a single manufacturer.

[-]

Valkeyere@reddit

M$

[-]

BoredTechyGuy@reddit

Used to?

[-]

thortgot@reddit

Hacked? No

It was determined they stored the data in plain text.

Microsoft has shown they abide by the config values. Disable it, this isn't a big deal.

Do you get this agitated about Chrome offering to store your passwords? (Also unencrypted btw)

The data is stored locally which means we as admins can trivially check to see that it's not on.

The amount of data stored is to high to hide in telemetry data so it would be discovered almost immediately if they tried to get sneaky about it.

[-]

darkfader_o@reddit

Microsoft has shown (within less than a decade) that they will neglibly re-enable telemetry after it was disabled, that they have bugs where they send stuff while disabled and so on.
the amount of data is not high if you transferred only query results.

if you don't grasp a pattern or don't try to foresee issues and do due dilligence on your assumptions, you are just not self-aware enough.

[-]

thortgot@reddit

If you disabled telemetry through reg hacks? Yeah they'll enable it again. Annoying I agree.

Disable it through the documented process and it never turned back on.

What stops Windows from using existing executables to do this perceived data extraction? Why would they need recall when they could simply add that into the kernel and extract the data they want.

[-]

darkfader_o@reddit

it even happened when you explicitely selected the knobs of the OOBE to "off" so, honestly just don't walk around stating it never happened.

[-]

thortgot@reddit

Source?

[-]

darkfader_o@reddit

why do i need to bring up a source because you don't have the memory or attention span? it's your job to be aware on your own.

[-]

thortgot@reddit

Perhaps we are talking about different things. Are you talking about Windows 11 Compatibility telemetry on Windows 10 Pro or Enterprise?

That has been analyzed to the hell and back and absolutely follows the values that are configured.

The toggles on Home aren't identical.

[-]

darkfader_o@reddit

Hi, sorry for the snark yesterday. It was around 20H2 from what I dug up, so 2018'ish, and the thing was not just on home, at least pro also was affected. There was also one KB that was pulled and re-released that was maybe related. There was no good narrative for what happened, they simply didn't port forward the original settings but there was also reports that the knobs stayed in 'off' positions. I can't say if it was incompentency or trying to get away with it, but the mode of operation is 100% identical to what we saw now.

In this case, it involves the most valuable data, and the one the OS has to protect on a very high level. None of that was put in place at the start which means the whole design process went forward without an inkling of protecting customers. That implies that any protective features have now been added after the fact, meaning they were not part of the design.

The risk level of Recall is so high it would normally need to be designed right up there next to the TCB like in some trusted system with mandatory access control. No matter if the search results end up in the user's search window or not, it is not OK to have this just as a normal application.

Where the industry not even (yet) has managed to get on top of credential dumping and kerberos theft we put this stuff right there as a normal OS component, then slap on a few security measures, which are at least our state of the art - but weren't part of the design.

so you can assume, they do unlock access to the frontend and/or unlock the database, but will not be in effect in the engine that evaluates the queries. so there's gonna be some lower layers that will not "know" what a valid access is or what other component just commited some data. So sure, I'm MFAed, and how does that stop an exploitable driver from commiting stuff in there that will change some rules, queries or just someone bulk exploiting stuff?

now that from a vendor who's been sloppy with keeping such features disabled, and even a day of this being enabled would be highly illegal for many purposes...

also a vendor who's security team got tin-can-opened just last year and we're not even sure yet that they fully flushed out their attackers. Not to mention that in a devsecops approach their mails will have enabled further 'research'. A vendor who's customer project data was found public and likely stolen.

And we rely on, at best, TPM modules for that which needs that january update for fixing bitlocker to ensure the TPM driver stays intact but people don't manage get installed (i documented the "how to fix" on stackoverflow literally days after release). TPM modules that we had to throw into trash less than 5 years ago.

You might say the issue with OOBE + Telemetry was years ago - but it was within the OS' lifetime, the fault wasn't detected by MS and the BIG difference is that it didn't concern data that gets persisted on the client computer in the same security layer. This is the really dark pit.

It's a helpful feature but I'd violate every NDA ever signed just having that on. Monitoring the changes, checking after an update is fine but honestly it's also cost imposed on the enterprises running windows clients... we'll see what it looks like next year, but really, please, keep in mind the bit about system design and slapping on security.

Personally I think any such thing enabled on Windows Home is even worse since private citizens have noone to ensure their tech stack fits their assumptions.

If they'd idk, have a keyswitch on the keyboard for turning it on and off that would be a fair level of user control for something that has this level of permanency. finding, again, that the opposite is the case, that design was not done to adhere to best practices, is disappointing on a personally techie level. In times of ransomware I don't care much about my disappointment though and more about the cost of the unavoid(ed) abuse.

I.e. think of a large botnet where people tried to fish for credentials. now they can run orchestrated queries against those "home" computers and have them extract that info.

How are we not responsible if that happens?

[-]

thortgot@reddit

I get the agitation about the potential for abuse on personal devices however this is an opt out feature. I would like to see a clear indicator for when it's in use on devices, perhaps a taskbar coloration or a Start Menu icon change?

A few things I'd clarify.

Yes, the user state control was overridden and set back to default under some scenarios (for home and unmanaged Pro). If you controlled the state through GPO (which were available prior to Windows 10 releasing) it did not change.

Local cred theft is a solved problem with the correct settings. Only allowing access at a rate limited component against the TPM from specifically signed code. It's wrapped up in Secure Boot.

On your TPM security comment, the TPM itself wasn't the issue it's the leak of a Secure Boot certificate that make a physical attack plausible to compromise Secure Boot by loading insecure UEFI data. This doesn't eliminate the security in the actual TPM.

Notably TPM 2.0 chips are secure and are the devices that are plausibly going to be running Recall since you need an NPU. No vulnerable TPM 1.2 chips are going to be running this.

[-]

NoncarbonatedClack@reddit

As far as documented processes, is there something other than group policy on the machine?

[-]

? They are 2 ways to set the same value.

[-]

mcilrain@reddit

Perfectly normal! Nothing to comment on! Please stop noticing!

[-]

Linux fanboys are so used to defending not having a feature that they now believe it’s a virtue to not have anything.

[-]

thortgot@reddit

You can disagree with the feature. Disable it. People got upset about the Microsoft Store when it was released. You're an admin, control your endpoints.

How many ways can you configure Linux settings? It's a lot more than 2.

[-]

mcilrain@reddit

Linux has no AI spyware to disable (0 config options).

Common Linux W.

[-]

Reflexes18@reddit

Are you trying to argue that Linux requires zero configuration to use?

[-]

mcilrain@reddit

Linux’s AI spyware requires no configuration to use. 👍

[-]

segagamer@reddit

Well that's incorrect, as many distro's ask you to submit telemetry to assist with development.

[-]

Microsoft has shown they abide by the config values.

ROFLMAO what now?

[-]

my_fourth_redditacct@reddit

It's because the real customers are the shareholders and the data brokers.

It's not accidentally spyware. It's spyware on purpose. They've run the cost-benefit analysis between a class action lawsuit and a gazillion dollars to sell the data.

Microsoft has a fiduciary responsibility to maximize shareholders profit above all else. Shareholders demand AI (they have no idea what AI is) so Microsoft is going to roll out any feature with a "NOW CONTAINS AI!" sticker on it that has the potential to make more profit.

[-]

YourMomIsADragon@reddit

I wish I could buy a million upvotes for this post. Even when I have an actual Microsoft account and a personal M365 subscription discounted through work, Windows is still nagging at you to "review settings" which I think is triggered by anything that isn't what they want you to do. I work as a sysadmin by day, but I've recently banished Windows entirely at home. I'm just so tired of the BS. Sure there are some things that are worse on Linux, but it's shocking how much stuff just works, games included due to Valve's work on Proton.

I think it’s important to mention that „Gold“ means that a game has issues, but they can be fixed.

[-]

McFlyParadox@reddit

Also important to mention that the ratings themselves might not have been updated. Some games have bronze, silver or even gold because that was their original rating, but have been worked on since then and compatibility has improved.

Sometimes the inverse is true - compatibility got worse - but if the rating is wrong, it's nearly always an underestimate.

[-]

killallhumans12345@reddit

I would even say gaming on the SteamDeck is probably 25 to 30% BETTER from when it was originally released, when it comes to windows based games. The seem to be continually improving

[-]

Ihadanapostrophe@reddit

Very probably true, but I only got mine recently so I can't speak about my personal experience with that aspect.

[-]

lightmatter501@reddit

It is true, if a game is more CPU bound than GPU bound it tends to run faster on Linux. Some GPU bound games also run better because of optimizations specifically for the game built into the graphics stack, like Starfield which runs at 1.5x the FPS on Linux for me.

[-]

From my experience "wanging a Linux distro" it is that easy if it works on deck it will work on any other Linux distro as well. Now if you mean stuff like Bluetooth controllers yea I gave up on that tbh lol

[-]

Ihadanapostrophe@reddit

That's true, but someone comfortable enough to dual-boot a Linux distro is likely able to make a reasonably informed decision about whether the games they want to play are too much of a hassle to play or not. That's kind of the point of setting it up.

I'm not saying they'll get the exact same experience, but it's not very far off either. Personally, everything I want to play on my SteamDeck also works on my personal system without any issues. That's largely because I'm running Ubuntu. There are definitely games that don't work or run poorly, but not really any that I care about. That's going to be up to each person.

[-]

dustojnikhummer@reddit

most games run on Linux without any issue.

Steam games.

[-]

Adnubb@reddit

Nothing stopping you from running a non Steam windows game through Steam. Been doing that with Guild Wars 2 for years now, way before they had a Steam release.

Gaming on Linux has come a long way. If only this shift would happen on the corporate landscape, then maybe the year of Linux would finally be with us. But that will probably forever be a pipe dream.

[-]

dustojnikhummer@reddit

Yes but saying it is "easy" is just objectively incorrect. Especially if you are a FOSS fanatic and don't want to even use Steam. Or other 3rd party launchers, just visit the SteamDeck subreddit.

Also, GOG still refuses to release Galaxy for Linux, but at least they do officially acknowledge Heroic as an alternative.

If only this shift would happen on the corporate landscape, then maybe the year of Linux would finally be with us.

Man, I need to learn how to work with realmd

[-]

Adnubb@reddit

Yeah, okay, if you care a lot about FOSS and shun external launchers it is still quite a pain. But even that has improved. I can see why you'd say it's not easy in your case.

But looking from the perspective of the average user who doesn't really care about FOSS or their OS and just wants to play games, it has never been easier. And with Windows becoming increasingly more adware infested and behaving like nagware, an argument can be made that it is the better option nowadays, even if some games still do not work due to anti-cheat measures. But then again, most people don't care enough about that to actively put in the effort to switch their OS. On the other hand if Linux would come pre-installed on their PC, it would work well enough for most people to not want to switch to Windows either. Which isn't something I could have said 10 years ago.

[-]

utan@reddit

I've been using Fedora for my gaming rig for over 6 months now without ever having to use Windows. Windows is no longer even installed at all.

[-]

VVaterTrooper@reddit

Just wanted to chime in. I got sick of Window 11 bloat, all the running processes and having it updated when I didn't want it to.

Been on Linux the past month and I'm loving it. I started with Debian, because I was used to it. Then switched to Manjaro because of the rolling release.

Oh yeah I am also a big gamer. No issues running games, so far.

[-]

RememberCitadel@reddit

I really do like the idea of linux, and use it often at work and a bit at home.

There is one major complaint I do have, and this is mainly a cli complaint. There is no damn standardization.

The commands for every application/module/package are all different.

I know this is the nature of something open source from a million different contributors, but there are only so many variations of help/quit/save I can take before I want to scream.

[-]

zeno0771@reddit

Just curious, which applications/modules/packages would you expect to have identical commands? If they're not doing the same thing, they probably won't behave the same way.

"Help" is almost always either -h or --help; if it's not, it's because that option isn't available (and serves as a backhanded reminder to check the docs). You can get out of pretty much anything in a terminal with ᴄᴛʀʟ + ᴄ. When things are expected to result in a certain behavior, they are usually kept fairly uniform because a lot of keystrokes become muscle-memory.

Now, if you're comparing vi to emacs...Tread lightly, you might start a war.

[-]

segagamer@reddit

Just curious, which applications/modules/packages would you expect to have identical commands? If they're not doing the same thing, they probably won't behave the same way

It's a gamble as to whether recursive is -R or -r

I think CHMOD uses = for separators while setfacl uses :

It's things like that. I can't remember them all and I've learned a lot of them to the point where it's a little less annoying, but Powershell is nicer to use.

[-]

ManyHatsAdm@reddit

PowerShell is cross platform now, you can install it on Linux...

[-]

segagamer@reddit

I know. I have strongly considered using it instead but... Dunno. Feels weird to do that, like using bash on Windows lol

[-]

chaosgirl93@reddit

like using bash on Windows lol

Might check out NobaraOS - it has a GUI updater that handles both standard packages and flatpaks, and pulls the correct Nvidia drivers for your system without any hassle.

I recommend the KDE version over GNOME, it'll feel more like the Windows/OSX you're familiar with.

[-]

McFlyParadox@reddit

Gaming feels like it is nearly there, finally.

2D graphics work is still a massive weakness. Yes, Gimp, Darktable, and RawTherapee all exist. They all frankly suck compared to Photoshop+Lightroom in terms of UX, workflow, and digital asset management (especially digital asset management). They all work as independent pieces of software, and that is their weakness compared to the way Photoshop and Lightroom are tied so closely together. That said, I am hoping that Graphite really does succeed and do for 2D graphics what Blender did for 3D graphics: be so good, and so successful at being a "broad spectrum" FOSS tool, that it kicks all the existing corporations in the space square in their nuts as everyone switches from them (Adobe, in this instance) to the FOSS tool.

And CAD is just a straight up black hole. Your options are:

FreeCAD
OpenSCAD

And that's it.And anyone who has used either can tell you that both massively suck compared to modern CAD software. You could use OnShape, which is online only and through a web browser, and at least has pretty solid drawing tools, but you still can only use it at their mercy. Someone pointed Ondsel to me the other day, and looks interesting, but it's new and it's a fork of FreeCAD. It's UI/UX looks like FreeCAD with a dark mode applied and slightly updated icons, and it's rendering looks really poor compared to pretty much any other CAD packages.

Why in the world would you be proud or shamed because of an OS choice?

zeno0771@reddit

That ship sailed years ago.

[-]

mrbnlkld@reddit

How so?

[-]

72kdieuwjwbfuei626@reddit

Yeah, Linux - just the operating system for people who are too incompetent to not turn Windows Recall on.

[-]

rebornfenix@reddit

The “Year of Linux” is a meme from the 2000s dot com crash.

MacOS need not apply until they actually pick an architecture.

2017 machine; roughly par of the gaming rig, yet younger: completely worthless. Gee thanks.

[-]

SideScroller@reddit

Switching around from Intel to Apple Silicon was definitely a pain but the performance gains on it is incredible. MacBook Air with Intel was crap but the ones running Apple Silicon run like champs. Software is slowly playing catchup but I can't wait to see what the future potentially holds once it does.

[-]

PineappleOnPizzaWins@reddit

the performance gains on it is incredible

If you don't need x86. ARM is getting a lot of traction which is great, but I need to work on x86 and if you need to do anything intensive then Macs don't do well.

I think ARM has a great future but it's not one I'm interested in being an early adopter of.

[-]

bfodder@reddit

If you don't need x86.

Rosetta works really well, but at this point if you're using a Mac you don't need x86.

[-]

PineappleOnPizzaWins@reddit

at this point if you're using a Mac you don't need x86

Using maybe, developing or managing large systems... not so much.

It's why I don't consider one an option. As ARM matures they'll become one though.

[-]

bfodder@reddit

Using maybe, developing or managing large systems... not so much.

bfodder@reddit

Why the fuck would you try to run containers on a Mac?

[-]

notHooptieJ@reddit

Having survived the 040 to PPC transition, and the classic to OSX transition, and the PPC to intel transition, and the intel to Apple silicon transition..

Dude has a serious point.

every single time, its been learning a new whole system (Hardware, OS aAND software, and little or nothing made the transition)

there's a reason im still lukewarm on the M series macs.

because in another 3-5-7 years we'll be transitioning back to intel or off to quantum or whatever..

and i really cant be assed to relearn everying on apples behalf without a paid training again.

I'll wait for work to swap and soak them to train me instead of tinkering on my own time as in decades past.

[-]

LibertyMediaDid9-11@reddit

Breaking support for 32 bit apps even on Intel machines is unforgivable to me.

[-]

segagamer@reddit

So like Windows on ARM then.

And then MacOS will jump to another architecture once more wiping your purchase history.

Plus if you don't like Microsoft forcing things on their OS, I don't see how switching to MacOS is a good move when it's a dictatorship that forces things on their OS that you cannot remove lol

[-]

SideScroller@reddit

Dictatorship?

I'm getting "I have a personal hatred against Apple\macOS" vibes from that comment. Which is fine in your personal life, but for those of us who actually want to support a vendor agnostic environment and not go through another inevitable outage ala Crowdstrike, macOS is a solid option. Ideally I would also like to add Linux workstations, as an option in the future too.

[-]

segagamer@reddit

Dictatorship?

Yes, dictatorship. Their way, or no way. Many things they roll out and you cannot change, remove or disable permanently.

I'm getting "I have a personal hatred against Apple\macOS" vibes from that comment. Which is fine in your personal life, but for those of us who actually want to support a vendor agnostic environment and not go through another inevitable outage ala Crowdstrike, macOS is a solid option.

I don't see how you can want a "vendor agnostic platform" yet opt for MacOS, the famously closed platform of the lot.

Ideally I would also like to add Linux workstations, as an option in the future too.

If you want to switch from Windows, you switch to Linux. That's the vendor agnostic, flexible platform you'd want if Windows is too "for the noobies" for you.

Addendum, this architecture change also did not "wipe your purchase history" as there is this little known software from Apple called Rosetta which allows for software compiled for x86_64 to run on ARM.

Tell that to the 32bit applications we had to ditch and pay for upgrades for.

Tell that to the 64bit applications that leaned on the OS's Python 2.7 to run.

Makes me think of the movie Ex Machina, where Oscar Isaac plays sort of an ultra creepy "alpha" parody of a combined Bill Gates + Zuckerberg, and has created an IA girl that he keeps in a cage, and brings in a random employee to test out the AI - to see how lifelike it is, see how the guy reacts to it, etc. He had done the exact same thing - he had hundreds of thousands of datapoints harvested from the employee's home PC and work PC, and the employee even says at one point something to the effect of "holy shit, you designed her face based on my porn preferences". Sick as fuck.

Because you’re not trustworthy.

At this point I'm only going to believe them if they execute the entire C suite, plus the guy who made the suggestion.

I don’t currently have a computer of my own set up, but next time I do, I’m thinking it’s time to look into Linux distros again… Ubuntu or something.

[-]

BananaMangoMeth@reddit

Once windows 10 dies I am moving to linux fulltime. Steam did a great job porting shit over and fixing the gap of gaming on linux.

[-]

TONKAHANAH@reddit

Why is it so fucking complicated to not lie to your customers or steal from them?!

Windows 10 final support patches happen in October right before 22h2 goes end of support. They'll force everyone over at that point.

There are already several malware groups hoarding exploits to immediately attack Win10 users when it happens.

[-]

PowerShellGenius@reddit

Force people over? So does that mean they are going to automatically do "unsupported" upgrades on <8th gen boxes?

[-]

in50mn14c@reddit

In the case of Windows 11, lack of supported status still provides functionality but doesn't provide the "secure" status that some markets require. Once they figure out a way to thread the needle on legal obligations and realize they need the telemetry and recall data for the market share that holds out on upgrading they'll make an excuse to force people over or start removing functionality for the sake of "security" until people move

[-]

PineappleOnPizzaWins@reddit

There are already several malware groups hoarding exploits to immediately attack Win10 users when it happens.

You're right, because Windows users worldwide all update on time and there has never been a single example of unpatched systems being exploited months after exploits were resolved.

Malware groups who find exploits use them. They don't save them for another year hoping nobody else finds them.

[-]

in50mn14c@reddit

You're an idiot

They're not utilizing the good exploits because if a product is end of support there will literally never be a patch for the exploit. Why would they burn one now and give MS the chance to patch it in the final patch for the OS when they can wait 60 days and own the systems forever?

Your logic doesn't logic.

[-]

PineappleOnPizzaWins@reddit

Good point, that's why it's happened for every single OS to go out of support so far.

Wait.. no.. the other thing.

[-]

in50mn14c@reddit

Except it happened for right after XP sp3. And the last service pack for vista. Eternalblue mean anything to you? No? wannacry? No? Tell me you haven't been in the industry long enough to see an end of support OS without telling me you haven't been in the industry long enough to see an end of support OS.

Just take a look at the DB and filter after 2020. https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-17153/Microsoft-Windows-7.html You think basic risk assessment would allow for that many holes in security for an OS? I get that your mom and pop repair shop will say it's ok, because that's obviously the tier of skills and knowledge you're working with.

[-]

TrekRider911@reddit

Everyday I boot my computer is says I should update to windows 11, but then tells me I do t have the hardware for it. I’m not looking forward to buying and building a new box.

[-]

Microsoft even patched Windows 7 for a particularly nasty one a couple of years back. If it's bad enough they'll go and look after it.

[-]

PineappleOnPizzaWins@reddit

What, it's happened with every single other OS that's been retired right?

Wait no, the other thing.

[-]

unapologeticjerk@reddit

A) There's no real difference between EOL Windows 10 22H2 and the latest Win 11 in terms of telemetry (I'm assuming the paranoia is over that). You also have no more access as admin in 10 then you do in 11.

B) They already forced it, you just see a revision number next to your major release number (10 23/24**). It's the same Flighting as 11 Basic gets.

[-]

tk42967@reddit

In a lot of specific industries, anything newer is a no go. Do you think a company with a 5 million dollar CNC machine is going to want to throw it out and get a new one because the controller software only supports Windows 7?

[-]

PowerShellGenius@reddit

Do you have at least 150 M365 users? If so, you're probably (depending on plan, but the most common ones have it) eligible for App Assure.

If you have never heard of App Assure, basically...

Windows 7 (or maybe Vista, I can't remember between the 2) is the last time MS deliberately broke backward compatibility with any change
I think Vista, because UAC started then...
Windows 10 and 11 can act like older OSes in compatibility mode
If you can demonstrate an app works on 7 and not 10/11 that is a bug
If you can demonstrate such a bug and your license count is eligible for App Assure, Microsoft will have an engineer fix Windows 10/11 to work with that app.

[-]

tk42967@reddit

So our use case is alittle different. We have some PLC's in some giant tanks to measure liquid levels. THe PLC's are like 25 years old. We have a project to replace them. The replacements will run a version of the vendor software that supports Windows 10/11.

[-]

thewhitewolf_98@reddit

The Co pilot app bothers you that much? Come on, stop overreacting.

[-]

0xSadDiscoBall@reddit

It does.

[-]

DoogleAss@reddit

Why you don’t have to use it lol… that’s like going to a comedy show and getting mad at the jokes.

No one made you go to the show… no one is making you use copilot is it annoying they install things at will sure is it that big a deal not really

[-]

lol bro they along with every other company has been doing it for years and will continue to do so. They are a company that literally exists to continuously make more and more money. How do they do that without these tactics. Is it right no but it’s the world we live in you just yelling at the sky at this point

You mean nothing to them the corporate world is the foundation of windows market share

Caeremonia@reddit

Thanks for the info! Do you have to host your own storage space somewhere accessible on the internet? I mean for a DIY solution, not one of the paid services.

[-]

RandomPhaseNoise@reddit

I have a tiny pc above my kitchen cupboard. It runs proxmox. There is a lxc container wich runs syncthing on it. My phone synchronizes my photos there. My laptop and desktop synchronizes my documents there.

As the proxmox has zfs under, I have snapshots of my data for months.

The point isn't "Recall bad cuz all in one spot". The point is Recall is bad because we don't trust M$ to not harvest that info even more than they already do. All Recall does is put it all in a nice easy to digest package for their ad services and bot trainings.

Are you a dev on the Recall project or something, because you're defending it REALLY hard for someone not invested in its success....

[-]

elitexero@reddit

There's no point.

Dude has all the arrogance of some kind of L1 helpdesk guy who thinks he's the smartest one in the org.

[-]

descender2k@reddit

When you two brainless moops learn how encryption actually works... don't bother telling me. I don't give a shit.

[-]

descender2k@reddit

the way it's used in Recall isn't really very secure at all in day to day usage

It's merely the best way we are capable of? Oh.

The point is that you're all throwing a hissy fit over something that A) Won't even be enabled by default B) You're supposed to administer properly C) Doesn't contain the scary data you think it does and D) It's as compromisable in it's current form as you think it is

I have absolutely no interest or care for Recall. It just find it hysterical how you are all acting about it.

[-]

elitexero@reddit

ENCRYPTED

Cool. Is it ever decrypted on the same machine? Then the encryption is worthless.

[-]

Coffee_Ops@reddit

Hey guys what's credential guard and dpapi?

I walk the line across OS administration, cyber, and identity. I'm familiar with the attacks.

They aren't exploits that I'm aware of. They're ways of sometimes working around the protections, which are still robust and often far more than anything Linux has.

From a brief review of Januszkiewicz' work it appears to require root access and does not appear to be an exploit. What's more, my (shallow) understanding is that some of the secrets she requires are not easily available with Credential Guard turned on.

The fact is, if you get root on a system whether it's Windows, Linux, or Mac, they can generally compromise everything for all users. Recall does not change that threat profile at all. You might as well complain about browsers keeping history.

[-]

elitexero@reddit

The fact is, if you get root on a system whether it's Windows, Linux, or Mac, they can generally compromise everything for all users. Recall does not change that threat profile at all. You might as well complain about browsers keeping history.

For the most part I agree, except it could allow exfiltration of historical sensitive data. I would more contrast it to users saving all their passwords in the browser password safes. Sure someone could sit there and monitor/capture passwords live, but having a large amount of data to dump is always nice for bad actors.

Like, my large concern here is identification of access. If someone were to breach systems and get detected 24h later, they would effectively be able to exfiltrate weeks or months of data without access.

[-]

Coffee_Ops@reddit

Malware already sits resident, waits for password vault unlock, and dumps the credentials.

Folks in the /r/sysadmin sub should understand well that, once you get admin on a box, everything there is liable to compromise. Arguing against a new capability because that might also get compromised by an admin is silly.

If someone were to breach systems and get detected 24h later,

They probably have your browser history, session cookies, and maybe a full password dump at that point.

Recall is the least of your worries.

[-]

That isn't how it works

[-]

They aren't releasing the version you read about 3 months ago.

[-]

elitexero@reddit

I know they aren't - that one wasn't even encrypted.

[-]

descender2k@reddit

Chicken little's shouldn't pretend to be a sysadmin.

[-]

Coffee_Ops@reddit

Modern windows 11 installs use VBS to have the "os" as a VM under the hypervisor, and restricts it's access to some sensitive memory.

It is simply not true that just because something gets decrypted on that box, that admin can view it. That's literally one of the threat models countered by credential guard.

And both AMD and Intel support memory encryption with multiple keys that can be used to thwart both evil admins and evil maids from getting at the plaintext memory.

Whether that applies here depends on implementation.

[-]

elitexero@reddit

Look, you're actually right here. I'm being largely alarmist, but with intent.

Looking back at .. how many decades of Microsoft OS releases and the bananas amount of elevation style exploits that have come out rapid fire - there's no way in hell the level of responsibility that comes with housing information that this godawful tool is going to harvest should be left up to an OS, especially on consumer machines. Regardless of how the layered security implementations look right now.

One exploit away from attackers being able to exfiltrate not only whatever they can grab at the moment, but a historical diary of screenshots and various other extremely personal items just being stored on your machine for the pointless purpose of some crappy Microsoft advertising focused LLM training on your data to sell you shit and then firing valuable telemetry and training data to Microsoft.

[-]

zero0n3@reddit

Or God forbid the companies that use MS products use it so their engineers can better assist other teams and each other?

Like for fucks sake. MS isn't the only company getting a benefit, it's a net positive.

And again, what additional data from a personal or corporate perspective would this data get them compared to the access they already have on your machine?

99% of the shit in the screenshots will be available in logs, cached files, browser history, etc.

Hell, those locations are probably more valuable too! since it could have passwords or cookies that could be used to get to your bank account. Also, a lot smaller file size wise, and easier to go unnoticed.

BUT PASSWORDS?

Oh wait, screenshots will never show passwords unless you yourself show it on screen.

[-]

elitexero@reddit

Or God forbid the companies that use MS products use it so their engineers can better assist other teams and each other?

Will it really get used though? Problem steps recorder has done similar for over a decade and most people don't even know it exists, granted it's not automatic, but still.

And again, what additional data from a personal or corporate perspective would this data get them compared to the access they already have on your machine?

What they can get until discovered +history as far back as the recordings go. Smash and grab malware would just need to exfiltrate those files and they have so much more than they could get in a single instance or without having to set up long term surveillance/exfiltration. Caveat == provided they can get the decryption key.

I mean hell, this post has quite a lot of people concerned about the security risks of such a thing, it's not like I'm some random outlier here.

Some things I can think of off the bat - client lists, confidential internal communications among executives, finance teams have sheets open with information that could be concerning if they were leaked and the company was public. They may be cached, they may not. Screenshots guarantee visibility however. Internal communications between operations team members that could be used to better understand the scope of security across the network... the possibilities are endless, especially with web client based chats like Trello or Slack - there aren't local chats stored for those, so dumping someone's tmp directory wouldn't be nearly as useful as having a visual diary of conversations.

All in all, the juice doesn't seem worth the squeeze. Enterprises can implement a host of 3rd party solutions to do the same thing if needed - I don't see the need for Microsoft to hammer this peg into the Windows hole across the board.

Oh wait, screenshots will never show passwords unless you yourself show it on screen.

Corporate users should never have an expectation of privacy on machines they do not own, however they should have a reasonable expectation of corporate privacy in relation to the confidential information on their screen.

Maybe I'm not getting how this is all going to work, but my main concerns really line in where the encrypted databases are stored. If they're stored on the local machine, I stand by my concerns/claims/bitching/whatever. If they're not, and are streamed/uploaded to another centralized network storage, I have much less concern. That said, with this product's intent seemingly to be pushed to all builds, not just as a corporate option, I'm pretty sure these are going to be stored on a per-machine basis.

[-]

fresh-dork@reddit

discovery is a cast iron bitch. "show everything that user X did on august 14 during business hours"

[-]

zero0n3@reddit

They already do this.

Citrix, VMWare, RDP, Parallels. They can all be setup to record the session.

Hell, companies make us go through jump boxes to access our sensitive systems so they can record and control what goes each way.

This shit isn't new in the corporate world. It has massive benefits to troubleshooting.

https://www.reddit.com/r/Windows10/comments/lu1kor/windows_10_telemetry_keeps_re_enabling_itself/

Literally top Google search

[-]

Netstaff@reddit

So it didn't, instead, what was is that some machines broke due to an error, and errors are unavoidable. BTW, if you are really that obsessed with telemetry(Why? MS is binded with legal contract, people trust them entire clouds they are more trusted by customers than you are), you should block it externally an not with some sort of no-warranty third party software.

[-]

Big_Emu_Shield@reddit

People trust the cloud

Yeah and look where that consistently lands people. I professionally do NOT recommend cloud-based solutions.

[-]

Netstaff@reddit

Well, as everything is in the cloud, i can conclude that you are unenployed.

[-]

Big_Emu_Shield@reddit

Currently managing the networks of several small businesses in NYC. Only one of them uses anything cloud-related.

[-]

BatemansChainsaw@reddit

corporate setting where you have it turned off

Let's get to the real problem here: it shouldn't exist. it shouldn't be a default inclusion. it shouldn't have a default of being ON.

it just shouldn't

[-]

FireLucid@reddit

Yeah, this is the one thing that has really made it hit for me, thankyou. Get rid of it!

[-]

Jaereth@reddit

That is a massive exposure posture that in turn, gives you very little benefit compared to the risk.

I'm also thinking of stuff like - High value laptop gets compromised now - ok, maybe the thing starts scanning the file system. Maybe it starts scouting the network. A lot of EDR and SIEM systems would be like "hey this is suspicious activity" and isolate the endpoint.

But now that one compromised endpoint had a dossier of info from that user. If this is enabled it basically guarantees (in a business world) ANY compromised laptop will now contain a treasure trove of recon info for lateral movement within the org at that point.

The spearphishing from this is going to be nuts lol.

[-]

TheDunadan29@reddit

It kind of sucks for worker privacy. Which let me be clear, I have zero expectation of any privacy on my work PC, I only do work on my work machine, and I do my personal stuff on my personal machine.

But consider some manager decides to use this to track worker productivity. So now they are tapping into recall to see literally everything you do, when you do it, and for how long. Maybe it's not there yet, but Teams is already a tattle tale being used to track productivity. This just seems like another invasive thing.

Also, if I'm a corporate Sysadmin, security is a big concern. If I've got users dealing with proprietary information, it's just always the question of how data is being tracked. And the other issue people are posing here, if malware, or a direct attack is happening, is this sufficiently hardened to prevent elevation? Or what if it just steals the screenshots? Working on some confidential info, and now the OS is screen shotting your data?

There are just still way too many questions about how it works, what data is stored, and ways it can be abused.

Personally, if there kernel was more hardened, and recall didn't have access to anything that exists in the hardened space, and you could also block apps that contain sensitive data from being tracked, that would be ideal. But then we're just carving out space to the point it begs the question of why you'd enable it at all? Just disable it.

[-]

pdp10@reddit

Personally, if there kernel was more hardened, and recall didn't have access to anything that exists in the hardened space, and you could also block apps that contain sensitive data from being tracked, that would be ideal.

That class of functionality (e.g., Intel SGX) has existed for years, but it's literally only used for Digital Rights Management of media.

[-]

disclosure5@reddit

No, it's not off by default. Here's the setting:

https://learn.microsoft.com/en-us/windows/client-management/manage-recall#configure-policies-for-recall

And quoting the text: "Organizations that aren't ready to use AI for historical analysis can disable it until they're ready"

Assuming people proactively deploy that setting, are you naive enough to believe a Windows update won't "accidentally" break it like all Microsoft's previously configurable telemetry options, or the way Copilot accidentally showed up on desktops?

[-]

fish312@reddit

That's such a shitty wording

Organizations that aren't ready to use AI for historical analysis can disable it until they're ready

Not "organizations who don't want this feature". Why, everyone wants this feature. You all just aren't ready for it.

BECAUSE:

If you are an attacker, and you are on this person's device as this user, YOU ALREADY HAVE ALL THIS FUCKING DATA AVAILABLE TO YOU WITHOUT RECALL. THE MOST VALUABLE DATA ISNT EVEN IN RECALL!!!

Do you really think an adversary gives two shits what app or doc or code you were working on 2 years ago? fuck no. They care about what you are doing now and what they can do to move along or extract value from you via blackmail, ransomware, etc.

Anything a skilled adversary would want, is better off going to the source of the data. Recent docs, corporate shares, company websites you go to blah blah blah.

So you're counting on someone hacking MS, and then they should care ABOUT YOU.

Yeah, if your company name is JP Morgan Chase or the National Security Agency. Sure.

Joe's Truck and Tow LLC? Yeah no one that is capable of hacking MS gives a fuck.

And if they did, they'd hack you in 2585825 other ways than co-pilot.

You're just making up shit to avoid getting with the times. Enjoy being left behind I guess.

[-]

techtornado@reddit

I refuse to support this AI invasion

I support multiple PHI/PCI and Soc2 organizations, so yes, sensitive data is a big topic for us and no, Copilot is not allowed because it’s just too invasive vs. the claimed productivity benefit “offered”

[-]

fadingcross@reddit

Cool.

Just remember that a lot of people refused to adapt virtualization too. And IaC. And coding.

Guess what happens to this people's careers.

You do you!

[-]

techtornado@reddit

I love virtualization and idk what IaC is

[-]

ZMcCrocklin@reddit

IaC = Infrastructure as Code (i.e. Terraform)

[-]

fadingcross@reddit

You're missing the point, completely.

[-]

techtornado@reddit

Stop being a rude gatekeeper, this is your only warning… ⚠️

There is a proven benefit to virtualization whereas AI has no benefit other than filtering out data based on bias and influence algorithms

[-]

fadingcross@reddit

You've clearly never used chatgpt. How many examples do you want?

[-]

techtornado@reddit

Again, offensive, why must I repeat myself?

I’m talking specifically about the AI in Windows Recall how it’s not compliant with sensitive information and therefore businesses should be able to remove it entirely

And with Microsoft’s terrible track record of turning optional things on or forcing Windows upgrades without user consent, that is why I don’t trust it

Other AI’s seem to be ok for novelty image generation or making a video, but no AI on my Windows, full stop

[-]

fadingcross@reddit

So you and your users never use snipping tools in windows, ever?

You don't use browser history to go back to a page and read what it said, you got photographic memory I guess?

If the to these two questions are anything else than "Nope" - You've got a massive use case for recall.

[-]

techtornado@reddit

Screenshots are largely used to highlight all of the Office365 errors Microsoft keeps creating for us

That is an intentional process where I can control the capture of said information so that private says that way

All that to say, it is a really bad analogy for justifying recall...

My memory is stellar when it comes to websites and articles read and/or it can be found very quickly from the browser's history and that is the only place that should be stored

I use a Mac, that is how much I trust the reliability and stability of Windows...

[-]

Kiernian@reddit

"Infrastructure As Code" I think, in this case.

[-]

andrew_joy@reddit

Stop using windows. How many times to that have to abuse you before you fight back? Dont tell me that you need xxxx software, no you dont there will be an alternative , it may not be as good but it will get the job done.

In corpo wold you may have to but that's business data and its the businesses problem.

[-]

Kiernian@reddit

In corpo wold you may have to but that's business data and its the businesses problem.

That, right there, makes this:

Stop using windows.

A super annoying post to a large number of people.

We use it at work because we have to, we often use it at home because that's how you stay current.

So, unfortunately, it is not that simple.

[-]

ZMcCrocklin@reddit

You don't need to be on Windows to stay current. However, the majority of consumer machines come with Windows pre-installed. Most people don't know enough/can't be bothered to switch to an alternative like Linux. As I work in IT focusing on Linux, I'm actually on a M1 Macbook (currently no way to put any other OS on there but MacOS), but it's better than windows. Previous employer issued Dells with Windows, but we were allowed to wipe it & put Linux on it (unsupported by helpdesk).

[-]

MarineJP@reddit

https://practical365.com/protecting-your-enterprise-against-microsoft-recall/

Manage it

[-]

MairusuPawa@reddit

This is like continuing to tolerate the orphan crushing machine instead of shutting it down.

[-]

topromo@reddit

I'm so fucking glad Microsoft doesn't cater to this subreddit, they would never release anything. Manage it.

[-]

Caeremonia@reddit

What is so difficult to understand about admins not wanting random apps pushed to the operating system without their sayso. It should be a standalone product, not something that is installed by default that we then have to opt-out of. Why not just make it opt-in?

[-]

DoogleAss@reddit

I think most admins would read up on the feature and if they did they would realize it’s only supported on ARM and not a single x86 CPU currently

In other words do you plan on replacing your fleet with ARM cuz if not it’s a null point

At least until Intel/AMD decide to integrate NPUs into their products

[-]

MairusuPawa@reddit

If you're a decent admin you plan for impact 5 years down the line, and it's obvious you'll be fucked.

Just because you can't see past three weeks in the future doesn't mean you should also fuck everything up for everyone.

[-]

72kdieuwjwbfuei626@reddit

It is opt-in.

[-]

Milk sold to consumers isnt unpasteurized by default, you have to seek it out and knowingly accept the risks. Your scenario would be if someone was scheduled to come to my house and force feed me unpasteurized milk without me asking and I had to send them a notarized letter to make them cancel the appointments

[-]

Jaereth@reddit

force feed me unpasteurized milk without me asking and I had to send them a notarized letter to make them cancel the appointments

Yeah, let’s crush the orphans

[-]

Tower21@reddit

See, ... Finally, someone talking sense.

I always said I like /u/JustInflation1, they said his name is weird, it's not weird.

He's an upstanding member of society, can you believe they said that, I can believe they said that.

They are horrible people calling JustInflation1 weird, I've never said that.

[-]

ChumpyCarvings@reddit

I'm so tired of coming to this sub allthese years and poor sysadmins need to find the next thing, to remember to block.

Learn to block xbox game bar

Learn to disable solitaire installs

Learn to stop X

Learn to stop this on updates

etc.

[-]

abr2195@reddit

If an sys admin is using security baselines and keeping them up to date, they don't need to worry about blocking things that threaten the security of the company.

Ah yes, thank you, Microsoft, for making more work for us.

Thank you for giving us a task to do, to turn off something we didn't want. Something that our org doesn't want, something that our users don't want, and something that we will be inevitably tasked with turning back on org-wide because some C-suit thinks its pretty neat on their home laptop, which is actually their org's laptop, which you gave them local admin because the C-suits demanded it.

Yes. More work. Yay.

[-]

abr2195@reddit

This sounds like an organizational issue, not a Microsoft issue. If it is difficult for you to apply a single configuration policy to your computers, that reflects poorly on your organization's ability to manage its computers. That's not Microsoft's responsibility.

[-]

KnowledgeTransfer23@reddit

inevitably tasked with turning back on org-wide because some C-suit thinks its pretty neat on their home laptop, which is actually their org's laptop,

So... it is something the org wants, then?

[-]

The_Wkwied@reddit

Just like steam and discord, on the c-suits laptops, right?

[-]

SpiritualSpaceGolem@reddit

I feel like we have worked for the same companies our entire careers.

[-]

Wolfram_And_Hart@reddit

Because the same boring places cranked out the same boring C levels.

[-]

The_Wkwied@reddit

We all wear different hats, but we are all part of the same circus.

[-]

I_T_Gamer@reddit

MarineJP

Great for your office, but whose managing it on every normal person's computer.

There is no reason why you couldn’t do those things on a platform which also would work for gaming. I think you’re reading more into my comment than was actually there.

[-]

Mindestiny@reddit

There is no reason why you couldn’t do those things on a platform which also would work for gaming.

I never said you couldn't.

I think you’re reading more into my comment than was actually there.

Let it. I’m so jaded. Let everyone get hacked. Maybe, just maybe, they will realize it is a bad idea. You can lead a horse to water but you can’t make it drink.

[-]

Jaereth@reddit

People can just find a way to get elevated rights, and turn the feature on,

If people in your environment can "just find a way to get elevated rights" you've got bigger problems than recall.

[-]

free-4-good@reddit

He means hackers not users.

[-]

KnowledgeTransfer23@reddit

Still. A hacker with elevated rights can get the information they would from Recall any other ways. They have for decades already.

[-]

chron67@reddit

But why make it even easier? There is very, very little valid benefit from a feature like this but plenty of downside. Also this argument is kind of like why should I lock my house doors when they can just break the window or kick the door down?

[-]

KnowledgeTransfer23@reddit

Are you serious? You can find no valid benefit from a feature like this? Near-eidetic memory for your computer?

Your analogy doesn't matter because the premise set up is that the intruder is already in the house. More appropriate would be, do you spread out all of your important documents and any cash you have throughout your entire house at great inconvenience to you just in case a burglar breaks in? Like, one necklace in the jewelry box, one pair of earrings in the sock drawer, one bracelet in the bottom of the bag of flour?

[-]

nyanf@reddit

Fuck windows.

[-]

cashMoney5150@reddit

Isn’t this monopolistic behavior?

[-]

bleuflamenc0@reddit

They're already spying on you. Recall is just showing you some of it.

[-]

Brondster@reddit

This kinda decision seems to beg the question why do we pay for a OS premuim to be spied on?

we dont wanna know what program we used last Smarch (lousy Smarch weather)

we want Full control of what we want to disable /uninstall and get rid of Bloatware that we Never going to use.....

[-]

bukkithedd@reddit

This is the equivalent of a stiff fart in a thimble, not the F5 tornado people make it out to be.

Don’t like it? Don’t turn it on.

[-]

Zocdoo@reddit

My plan is to keep on using W10 until EOL and then Linux + proton for gaming. I’m using Windows for a long time, had my fun with DOS as well, but Recall is a bit too much for me to handle.

[-]

greetedwithgoodbyes@reddit

The goal, according to Microsoft, is to help users retrace their steps and dig up information about things they had used their PCs to find or do in the past

Yeaaaaaaaaaaaaah righhhhhhttttttt

[-]

xixi2@reddit

Sooo... am I the only one that does quite a bit of stuff on my computer that I don't want any trace of? Like what are they thinking? Does this thing respect incognito mode even?

[-]

72kdieuwjwbfuei626@reddit

Don’t turn it on then. It’s not complicated.

[-]

abr2195@reddit

From Microsoft:

Digital rights managed or InPrivate browsing snapshots are not saved. Recall does not save snapshots of digital rights managed content or InPrivate browsing in supported web browsers.

And

You can pause, filter and delete what’s saved at any time. You’re always in control of what’s saved as a snapshot. You can disable saving snapshots, pause them temporarily, filter applications and websites from being in snapshots, and delete your snapshots at any time.

[-]

DoogleAss@reddit

So don’t buy an ARM based windows Pc and you won’t have it simple solution

[-]

KnowledgeTransfer23@reddit

does quite a bit of stuff on my computer that I don't want any trace of?

One could say "don't allow Citrix users to access sensitive data". But profiling what sensitive data is and then attempting to mitigate that is ... just yuck.

It'd be ideal for companies to signal to recall "disable or MS pays for business damages" on their websites.

Seriously, this feature is peak stupidity and I hope opens up MS up to serious financial damages because they siphoned off data, had a recall breach, and found liable. Would it work that way, probably not, but I can only hope.

[-]

72kdieuwjwbfuei626@reddit

You can either give out company devices or stop pretending that you give a shit when you actually don’t.

[-]

thortgot@reddit

Don't allow unmanaged devices connect to your Citrix environment if you want actual data security.

Malware keylogging/screencapture is already occurring and data exfiltration blackmail is the new ransomware.

[-]

avarageone@reddit

When I worked via citrix our office machines had to be checked and certified by the client's IT. Probably whenever citrix is run it or other app will check if recall is disabled, maybe even antivirus software will do it, or some management suite.

[-]

ThatITguy2015@reddit

They are still planning it? That is fucking impressive. Infuriating, but impressive.

[-]

F0rkbombz@reddit

AI platforms are running out of data to train their models on, and the AI generated data they are trying to train LLM models on just isn’t doing it.

They need real people to generate real data for their models, and I suspect that’s why MS is trying to force this despite the huge pushback.

It’s not just “we don’t care, we want to deploy this feature”; there’s a reason they are willing to do something this unpopular.

[-]

itazillian@reddit

They need real people to generate real data for their models, and I suspect that’s why MS is trying to force this despite the huge pushback.

This is restricted specifically to ARM devices marketed for AI stuff. That's insignificant.

DeifniteProfessional@reddit

Unfortunately, some companies, such as Microsoft, are too big to fail. A few fines here and there, but Governmnts can't stop MS

[-]

thortgot@reddit

Governments absolutely could stop Microsoft. Have you seen the EU's fines against Google?

Let's imagine this was the case. There are quite a few problems with it.

Bringing attention to the public feature would put more scrutiny rather than less. They could have implemented an equivalent feature as part of the kernel with no notice to anyone.
The amount of data you'd need to capture to be useful wouldn't be possible to hide. It would be immediately identfiied. Data exfiltration identification is quite straight forward and many security groups are constantly looking for it.
They already have access to the majority of this data if they chose to do so through services like OneDrive, Sharepoint and M365 and could do so on the backend.

Let's theorize a much more plausible set of reasons.

Computer hardware sales have been sluggish. This features only works on "NPU" enabled devices (coprocessors) meaning to utilize it you need new hardware.

Microsoft's attempting to obtain/maintain a public perceived "AI" lead

Windows 11 adoption has been much slower than they want. This is solved by pushing for a new cycle of hardware adoption that only works on 11.

A product manager demoed it and got the nod for it being "revolutionary".

[-]

pdp10@reddit

Microsoft: too big to fail since 2001.

...Linux is like 95% less scummy.

Come to the dark side.

[-]

thewhitewolf_98@reddit

No, linux sucks.

[-]

BradChesney79@reddit

Nuh-uh.

I'm telling your mom.

[-]

sekazi@reddit

This may be the feature that forces me to Linux. Gaming has gotten much better over there. Honestly I have little reason to stick with Windows anymore.

[-]

VVaterTrooper@reddit

Gaming on Linux is just fine. Value did an amazing job with Proton.

[-]

holiday-42@reddit

Insiders only in October. I hope this gets squashed before going into mainstream.

I don't want it installed and "Disabled".

I don't want it installed at all.

[-]

You're still not making any sense. You don't have to opt out of it. It's disabled by default. Though that may change at some point, which could then make your point vaild. But at this time, it's disabled by default, and only available on certain machines.

That being said, why would you be worried about having to opt out of it? It's diabled, there's no opt out option. It's opt in. What shit are they pulling on you? They've literally done nothing new to you. You're being completely irrational.

I've tried PopOS in a live session, and I tried to install it once. It's not my favorite distro. Stock Gnome isn't great imo. And I know they are working on their own bespoke DE, but I haven't used it long term enough to really make a call. These days I'm gravitating toward stock Ubuntu because I like what they've done with Gnome, and I like their aesthetics and feature set out of the box.

Though the trash thing is getting hardware. Linux PCs are kind of expensive. And I have a hard time wanting to drop that kind of cash when I'm still trying to figure out if Linux makes sense as a daily driver yet. And the distro hopping continues, I haven't quite found the one to rule them all for my personal use yet.

If I had the perfect hardware and it just worked flawlessly, I might actually still be on Linux Mint today.

[-]

KishCom@reddit

I like that we've come full circle. Installing Windows 11 without a Microsoft account now requires an esoteric CLI command during install.

is this same for all countries? i guess EU for example would have problems with this, right?

[-]

Maegurillion@reddit

The goal, according to Microsoft, is to help users retrace their steps and dig up information about things they had used their PCs to find or do in the past.

I've been using Windows since Windows 95 and I have never, not once, needed a feature like this. If someone wants it, it should be a separate downloadable feature that they CHOOSE to install.

[-]

Sovey_@reddit

Gotta keep those install numbers high to justify the absolutely insane spend on AI infrastructure. This bubble needs to burst.

[-]

DoogleAss@reddit

It is called don’t buy an ARM based windows PC… boom solved your issue

[-]

Do you manage many ARM based windows PCs because if not then you have nothing to turn off

I can’t figure out if everyone here has just failed to read the hardware requirements and thus extrapolated that this won’t affect them most likely or are they just bitching to bitch

Now what happens in the future no one knows but currently if your running x86 then Recall isn’t even a thing

[-]

Hoggs@reddit

Inevitably I will be. Just like how M chips took the mac market by storm, I'm putting my money on snapdragon x doing the same to the windows market.

The battery life benefits are just too good to ignore.

[-]

DoogleAss@reddit

Huh that weird didn’t know the desktops I manage have batteries in them

I also wasn’t aware we didn’t have a choice of what hardware we buy… even if ARM does well doesn’t mean it going to eliminate x86 out right

Your planning for a scenario that may never happen

[-]

Hoggs@reddit

Ok? What's your point? Managing "some" is still more than managing none.

[-]

DoogleAss@reddit

My point is don’t buy ARM based solution if you don’t want the AI feature they are building on top of it and you will be managing none… pretty simple solution my friend

[-]

For now.

After the LLaMa code got leaked there have been a rash of optimizations to get it running on smaller and smaller machines - there's a GitHub page about running it on Raspberry Pi and blog posts about how to batch the LLM layers and run them through your VRAM - they are absolutely slower than something like Copilot, but they do work.

We're early days yet for what optimizations are possible, and if it gets to the point that an NPU chip isn't needed to run the Recall feature do you think Microsoft will hesitate for a second to push it to a larger install base?

It's not a slippery slope fallacy when we've seen it happen over and over again.

[-]

GremlinNZ@reddit

Colleague has a laptop with NPU chip, had it for a couple of months already?

[-]

BoredTechyGuy@reddit

Dell is already rolling them out. Copilot button on the keyboard to boot. It won’t be long before they are common place.

[-]

Coffee_Ops@reddit

Not if they aren't shared off-device.

[-]

No I didn't miss the point on Recall. If someone misuses Recall you can literally steal anything you want. It will record their bank sessions, their confidential emails, their private messages, etc.

[-]

thortgot@reddit

Right, but if you have local admin on the device you can do the same using any number of tools or methods. SquirtDanger being one of the older (6ish years I think) strains.

The main additional risk is that people who opt into this when compromised will leak more data.

I have zero expectation of privacy with email.

I however do have an expectation of privacy when logging into my bank account, government websites, medical sites, etc. Recall doesn’t know the difference and will record everything which is the issue.

[-]

Coffee_Ops@reddit

Your browser records all of those. It keeps session cookies, history, etc. An admin can get any of that.

Again: This is a stupid threat model that hearkens back to the 'cookie' hysteria of the early 2000s.

[-]

matt95110@reddit

A browser cookie is not going to record all of the details of my bank account information. It will record that I was there, but it is not going to contain all of my transactions or account information.

I think you missed the point of the issue. It’s okay, I really don’t care at this point.

[-]

topromo@reddit

Wouldn't trust anybody on this subreddit to answer that in good faith.

[-]

Great-University-956@reddit

10 yeras later after its so deeply ingrained in the OS it cant be removed.

Sadly, people falsely equate Security and Privacy all the time.

This is an absolutely horrible feature, but security is not the main issue with it.

[-]

I'm thinking it's like Amazon's 'on this day', but it's a snapshot of that one time in teams where you had your balls out

[-]

It's funny reading about this feature and there being another post about how much money the OP's company started making just for doing something as simple as reduce the amount of versioning done in Sharepoint which dramatically lowered costs, by removing something simply unnecessary.

It's probably not a conspiracy theory to say that MS is looking charge for compute, then push out a ton of new features that nobody asked for consuming more compute.

Clearly seems to be in some sort of effort to just squeeze the Fortune 500s for more money.

[-]

72kdieuwjwbfuei626@reddit

It’s probably not a conspiracy theory to say that MS is looking charge for compute, then push out a ton of new features that nobody asked for consuming more compute.

Mindestiny@reddit

Yeah, honestly I need to unsub from this place. Every thread seems to boil down to people crying that change is bad, they hate their job, and waaaaaah I have to do some form of work.

I don’t concur.

Plaintiffs’ experts will be able to construct queries for the recall captures of the memo an employee edited for 30 minutes in which the employee kept revising away more admissions to torts.

There will be years of cat and mouse games in attempting data minimization around these captures, and once those still on for that journey arrive at the endpoint, they’ll realize they destroyed essentially all the new data recall made available, all cost no upside.

[-]

jwrig@reddit

Time will tell.

[-]

Hot_Surprise8370@reddit

Time has already told us though.

Fact 1: data is always abused at mind boggling levels

Fact 2: more data means more to abuse

Fact 3: It’s already almost impossible to scrub data that has seen movement through the internet.

Now imagine: not only is your “finished” document/photo-edit/email data, but now the process itself and what previously would have been omissions from the “final data” are data

With a lot of this, you won't know the use cases until you start playing with it.

For the best bran muffins start with high quality wheat germ. It is recommended that you purchase it from a reputable seller who practices sustainable and organic farming methods.

Once aquiring high protein content wheat germ, use a stone mill to grind to the appropriate consistency.

Preheat oven to 350 Degrees.

For every four cups of ground wheat germ, combine 8 oz of cold butter, one large egg, 1/2 cup of light brown sugar, and 1/4 tsp of vanilla and a pinch of salt.. Mix your dry ingredients then combine with wet ingredients taking care to not over mix. Fold in any fruit or nuts you like.

Spoon mixture into greased or lined muffin tins and cook for 12 - 18 minutes until a tooth pick comes out clean.

If desired you can add crystalized sugar on top for an additional crunch.

For alternatives to muffins you can pour the mixure into a greased bread pan for a tasty treat.

Serve with high quality salted butter, feel free to enjoy and pound sand.

[-]

Big_Emu_Shield@reddit

[-]

narcissisadmin@reddit

Microsoft already has Microsoft Defender, they don't need another one of you.

[-]

jwrig@reddit

Zomg Micro$haft sux.

That better?

[-]

descender2k@reddit

We're doing chicken little here and you're not doing it right.

[-]

NDaveT@reddit

That comment makes a lot more sense if you rephrase it like this:

This isn't that hard. If your organization's appetite for risk allows this to be turned on, then please turn it on. Refrain from assuming that every company should or will feel the same way.

[-]

pseydtonne@reddit

The only good news is that it requires a system that meets the Copilot+ specs. No Intel x64 version of Windows supports the NPU (neural processing unit) requirement... yet. It also means any x64 more than three years old won't pass muster.

...so hang onto that i7 11th gen!

[-]

Temporary-Exchange93@reddit

Spicy take: microsoft is actively trying to kill Windows so they can focus on cloud.

[-]

223454@reddit

That type of theory popped up back when W10 was first rolled out. That they were trying to move Windows to a type of service, somehow. It would no longer be a downloadable program that you installed, but rather streamed, or something like that. Several flavors of that theory existed, but I don't remember details.

[-]

DeadStockWalking@reddit

Already have the GPO in place to block it.

It's not really meant to help users. It's clearly a data gathering tool to see what users are doing with their sessions (applications, how they interact with the system). It's likely also feeding a GenAI model somewhere.

[-]

DehydratedButTired@reddit

How can you legally push this out in any industry that has laws governing them and compliance standards? Financial, Goverment and Medical devices would literally have to move off windows to be complaint.

[-]

jwrig@reddit

Because in every single one of those industries the regulations require the company to assess the risks of using tools like this. Microsoft makes it available, you decide whether the risk is appropriate based on what you think and what you can convince your auditors on.

[-]

chemape876@reddit

Vote with your feet.

*tap tap tap*

This too.

[-]

JerikkaDawn@reddit

If this kind of thing doesn’t nauseate you, then you have no morals.

In the case of the latter, we need an easy way to alter win ISO image files and keep using it.

\2. We also need a way to prevent device fingering... sorry my old unix habit kicking in, i mean fingerprinting. This will have the side effect of making windows activation codes more valuable / clean installing windows more of a hassle, but worth it.

With this and omitting a windows account, it should make all Microsoft's "traditional" telemetry functionally useless.

\3. Copilot. From what i've seen copilot mostly still has a big cloud component, because the hardware requirements for fast AI results aren't something the average laptop / PC will possess. That being the case, if it needs an internet connection, block it. Could be something as simple as a hosts file, or you could get into it with dedicated rules in your hardware (switch / router).

\4. Recall... beats me? 😅 I'm not a windows insider, and i've only taken a cursory look at Recall. From what i can see there seem to be exceptions you can set for when it's allow to capture (being MS i wouldn't trust those either). Drastic measure, someone make a new compositor / window manager?

[-]

MichaelParkinbum@reddit

Pitchforks!! Torches!! AAARRRGGGH!!!!!

[-]

progenyofeniac@reddit

The outrage over this is nuts to me. It’s only being rolled to:

a) Copilot+ PCs b) which are enrolled in the Insider program

Tell me where the overlap with enterprise exists.

[-]

Stewge@reddit

The new Intel and AMD mobile chips coming out shortly have the requisite NPU onboard and ~50 TOPs that is required.

MS also confirmed it's partnering with both so we'll have x86 copilot+ PCs before long. Maybe even before Recall is released since the AMD AI HX line of mobile chips is already trickling out.

[-]

unbearablepancake@reddit

The outrage over this is nuts to m

I’m sorry, what?

[-]

I_Stabbed_Jon_Snow@reddit

You tried it yet? It’ll run basically any windows programs. Office suite, all Steam games, Teams, it all works. Some need settings changed, but they’ll work.

hornethacker97@reddit

Which is not a defense of u/I_Stabbed_Jon_Snow, it actually proves them even more incorrect about their very specific claim.

[-]

AlexIsPlaying@reddit

all Steam games

This must be stopped

I can't fathom how some of you are so unaware of what the Windows OS already keeps track of and still be working in systems administration.

[-]

Forsaken_Instance_18@reddit

I am actually for it but as long as it’s controlled, like I want my students to be able to turn it on to protect themselves from being accused of not cheating with AI for coursework

[-]

Papabear3339@reddit

Screen grabbers are a spyware feature. They litterally only exist to steal sensitive data from your screen. Microsoft can only possibly be doing this for one reason. Whatever bs they are telling people, they want to steal and sell your data, and this is just an extremely distopian way of doing it.

[-]

t_darkstone@reddit

Yep. It is just a matter of time before Microsoft steals extremely sensitive IP and trade secrets from other companies, and classified government data.

And when they do...the entire weight of the world is going to come crashing down on them

[-]

CaptainZhon@reddit

Microsoft’s answer “get LTSB”.

[-]

you wont stop it.

you might delay it, and it will hit the news everywhere

and maybe next time there will be a bit of news

but the time after that - the news will be bored of it, so they'll be devoting their time to some worthless celebrity wardrobe malfunction instead.

...and MS will slip the new 'feature' in quietly... and then it will be ... everywhere.

so, don't fight it. it's a waste of effort.

find an alternative instead.

[-]

welcome2devnull@reddit

"you wont stop it." - www.debian.org :D

[-]

temp_account_namelol@reddit

Just watch, the indexer for WinRecall will be better than Search lmfao

[-]

Da_Sigismund@reddit

I use Windows since 3.11

Only time I actually had a genuine copy was during Windows 7.

Microsoft don't deserve my money and won't get it.

[-]

PomegranateSignal882@reddit

If somebody can get elevated rights they can already do way more intrusive things than Recall

[-]

Yet another reason to stay on windows 10

[-]

sampero989@reddit

the single solution is to vote with your money, don't buy windows licenses and don't buy new computers at all.

[-]

danielyelwop@reddit

Even if they're aiming for an October release that would just be general public availability, I wouldn't expect it to be rolled out to any professional environment for a while at least due to the fact you would first need compatible hardware i.e. "Copilot+ PC" to begin with but if your organisation does buy compatible machines and you don't want the feature enabled then that's what Group Policy/ MDM policies are for.

[-]

BakedShake@reddit

There's a lot of people in the comments saying how MS could use certain parts of the OS for stealing data or other nefarious things. Aside from the way these items COULD be used and can become vulnerabilities. I'm genuinely asking, what has MS done that proves ill intent was behind their choice?

I'm gonna go Google this rn too.

[-]

ChampionshipComplex@reddit

I like it

[-]

rohmish@reddit

honestly I like a lot of things about recall. But Microsoft can't really be trusted even when they say it's running on device. And it always recording all apps makes things iffy too. something like how the new pixel screenshots app works with an option to have it always watching certain apps (like game recording in steam, Nvidia, etc.) would be better.

[-]

dustojnikhummer@reddit

So do I. The concept looks awesome, as long as I'm the only one in control of that data (that applies to user profiles). But we don't trust them, the security shown so far has been a joke, breached in a matter of hours

[-]

RZ_1911@reddit

Your computer does not belong to you .. after windows 8

My computer-> this computer

Expectable move to expand what already is a thing

[-]

redit3rd@reddit

Is it possible to just not buy computers with sufficiently powerful NPU's?

[-]

hankhillnsfw@reddit

I swear to god I wish the average user was semi competent so we could just throw a fleet of Ubuntu workstations at em.

They say if the price is free, then you are the product.

So stop using free products and services, that only sell the data they collect on you.

[-]

SirFoxPhD@reddit

Just waiting for Linux to have games like destiny 2 playable natively and I’m done with windows. Switching everything as much as possible to a yubikey, and disappearing as much I can from prying eyes. I like AI, but it’s gotta be on my terms that I use it. I look forward to the day where we can make our own LLM that are as good as gpt4o running locally in a secure environment.

[-]

Frothyleet@reddit

People can just find a way to get elevated rights, and turn the feature on

Because if its corporate, that front end will also have policies in place to say not respond with PII, log all search convos, etc.

because a company wouldn't even want end users to be able to do that.

Again, everyone makes it sound like this data is somehow magically infinitely more useful than the actual data the user has access to at this moment. Not saying it can't be useful, but in the vast majority of cases, attackers will continue to find more value in what's on your shared drives, in your email, documents, recent websites and cookies, etc.

[-]

Microsoft is kinda forcing themselves onto us. Can we file a restraining order?

[-]

No_Size_1765@reddit

Jesus christ

[-]

whiskeytab@reddit

christ you guys are dramatic, it's not even on by default and is something that will be controllable via GPO / Intune.

spend 5 minutes blocking it in GPO and then move on with your life

[-]

kagato87@reddit

Unfortunately it's not that simple.

The smaller businesses most likely to be targeted in general are also more likely to think this might be a good feature and turn it on.

So a small business, not yours, turns it on. At some point in the future they get hacked by some zero-day targeting this feature (and you can bet they'll be trying). Within seconds their history is retrieved.

You don't care, it's not you. Right? Well, except that's one of your vendors, and their crm or accounting software isn't properly ignored by recall, and you had a few transactions in that intervening period.

They now have everything. By the time AV definitions update 4 hours later (if they're even on that release schedule) it's too late. The hackers have it all. Names, contacts, billing habits, account numbers. Everything they want, for YOU and for all their other clients.

Its a gold mine well worth prospecting, and you can't fully protect yourself because someone else can screw it up for you.

[-]

Ihaveasmallwang@reddit

It will be an optional feature and off by default.

Making it real hard for me to support Windows 11 to get all those new updates and features, Microsoft...

Well besides the fact you say I can't but taunt me with it.

[-]

rochakgupta@reddit

Microsoft: the shitter that keeps on shitting

[-]

Dariaskehl@reddit

I know - it’s crushing. 🤣

At least the newly-promoted admin in charge of such things at work has vowed to change my workstation last; that’s a blessing. :)

‘… nope; mostly just the database, the compiler tools, and the main system I watch for me!’

I keep doing the fifty-fifty on the new gaming replacement at home; as mine’s passed ten years and is showing its age vs. building a forge in the backyard and realizing: need more data…

[-]

kconfire@reddit

When are they getting a new CEO? lol

I'm sick and tired of Microsoft.

And those that pushed my company into D365, what a dumpster fire pile of shit.

[-]

MyMythicalMycology@reddit

Fucking stupid-ass Microsoft knock this shit off. Lick taint.

[-]

PrettyAdagio4210@reddit

Oh look, another layer of bloat added on to the Microsoft circus tent of crap!