this post was submitted on 20 May 2024
357 points (98.9% liked)

A Boring Dystopia

8984 readers
316 users here now

Pictures, Videos, Articles showing just how boring it is to live in a dystopic society, or with signs of a dystopic society.

Rules (Subject to Change)

--Be a Decent Human Being

--Posting news articles: include the source name and exact title from article in your post title

--Posts must have something to do with the topic

--Zero tolerance for Racism/Sexism/Ableism/etc.

--No NSFW content

--Abide by the rules of lemmy.world

founded 1 year ago
MODERATORS
givesomefucks
357
New “Recall” feature in Windows 11 is a privacy nightmare (www.theverge.com)
submitted 1 month ago by Gemini24601 to c/aboringdystopia
47 comments fedilink hide all child comments
 

The new “Recall” feature really does look good on paper, but the taking in mind that it catalogues almost everything you do on your computer, it could turn out to be a privacy nightmare. “logging things you do in apps, tracking communications in live meetings, remembering all websites you’ve visited for research, and more,” according to the Verge. What could this mean for future computing? It would certainly make digital forensics a whole lot easier…..

all 48 comments
sorted by: hot top controversial new old
[–] [email protected] 134 points 1 month ago (2 children)

In case anyone read the headline and was worried it would pop up on your computer overnight, it does appear to need some hefty and recent processors and between 6-25GBs free in order to run at all, so I don't think it'll sneak up on folks any time soon.

On the bad news front, I thought this was standard AI bad until I got to the part where it won't obscure passwords. But, surprise, it will obscure DRM content (and private browsing, but just if you're using Microsoft Edge).

Terrible for privacy aware consumers but I really anticipate the worst of this will be in a corporate setting. Plenty of employers already spy on employees but this would be pretty next level.

[–] Ottomateeverything 83 points 1 month ago (2 children)

where it won't obscure passwords. But, surprise, it will obscure DRM content

Yeah, we all know where the priorities really are.

How have our consumer protections gone so fucking far.

[–] Adalast 26 points 1 month ago (1 children)

I literally have a real "Consumer Protection Act" wishlist that I keep a running tally on in my head. Near the top of the list are things like "rent caps", "strict opt-in for direct marketing", and "strict opt-in for all data tracking". On the last two, it is a "no purchase necessary" situation. Features and functionality are not allowed to be gated behind opting in.

Oh, and big one here, no subscriptions gating features on purchased or leased property. If it is not directly paying for a perpetual service, fuck yourselves. If I see the word "subscription" tied to cars one more time I may start fomenting revolt. I have been seeing it more and more. Manufactured goods having their functions gated behind continuing to pay for the item is absolute bullshit and should be illegal. I'm wanting to lump SaaS in with that too. Consumers should be allowed to file suit to force companies to justify their subscriptions and there should be some pretty harsh guidelines on what qualifies. We need to be allowed to own things. Subscriptions and SaaS both do away with consumer ownership.

Last one... EULAs need to be negotiable by individuals. Period. The idea that we can just "not use it if we don't like the contract" is ludicrous in the modern world. No matter how careful one is, if you want to participate in the world, you must enter into a binding contract which can essentially take any rights and liberties they want with no recourse on the part of the consumer. And I don't care if it would he prohibitively expensive for companies to do that. Just don't make EULAs that people will feel the need to object to and you won't have to worry. Costs nothing but all of the souls you harvest on a daily basis.

[–] Omgpwnies 3 points 1 month ago (1 children)

A EULA is a contract and is by default "negotiable". The buyer has the option to attempt to engage with the seller and negotiate an agreement. However, the seller has equal right to decline said negotiation with the understanding that the product will not be sold to the buyer.

What would be far more productive is stricter regulation on what products can have a EULA attached, and what that agreement can contain (thus having the government pre-negotiate the contract on behalf of all the buyers collectively). These laws could also require a company engage a third party consumer advocacy group to negotiate the terms on behalf of the buyers as a collective, so as to keep that portion at an arm's length from the government.

This would still not preclude an individual from trying to negotiate, but a seller still has the right to say "I don't want to sell this to you."

[–] Adalast 2 points 1 month ago* (last edited 1 month ago)

This is all technically true and I 90% agree with the measures you suggested. My only issues are the fact that the ability for a seller to just ignore the negotiation request functionally means that EULAs are nonnegotiable contracts. Our rights mean nothing because their right of refusal is inherently more final. A consumer has no recourse to press the engagement of a seller who has refused negotiations.

I agree in principal that the advocacy should be held at arms length from government agencies, but then you end up with well funded minority advocacy groups like the various right wing religious "parents" groups that push for censorship and other BS that most people are not for. The only way I would accept a civilian advocacy group would be if it were heavily regulated on how it can operate and absolute transparency on the books. I want to know who is funding them, who is directing their "advocacy", and have the ability to collectively pump the brakes on them of they start working against our interests.

I think the strongest idea is the one we share. EULA contracts need to be reigned in and be much more heavily restricted in what they can and cannot say. There also should be a legal framework for managing the whole "if any part of this contract is found to be unenforceable, all other clauses remain in effect" because it allows companies to put bullshit clauses that they know are outright illegal and violate consumer rights into the EULAs and just write it off when they get caught without consequences. There should be a limit somewhere. Some way for a judge or regulatory body to step in and say "OK, you have like 5 unenforceable clauses in here, the contract is void and all consumers who were previously party to it are released. Also, here is a $10,000/affected consumer fine, you have 30 days to pay it." Idk, something with real teeth.

[–] Etterra 3 points 1 month ago

They can afford more and better lawyers, that's how.

[–] somethingp 7 points 1 month ago* (last edited 1 month ago)

Yeah it takes screenshots periodically and all the storage and analysis is done on your local device, which is why it requires the newer CPUs with NPUs from Intel, AMD, and Qualcomm. There's a setting to turn the whole feature off, and you can also choose to turn it off for only certain applications, etc. Microsoft seems to be making an effort to encourage chip manufacturers to make better NPUs so that their AI features can run as locally as possible. That's likely why their new surface devices will be using the snapdragon x elite processors because they're the only ones that have NPUs with enough TOPS to run all the AI features Microsoft wants on device, instead of having to send the data for processing to a Microsoft server. I think beyond trying to quell privacy concerns, it would be a huge cost for Microsoft if they had to have enough compute available to run all these AI tasks for users for free. I'm sure there's still some way they are logging pieces of info here and there, but they'll have to include some way to make sure the OS is secure enough for business operations that are handling secure information.

People are acting as if auto saving, web history, reopen last used windows, etc aren't already features on all modern apps and OSes. If the claim about everything staying on device is true then this is no different.

[–] Ottomateeverything 51 points 1 month ago* (last edited 1 month ago) (2 children)

it includes logging things you do in apps, tracking communications in live meetings, remembering all websites you’ve visited for research, and more.

Yeah, uh, no thank you.

Is Microsoft this out of touch? Or are we doomed to be constantly monitored by our corporate overlords?

Seems we're just still charging directly into 1984.

[–] [email protected] 5 points 1 month ago

It can be both. Until the mass public starts caring or it starts affecting big business I don't see things getting sensible any time soon.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago)

Yes, those websites were totally for "research." Yep, totally.

[–] IchNichtenLichten 49 points 1 month ago

Every time I think Microsoft can’t get any worse they just find a way to innovate.

[–] [email protected] 34 points 1 month ago

The sad part is that this tool would be very useful if it wasn't being made and operated by ghouls. If it was fully self hosted and encrypted then this would be amazing.

[–] dojan 30 points 1 month ago

I don’t know why people are surprised. They had a different version of this feature, “Activity History” in Windows 10. This is the same thing but they added “AI” to it.

[–] CheeseNoodle 28 points 1 month ago* (last edited 1 month ago)

For the last couple of years privacy on windows has basically been:
Step 1: use strong passwords
Step 2: third party company leaks your data anyway

[–] affiliate 27 points 1 month ago (1 children)

The default allocation for Recall on a device with 256 GB will be 25 GB, which can store approximately 3 months of snapshots.

this comes out to about 2 GB / week. it’s honestly terrifying they could be generating 2 GB of activity data for just a weeks worth of computer use. it’s both a privacy nightmare and an optimization nightmare

[–] [email protected] 23 points 1 month ago

Guys, you’re paying extra for a keylogger. And a bad key logger at that. WTH

[–] [email protected] 23 points 1 month ago (1 children)

~~New Recall feature in~~ Windows 11 is a privacy nightmare

Fixed

[–] autonomoususer 5 points 1 month ago

It's anti-libre software.

[–] [email protected] 21 points 1 month ago (2 children)

How would companies that work on classified documents or HIPPA-compliant networks adapt to this bullshit? Surely Microsoft thought this through to prevent a massive data leak, right?

[–] [email protected] 10 points 1 month ago (1 children)

Probably the same way they've done Windows in the past: Enterprise, IoT, LTS/B, and Education versions. All you can do at that point is assume and hope they aren't lying about telemetry gathered in those variants.

[–] autonomoususer 3 points 1 month ago* (last edited 1 month ago)

All you can do at that point is assume and hope they aren’t lying about telemetry gathered in those variants.

This is a lie. Anti-libre software, Windows, bans us from removing malicious source code. So, we (1) remove it and (2, optional) replace it.

[–] [email protected] 9 points 1 month ago (1 children)

Use Linux

[–] LifeOfChance 9 points 1 month ago (5 children)

Linux isn't the answer to everything. Linux users have become the vegans of the internet.

Mind you I support Linux...

[–] [email protected] 7 points 1 month ago

I think it would be easier than relying on Microsoft. Or use MacOS

[–] Linkerbaan 5 points 1 month ago* (last edited 1 month ago)

Well you asked how to get out of the windows privacy nightmare. He simply answered it. This isn't like some vegan telling you that veganism is going to save global warming. It's an actual solution.

Within Windows you can guarantee that Microsoft will somehow auto activate these privacy nightmares as they always do. No matter the Sysadmins trying to fight Microsoft with Regedits.

Linux is starting to get more and more usable each year, and the need to jump ship from Windows gets bigger and bigger each year. While software compatibility remains an issue for a lot of proprietary Windows software, companies might want to seriously consider moving to Linux for privacy related reasons.

[–] autonomoususer 4 points 1 month ago* (last edited 1 month ago)

Cope. Anti-libre software is never the answer. Some people never learn to help themselves.

[–] [email protected] 4 points 1 month ago

What else is the answer? Proprietary garbage™?

[–] yokonzo 1 points 1 month ago (1 children)

Yeah this kind of blind proselytizing makes me cringe to be a linux user

[–] autonomoususer 2 points 1 month ago* (last edited 1 month ago)

Nothing's more cringe than letting anti-libre software abuse us again and again and again...

[–] DarkCloud 20 points 1 month ago (2 children)

Okay, time to look into Unix distros.

[–] [email protected] 17 points 1 month ago* (last edited 1 month ago)

I mean ... I saw that for some reason when I logged into Windows 11 yesterday it had the NBA score in the bottom left. Who the hell asked if I wanted that?

Went back to my Linux/Mint box as I rarely use my windows one but that pissed me right off.

[–] lemmy_get_my_coat 5 points 1 month ago

Always has been 🔫🧑‍🚀

[–] DirkMcCallahan 16 points 1 month ago* (last edited 1 month ago) (1 children)

We know this what the real purpose of this is, it seems like they're going to sell it as a necessary tool for people who are too stupid to use a basic search function? Per The Verge:

"Microsoft’s launching Recall for Copilot Plus PCs, a new Windows 11 tool that keeps track of everything you see and do on your computer and, in return, gives you the ability to search and retrieve anything you’ve done on the device."

Oh, and apparently "Microsoft is promising users that the Recall index remains local and private on-device." Something something Brooklyn Bridge...

[–] [email protected] 10 points 1 month ago

“the ability to search and retrieve anything you’ve done on the device” combined with “people who save everything to desktop” …

[–] [email protected] 13 points 1 month ago (1 children)

Your computer already does all of this, It’s just that you are now able to access the data yourself

[–] [email protected] 4 points 1 month ago (1 children)

Windows is doing all this. The computer does not.

[–] [email protected] 1 points 1 month ago (1 children)

Does the ped in your username stand for pedantic? :P

[–] [email protected] 2 points 1 month ago

Offer an important distinction to make in regards to tech-illiterate Windows users

Which is barely a demographic for Lemmy though :D

[–] [email protected] 11 points 1 month ago (1 children)

Uhhhh. Governments use w11. I'm betting they get this disabled or freak the fuck out. If the former it'll mean it's able to be turned off at least.

[–] IchNichtenLichten 19 points 1 month ago (1 children)

Healthcare too. This thing sounds like a HIPAA violation nightmare.

[–] [email protected] 5 points 1 month ago (1 children)

Well if they stick to their promise of keeping it in device, encrypted, and only accessible to the user then it might be OK for HIPPA.

But it’s still ripe to get hacked and will probably eventually be accessible to Microsoft or is accessible by then but they just say they won’t.

[–] IchNichtenLichten 2 points 1 month ago (1 children)

True. I wonder if it would be viewed as making an unauthorized copy of protected data?

If they do screw up or get greedy and upload protected data they could be in very hot water.

[–] [email protected] 2 points 1 month ago

Theirs no way theirs going to compile all that jucy data and not sell it.

[–] [email protected] 9 points 1 month ago

A bearded free software prophet once said all this would happen. They called him CRAZY.

[–] [email protected] 4 points 1 month ago

🎶 A whole new world! 🎶

[–] [email protected] 4 points 1 month ago

Is anyone else reminded of the time they tried to save the Undo history in Word documents, only to realize that this was a massive security risk?

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago)

This, running locally (which should be feasible in 2-3 years) would be so cool. I would really dig this on my Fedora computer, I think this is a genuinely good idea and a rare good use case of AI and object detection.

Edit: it seems it is actually running locally thanks to the Snapdragon X Elite's AI accelerator. Pretty cool stuff though I am sure Microsoft still found a way to make this another intrusion to the users privacy.