508
I feel for the hundreds of engineers at Microsoft who have been yelling about these security issues since day one, but cannot say "I told you so" because they'd get fired.
this post was submitted on 07 Jun 2024
508 points (99.0% liked)
Technology
55562 readers
4074 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
I survived a similar incident, telling our CEO at the time "you know our product can't do that, right?" I had to show my receipts, present usability studies, and faced incredible pressure, but 2 CEOs later, I'm still here... :)
Document everything. Keep good notes. You never know when it will be useful.
Sure but at Microsoft they fire people based on dice rolls
This is exactly what I was thinking. There are plenty of smart people that work there that would have said something before release. They were told to not rock the boat by the yes men and now Microsoft has to backpedal and pretend no one there thought about THOSE implications.
Go easy on them, they're only a 3 trillion dollar company. It's hard for them to get the resources to build well thought out and secure software.
Pathetic, so glad I've been on Linux for years. I don't miss Micro$oft one bit.
Right? Before they even officially rolled it out, there are already python scripts on github that can extract your entire recall database. They need to just stop.
Wild for sure. It's pretty clear that M$ isn't interested in making their OS anything more than a portal for their cloud products.
The overall percentage of revenue that Windows produces for them directly has been steadily shrinking for years while their Azure and cloud services/licensing has grown dramatically.
I guess it makes sense from that perspective. Call me old fashioned, but I still prefer my OS to be a platform for me to compute locally on and use as I see fit. Not be a bloated ad-ridden portal to a walled garden of proprietary web software.
Windows has gotten so bad in the last year or so, that I've actually started telling people, "Try Linux, but if that doesn't work for you, just go with Apple."
Both are scummy, evil mega corps that try to lock you into their platform forever. But at least with Apple, the cage is 24K gold with a little cushion, and you're fed avocado toast & kombucha.
Windows is a rusty, filthy prison cell where the guards randomly come in to rough you up and you're fed a steady diet of stale bread heels and gruel.
load more comments
(1 replies)
The fact that it took people not involved with Microsoft to point out and initiate internal change should be everything anyone needs to know.
To be fair I think they mentioned a button to temporarily disable the spying. Either for a time or blacklist an entire application.
Still highly recommended people move away from windows.
Right, but the problem is users should be able to use the feature and be confident it's secure. It most assuredly is not as multiple people with access to the pilot program have demonstrated.
I bet some lower level folks within MS knew this would be an issue and screamed into the void about it.
load more comments
(15 replies)
they needed researchers to tell them that?
Well . . . the smart people they ignored when CoPilot was first proposed.
It's PR bullshit to give an excuse for backtracking basically
Internally people probably talked about how there were huge issues. Others probably said those issues are over stated and it's no big deal. They decided to release it and the press says there are issues. Then, the company decides there are issues. That simple.
load more comments
(2 replies)
load more comments
(3 replies)
Opt in just like Microsoft accounts...right
Something something cake day.
I can never again log into my email or other private account on someone else's computer.
I mean, it could always have been compromised and had some kind of keylogger or something installed.
But with Windows 11, you are sure it's compromised.
That’s the Microsoft™️ Guarantee!
load more comments
(1 replies)
Too fucking late. I've already installed Bluefin on two machines and Bazzite on my gaming machine. I'm not going back.
Already installed Bazzite on my Legion go with my laptop and desktop next. No reason for me not to continue putting it on my devices just because they are going to rework it. Recall is always going to be a major security risk despite a few extra measures. They have definitely shown they can't think about these things. At least there was a heads up on this one for people to point out obvious issues, but that won't always be the case.
still dont understand why you would ever want to save screenshots of your desktop and also waste disk space
To get the idea of always being watched into your head !
Literally 1984. No, like, literally literally.
The AI scans all those screenshots visually and tags them for search later so, for example, an artist could open a file they don't remember the location of from thousands of folders by typing text describing it. That's actually awesome. I imagine lots of people could come up with really useful ways to use something like that. I mean, if it wasn't an Orwellian nightmare.
Features like this can almost never be privacy-friendly because they're developed expressly to violate your privacy. The value it provides you , as cool as that could be, is just how it's sold.
Yeah, it sounds like it might actually be a useful feature if it wasn't impossible to do it securely and in a privacy respecting way.
I don't know about impossible. I could see this working on a Linux distro with a local model doing all the work and storing it encrypted locally. Buuuuuut, it still feels risky! That's a giant traunch of juicy, searchable data that just begs to be stolen.
To be fair to Microsoft, this was a local model too and encrypted (through Bitlocker). I just feel like the only way you could possibly even try to secure it would be to lock the user out of the data with some kind of separate storage and processing because anything the user can do can be done by malware run by the user. Even then, DRM and how it gets cracked has shown us that nothing like that is truly secure against motivated attackers. Since restricting a user's access like that won't happen and might not even be sufficient, it's just way too risky.
load more comments
(1 replies)
Bullshit.
This whole endeavour is looking like a careful plan to implement a smaller, slightly less horrible idea in Win11, and then creep forward from there.
Remember the model to move the goal line, folks:
- Overreach
- Capitulate publicly and fall back to your true target
- Repeat
Best of all, these large steps can be supplemented by nudging things forward with 'adjusttments.'
They'll probably come to the "logical conclusion" that storing the data locally on the machine poses "too much risk" and just move the storage to their servers "for your safety"...
The damage to their reputation is already done.
Don't be so sure. This forum is a bubble, 99% of Windows users have never heard of this feature in the first place let alone any of the details about how it works.
Normies noticed when MS took away the start menu in W8, but didn’t notice when W10 shipped with a ton of spyware “features”.
load more comments
(2 replies)
With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.
I doubt they can do much with last-minute changes. It being opt-in is better, at least.
our review units of the new Surface hardware are being delayed by a week or so, presumably so Microsoft can update them.
GROAAAAAAAN. I just want to see proper benchmarks of Qualcomm's new chips and they keep delaying it despite the laptops releasing later this month.
Yeah, right? The biggest bummer of this entire stupid thing that should never have existed is that it's overshadowing perhaps the most exciting hardware launch on Windowsland since the original Surface. I am VERY interested in seeing if Windows on ARM is viable this time, and as a longtime Windows 2-in-1 user I am incredibly excited about the prospect of a similarly performant version that doesn't need to be plugged in basically at all times.
But because MS can't come up with a feature without shooting itself in the foot with a bazooka we're all here talking about the stopgap they had to implement to save face while they wait to be able to quietly kill this dumb thing for good. I swear, they are incredibly bad at this.
The average person doesn't even know that new hardware is coming because the only thing MS is advertising is "AI AI AI AI AI AI AI". Is that seriously more appealing than saying "hey our new laptops have better performance and 2x more battery life than older laptops"? Because I'm feeling the latter is what they should've leaned on.
load more comments
(1 replies)
So, between the inherent security nightmare that is this feature and the myriad of other things in Windows that push ads, steal user data, and generally make the simple act of using the computer less secure, when do we give Microsoft an APT designation and start treating them as the world's largest vendor of malware on the planet?
load more comments
(4 replies)
Oh boy, sunk cost fallacy time! They'll now waste millions of dollars to salvage this popularly unwanted nightmare in an effort to make it juuust acceptable to shove it down everyone's throats.
Either that or they'll spend all that money and then pinky-promise that they've made it acceptable, only for all their work to be immediately overcome by bad actors (criminals, corporations, governments, law enforcement, is there even a difference) and be the exact same nightmare anyway.
view more: next ›