"Dubbed TotalRecall—yes, after the 1990 sci-fi film—the tool can pull all the information that Recall saves into its main database on a Windows laptop. “The database is unencrypted. It’s all plain text,” Hagenah says."
Is Microsoft intentionally making this exploitable? I knew it was only a matter of time before Recall would be compromised, but this shows they aren't even trying to secure it.
The opposite extreme is also worrisome: Imagine if they tried to make it totally opaque and impossible to read even by the user generating the data--that'd be a different kind of Messed Up.
P.S.: I'm sympathetic to the concept that "whole-disk encryption will protect this from most thieves", but I hope there's at least a little more defense-in-depth against other programs running as the user, snooping on that data without user-permission.
I mean, a malicious third-party screen-capture/keylogger program might be detectable by heuristics, but not-so-much if it can just indirectly draw from the stream of data being generated by pre-approved default program from the OS manufacturer...
It’s supposedly only accessible to LocalSystem. If they were to encrypt it, it could just be decrypted anyway. Still, it’s a huge liability and a major blunder by Microsoft.
The AI threats we were promised: Roko's Basilisk etc.
The AI threats we received: People collecting tons of sensitive data in a really stupid manner because it is important to be able to make lots of press releases containing the word 'AI' while the market bubble lasts.
My guess is this was never supposed to be the marquee feature for Copilot PC, but likely whatever else they had either slipped or was cut so they had to push this half-baked crap to the front.
I've been using only Windows (and DOS) since version 2. I've entirely disregarded Linux desktop, until now. I won't be moving on to Windows 11 etc. This is where Microsoft and I part ways. It's clear they plan to make AI on Windows hyper intrusive and privacy violating, and there's no way to trust them with the data they're going to accumulate (which will inevitably end up in the hands of criminals and governments).
Sherlocked. It was inevitable considering the ease of capturing local user data and enriching it, and a bit naive to think these capabilities wouldn’t get baked into the OS. But if you don’t try, you don’t have a chance to get acquired by an org way bigger and lazier who’d rather write a check than do the work.
We’ve just come back to a fancier Google Desktop search. It doesn’t need to be great if you have scale (Teams vs Slack uptake, for example). Rewind has to actively sell, sing for their meal. Everyone buying Windows is still going to buy Windows, Microsoft has plenty of time to iterate and polish.
> In September 2011, Google announced it would discontinue a number of its products, including Google Desktop. The reason given was that "In the last few years, there’s been a huge shift from local to cloud-based storage and computing, as well as the integration of search and gadget functionality into most modern operating systems. People now have instant access to their data, whether online or offline. As this was the goal of Google Desktop, the product will be discontinued."
I'm very curious if they've seen reactions like this. In my mind Rewind is more egregious privacy wise, though it does have the advantage of being very unknown and default off, compared to built into Windows.
Readit News
"Dubbed TotalRecall—yes, after the 1990 sci-fi film—the tool can pull all the information that Recall saves into its main database on a Windows laptop. “The database is unencrypted. It’s all plain text,” Hagenah says."
P.S.: I'm sympathetic to the concept that "whole-disk encryption will protect this from most thieves", but I hope there's at least a little more defense-in-depth against other programs running as the user, snooping on that data without user-permission.
I mean, a malicious third-party screen-capture/keylogger program might be detectable by heuristics, but not-so-much if it can just indirectly draw from the stream of data being generated by pre-approved default program from the OS manufacturer...
The AI threats we received: People collecting tons of sensitive data in a really stupid manner because it is important to be able to make lots of press releases containing the word 'AI' while the market bubble lasts.
I haven’t held Windows in high regard in a long time but they somehow managed to lower the bar even further
We’ve just come back to a fancier Google Desktop search. It doesn’t need to be great if you have scale (Teams vs Slack uptake, for example). Rewind has to actively sell, sing for their meal. Everyone buying Windows is still going to buy Windows, Microsoft has plenty of time to iterate and polish.
> In September 2011, Google announced it would discontinue a number of its products, including Google Desktop. The reason given was that "In the last few years, there’s been a huge shift from local to cloud-based storage and computing, as well as the integration of search and gadget functionality into most modern operating systems. People now have instant access to their data, whether online or offline. As this was the goal of Google Desktop, the product will be discontinued."
What is old is new again.
https://en.wikipedia.org/wiki/Google_Desktop
I was shocked to see people excited by it
[0]: https://news.ycombinator.com/item?id=40577894