This is confusing and vague to me, which I believe is exactly the intent. It focuses on security, reiterates that security is their top priority (and we know that this is untrue). What were the security problems? They don't even allude to the existence or detection of any specific security problems.
It sounds to me like they're figuring out a new marketing approach, or they're softening the blow by "listening to users" and then rolling out more slowly, when outrage has died down and people will just accept it.
My takeaway is that Microsoft has been trying to boil the frog, but slipped and turned the temperature up too quickly. They're retreating for now, but make no mistake that Recall will slowly trickle back into Windows under another name. Every major power broker wants something like Recall to become the norm - bosses to spy on their employees, governments to spy on their citizens/enemies, and tech CEO's to collect training data for AI and target more ads at end users.
This is a very cynical take. I've not seen anything to make me think this feature is intended for surveillance as opposed to personal utility. The personal utility benefits are very clear to me - the problem is the ease with which malicious attackers might steal the data (if they can breach the system).
Employers can collect task/business process staps by recording the screens.
This will help train RPA bots and reduce the need for human workforce for repetitive tasks.
Microsoft can collect this data across industries with or without informed consent and sell RPA/AI bots back to the same enterprise customers as a managed service.
Lot of commercial potential there for the taking. Just needs a innocuous enough cover story ro make it a default offering to server you the individual customer alone and help you gain an edge over your peers.
There are already Recall type of products on the market, not just that, they also work on the cloud not just locally. All Microsoft had to do was make it opt in by default
> Every major power broker wants something like Recall to become the norm - bosses to spy on their employees...
Isn't that already the norm, or at least very very common? It's just a 3rd party package totally focused on surveillance, not built into the OS and used for some user-accessible features.
> ...governments to spy on their citizens/enemies, and tech CEO's to collect training data for AI and target more ads at end users.
These applications would be novel, at least on a widespread basis in Western liberal democracies.
I can't believe that no one there didn't anticipate the blowback. It could just have been a way for Satya to put the feature in front of their business customers. They'd likely want that feature even if consumers reject it.
I expect it to emerge as an accessibility feature for cognitive memory loss. Imagine not remembering the name of your email client or the color of its icon, but Siri With Screenshots can pull up an important email thread.
They invested a bunch of effort into a product the market loudly rejected.
They're now withdrawing the product while they figure out what they can salvage from the effort.
Key stakeholders may have a few ideas about how to proceed (ranging from "try again later" through "repurpose it" to "forget it"), but enterprises of Microsoft size make decisions very slowly so of course it's vague about what's next. Collectively, they almost certainly don't know!
In addition to direct market reaction, they must be a bit red in the face considering that Apple just laid out a complex and well thought out implementation of "AI", which focused on privacy.
As someone who grew up near Redmond, who still has an emotional soft-spot for Microsoft for some reason, I feel truly embarrassed for their implementation.
Intelligent search for your personal data is still a feature with broad appeal, and they're bound to come back with that.
The critical blunder was in indexing that personal data by watching over your shoulder, which is both creepy and low-effort. They've got to put the work in to find a better way.
Security is a mindset and some people don't have it.
I used to work for a company that made a rather popular database for mobile applications. An easy API to store data on your phone and have it synced to a server with no effort on the developers part.
Two of my co-workers spent a few weeks making a nice looking chat application which worked by syncing messages from many users to different devices, and they wanted to publish it as a demo. Until somebody else pointed out that there was no security at all. The server just accepts the latest state from the client. This was fine for most of the current use cases, but for chat basically meant that any client could rewrite the entire history and the server would just say "thanks!" on next sync and distribute the changes to everyone else. These were adult humans with degrees from respectable institutions, and this hadn't crossed their minds at all.
Basically, I think a combination of Hanlon's razor and nobody wanting to be a naysayer is a perfectly adequate explanation for this Recall thing. I think it's obvious that a lot of people would like their computer to work like that, and I can see them wanting to get it out without having listened to any internal criticism (if they even have a culture that allows that).
Currently I am still looking forward to when the Secure Future Initiative (SFI) will actually mean more .NET and Rust and less COM and C++ love by Windows team.
So until this changes, take with a grain of salt how much secure Recall is actually going to be.
Contrast this with Apple Inteligence, where not only are most local APIs made available via Swift, they have created special hardware and a unikernel like OS with sandboxed layers, exposing only what OS capabilities required for AI processing and cluster communication.
Versus "Thrust us, we are going to do the right thing".
"It sounds to me like they're figuring out a new marketing approach, or they're softening the blow by "listening to users" and then rolling out more slowly, when outrage has dies down ad people will just accept it."
Of course "listening to users" really means "listening in on users". Or just "bad press".
Microsoft does not consult with users before adding code into Windows. Nor do users contact Microsoft to tell the company what code they want or don't want.
Even if they did, the company does not operate based on user suggestions.
The reaction to "Recall" by journalists, bloggers and commenters is not that they think it should be "delayed". They think it is a bad idea.
Microsoft will do as it pleases. As it always has done.
Per one of the ars Technica articles, All the information collected was stored locally completely unencrypted, and would be accessible by anyone with local administrator rights.
> It focuses on security, reiterates that security is their top priority (and we know that this is untrue).
I think that messaging is a direct response to their hearing in from of the House yesterday. They were being grilled on their numerous security lapses and Brad Smith (president of Microsoft) constantly reiterated that they are refocusing their priorities to be security. They were also questioned about Recall specifically so it's not surprising to see this as one of the first places where they are putting out that messaging.
My recollection is that the CEO stated no security problem with the product, security was their utmost and first the toppest priority all the time and into eternity, they wouldn't dare trying to release anything with security concerns.
Apparently there are security concerns afterall. Did they lie before or now or just completely clueless about what is a security concern or what? I am confused.
People should not get over this (but probably will). There was an uproar (decades ago) about GMail "reading all your email". This was overblown, but Microsoft building the infrastructure to view a history of everything on your screen is much much worse. There's a lot more private things that get displayed on a screen (and of course all of your email would be a subset) that no one has a right to see.
I would argue there really weren't away, apart from the usual disaster/lack of security that desktop systems have.
It wasn't uploaded anywhere, so the only threat would be from programs that would run locally and steal it, which is already the same for any other (even third-party) program stealing your local files, which they have always been able to do.
It's convenient for corporations to have this as an excuse, but they should be assessed as singular entities. They enjoy corporate personhood also.
As the size and influence of an entity increases, it has more power in the economy and therefore should have more responsibility, not less, to act according to high standards.
A gargantuan company that is 7% of the S&P 500 getting whoopsie-daisy passes because it is so large and nobody knows what it's doing is a dystopian situation that we should have incentives in place to discourage
You're right. Carolina Hernandez speadheaded this initiative to take screenshots of your desktop every few seconds or minutes and transcribe the result into a regular local sqlite database.
> They don't even allude to the existence or detection of any specific security problems
Arguably the product itself. Which is another reason they might be vague about it. Because to talk about those security problems would taint the entire product and they can't do that if they aren't willing to completely scrap it.
People have been talking about how the data in here is similar to what may be already existing but that's far from the truth. Yes, these companies have a lot of data on us, but this is a significant step forwards in the granularity of that data. It's also worth noting that hackers could not get into your computer and assume that your computer not only has a keylogger that they can access to further compromise your system (and other systems/accounts) but that they can also obtain screenshots. These increase user risk significantly and greatly reduce the requisite technical skill needed for those infiltrating machines.
Similarly, many have pointed out the potential connections to Chat Control[0] and how such systems can likely be used by many companies to be exploitative of workers. While you may trust your company/partner/significant others/government and so on, it is important to remember that not everyone has such luxuries. It is also important to remember that such things can change. Even in the US there are high risks of potential abuse: such as police obtaining a warrant to get this data to see if someone is trying to obtain abortion medication. Regardless on where you fall on that specific issue, you can replace it with any other concerning issue and I'm sure you wouldn't like that (guns, religion, gender identity, political affiliations, and so on). So even if you trust Microsoft to not give away this type of information nor to provide authorities access (which often includes authorities not in your home country), then you must ask if the benefits are worth the costs. And not just for you, but for others.[1]
> It sounds to me like they're figuring out a new marketing approach
I suspect this is correct and as segasaturn suggested, turned up the heat too fast. I also suspect that this type of data invasion can be much more easily understood by the general public, who often struggle with understanding what metadata is and how it is/can be used. It does require technical knowledge for this and is often non-obvious, even for people who are well above average in technical literacy (as is the average HN user).
[0] Specifically we should note here that Chat Control would force Microsoft to use this system in a much more invasive way. We lambasted Apple over their proposal for CSAM detection, including the potential risks of abuse even if it were theoretically impossible to avoid hash collisions. Having Relay would require Microsoft to implement such a system and that's why there are many conspiracies arising that Relay is specifically intended for Chat Control, because true or not it would likely have similar outcomes. We'll see if Apple revisits the idea, and the recent WWDC doesn't rule out such a possibility https://www.patrick-breyer.de/en/posts/chat-control/
I'm a bit confused by the headline chosen for the submission (but the update doesn't do much to clarify).
The original is this:
Update on the Recall preview feature for Copilot+ PCs
> Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks.
To be clear, it may be delayed for public release, but it is still shipping to Insiders (possibly on June 18, 2024 but in the coming weeks indicates later).
> With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.
Further...
> ...we plan to make Recall (preview) available for all Copilot+ PCs coming soon.
The headline is correct. I have seen people believe that "indefinite" means "permanent", but it just means "undetermined". It is delayed, but we (and perhaps Microsoft) do not know for how long, so the delay is indefinite.
Recall suffered from a classic Microsoft mistake they've made time and again, but never learned from - how to correctly market and package your feature.
Microsoft always tends to "go big" with their integrations, often to their detriment, in order to increase adoption of new features. One notable time was with Windows 8. They really, REALLY wanted people to try out the new Metro UI, so they deeply integrated it into the OS, pushed it in every marketing campaign, and made it the first screen you saw on login. There were some great features in it - better performance and better search results, but it wasn't opt in. The reaction from customers who took a casual look was, "they removed the desktop!". It wasn't true, but because of how overzealous MS was to push the new feature, that became the takeaway.
The same thing is happening here - Microsoft pushed what objectively is a great tool, but they did so in a way that never gave users a choice of whether or not they wanted it. They've also framed the messaging and marketing in a way that's confusing to what is actually happening. Look at the amount of talk in this blogpost dedicated to mentioning how important security is for them, without ever actually going into what the security issues are or how they're addressing them.
Sloppy marketing + forced integration has bit Microsoft so many times now. I'm always shocked that they never learn from this.
The problem is not marketing. The problem is the tool is fundamentally not secure, and in my opinion, fundamentally not securable without major changes.
The core issue is that everyone has things on their computer that they want to be transient. I don't ever want my computer taking screenshots when I'm entering, say, my credit card number. More importantly, though, I oftentimes have text editors containing "scratch pads" that may contain sensitive data that I never want to persist.
Microsoft just never thought through the security implications of this feature.
How is this objectively a great feature? This is a spyware that stores screenshots unencrypted (and thus accessible to any other spyware). I am also not convinced that the AI tools would have been offline, thus effectively sharing your whole data with Microsoft (even more than before).
From a privacy perspective, this feature is an abomination
I'd caution us to separate out the feature from the implementation.
The feature provides the ability to search through all of the previous things you've done and gain context in an instant, in a way that can be queried with natural language. I think we can agree what it aims to achieve is beneficial.
The implementation is what you're debating. I see these are two separate things, but they play hand in hand. If you get the implementation wrong, it can easily tank the feature.
Still, the documentation for this seems to disagree with what you're saying.
> This is a spyware that stores screenshots unencrypted
This page[1] states "Snapshots are encrypted by Device Encryption or BitLocker". They suggest that things aren't shared with Microsoft, though I totally understand the skepticism there.
"Objectively" is very strong, but I'd love a tool like this.
Except it's so thoroughly invasive and ripe for abuse that I can't imagine ever using something like this that isn't open source and thoroughly vetted. And I think your very valid points are stemming from that -- MS's implementation was hamfisted and halfassed, and people don't trust them even if they do it correctly. But those are issues with the implementation and the implementer, in my mind. Not the conceptual feature.
What's funny is if they had marketed it as Apple does (and had as much credibility as Apple does among their fans) then everyone would love it. I seriously doubt they intend to do much different than "Apple Intelligence." I.e., local access to all your data and uploads of data you use on cloud apps.
Recall as implemented is an absolutely security and privacy nightmare, and would absolutely become a tool of oppression for abusers. MS deserved to reap the whirlwind here, as would any firm that offered the same sort of feature.
There is no equivalence. Apple has been building on this technology for years now, all with a focus on privacy. Microsoft neither has the engineering talent, the time, nor the development ecosystem to catch up.
With Windows 8, Microsoft thought that tablets and touchscreens were the future, and Metro was designed for those. Tablets being the future of computing meant they made the new experience the default. Turns out keyboards and mice are still vastly more popular a decade later.
> The same thing is happening here - Microsoft pushed what objectively is a great tool, but they did so in a way that never gave users a choice of whether or not they wanted it.
For those who have not been keeping up with recent events.
The United States government, is currently reevaluating its relationship with Microsoft due to recent security issues related to Russian and Chinese state-funded attacks.
Despite these pledges, several members of Congress are making it known that they dont see Microsoft as being serious about their recent commitments around security. It is worth noting that several of these members of congress influence how much Microsoft gets paid.
The Recall feature is often used as a lightning rod to bring to light the rushed rollout of Microsoft's features without concern for security.
[Video with timestamp of Microsoft's President being questioned by Florida Congresswoman, Recall mentioned]
https://youtu.be/kB2GCmasH4c?t=8217
While I suspect there may not be any sole reason for the release delay, it would seem to me that having Microsoft's biggest customer using Recall this way, may greatly influence the company's decision to hold off on the release.
Satya Nadella's Microsoft is such a weird company. It's like there's one side of it that is running with Zuckerberg's "move fast and break things" and the other side is saying "wait, we're the most important software company in the world! Things can't break!"
One side is open-sourcing .NET and VS Code and running GitHub well and making vcpkg. The other is crapping up Windows with embarrassing ad-ridden F2P games. It's really weird.
They didn't open-source the debugger so that you have to use VS or VSC. VS Code also has shittons of telemtry (same for dotnet LCI) and when you use Codium you are (officially) not allowed to use their marketplace.
>running GitHub well
GitHub is down nearly every week and constantly has problems. I appreciate them making certain features free though.
This is a pretty insightful comment. That's exactly how it feels. The core of their technologies have never been more solid, including Windows. But then on top of that solid core is a bunch of "move fast and break things" and short-term profit choices that make the whole thing seem awful.
Don't forget the ones that can't get a simple chat app to work right (Microsoft Teams) or the ones redesigning outlook which introduced a shit ton of bugs.
It's amazing that humans as a collective have decided that private corporations are the best way to progress as a civilization.
Even before Nadella, MS took insane risks with Windows. Ballmer oversaw the disastrous Windows 8 wigh the fullscreen Start Menu, which was hated far more than Vista ever was. W8 didn't even last 3 years before being replaced by Win10.
And that's to say nothing of the decade-long attempt to compete with Google and Apple in mobile with Windows Phone/RT/Nokia, which Nadella mercifully unwound.
One side is targeting corporate business, the other is for end-consumer.
The eye opener for me is the Surface Pro 10 only existing for businesses. They cared to design and produce the whole device, but not ship it to regular customers. That whole market is forced to go to the more experimental copilot line instead (which could arguably be great, but you don't get to choose in the first place)
I'm genuinely curious to hear an actual musician's take on the following Linux-compatible DAWs:
- Reaper
- Tracktion Waveform
- Bitwig
- Fairlight
- Zrythm
- Ardour
As for games, I've been 100% Linux for several years now, and haven't had much trouble. I'm only aware of issues with aggressive anticheat these days, but I refuse to give money to companies that push ring0-spyware anyway.
> What if you can't afford a Mac, and you're not technically literate enough to install Ubuntu ?
Honestly, buy an iPad. You can get a new iPad for as cheap as $300 and it will adequately serve all of your basic needs. If you're not tech-literate enough to install Ubuntu (which is extremely easy and straightforward in my experience) then I don't think you will need the extra bells & whistles of owning a laptop.
ZorinOS is catching up FAST and QUICK with out-of-the-box gaming support, many thanks to Valve's bankroll into the problem with Proton (primarily) and Wine (secondarily) for the Steam Deck.
I look forward to see where developments can go from here, but Zorin is pretty good for a solid amount of games... Maybe not most.
GNU/Linux is easier than Windows. Present two new users with each and they'll find Linux easier. The technically literate part usually comes down to them having a PC with their data already on it. That's where you come in to help your friends back up their data so they can easily move between computers and OSes.
For anyone willing to try, the installers are exceedingly simple and Steam makes gaming a breeze. Getting away from that "it's for nerds" image you're referring to is exactly what Linux needs to do
Genuinely asking: is that huge in terms of their install base or revenue, or is that huge in terms of PR ramifications (like, "vocal minority" type of deal)? In my younger days I'd've had a heavily skewed pro-gamer and pro-authority-of-the-gamer-rabble viewpoint, but now at this phase of my life I can't help but feel the majority of the places I see Windows are all in business and education contexts (so just business, heyo). I'd be curious to know if the gamer-rabble still holds the kind of weight in the social media aggregate that, say, got the Kinect-as-mandatory stuff walked back.
No, they also try to attract non-pro developers with a free OS, free programming suites and languages, free web frameworks, free web server, all that with a home edition. They also claim to embrace open source, etc. They care about their image as a relevant and alive Linux and Apple alternative for developers, and I don't mean the ones forced into it because of their job.
Now they also want to attract the "masses" so in the end on Windows you'll get a lot of crappy "user-friendly" stuff. There is the ad situation also, but is really not as bad as I keep hearing about, I'm not even sure what it refers to exactly. The only times I see ads is when I mistype something in the start menu, and I start getting irrelevant web search results from bing or whatever, with ads, just like when googling. I guess that's what I "deserve"? It didn't bother me enough to try disabling it anyway.
And finally, obviously if I'm using Windows it means I accepted that I implicitly trust Microsoft, just like anyone with an iPhone/Android implicitly trusts Apple/Google. I try to minimize the number of actors which I trust. Actually Microsoft doesn't scare me too much because they are always under the spot lights, with lots of harsh criticism, so they have much more to loose than smaller/more "reputable" players. So, anyway, I don't really see why I should care that some new crappy feature could help them spy on me, as they could spy on me anytime anyway.
> In summary: the only customers that matter --corporations paying site licenses-- declared this to be an unacceptable business risk.
I think it's more narrow than that. Yesterday, Brad Smith (president of Microsoft) went in front of the House committee for Homeland security and they were making the case that Microsoft is a national security risk.
Corporate customers may react based off of that testimony, but given the timing, it feels like the US government is the motivating factor for this announcement today.
> Anyone who is still using windows in 2024 and isnt a multinational business or llc gets what they deserve.
Yeah, enjoy your just desserts of games that work, HDR that works, variable refresh rates that work, sleep and wake that works, the ability to run the software you need to use, one of the best IDEs available, fantastic backwards compatibility, etc
I work for an S-Corp with ~500 office employees and high nine-figure revenue (in dollars). All of our industry specific software is only available on Windows.
And what should we choose instead? $$$$ set of adapters or Kubuntu that can’t calm down with updates and sudo password?
Before putting me in crazy fanboy fandom, I’ve used all three systems each for at least a decade now (and counting), and windows wins workstation pc award by simply being alone in the league of what works out of box with no additional expenses or headaches.
Edit: don’t get me wrong I hate ms, but I hate stupid bugs and restrictions much more.
What's interesting to me is that AI hype accidentally got non technical people thinking and talking more about their privacy and security concerns relating to software.
There's nothing sinister about LLMs relative to the kind of data collection big tech has been up to for years and years. It's just that all the AGI spin has triggered a defensive response in people.
Positive, in my opinion. People should be approaching tech privacy concerns with fear, uncertainty, and doubt.
There did not previously exist screenshots of everything my monitor displays any time I'm using my computer, and I don't want that data to exist. Sure, a lot of my activity could be pieced together from various other things that track my activity, but constant screenshots of everything that was on my monitor is a centralized goldmine of data that I don't want anyone to have access to.
I'd say that is more sinister than most other data collection.
Recall uses local AI models built into Windows 11 to screenshot mostly everything you see or do on your computer and then give you the ability to search and retrieve items you’ve seen. An explorable timeline lets you scroll through these snapshots to look back on what you did on a particular day on your PC. Everything in Recall is designed to remain local and private on-device, so no data is used to train Microsoft’s AI models.
Newer Apple Intelligence features will require 16gb ram and new M-series chips to run on-device. How is Microsoft able to release wide-spread features on device when there is a much diverse ecosystem of lower-powered, low-cost, windows devices??
Readit News
It sounds to me like they're figuring out a new marketing approach, or they're softening the blow by "listening to users" and then rolling out more slowly, when outrage has died down and people will just accept it.
This will help train RPA bots and reduce the need for human workforce for repetitive tasks.
Microsoft can collect this data across industries with or without informed consent and sell RPA/AI bots back to the same enterprise customers as a managed service.
Lot of commercial potential there for the taking. Just needs a innocuous enough cover story ro make it a default offering to server you the individual customer alone and help you gain an edge over your peers.
Isn't that already the norm, or at least very very common? It's just a 3rd party package totally focused on surveillance, not built into the OS and used for some user-accessible features.
> ...governments to spy on their citizens/enemies, and tech CEO's to collect training data for AI and target more ads at end users.
These applications would be novel, at least on a widespread basis in Western liberal democracies.
Not even that. It's still coming, under the same name, just not as soon for everyone.
They invested a bunch of effort into a product the market loudly rejected.
They're now withdrawing the product while they figure out what they can salvage from the effort.
Key stakeholders may have a few ideas about how to proceed (ranging from "try again later" through "repurpose it" to "forget it"), but enterprises of Microsoft size make decisions very slowly so of course it's vague about what's next. Collectively, they almost certainly don't know!
As someone who grew up near Redmond, who still has an emotional soft-spot for Microsoft for some reason, I feel truly embarrassed for their implementation.
The critical blunder was in indexing that personal data by watching over your shoulder, which is both creepy and low-effort. They've got to put the work in to find a better way.
I used to work for a company that made a rather popular database for mobile applications. An easy API to store data on your phone and have it synced to a server with no effort on the developers part.
Two of my co-workers spent a few weeks making a nice looking chat application which worked by syncing messages from many users to different devices, and they wanted to publish it as a demo. Until somebody else pointed out that there was no security at all. The server just accepts the latest state from the client. This was fine for most of the current use cases, but for chat basically meant that any client could rewrite the entire history and the server would just say "thanks!" on next sync and distribute the changes to everyone else. These were adult humans with degrees from respectable institutions, and this hadn't crossed their minds at all.
Basically, I think a combination of Hanlon's razor and nobody wanting to be a naysayer is a perfectly adequate explanation for this Recall thing. I think it's obvious that a lot of people would like their computer to work like that, and I can see them wanting to get it out without having listened to any internal criticism (if they even have a culture that allows that).
So until this changes, take with a grain of salt how much secure Recall is actually going to be.
Contrast this with Apple Inteligence, where not only are most local APIs made available via Swift, they have created special hardware and a unikernel like OS with sandboxed layers, exposing only what OS capabilities required for AI processing and cluster communication.
Versus "Thrust us, we are going to do the right thing".
Of course "listening to users" really means "listening in on users". Or just "bad press".
Microsoft does not consult with users before adding code into Windows. Nor do users contact Microsoft to tell the company what code they want or don't want.
Even if they did, the company does not operate based on user suggestions.
The reaction to "Recall" by journalists, bloggers and commenters is not that they think it should be "delayed". They think it is a bad idea.
Microsoft will do as it pleases. As it always has done.
I think that messaging is a direct response to their hearing in from of the House yesterday. They were being grilled on their numerous security lapses and Brad Smith (president of Microsoft) constantly reiterated that they are refocusing their priorities to be security. They were also questioned about Recall specifically so it's not surprising to see this as one of the first places where they are putting out that messaging.
They could conceivably push to SOHO users, but a) there's no revenue there (and this stuff is expensive), and b) it's really bad optics.
"We're going to offer you a feature that your workplace refused to run on their network."
I'm sure there's ways to spin that, but it'd be a challenge.
Deleted Comment
Apparently there are security concerns afterall. Did they lie before or now or just completely clueless about what is a security concern or what? I am confused.
I would argue there really weren't away, apart from the usual disaster/lack of security that desktop systems have.
It wasn't uploaded anywhere, so the only threat would be from programs that would run locally and steal it, which is already the same for any other (even third-party) program stealing your local files, which they have always been able to do.
As the size and influence of an entity increases, it has more power in the economy and therefore should have more responsibility, not less, to act according to high standards.
A gargantuan company that is 7% of the S&P 500 getting whoopsie-daisy passes because it is so large and nobody knows what it's doing is a dystopian situation that we should have incentives in place to discourage
Deleted Comment
> They don't even allude to the existence or detection of any specific security problems
Arguably the product itself. Which is another reason they might be vague about it. Because to talk about those security problems would taint the entire product and they can't do that if they aren't willing to completely scrap it.
People have been talking about how the data in here is similar to what may be already existing but that's far from the truth. Yes, these companies have a lot of data on us, but this is a significant step forwards in the granularity of that data. It's also worth noting that hackers could not get into your computer and assume that your computer not only has a keylogger that they can access to further compromise your system (and other systems/accounts) but that they can also obtain screenshots. These increase user risk significantly and greatly reduce the requisite technical skill needed for those infiltrating machines.
Similarly, many have pointed out the potential connections to Chat Control[0] and how such systems can likely be used by many companies to be exploitative of workers. While you may trust your company/partner/significant others/government and so on, it is important to remember that not everyone has such luxuries. It is also important to remember that such things can change. Even in the US there are high risks of potential abuse: such as police obtaining a warrant to get this data to see if someone is trying to obtain abortion medication. Regardless on where you fall on that specific issue, you can replace it with any other concerning issue and I'm sure you wouldn't like that (guns, religion, gender identity, political affiliations, and so on). So even if you trust Microsoft to not give away this type of information nor to provide authorities access (which often includes authorities not in your home country), then you must ask if the benefits are worth the costs. And not just for you, but for others.[1]
> It sounds to me like they're figuring out a new marketing approach
I suspect this is correct and as segasaturn suggested, turned up the heat too fast. I also suspect that this type of data invasion can be much more easily understood by the general public, who often struggle with understanding what metadata is and how it is/can be used. It does require technical knowledge for this and is often non-obvious, even for people who are well above average in technical literacy (as is the average HN user).
[0] Specifically we should note here that Chat Control would force Microsoft to use this system in a much more invasive way. We lambasted Apple over their proposal for CSAM detection, including the potential risks of abuse even if it were theoretically impossible to avoid hash collisions. Having Relay would require Microsoft to implement such a system and that's why there are many conspiracies arising that Relay is specifically intended for Chat Control, because true or not it would likely have similar outcomes. We'll see if Apple revisits the idea, and the recent WWDC doesn't rule out such a possibility https://www.patrick-breyer.de/en/posts/chat-control/
[1] https://www.youtube.com/watch?v=goQ4ii-zBMw
Dead Comment
The original is this:
Update on the Recall preview feature for Copilot+ PCs
> Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks.
To be clear, it may be delayed for public release, but it is still shipping to Insiders (possibly on June 18, 2024 but in the coming weeks indicates later).
> With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.
Further...
> ...we plan to make Recall (preview) available for all Copilot+ PCs coming soon.
not being accustomed with microsoft products i initially read this as copilot “plus” pcs.
Microsoft always tends to "go big" with their integrations, often to their detriment, in order to increase adoption of new features. One notable time was with Windows 8. They really, REALLY wanted people to try out the new Metro UI, so they deeply integrated it into the OS, pushed it in every marketing campaign, and made it the first screen you saw on login. There were some great features in it - better performance and better search results, but it wasn't opt in. The reaction from customers who took a casual look was, "they removed the desktop!". It wasn't true, but because of how overzealous MS was to push the new feature, that became the takeaway.
The same thing is happening here - Microsoft pushed what objectively is a great tool, but they did so in a way that never gave users a choice of whether or not they wanted it. They've also framed the messaging and marketing in a way that's confusing to what is actually happening. Look at the amount of talk in this blogpost dedicated to mentioning how important security is for them, without ever actually going into what the security issues are or how they're addressing them.
Sloppy marketing + forced integration has bit Microsoft so many times now. I'm always shocked that they never learn from this.
The core issue is that everyone has things on their computer that they want to be transient. I don't ever want my computer taking screenshots when I'm entering, say, my credit card number. More importantly, though, I oftentimes have text editors containing "scratch pads" that may contain sensitive data that I never want to persist.
Microsoft just never thought through the security implications of this feature.
From a privacy perspective, this feature is an abomination
The feature provides the ability to search through all of the previous things you've done and gain context in an instant, in a way that can be queried with natural language. I think we can agree what it aims to achieve is beneficial.
The implementation is what you're debating. I see these are two separate things, but they play hand in hand. If you get the implementation wrong, it can easily tank the feature.
Still, the documentation for this seems to disagree with what you're saying.
> This is a spyware that stores screenshots unencrypted
This page[1] states "Snapshots are encrypted by Device Encryption or BitLocker". They suggest that things aren't shared with Microsoft, though I totally understand the skepticism there.
[1] https://support.microsoft.com/en-us/windows/privacy-and-cont...
Except it's so thoroughly invasive and ripe for abuse that I can't imagine ever using something like this that isn't open source and thoroughly vetted. And I think your very valid points are stemming from that -- MS's implementation was hamfisted and halfassed, and people don't trust them even if they do it correctly. But those are issues with the implementation and the implementer, in my mind. Not the conceptual feature.
I think it’s more productive to discuss it in terms of the use cases and who they benefit.
I do not think this is at all true.
Recall as implemented is an absolutely security and privacy nightmare, and would absolutely become a tool of oppression for abusers. MS deserved to reap the whirlwind here, as would any firm that offered the same sort of feature.
Citation needed. I highly doubt this is true.
Why bother using psychological tricks to fool the user into compliance when you can just use that time and energy to make a better product?
... excuse me!? Complete surveillance being a great tool?! Objectively great tool?! Maybe in China, yes.
[Microsoft Storm-0558 Incident, cited as a recent example] https://www.microsoft.com/en-us/security/blog/2023/07/14/ana...
Microsoft recently pledged to improve its security practices through incentives to executive pay and other initiatives.
[Microsoft Blog on recent Commitment] https://blogs.microsoft.com/on-the-issues/2024/06/13/microso...
Despite these pledges, several members of Congress are making it known that they dont see Microsoft as being serious about their recent commitments around security. It is worth noting that several of these members of congress influence how much Microsoft gets paid. The Recall feature is often used as a lightning rod to bring to light the rushed rollout of Microsoft's features without concern for security.
[Video with timestamp of Microsoft's President being questioned by Florida Congresswoman, Recall mentioned] https://youtu.be/kB2GCmasH4c?t=8217
While I suspect there may not be any sole reason for the release delay, it would seem to me that having Microsoft's biggest customer using Recall this way, may greatly influence the company's decision to hold off on the release.
Oh! It was lax executive pay that led to the problems.
They didn't open-source the debugger so that you have to use VS or VSC. VS Code also has shittons of telemtry (same for dotnet LCI) and when you use Codium you are (officially) not allowed to use their marketplace.
>running GitHub well
GitHub is down nearly every week and constantly has problems. I appreciate them making certain features free though.
It's amazing that humans as a collective have decided that private corporations are the best way to progress as a civilization.
And that's to say nothing of the decade-long attempt to compete with Google and Apple in mobile with Windows Phone/RT/Nokia, which Nadella mercifully unwound.
The eye opener for me is the Surface Pro 10 only existing for businesses. They cared to design and produce the whole device, but not ship it to regular customers. That whole market is forced to go to the more experimental copilot line instead (which could arguably be great, but you don't get to choose in the first place)
Anyone who is still using windows in 2024 and isnt a multinational business or llc gets what they deserve.
Speaking for myself, I dual boot mint and windows because I really like playing games and making music. Both of those are absolutely subpar on Linux.
Outside of our nerd bubble, most normal people don't really want to run desktop Linux. Macs are great, but I can't really game on them.
1. Become technically literate enough to install Linux. Distros like Fedora are very easy to set up imo.
2. Ask someone else (relatives, local computer store, etc.) to set it up for you.
3. Continue using Windows.
Problem: Uber is expensive, and you don't know how to drive, so getting around is a challenge.
Solution: Learn how to drive.
- Reaper
- Tracktion Waveform
- Bitwig
- Fairlight
- Zrythm
- Ardour
As for games, I've been 100% Linux for several years now, and haven't had much trouble. I'm only aware of issues with aggressive anticheat these days, but I refuse to give money to companies that push ring0-spyware anyway.
Honestly, buy an iPad. You can get a new iPad for as cheap as $300 and it will adequately serve all of your basic needs. If you're not tech-literate enough to install Ubuntu (which is extremely easy and straightforward in my experience) then I don't think you will need the extra bells & whistles of owning a laptop.
I look forward to see where developments can go from here, but Zorin is pretty good for a solid amount of games... Maybe not most.
Now they also want to attract the "masses" so in the end on Windows you'll get a lot of crappy "user-friendly" stuff. There is the ad situation also, but is really not as bad as I keep hearing about, I'm not even sure what it refers to exactly. The only times I see ads is when I mistype something in the start menu, and I start getting irrelevant web search results from bing or whatever, with ads, just like when googling. I guess that's what I "deserve"? It didn't bother me enough to try disabling it anyway.
And finally, obviously if I'm using Windows it means I accepted that I implicitly trust Microsoft, just like anyone with an iPhone/Android implicitly trusts Apple/Google. I try to minimize the number of actors which I trust. Actually Microsoft doesn't scare me too much because they are always under the spot lights, with lots of harsh criticism, so they have much more to loose than smaller/more "reputable" players. So, anyway, I don't really see why I should care that some new crappy feature could help them spy on me, as they could spy on me anytime anyway.
I think it's more narrow than that. Yesterday, Brad Smith (president of Microsoft) went in front of the House committee for Homeland security and they were making the case that Microsoft is a national security risk.
Corporate customers may react based off of that testimony, but given the timing, it feels like the US government is the motivating factor for this announcement today.
Yeah, enjoy your just desserts of games that work, HDR that works, variable refresh rates that work, sleep and wake that works, the ability to run the software you need to use, one of the best IDEs available, fantastic backwards compatibility, etc
That’s not Windows.
Before putting me in crazy fanboy fandom, I’ve used all three systems each for at least a decade now (and counting), and windows wins workstation pc award by simply being alone in the league of what works out of box with no additional expenses or headaches.
Edit: don’t get me wrong I hate ms, but I hate stupid bugs and restrictions much more.
Dead Comment
There's nothing sinister about LLMs relative to the kind of data collection big tech has been up to for years and years. It's just that all the AGI spin has triggered a defensive response in people.
Positive, in my opinion. People should be approaching tech privacy concerns with fear, uncertainty, and doubt.
I'd say that is more sinister than most other data collection.
https://www.theverge.com/2024/6/13/24178144/microsoft-window...
Had to look it up, sharing to save someone a minute.
Not yet.