And then someone goes and invents Recall. This is not the work of a lone engineer and a principal PM fishing for Impact or whatever they call success at Microsoft. This had to have gone through multiple levels of review. Microsoft PMs, CVPs, their corpo legal people, marketing approval. And yet no one stopped to say, "wait, this could blow up in our faces"?

GenAI is hotter than anything else right now. As Satya publicly stated, "we made them dance" -- which shows how high-priority it is to maximize "AI innovation" at MS.

If you disagree, think about how badly "Tay" blew up in MS's face and yet they still went ahead and bundled OpenAI LLM tech into all of Office365, just so they could have bragging rights about beating Google to it.

At this point, it's a race (to where? who knows) and no Big Tech Corp wants to be seen as "not at the forefront".

That's my $0.02, anyway :)

Google kept on launching faked demos and hurriedly released an openly race biased image generator all in a bid to catch up with OpenAI.

Meanwhile Apple has been sort of lethargic. Recently annouced a deal with OpenAI to add GPT to their devices. They seem happy to continue playing catch up in this regard.

I think Meta is probably the only big tech giant that has kind of got their execution right straight from the jump. Can't point to any slip ups from their "AI announcements".

We should assume that everyone is on their worst behavior going forward. Zoom, Slack, MS, Apple, etc.

> And then someone goes and invents Recall

Maybe you should read about the history of Microsoft, especially about its security.

But people forget easily.

But a whole lot of the surveillance attacks people imagine about Recall apply just the same to the browser. I think it's the "little brother" casual attacks that are so well enabled by Recall - it makes it faster, easier, and way more visual.

I get your point, but Microsoft's Recall can capture anything onscreen - emails, personal info, porn, passwords and the like. And it feels, bizarrely for 2024, that little thought has gone into privacy or security.

I think the thought is proportional to the amount of thought a non-tech customer will put into it. Nobody seems to care about or understands privacy these days. Everyone knows they're being tracked everywhere they go physically and on the web. People use their real names, address, etc for every junk service they sign up for, without seeing any reason not to. If you tell people that their TV is tracking and taking screenshots of what they watch [1], they say "yeah, Netflix knows too".

It's literally, "how it's always been" for any non tech person under 30.

[1] https://themarkup.org/privacy/2023/12/12/your-smart-tv-knows...

Part of me wonders if this is the consequence of how accessible tech has become, and the prevalence of increasingly non-technical product managers. I'm a former PM, and I'm not here to denigrate the PM role, but the fact that a product like Recall got shipped says a lot about the makeup of the product org that shipped it.

While I get that younger people tend to see privacy differently, I'd argue this isn't really a privacy issue, it's a security conversation, albeit with obvious privacy implications. Leaking what apps I use or what sites I visit is mostly a privacy issue. Leaking what I type into the boxes on those sites is a security issue. If the end result of leaking this info is the attacker can pwn all of my bank accounts, we're solidly into security territory.

The fact that this got shipped means that multiple levels of leadership either didn't think about the consequences or didn't care about the consequences. I hope it's the former, because that means they can learn from the backlash and hopefully recalibrate.

Microsoft is in a position of power that IMO requires a significant duty of care and responsibility to their customers, and lapses like this need to be judged through that lens, i.e. it is their entire business to make sure features like this are safe.

Microsoft is just tripping over themselves right now bringing AI to market because they don't want to miss the boat. Their copilot for office 365 stuff is hardly working, it's real beta quality. No normal company would have released it to market in this state. But they're just terrified that Google will eat their lunch.

I don't think security and privacy concerns are much on the radar there anymore. They just want to establish their name in this new market at all costs. And I think in their eyes it makes sense, they've always succeeded because they had the biggest installed base, not because they were the best. It makes sense they see value in being first mover at all costs.

It's just a bit frustrating as a customer. As usual with something they launch it's more promise than substance. I have to say that usually they do have the follow-through to really make it a success. But it does take time.

There was probably from lower decks, where they are closer to reality. However, people are scared for their jobs in this economy and likely didn’t take it farther.

Emphasis on "part." I'm totally guessing on this, but I think OP may have been talking about PMs where the MBA is their only notable feature rather than those where the MBA is just one part of a well balanced whole.

> You can teach a tech person to understand business, vision, strategy, finance, etc. You cannot teach very well the business person who has all that the intricacies of technology.

I'm inclined to agree with this. The thing about business degrees is that they are so minimal effort that actually understanding business isn't a prerequisite to being awarded one. I would know, I have 2 of them.

There's no guarantee a "business person" actually learned business, much less that they are capable of learning tech. Don't get me wrong, I'm not by any means implying that all business people are inept or that they are collectively unable to learn tech; it's often unrealistic, but not impossible.

When going to school for tech, such as an MS in engineering, CS, etc., typically requires enough effort that one will end up learning their respective field (I have met exceptions to this and interacting with them is infuriating) whereas going to school for an MBA is one of the easiest ways I know of to get government financing for a decade of partying.

Many here may be too young to remember when many consumer products came with a "product registration" card. This was basically a postcard that asked for all sorts of information, such as your name, address, phone number, birthdate, sex, SSN, marital status, annual income, interests, other products owned, whether you own or rent your home, etc.

People willingly filled these out and sent them in. All the info went into databases that were merged with other sources and traded around various marketing agencies on 9-track tape reels. Advertisers could get mailing lists segmented by age, sex, income level, geographical region or specific zip codes, etc. for their campaigns.

It's all much more pervasive and invisible now, but it's basically what has always been done.

Basically is doing a lot of work here, the level and degree of how much data is vacuumed, processed, and used for targeting nowadays is orders of magnitude of difference from these primitive ways.

A tent and a house are basically the same: a shelter.

I don't know, I don't think sending in product registration cards could/would often result in your bank account being drained...

> It's all much more pervasive and invisible now, but it's basically what has always been done.

So you admit it is far worse today than it was before? But the second half of your sentence seeks to disingenuously pretend that it has "always" been bad.

I can be sick with a cold or I can have stage-four brain cancer. People have "always" been sick but one is serious (terminal cancer) one is not (a non persistent cold).

Privacy is not a binary concept. There are actions and information that some people are ok being public, and there are some they prefer to remain private.

What is not OK is spying and exploitation. I should know what data you’re collecting and preferably specify which I’m ok with. I also should know what is intended for and preferably for most of it to be anonymized.

Most people expect reasonable privacy policies from companies and they believe that there’s some regulation in place.

Absolutely, but if you ask/inform these people they will say "Well, guess I have nothing to hide." because they can't comprehend going without all their devices/services.

That sounds good to some people. But if I mentioned it to most people in my family they would probably be rather weirded out by it. They probably also would have no idea of the scope of the size of it and how it is being used against them.

No, no. They thought about the privacy and security aspect. They decided that it's better for their bottom line if Windows users don't have privacy from the mother ship. Really, they already decided that way back when Windows Vista first came out and periodically asked Microsoft HQ if you should continue being allowed to use your computer.

Theyre just boiling the frog slowly. It'll be turned on by default soon enough and then theyll start looking for excuses to upload it.

This can be used to make them a shedload of money one day.

I was just remembering today what they did to the security/encryption as soon as they bought over Skype… they removed it. And who would that benefit - the spies.

No-one cared about that. No-one ever cares. Except for this rare occasion - tides are turning and people are starting to care a tad more.

In the case of the phone, one simply sees recipient of call, duration etc, regardless of how much information was exchanged. The phone I'm calling is arguably analogous to the server I request a page from, in the metadata context.

I'd argue browser history is significantly richer in some regards due to this. It's not unheard of for user identifiers to appear in URL paths either - try visiting https://news.ycombinator.com/user?id= user name>... In my Chrome, that's instantly in the history file with my username.

Unless, of course, you're willing to argue that a porn image stored on the local hard drive isn't contained in any folders on the same PC that soft-link it. You might have an interesting time trying to justify why it is contained in folders that hard-link it.

Sure, info about non-top-level links is extractable from e.g. request caches, but that's a different thing from the browser history SQLite DB.

On a more relevant note, how can it know when a private browser window is open in anything other than Edge? Same question with the password manager - is there going to be some new API that apps have to "opt in" to to enable Windows to recognise them?

2. Browsing history watches one app. Screenshots watch everything across the entire OS.

People might use Incognito mode to browse porn, but I imagine it's a lot less common when looking at other sensitive sites.

Or from history you may see that you accessed a site, but not what you did on it (what comments you typed for example).

The take-away is simple though: Modern desktop operating systems need a security model where individual applications are sand-boxed and protected from each other.

Legacy systems have security models that protect users from each other, but this isn't the personal computing world we live in anymore.

Whereas to avoid browsing history, one only has to avoid the popular, graphical, advertising corporation browser. As I am not interesting in graphics, I do this everyday, with ease, because there are countless clients besides "Chrome/Safari/Edge" that work with the www for consuming information.

Recall seems to be storing its info locally in an unencrypted SQLite database as well.

At least, that's according to the instructions here on how to access and view the contents:

https://www.heise.de/en/news/First-experiences-with-Recall-9...

From the submitted article, it seems like Microsoft will change/secure the access (and maybe storage) in some way, though there's no details on the specifics.

There's also always private browsing, which exists specifically because people are aware of the implications of a browsing history and a persistent cookie jar.

That awareness will be much harder to build for an always-on screen recorder.

At the time, it wasn't very thinkable that someone would have the audacity to take and abuse that information.

It dates from when Internet people overall were more savvy about privacy than users overall today are, but it was also when the Internet was closer to a trustworthy environment, and before Wall Street sociopath types took over the tech and the culture.

Lots of kinds of abuse that today are routine and almost universal, for even startup tech companies, (e.g., embedding third-party trackers into Web site, and getting even worse from there), I think would've gotten them ostracized, and outraged demands for criminal charges.

During the dotcom gold rush, there was such a flood of totally new, posturing people, and so much money being thrown wildly at everything, that any remaining outrage was lost in the noise.

And now virtually no one knows any different.

But if you're trying to push some new abuse today, I think ordinary people are starting to have some awareness of what vicious sociopathic buttholes tech companies have become, and so acceptance might not be a slam-dunk.

It's not on the individual users to take steps to preserve their basic human dignity. It's not Microsoft to not take that dignity away by default as was their plan before this fiasco predictably blew up in their faces just like the Xbox One always-online Kinect requirement before it.

I want to be able to find things I've seen before. Recall would've been great if using it didn't require me to update to a version of Windows that contains "Copilot".

Most of us know that the public Internet is based on surveillance capitalism, no matter if we hate it or are just complacent or ignorant.

OS wide is far more problematic and of low value to the user.

On the other hand, I am always freaked out by Chrome extensions that "can read and change your data on all websites". Can't they have more granular permissions? You gotta have a lot of trust for those extensions LMAO. They can read your bank passwords, probably!! And if they are ever sold...

It's "little brother" that benefits a lot here: bosses, spouses, parents, etc., who otherwise wouldn't click on 1000 links in your history.

I trust gorhill and the EFF to not fuck me over on my data, and Tampermonkey kinda needs those sorts of permissions to work. My password manager has read access to every website but I'm already trusting it with all of my passwords so...

Mozilla reviews signed extension updates. Something tells me uBO is one of the most scrutinized given how very many users it has.

>If an extension that reads all data uses a CDN (like CloudFlare) that CDN can execute a MITM attack against it and download new code, that would he catastrophic even if it was caught 1 day later.

My threat model doesn't include state actors targeting me specifically. Not sure much of anything works against that threat model besides maybe iOS in Lockdown Mode as your only device.

I have seen Metamask update itself randomly, and it has access to read every website

Perhaps you didn't note before, or are one yourself, but this includes e.g. abusive spouses. Sure, maybe the abusive spouse could hire a black hat, but this is very different to a drunk low-life wife-beater casually snooping through "recall".

It might not be a "new" attack vector, but its absolutely a complete degradation to any computer security.

The horse is out of the barn for many people during work hours. But in the OS and on by default is a different story!

Otherwise, every creepy roommate, bad partner, bad friend, etc... will take advantage of this to do bad things.

[0] Ideally more obvious, like when Windows screen recording is running.

MS just did what every other micromanagement company did and took screenshots every second or so.

However regarding it being opt out… what would prevent a virus from just enabling it on a bunch of machines silently. Sure it would be caught but the damage done and most won’t be bothered to go in and disable it after.

Or Microsoft just decides they need to really market the hell out of AI and it gets turned on my default anyways.

The username/password you type in next time it expires is far more valuable.

And it might not even be necessary to obtain cookies or credentials if I can just see whatever you could see when you’re logged into various sites.

Microsoft will also require Windows Hello to enable Recall, so you’ll either authenticate with your face, fingerprint, or using a PIN. “In addition, proof of presence is also required to view your timeline and search in Recall,” says Davuluri, so someone won’t be able to start searching through your timeline without authenticating first.

This authentication will also apply to the data protection around the snapshots that Recall creates. “We are adding additional layers of data protection including ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates,” explains Davuluri. “In addition, we encrypted the search index database.”

https://www.theverge.com/2024/6/7/24173499/microsoft-windows...

But I'm glad to hear they've committed to making changes. Given the misrepresentations they made regarding the initial rollout plan (the target of most criticism, mine included), Microsoft has to prove themselves here and I'll wait until qualified security folks get their hands on this before coming to any conclusions.

What we know is that the initial version was a non-starter, and this new info validates the concerns we've all been expressing.

I truly hope Microsoft does an acceptable job of addressing this. It remains baffling and worrisome that it took a public outcry for them to implement what sounds like a baseline level of acceptable protection.

https://blogs.windows.com/windowsexperience/2024/06/07/updat...

> It remains baffling and worrisome that it took a public outcry for them to implement what sounds like a baseline level of acceptable protection.

It's possible this was the intention all along but as a early-beta feature this was just the MVP. The reason it was rolled out to early testers at all was to get feedback.

If they're relying on public feedback to realize how completely unacceptable the initial rollout was, that again points to deep problems at Microsoft and is why I'm saying this is baffling.

Security requirements often completely change the architecture of a product. Things can be built without security that are significantly more challenging to accomplish when strict data security requirements are in place. Architectures that assume no security often completely break down when security is tacked on top.

If this is a matter of a product not yet getting "security added", that again raises major concerns about how Microsoft is building products.

I think that exploratory development is, in general, a good thing. Bogging down all development with middle-management procedures might certainly have caught this early. But that doesn't necessarily make that a better way to build products.

The scary thing about Recall isn't actually Recall itself. It's that AI makes this kind of product possible and really easy. I'm sure we're going to see implementations of this idea everywhere and not just on PCs. Imagine AIs watching security cameras.

The virus doing the same things as recall will be much noiser and much more suspicious. Making it much more likely to be removed.

Not to mention that once recall has been running a virus only needs to extract the data. It records far more than what a password manager does and is far easier to search through. It just makes a very large attack surface.

Basically, why would anyone develop keyloggers anymore? Microsoft did it for you. And it'll never be tripped by antivirus software because it's an official and legitimately signed program. You don't see a problem with this?

This is what will happen. And when you turn it off again, it'll be turned back on by the next update. Enjoy.

Absolutely. And all of them decided to screw largely defenseless non-technical consumer to make short-term profits. That's not a fantasy, that's our reality.

- When a user enable Recall, it should ask to setup a "Recall password" and generate a private public key and use the password to encrypt the private key.

- Use the above public key to encrypt all the data it stores.

- When user wants to search Recall history, ask for the password, decrypt the private key and use the decrypted private key to decrypt the data and show the data to user.

- Show some sort of indicator on taskbar that Recall is running, not a tray icon (which can be hidden), but a proper big red circle kind of thing.

To me this seems like another case of MS top executives telling every team that they have to do something with AI. Typical approach used by many executives and managers - "Here is a new tech, figure out a product to build with it".

When Microsoft decided to push a feature upgrade last year that automatically enabled OneDrive backups for their home directories, it technically violated HIPAA by moving electronic patient health information contained within their scanned files folder onto OneDrive servers without any prior consent or authorization. They literally called me when they were unable to find their files, Microsoft had (laughably, if it weren’t so serious) placed a text file on the desktop titled “Where Did My Files Go.txt”, and then directed them to the OneDrive folders where it had moved their desktops, documents, and pictures without their knowledge or approval.

I have since moved them to Microsoft 365 accounts where I can apply GPO, but my clients were understandably unhappy about having a new annual subscription that didn’t add any tangible benefit, rather they’re now on the hook for a couple hundred bucks a year for what’s essentially a shake down. Pay for the new service that adds nothing meaningful to their experience, or else face the consequences of Microsoft ruining your business on a whim.

everyone else just gets a laptop, unboxes it, turns it on, uses it, does whatever they want to it

see: any retail location in a strip mall, any mom/pop business, etc etc

They’ll probably think twice before jumping into the fray again with the Microsoft branded Informant Wire (I mean AI wearable) ;)

At one place I worked when the company replaced my old machine with a new windows 10 system it was configured to send every single keystroke back to Microsoft. There was zero concern over privacy or compliance, just an assumption that MS would never abuse that data for any reason. I did not have their faith and disabled that "feature" then changed a massive number of other policies to try and keep as much data out of Microsoft's hands as I could.

Compliance doesn't say "company can't watch employee" -- in many cases it mandates surveillance.

This just lets the employee leverage that too.

Any company that has compliance requirements to keep devices supported with security updates, it's the same as Win 7 to Win 10; you either update everyone to Win 11 or you pay for the security updates for Win 10 (IIRC you have 3 years to update before you can't pay anymore). Many will likely already be on Win 11 as the upgrade path is easier/quicker than Win 7 to 10.

Also they will not have the gunk installed anyway as they will almost certainly have Windows Enterprise which has more policies that can be set, and then they will also be ordering devices from an OEM or distributor that doesn't have the junk included.

Heck, if they aren't doing Autopilot from the OEM or distributor, they will almost certainly be applying their own Windows image.

But just because something has utility doesn't mean it comes at high costs. I mean it's a super powerful keylogger that is searchable without technical knowledge. Not to mention that it'll probably fail to LLM type of attacks, which even many non technical people are able to figure out.

But then again, I don't understand why people so passionately store all their chat logs (not just important/memorable messages) and take millions of photos. We kinda spy on ourselves

Now that I'm a developer, I often get into the flow and find myself knee deep in some work, but I forget to write notes about what I was doing. Coming back the next day, I often can't remember what issue I ran in to or how I fixed it. Having a quick way to review what I did the previous day is very helpful.

I can see a lot of potential uses for this technology, but I'm quite wary of any service that involves sending all of that data to some third party. Regardless of how much they might swear they won't use it for anything else, every company eventually sells your data for extra profit - it's just too tempting.

Giving your screen recordings to Microsoft is like giving a loaded gun to a toddler.

If chat and co-pilots are all we get out of this wave of investment, then I'm not sure if it's been worth it.

But now I'm moving all my computers, including work computers, to Linux. Will miss out on some hardware/software I use for music production (biggest loss will be TotalMix FX for my RME audio interface), but MSFT leadership has shown they don't get it.

Also, Fusion360 for Linux when?

No need to pay for being the target of surveillance. The "products" are free.

1. Unless we count the telemetry and "auto-updates". Users never asked for this stuff though, it is not initiated by them. This "product" is broken on delivery hence the alleged need to keep "fixing" it by remotely installing more software, presumably that isn't broken and will not used for surveillance, on peoples' computers. All for free. There is no money to refund if the "product" does not work as expected.

I'm glad Microsoft is making changes, but I wonder how much is out of fear for their reputation and how much is just to try and comfort people and get the news to stop talking about it so that everyone doesn't just disable it as soon as it rolls out.

It’s a complete circus right now. Plenty of us just ignoring it and opting-out but it might reflect on our bonuses.

What I hated the most was that the File Explorer just calls the folders in there e.g. "Documents" and "Pictures" without showing the full path. So it was hard to figure out just where in the file system you were looking -- a major annoyance if you do any work in the command-line!

Even after switching OneDrive off and doing as much as I can to try and get rid of the OneDrive folder structure, I haven't been completely successful. You can make some -- but not all -- home folders (like Downloads, Documents, etc.) point directly to their place in the local user folder, but others, particularly Pictures, don't seem to be movable. Additionally, some programs still seem to want to use the OneDrive folder by default, like I think Office programs still do their best to use them.

In the grand scheme of things it's a small annoyance but god it annoys the shit out of me! I didn't ask for cloud backup and it drives me nuts they tried to force it on me!

Internet access is not always guaranteed or reliable. Please do not assume that the cloud is a viable solution for every user.

I ran into this on my phone awhile back. I knew I would be out of service for some time but had some PDFs I needed to reference. So I downloaded them to "files". Que surprise when I later go to look up a value and there's a little cloud with a down arrow button next to the PDF in the files app, which of course fails because I'm nowhere near any internet access. Even more fun: turning off the cloud integration in files just causes the files to disappear, even if you are currently connected. It's allergic to local storage.

In the UK, every time I got on a train, I'd experience that. And it was worse than not having internet; you had internet, but with extreme packet loss and instability, meaning that every app out there would simply stall, even if it already had the data to do whatever it is I wanted it to do, because it was waiting on some background request to complete. And because I had internet, the request didn't just fail, but it also wouldn't complete in any reasonable amount of time.

Very frustrating.

Also every <35 years old person is a js/web dev, so that’s what they do on cloud

So fun to spring for the paid duolingo only to realize you can only download the next lesson up, not like the entire course.

The lessons are like 5m long wtf am I supposed to do with that? I just want to spend my idle time on the plane or camping disconnected from distractions so I can learn, but app developers have made that effectively impossible

And this is why I don't pay for, or even use duolingo even though I'm actively learning a language

I've gotten burned by that "isn't really downloaded" thing a few times before too, to the point where I don't trust apps to download anymore. I just adb push files from my laptop to my phone before I go. Can't always do that though, but I try to.

1. Create new office document (Word/PowerPoint/etc) and hit save.

2. No, the default location in OneDrive isn’t right so you click the down arrow to see more.

3. No, none of the other recent locations in the (short) list are right either, so you click “More locations”

4. Now you have to click Browse to see an actual Save As dialog that finally lets you navigate through folders. Even then the actual folders are right down at the bottom of the left hand “tree” pane, below a bunch of virtual folders, below OneDrive (aside: if you navigate “up” from here you get to “Desktop”, but it’s not the same “Desktop” that appears lower down in the list; that one is inside your OneDrive), below Music, Videos (you get no hint as to where these actually are), finally near the bottom there is This PC and Network which you can navigate sanely through. Oh, and right at the bottom there is “Microsoft PowerPoint”, as a save location. You can click on it and try to save a document in there, wherever “Microsoft PowerPoint” is. Just kidding, you are stopped by a dialog box telling you this isn’t a valid location.

JFC. No wonder people prefer the “everything is an app icon” approach. Windows is diabolical for managing files.

Saving files in Office has turned into a nightmare.

I don't understand what Microsoft is thinking with this behavior.

I'm fine with that being the default flow. But it can't even be turned off.

I imagine this design is better for non power users.

They no longer forget where they saved their files.

But for power users, this is terrible.

Literally my only option was to use the local account bypass. How long before they fully remove that, though, remains to be seen.

You will still get it reinstalled during a major OS update, but at least it can easily be removed. Before it was a chore to clean up.

I would speculate there is even some way to prevent it from reinstalling during those major updates. That seems like the kind of capability they would build in because a huge Windows customer complained (i.e. realistically, the major check against dark patterns in Windows).

It id what SRP's are for (but yes, I would not put it past them to disable anything targeting OneDrive).

Not trying to make this sound like a value judgment, more an observation. But it makes you wonder, what do we lose by excessive abstraction.

Phones aren't secretly using Roman numerals or tiny embedded abacuses though. If they were for whatever reason, there would be plenty of value in learning those systems.

UX prognosticators have been preaching for decades that anything that computer users find confusing should simply be hidden. Not made more clear, or easier to use, but just papered over so users can no longer identify a specific thing to complain about. It’s just like the weirdos who try to get rid of the address bar on web browsers every few years, but the filesystem haters have been a lot more successful, and computers are more confusing as a result. You don’t solve confusion by hiding it behind a thin layer of paint. All the same problems still exist, but there’s no longer a way for experts to even try to help. There are so many better ways to simplify computing than pretending it’s magic.

They figure that the less users know about how their device/software works the more dependent they are on developers who can then act as gatekeepers of what the user can and can't do even when the system is capable of much more. They don't want users doing things differently, or disabling things, or seeing what's going on under the hood. Keeping users ignorant, controlled, and dependent gives them a very secure feeling.

Files are currently used to implement apps, but that can be seen as a transitional measure, like an OS that supports both files and raw disk access. A fully app-based OS without files, though not existing currently, would be possible.

Another idea the industry discarded was to make the disk a big SQL database, again without files.

The fact that I needed to log in, wait 24 hours for my account to unlock due to inactivity (!!!), and enable sync in order to disable it was enough for me to finally decide that Windows 10 will be my last Microsoft product. It may be a small annoyance, but to me it was the straw that broke the camel's back.

The process is quite tedious and takes a few hours, but in the end you end up with a personalized version of Windows, without any of the garbage. You still need to be vigilant of Windows Update undoing some of this, but you can also disable it altogether and manually cherry pick the updates you want to install.

It's insane that Microsoft is building such a user hostile OS that forces users to resort to this, but if you absolutely must use it, the experience after doing the above is not so bad. I've been running a custom install of Windows 11 for about a year now without any issues.

[1]: https://www.tomshardware.com/how-to/create-custom-windows-11...

After a certain point anyone paying attention can see it's not accidental. Oops sorry! No. Their goal is your technological enslavement. Mis-features like that don't accidentally just always end up being evil and oops sorry when there is a real backlash. They wanted to see if they could get away with it, like they do.

I abandoned MS products in 1998 for good. Win98se pushed me over the edge.

I have disposed of my last PC now and have nothing to do with the infernal things, or onedrive, or any of that crap ever again!

The former because my desktop is... where I want things just a certain way for THIS computer, not across the cloud. And because it's a PITA to undo and set it the correct way.

The latter because of course I use Remote Desktop on multiple computers, but it keeps saving a "default" file in the same place across computers, and throwing errors left and right because they conflict. So stupid.

I did later connect my Microsoft account. In my installation the OneDrive folder is empty and the entries in Explorer map to the normal places (C:\Users\X\Pictures etc). If I open one of the default folders, it does show a "Start backup" entry in the address bar that is referring to OneDrive, though. If I open the OneDrive folder, it asks me to sign in (entering password) and set it up-- which is funny, because the Windows user is signed in using a Microsoft account already- so seems like they haven't connected those dots properly yet. In theory this might be their way of implementing a security check for uploading all your files, but if so it's an awkward way to do it.

> Additionally, some programs still seem to want to use the OneDrive folder by default, like I think Office programs still do their best to use them.

If I remember correctly, there is an API that programs can use to locate common folder locations for users (such as Documents, Pictures, etc). My guess is that your account still points to the C:\Users\X\OneDrive\Pictures instead of C:\Users\X\Pictures. If you could adjust those directly (maybe in the registry?), I would imagine that it will work correctly in these programs, especially since I doubt those programs would break on my setup, where there is no OneDrive subfolders (though I don't use Office so I can't check). And in case you wonder if there really are no subfolders in OneDrive since I can't open it in Explorer without signing into it- it shows nothing when viewed via PowerShell.

If you're hard coding paths you're doing it wrong.

A user doesn't want to do this though.

I tried casually using a windows 11 machine for something the other day (I think I was fixing game folders for my girlfriend), using just explorer, and it was pretty obscenely bad how overly confusing it had gotten. I say this, and I fairly routinely debug old build systems with complex nesting file structures, I know my way around a file system.

This wasn't a case of "oh you're just a power user", this was a case of the system had broken, and the simple advice of "backing up your files" and "copy your files over here" wasn't working.

Telling everyone they need to use API calls is just ridiculous, the filesystem is just broken for the average user.

Apple also uses dark patterns to try and get a monthly income from customers. Apple has upsells and nag nag nag advertisements for iCloud.

The irony with Microsoft is that I would consider paying a monthly fee for a modern version of Windows 2000 without extra features. No adverts, no telemetry, no OneDrive, no cloud signin, no store, no games installed as part of the OS, no MS junkware, no bullshit. Aside: why is there no "Windows for developers" - even Balmer knew "developers developers developers" was worthwhile but Microsoft has deleted that from its DNA: even though Apple's competition is a mixed bag.

And for that matter, make Apple do the same for iCloud; I'd love to keep all my iPhone stuff in my own self hosted "cloud" and get 1st party integration.