It sounds to me like they're figuring out a new marketing approach, or they're softening the blow by "listening to users" and then rolling out more slowly, when outrage has died down and people will just accept it.

This will help train RPA bots and reduce the need for human workforce for repetitive tasks.

Microsoft can collect this data across industries with or without informed consent and sell RPA/AI bots back to the same enterprise customers as a managed service.

Lot of commercial potential there for the taking. Just needs a innocuous enough cover story ro make it a default offering to server you the individual customer alone and help you gain an edge over your peers.

That's just an actual use case that their true customers would pay for, I think it's awful and should be illegal under any reasonable worker protections but why would they not advertise it this way privately to business customers?

I also don't think it's cynical to think that a manager looking for a reason to get rid of someone will have a much easier time justifying a PIP or just straight up firing someone if they can retroactively have an AI do it for them.

Why wouldn't they be able to ask the system "how much of 's time do they spend doing things on the computer that are not directly related to ?"

Is it technically happening already? Sure, there's nasty nasty spyware being forced on people and it is awful and I hate that those employers are getting away with it. But integrated into the OS, on by default, with a long memory? Just imagine how easy it will be to fire anyone that tries to unionize in an effort to fight against such surveillance.

Development of a feature like this surely started during the WFH craze, where managers could no longer casually walk behind people who had to have their monitors facing outwards. A market opened up, and this is not the only tool for this sort of corporate surveillance.

Certain Software Engineers will probably get some time without it by claiming they need Admin rights and that the system messes up their graphics or slows down their system or what have you.

Perhaps feeling the heat of other viable political parties joining the table will light a fire under the asses of the legacy political parties?

What are some possible venues for proposing such legislation locally - and what are some examples of success?

Hint: They weren’t trusting. Corporate surveillance follows technology. The bosses are obsessed with watching their workers every second. This is nothing new. What’s new is that we now do most of our work on networked computers, cameras are vanishingly cheap, and data storage is abundant.

I work in a massive data center. Manned by very few people. I often think about how many homes could be heated or cooled with the power used to prop up the internet.

It feels borderline criminal when there are homeless and hungry all over the world.

In any case, something like this wouldn't be hard to implement on Linux. And if Windows normalizes it in corporate environments, rest assured that other parties will offer it for Linux as well.

Union busting & screen tracking already works pretty well as is for the goals you’ve outline.

We usually think about tracking/measurement as Big Brother looking over our shoulder, but all of us are living a day-to-day reality of losing context and having to invest a lot of effort and time to get it back (usually only partially).

I don't think I understand your point here. It feels as if you're framing this as a binary decision/outcome. Personally I see Relay making such abuse easier. So I don't think the existence of bad acts in any way lessens the potential harm of Relay.

> We usually think about tracking/measurement as Big Brother looking over our shoulder, but all of us are living a day-to-day reality of losing context and having to invest a lot of effort and time to get it back (usually only partially).

I also don't understand this. Do you keep notes? If the problem is quite large for you, I think you should take more notes and likely better notes (a skill in of itself). Yes, this has cost, but so does everything. There is no free lunch. But notes are distilled while technologies like Relay are dragnets. And at the root of your argument is the recognition that information is powerful. So you have to ask what information has power and to who. Because information that may not be useful to you may be useful to others who wish to use power against you. And in those scenarios, I don't know about you, but I'd rather have distilled information, and more specifically be more aware of what information is being stored, than just scoop up everything.

Personally, I just don't think it is very hard to take notes.

I'm not quite sure what you mean, I see this as a long term trend that doesn't really have an end point.

There are always people that some manager wants to get rid of, for performance or unrelated reasons.

Employers are scared of getting sued for wrongful termination. Often they do it anyway, but then they need to make up a reason. They're decent at it already, but my prediction is that wrongful termination will become far more widespread and harder to detect or fight in court.

It won't stop though.

E.g. "Employees that might be suffering burnout and need attention"

Which I can see for both PR optics and product reasons. If they retain the secret sauce and raw data, it makes it more difficult for others to go over-the-top and compete.

Do you think Microsoft will prevent their paying customers (the companies) from querying, "What is the strongest legal reason to fire based on the past three years of activity on this computer?"

Their sales team would be absolute fools not to point out how much easier it makes it for a manager to see historically whether someone is performing tasks as they are specified in some formal handbook.

The difference between doing that for reasonable reasons and doing that for post-hoc justification of targeted reprisals is in the mind of the manager and nowhere else. Maybe unspoken, but incredibly obvious.

"Give me the man and I will give you the case against him."

They need data to feed their LLM / AI models. Period.

My take is that MS did intend the feature purely for utility (and to be fair to them I can think of a lot of scenarios where it is useful). But they did this by not seriously thinking about security at all, and the wider internet has now done that thinking for them.

It reminds me of why SSL version numbers effectively start at 3. Netscape wrote version 1, their internal security team broke it, so they wrote version 2 and I believe shipped it without letting their internal security team do a full review. That got broken quickly too, so they want back and did the job properly (by the standards of the day) and shipped SSL v3, which lasted a while. (It's also been broken now, of course.)

I think Microsoft realised recall needed more work, and is now looking at that more seriously.

From helping non-technical family members find where they've mislaid files (such as behind another file on the desktop, which can happen if you drag more than one file at a time) I am confident there is a user base for this kind of thing.

We are, after all, in a world where the youth don't seem to understand file systems and folders [1] and rely on the search feature for everything. Recall could, if done properly, be a great user experience for such people.

It was through user studies that we got both the ribbon interface (great for new users apparently, even if less so for experts) and the fact that when you open an office app it suggests a list of documents you worked on most recently. Sharepoint even takes this further in organisations and suggests documents shared by others that "might be relevant to you" based on what you worked on recently (it's not very good).

If I want to be really snarky, I could mention that UNIX had "Recall" back in the days of text-mode only consoles. It was called the `.bash_history` file, and it's genuinely useful.

[1] https://news.ycombinator.com/item?id=30253526

I think this was done on purpose to disempower the user.

Google Photos' search bar would be able to complete this search, since like 2015. Recall is completely overkill for this, like building a Death Star to swat a fly.

OneDrive doesn't have those problems, but its search is even more unreliable than that in Google Photos.

In both cases, the companies go out of their way to remove any controls over classification, or even user agency in search. Like, how hard would it be to list all of the categories it knows for users to browse, as well as on the photo page for users to know all the buckets the photos land in? They go out of their way to not do that.

Not that there are any better alternatives. For example, Samsung gallery app is just as bad, despite running locally on your phone, and on top of that, has data loss issues that the company refuses to admit or fix. For some reason, tech companies managed to fuck up something as basic as a photo gallery.

I use bash history all the time, I use my browser history all the time.

To be able to use an OS history would be amazing.

What was the name of the esoteric software i was using to program my lego robot,

What was I working on last Thursday so I can fill out the government required SHRED report to get the Canadian RnD tax rebate.

What was the song i was listening to that Spotify played last Tuesday afternoon.

There are so many times i'd use a feature like this.

You'd need some API for applications to signal to Recall "the user has requested not to save this", and then every single program with a password input box would have to update to call this.

How would the OS have any chance of knowing I don't want my programming session recorded if I don't' tell it?

How would google chrome know to go to incognito mode if I don't tell it?

Of course the burden for this is on the user, what other way could possibly work?

Or for example, you were reading some article but did not save it and now want to recall it.

Or maybe you watched some music clip or song on the some website and forgot the link to website.

A lot of use cases.

But also very correct.

>I've not seen anything to make me think this feature is intended for surveillance as opposed to personal utility.

Now that's a very naive take.

They already use tons of telemetry to profie you for ads, snitch about you to your boss, share with partners, and so on, and only growing on that front. Plus all the cooperation they do with their favorite government.

So you are:

- part of a captive audience

- with money so spare

- and for whom someone else has done pretty extensive KYC

Please ignore the sounds of drooling from the marketing department. We have called the cleaners.

These tools are useful, and on a Mac if you want Rewind, you have to know you want it, go out download it, pay for it, install it yourself .. and you knew what you were getting into the whole time.

Having a tool like this planted in your device without your consent is pushing your userbase over the edge.

If they made it a separate feature you had to manually install, like Windows Sandbox or WSL .. they could have avoided shooting themselves in the foot.

When WhatsApp forced accepting terms that affect privacy, they faced huge backlash and many were migrating to alternatives like signal & telegram. In response WhatsApp didn't backout of new the policy but just removed the enforcement deadline.

Now they silently and randomly show an annoying popup asking users to agree to the new privacy terms. The dialog is strategically placed and designed to collect as many accidental as clicks possible.

Sadly, the strategy worked for them and nobody cares about the new terms any more.

1. You don't trust people with physical access to the computer. For the average home user, this means you consider the hardware owner a threat.

2. You want to protect against malware that has already taken complete control over the OS at runtime, and that wants to write itself to disk or the BIOS so that it survives a reboot. At this point, the attacker has already won, so... This might make sense on a stateless appliance like a Chromebook where you do factory wipes a lot.

So TPM mostly "protects" against the hardware owner, or against malware that already has 100% access to all user data, and just wants to stick around a bit longer.

Personally, I'd go with TPM being net negative, because the primary threat model it "protects" against is the actual hardware owner.

The TPM is also used for device authentication. It prevents the leakage of certificates that are used to ensure that you are using the device you claim to be using. This is highly relevant when having remote access from users and one would like to enforce tiering rules together with privileged access workstations.

Furthermore, the second example in which "the attacker already won" is missing the context. The attacker does not want to access the computer (in the industrial example), it wants to use to escalate access within its organization. The TPM can be used for remote attestation, that is, a remote server can verify the integrity of the boot process of the device before giving access to remote resources. In other words, it can be used to check for device compliance.

It is definitely a positive for enterprise security.

The useful use-case of a TPM to me is the ability to encrypt my disk without having to type a decryption password each time I use it.

In case you weren't aware, the ability to do a passwordless unseal can be tied to not tampering with the bootchain. It's not entirely bulletproof, but it's beyond the abilities of most thieves to bypass this (versus just popping the drive in another machine).

I guess you’re looking at it as a freedom for gramps to dual boot a homebrew OS, and I’m looking at it as taking away gramps’ freedom to install persistent malware that requires buying new hardware to get rid of.

On the negative side requiring TPM to install Windows 11 is planned obsolescence that greatly outweighs any perceived platform level security Microsoft promises. A lot of e-waste will be generated ahead of the Oct 2025 sunset of Windows 10. Who really believes Microsoft is fighting for user security like Google did when they proactively sunset SHA-1? Platform security also means bank apps refuse to run on rooted phones. Some online games have metastasized from kernel extensions to TPM verified hardware IDs.

I did not know that Microsoft offers these tools to organizations. I'm honestly shocked that this exists. They'll 100% abuse preview to offer similar features in the future.

Over the last years/decade, they worked hard to improve their image in the tech community, and I have to admit, it worked, at least for me. They've just lost all the respect I had for them.

For example, if your company works with healthcare information and is a HIPAA "covered entity", your customers will demand to see proof that you're using data loss prevention (DLP) software. Such software does things like:

- MITMing output email to make sure you're not sending a spreadsheet full of social security numbers.

- The same but for posts to web forms.

- The same but for instant messengers.

...etc. Netskope is a big player in that space. Go read up on what all their stuff can do sometime. As an individual, a donor to the EFF, and a vocal advocate for user privacy, those things make me shudder. As someone responsible for making sure our employees didn't accidentally upload PHI to Facebook from a work computer, I gritted my teeth and accepted that they're a necessary evil.

There's no reminder that "your work laptop belongs to your employer" quite like working in healthtech. I'm willing to cut Microsoft some slack for offering those products to customers.

It’s important to realize you don’t own any of the communication on a corporate owned device.

And where are we ultimately heading? To the very top, of course; towards the sun; towards enlightenment. The ancient people used various objects in nature to symbolize certain concepts, and the sun above the pyramid represents enlightenment — the highest state of awareness, knowledge and wisdom. The idea behind this is that the bright light from the sun allows us to see our environment and when we can see our environment clearly — i.e. when we can see things as they truly are — we can start to collect valid information about it and build a good understanding of it. That’s why when you withhold knowledge from people it’s called “keeping them in the dark.” This is also why one of the well known secret societies called themselves the Illuminati; they considered themselves the illuminated ones, because they possessed knowledge others didn’t have; in other words, they were illuminated by the extra knowledge they possessed while everyone else was (relatively) in the dark.

The previous commenter was attributing malicious intent to Microsoft and other parties, but in the long run, I'm not sure that anyone's immediate intentions are particularly relevant.

My concern is much less about how the creators of these tools currently intend for them to be used, and much more about how they will end up being used regardless. Well-intentioned people have often created things that were viciously abused by ill-intentioned others later, or created things that had negative unintended consequences.

Surveillance is absolutely the purpose, overt or not. The huge push for bossware/spyware for windows in 2020+ demonstrates that the less ethical portions of industry desperately want to spy on users workstations! Eventually there will be retention laws in certain regulated industries that mandate such technologies! Why enable this potential abuse?

Microsoft is trying to Sherlock the surveillance software industry with this!

I’d rather run North Koreas spyware Red Star Linux than Microsoft Windows.

Occam's Razor, folks.

Being able to perform text-search queries on those is Information.

Having pie charts of "what % of the time did my minions spend on work-related tasks today?" is Knowledge.

What's lacking IMHO, is the Wisdom to ask "just because you can build this technology, should you?"

If you are going to try to make some new product to automate white color jobs a good way would be to sample what all the people are actually doing on windows every 5 seconds and see what you really have.

Peeking over your shoulder will be a side effect you get for free.

It is amusing to me because I was actually considering getting a windows laptop then they pull this shit. So standard for this evil company, I had just been lulled to sleep.

In the future companies can have this enabled and just ask chatgpt to fire bottom 10% of staff.

Or they can ask microsoft to 'train' their own company AI based on worker interactions then fire them once the AI can mimic the work good enough. (this is likely the goal)

It would be for sure a nightmare if it's automating the thing some companies do where they constantly hire their "worst performers" -- but they're doing it anyway with manual labor. The worse thing is that it makes it much more possible to justify firing someone for deceptive reasons in order to avoid anti-discrimination or harassment claims.

This enables much more, because screenshots to comb through for dirt exist where they otherwise would not.

It's not cynical whatsoever to understand that features that enable surveillance are for surveillance. It's simply a realistic take.

What it's intended for and what it can actually be used for are two different things.

If intent mattered, police could have us all wiretapped without a warrant. They wouldn't be actively sueveilling us for a specific case so there's really no problem, right?

I actually think this is a pretty healthy mindset for anything that is political.

Relatedly, do you like ads in the OS?

The reason why Silicon Valley has got to where it is with the complete erosion of user privacy is naive individuals not being able to see far in front of them. Recall isn’t just one event, it’s an accumulation of a thousand tiny events to the point where Microsoft are so up their own arses that they assumed this would be an easy hole in one. Because it usually is.

And they will just slip it in regardless. This is just a PR thing. Mark my words, Recall will be back with a new name and slipped in with an update at some point and it will be enabled without the user even wanting it. Or coerced out of the user. Microsoft want people’s data, whether for their own greed or because they’ve been asked to by the NSA. Regardless, Recall is coming, and the public will be naive about its true intentions. Microsoft will win this in the end.

I think you may have forgotten about Chat Control[0]. Regardless of its intent for surveillance or not, Relay would be an essential technology for making things such as Chat Control even possible.

I must stress that this can come with all good intentions. That the developers and even Nadella see this purely from the utility perspective and have zero intentions to use it for increased surveillance. But like they say "The road to Hell is paved with good intentions." So I'm trying to distinguish between the potential harm of the technology itself and the conspiracies that are arising. Because we need to recognize that evil often arises with no malintent, and to be careful attributing malicious intentions to those who never had none. It can be incredibly hard to know.

But regardless of the intent, I think we can now look at this and see how ripe the technology is for abuse. And I think we can ask the questions about how likely it is to be abused. And don't just ask how likely __you__ are to be subjected to the abuse, but include others. Because even if others are subjected to that abuse, it is not unlikely to affect you in some form (if you need that specific motivation). I think we can all agree that the likelihood of the technology being abused in authoritarian countries like Iran, North Korea, and many others, is quite high. Maybe this isn't on your radar or maybe it isn't a concern for you because those powers will already abuse their citizens. But certainly this gives them the ability to be more abusive and more invasive.

[0] https://www.patrick-breyer.de/en/posts/chat-control/

Please explain to me, because I keep failing to understand. How would Recall help me do anything I want to do on my PC?

But Microsoft has made loud clear reputation destroying moves in the last few years by putting ads into the BASE OPERATING SYSTEM. And also forcing online account linking into the BASE OPERATING SYSTEM. They are yelling out into the world that they can no longer be trusted because they dont understand what an operating system is suppose to be anymore. What kind of deep trust is required to be that layer in a computer.

I do not trust anyone attempting to make money on AI that will not ultimately just be a data hoover for whatever model it is they are using. That's being generous in their motives. Anyone that is trying to hide their ulterior motives of out right spying would use this as the perfect cover.

So, am I an asshole in assuming everyone has nefarious intent or are you a good sheeple for giving people benefit of the doubt?

The monitoring abilities will be better than what is currently available. But it’s not really something a lot of organisations is going to be too interested in. Everyone already knows you’re spending a few hours each week doing internet things, maybe you’re even playing some digital board games with your coworkers. That’s fine (again, in most organisations), in good organisations you might even be able to play a little with your managers. What would be interesting isn’t the DDR type surveillance, it would be if the tools come with automatic detection for outliers. This would help you gather information on poor performers and maybe help them get better.

The other potential is much more sinister. At least if the tools work out as we expect they will. In that everyone will basically be training their AI replacements. This isn’t going to kill the office job, but it’ll make the processes where we’re already putting in more and more RPA smoother and more rapid. Microsoft being who they are, they will sell these tools of course, and if they keep up with their current pricing… well… let’s just say that having a student worker move data is cheaper than most of Microsoft’s current data automation, so we’ll…

As far as security goes I think this is more about complaisance than actual IT security. It’s frankly illegal to monitor employees the way these systems are intended to do in a lot of countries, and I’m not sure Microsoft really thought that true. If they roll out the current system in the EU then they are going to get a lot of attention from the big bureaucratic dragon. They probably will regardless of how they roll it out.

Poor performers can get better on their own time, after they've been separated from the company. PIPs are a formality to provide documentation that ensures wrongful-termination lawsuits don't stick.

It's hard for me to imagine that Microsoft would implement a "watches everything you do" program if they didn't want to look at what it sees.

The entire internet, all of your personal information, every written text, and every photo uploaded to social media have been absorbed into these companies AI models, and they are all clamoring to one-up each other. They are going to acquire as much data as they can get their hands on, and this software is a clear way to do it.

Even the AI features in MS Paint will send your data to Microsoft for "content safety", even though the model runs locally. They're already setting the scene for what they plan to do with Recall.

Something doesn’t need to be designed with the intent to surveil to be used by the state for that purpose.

It’s true they also have folks internally pushing for this as a source of training data for MS AI models as well. There are countless “benefits” for Microsoft that have nothing to do with the personal utility.

The personal utility angle is just the marketing hook, which they thankfully misjudged. How else, though, could they justify recording the screen all the time?

And if I ever want such a thing, I'll be happy to go and find one and install it myself. I don't want it anywhere near my computer unless I deliberately select and acquire it myself.

Isn't that already the norm, or at least very very common? It's just a 3rd party package totally focused on surveillance, not built into the OS and used for some user-accessible features.

> ...governments to spy on their citizens/enemies, and tech CEO's to collect training data for AI and target more ads at end users.

These applications would be novel, at least on a widespread basis in Western liberal democracies.

How? We already know Google trains its AI on people's private emails and Five Eyes conducts mass surveillance on Western citizens (see: Snowden). You can be sure that the people behind the PRISM program are salivating at the thought of access to the unencrypted Recall databases, and that they'll be twisting Microsoft's arm for backdoor access.

> How? We already know...

I think you're making the mistake of interpreting this as a binary thing, which obscures the difference between, for instance, tapping phone calls and installing bugs in every room of everyone's home (a la 1984's telescreens). Or in this case, Google scanning the emails you sent/stored on their servers vs. Microsoft storing and scanning every action you take on your PC.

It would be novel because most people outside a corporate environment don't have a keylogger/screen-recorder running on their system.

“Hey Siri, what did mom do today?”

“Asked 214 times when you were getting back in town, because she has not seen you in a long time.”

“I’ve been back for two months and I saw her this morning.”

“That is what I told her, each time.”

“Ok. What else did she do?”

“Nothing.”

Yeesh. Some Black Mirror shit.

[edit] not to crap on how nice that really might be for a lot of people. Dementia’s just… well, pretty messed up and sad, I guess, and bringing machines into the mix can be weird.

Not even that. It's still coming, under the same name, just not as soon for everyone.

They invested a bunch of effort into a product the market loudly rejected.

They're now withdrawing the product while they figure out what they can salvage from the effort.

Key stakeholders may have a few ideas about how to proceed (ranging from "try again later" through "repurpose it" to "forget it"), but enterprises of Microsoft size make decisions very slowly so of course it's vague about what's next. Collectively, they almost certainly don't know!

As someone who grew up near Redmond, who still has an emotional soft-spot for Microsoft for some reason, I feel truly embarrassed for their implementation.

All the efforts from other teams to have .NET reach Swift, Java, Kotlin levels of adoption on Windows, have always hit a wall against WinDev culture.

Also the 90's spirit from features over security hasn't yet gone away from WinDev, so it isn't really surprising this turned out this way.

They can figure this stuff out sometimes, right?

How did they get from Windows/AVG/ESET to Windows Defender, and how can they make that happen on Azure?

The difference with recall is about blast radius of any unauthorized/unintended access, which still happens even if it's less common or via something like clicking a bad link in an email. That's in addition to mistrust of MS or large corporations sucking up data, and how secure they are (what would a Ashley Madison type breach look like with recall data?)

However that was it, WinDev fought against Longhorn, Office folks redid the .NET ideas in COM for Vista, and so on.

For example, Kerberos support in Azure AD led to the some of the latest issues?

Most stuff is built with .NET, Go, Java and Rust, while the hypervisors are based on Windows (Azure Host OS[0]) it isn't the same as regular Windows, and most workloads are Linux based, officially > 60% [1].

Finally, starting this year, Azure has new security guidelines, all new software is to be written in managed languages, if a GC is not an impediment, Rust otherwise.

Writing code in either C or C++, is only allowed for existing products, with the related security guidelines in place[2].

[0] - https://techcommunity.microsoft.com/t5/windows-os-platform-b...

[1] - https://azure.microsoft.com/en-us/products/virtual-machines/...

[2] - https://x.com/dwizzzleMSFT/status/1720134540822520268

edit: and of course that's where the threat actors put their focus, because that's where the data lived.

> Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA consumer to access OWA and Outlook.com. All MSA keys active prior to the incident – including the actor-acquired MSA signing key – have been invalidated. Azure AD keys were not impacted. The method by which the actor acquired the key is a matter of ongoing investigation. Though the key was intended only for MSA accounts, a validation issue allowed this key to be trusted for signing Azure AD tokens. This issue has been corrected.

So the attackers found a valid private key for MSA (undetermined how, the theory was that it was scraped from a debug dump that was moved from high privilege prod to someone's low privilege shared drive). They then used that key to sign invalid tokens for AAD and the validating side incorrectly accepted those tokens. In this case, the validating side would be Exchange / OWA. Azure AD seems to not be implicated in the security issues, since it was MSA that leaked the key and OWA that failed to properly validate it.

That's my interpretation of the text anyway. It also aligns with my own understanding from a brief time at MS that Azure is much better at security than the rest of MS and that Exchange is a dumpster fire because of decades of cruft and evolution of systems.

This seems like the general attitude that delivers lackluster solutions across many products, like Teams, SharePoint, etc.

The critical blunder was in indexing that personal data by watching over your shoulder, which is both creepy and low-effort. They've got to put the work in to find a better way.

I used to work for a company that made a rather popular database for mobile applications. An easy API to store data on your phone and have it synced to a server with no effort on the developers part.

Two of my co-workers spent a few weeks making a nice looking chat application which worked by syncing messages from many users to different devices, and they wanted to publish it as a demo. Until somebody else pointed out that there was no security at all. The server just accepts the latest state from the client. This was fine for most of the current use cases, but for chat basically meant that any client could rewrite the entire history and the server would just say "thanks!" on next sync and distribute the changes to everyone else. These were adult humans with degrees from respectable institutions, and this hadn't crossed their minds at all.

Basically, I think a combination of Hanlon's razor and nobody wanting to be a naysayer is a perfectly adequate explanation for this Recall thing. I think it's obvious that a lot of people would like their computer to work like that, and I can see them wanting to get it out without having listened to any internal criticism (if they even have a culture that allows that).

So until this changes, take with a grain of salt how much secure Recall is actually going to be.

Contrast this with Apple Inteligence, where not only are most local APIs made available via Swift, they have created special hardware and a unikernel like OS with sandboxed layers, exposing only what OS capabilities required for AI processing and cluster communication.

Versus "Thrust us, we are going to do the right thing".

Of course "listening to users" really means "listening in on users". Or just "bad press".

Microsoft does not consult with users before adding code into Windows. Nor do users contact Microsoft to tell the company what code they want or don't want.

Even if they did, the company does not operate based on user suggestions.

The reaction to "Recall" by journalists, bloggers and commenters is not that they think it should be "delayed". They think it is a bad idea.

Microsoft will do as it pleases. As it always has done.

They could conceivably push to SOHO users, but a) there's no revenue there (and this stuff is expensive), and b) it's really bad optics.

"We're going to offer you a feature that your workplace refused to run on their network."

I'm sure there's ways to spin that, but it'd be a challenge.

Apparently there are security concerns afterall. Did they lie before or now or just completely clueless about what is a security concern or what? I am confused.

I think that messaging is a direct response to their hearing in from of the House yesterday. They were being grilled on their numerous security lapses and Brad Smith (president of Microsoft) constantly reiterated that they are refocusing their priorities to be security. They were also questioned about Recall specifically so it's not surprising to see this as one of the first places where they are putting out that messaging.

As the size and influence of an entity increases, it has more power in the economy and therefore should have more responsibility, not less, to act according to high standards.

A gargantuan company that is 7% of the S&P 500 getting whoopsie-daisy passes because it is so large and nobody knows what it's doing is a dystopian situation that we should have incentives in place to discourage

> They don't even allude to the existence or detection of any specific security problems

Arguably the product itself. Which is another reason they might be vague about it. Because to talk about those security problems would taint the entire product and they can't do that if they aren't willing to completely scrap it.

People have been talking about how the data in here is similar to what may be already existing but that's far from the truth. Yes, these companies have a lot of data on us, but this is a significant step forwards in the granularity of that data. It's also worth noting that hackers could not get into your computer and assume that your computer not only has a keylogger that they can access to further compromise your system (and other systems/accounts) but that they can also obtain screenshots. These increase user risk significantly and greatly reduce the requisite technical skill needed for those infiltrating machines.

Similarly, many have pointed out the potential connections to Chat Control[0] and how such systems can likely be used by many companies to be exploitative of workers. While you may trust your company/partner/significant others/government and so on, it is important to remember that not everyone has such luxuries. It is also important to remember that such things can change. Even in the US there are high risks of potential abuse: such as police obtaining a warrant to get this data to see if someone is trying to obtain abortion medication. Regardless on where you fall on that specific issue, you can replace it with any other concerning issue and I'm sure you wouldn't like that (guns, religion, gender identity, political affiliations, and so on). So even if you trust Microsoft to not give away this type of information nor to provide authorities access (which often includes authorities not in your home country), then you must ask if the benefits are worth the costs. And not just for you, but for others.[1]

> It sounds to me like they're figuring out a new marketing approach

I suspect this is correct and as segasaturn suggested, turned up the heat too fast. I also suspect that this type of data invasion can be much more easily understood by the general public, who often struggle with understanding what metadata is and how it is/can be used. It does require technical knowledge for this and is often non-obvious, even for people who are well above average in technical literacy (as is the average HN user).

[0] Specifically we should note here that Chat Control would force Microsoft to use this system in a much more invasive way. We lambasted Apple over their proposal for CSAM detection, including the potential risks of abuse even if it were theoretically impossible to avoid hash collisions. Having Relay would require Microsoft to implement such a system and that's why there are many conspiracies arising that Relay is specifically intended for Chat Control, because true or not it would likely have similar outcomes. We'll see if Apple revisits the idea, and the recent WWDC doesn't rule out such a possibility https://www.patrick-breyer.de/en/posts/chat-control/

[1] https://www.youtube.com/watch?v=goQ4ii-zBMw

The original is this:

Update on the Recall preview feature for Copilot+ PCs

> Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks.

To be clear, it may be delayed for public release, but it is still shipping to Insiders (possibly on June 18, 2024 but in the coming weeks indicates later).

> With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.

Further...

> ...we plan to make Recall (preview) available for all Copilot+ PCs coming soon.

Microsoft always tends to "go big" with their integrations, often to their detriment, in order to increase adoption of new features. One notable time was with Windows 8. They really, REALLY wanted people to try out the new Metro UI, so they deeply integrated it into the OS, pushed it in every marketing campaign, and made it the first screen you saw on login. There were some great features in it - better performance and better search results, but it wasn't opt in. The reaction from customers who took a casual look was, "they removed the desktop!". It wasn't true, but because of how overzealous MS was to push the new feature, that became the takeaway.

The same thing is happening here - Microsoft pushed what objectively is a great tool, but they did so in a way that never gave users a choice of whether or not they wanted it. They've also framed the messaging and marketing in a way that's confusing to what is actually happening. Look at the amount of talk in this blogpost dedicated to mentioning how important security is for them, without ever actually going into what the security issues are or how they're addressing them.

Sloppy marketing + forced integration has bit Microsoft so many times now. I'm always shocked that they never learn from this.

The core issue is that everyone has things on their computer that they want to be transient. I don't ever want my computer taking screenshots when I'm entering, say, my credit card number. More importantly, though, I oftentimes have text editors containing "scratch pads" that may contain sensitive data that I never want to persist.

Microsoft just never thought through the security implications of this feature.

From a privacy perspective, this feature is an abomination

The feature provides the ability to search through all of the previous things you've done and gain context in an instant, in a way that can be queried with natural language. I think we can agree what it aims to achieve is beneficial.

The implementation is what you're debating. I see these are two separate things, but they play hand in hand. If you get the implementation wrong, it can easily tank the feature.

Still, the documentation for this seems to disagree with what you're saying.

> This is a spyware that stores screenshots unencrypted

This page[1] states "Snapshots are encrypted by Device Encryption or BitLocker". They suggest that things aren't shared with Microsoft, though I totally understand the skepticism there.

[1] https://support.microsoft.com/en-us/windows/privacy-and-cont...

That sounds like it just means it's encrypted at rest - ie. while you're logged out - but transparently decrypted in much the same way as everything else on the system while you're logged in. That is to say, any running malware would have just as much access as it would do on a system that doesn't use encryption.

From a functional point of view, it can be treated as being equivalent to being unencrypted, with the exception being when you aren't logged in - at which point you're not running any programs anyway.

Except it's so thoroughly invasive and ripe for abuse that I can't imagine ever using something like this that isn't open source and thoroughly vetted. And I think your very valid points are stemming from that -- MS's implementation was hamfisted and halfassed, and people don't trust them even if they do it correctly. But those are issues with the implementation and the implementer, in my mind. Not the conceptual feature.

I think it’s more productive to discuss it in terms of the use cases and who they benefit.

I do not think this is at all true.

Recall as implemented is an absolutely security and privacy nightmare, and would absolutely become a tool of oppression for abusers. MS deserved to reap the whirlwind here, as would any firm that offered the same sort of feature.

I’m reminded of the backlash to Apple’s plan to have on-device scanning for CSAM in (I think) 2021. It blew up badly for them.

Why bother using psychological tricks to fool the user into compliance when you can just use that time and energy to make a better product?

Citation needed. I highly doubt this is true.

... excuse me!? Complete surveillance being a great tool?! Objectively great tool?! Maybe in China, yes.

[Microsoft Storm-0558 Incident, cited as a recent example] https://www.microsoft.com/en-us/security/blog/2023/07/14/ana...

Microsoft recently pledged to improve its security practices through incentives to executive pay and other initiatives.

[Microsoft Blog on recent Commitment] https://blogs.microsoft.com/on-the-issues/2024/06/13/microso...

Despite these pledges, several members of Congress are making it known that they dont see Microsoft as being serious about their recent commitments around security. It is worth noting that several of these members of congress influence how much Microsoft gets paid. The Recall feature is often used as a lightning rod to bring to light the rushed rollout of Microsoft's features without concern for security.

[Video with timestamp of Microsoft's President being questioned by Florida Congresswoman, Recall mentioned] https://youtu.be/kB2GCmasH4c?t=8217

While I suspect there may not be any sole reason for the release delay, it would seem to me that having Microsoft's biggest customer using Recall this way, may greatly influence the company's decision to hold off on the release.

They didn't open-source the debugger so that you have to use VS or VSC. VS Code also has shittons of telemtry (same for dotnet LCI) and when you use Codium you are (officially) not allowed to use their marketplace.

>running GitHub well

GitHub is down nearly every week and constantly has problems. I appreciate them making certain features free though.

It's amazing that humans as a collective have decided that private corporations are the best way to progress as a civilization.

And that's to say nothing of the decade-long attempt to compete with Google and Apple in mobile with Windows Phone/RT/Nokia, which Nadella mercifully unwound.

The eye opener for me is the Surface Pro 10 only existing for businesses. They cared to design and produce the whole device, but not ship it to regular customers. That whole market is forced to go to the more experimental copilot line instead (which could arguably be great, but you don't get to choose in the first place)

Anyone who is still using windows in 2024 and isnt a multinational business or llc gets what they deserve.

Speaking for myself, I dual boot mint and windows because I really like playing games and making music. Both of those are absolutely subpar on Linux.

Outside of our nerd bubble, most normal people don't really want to run desktop Linux. Macs are great, but I can't really game on them.

1. Become technically literate enough to install Linux. Distros like Fedora are very easy to set up imo.

2. Ask someone else (relatives, local computer store, etc.) to set it up for you.

3. Continue using Windows.

What happens when something weird happens and you have to manually change the kernel or your hardware just isn't supported.

I still wouldn't recommend Linux to most normal people. So your stuck with 3 realistic options.

Mac. Chromebook. Windows.

Chromebooks are actually really capable, but forget gaming or serious music creation.

I've been using desktop Linux for over 15 years. It's still much more work than normal people want to do.

Then I think you're making things hard on yourself. I'm a NixOS user, I know I cannot get everyone to install my specific system with all the bells and whistles. But you could walk a middle-schooler through installing Ubuntu or Fedora; it's easier than setting up an email account.

Both Windows and MacOS are slowly rolling down a hill of bloat, surveillance and unusability that will eventually push people onto something else. Modern GNOME is basically just an iPad with more obvious on-screen controls. With distros supporting Flatpak, it doesn't even matter if you misconfigure your base system since all your apps are sandboxed anyways. I think the success of the Steam Deck kinda proves that people don't care what your desktop is as long as you have recent Chrome/Firefox and let them sideload stuff.

It's not just the initial install. Eventually for almost every distro I've installed things get rough and you need to use the command line.

Want to play Fortnight, well you can't. How about Roblox , might be possible but it's a full comp sci project.

The only thing that will ever change this is if Valve comes out with a full laptop. The Steam Deck is the closest thing we have to a mainstream adoption of Desktop Linux.

In my personal life, Linux is where I go to when I really just need to focus and get things done. Less weird background crap going. It's much easier to enter a flow state with Linux.

Those two games put a code that will intentionally stop them from working if it detects them running on Linux. Justified because (at least in Fortnite case ) they can't install kernel level anticheat.

> The only thing that will ever change this is if Valve comes out with a full laptop.

Unfortunately Valve Laptop won't solve this either, unless if Valve goes against the spirit of Linux and lock it down

If you mean something else, you never need to do that as a normal user.

Hardware just not working happens on other operating systems too, it just sucks. But normal people aren't swapping out important parts so at most some USB thingy doesn't work.

admittedly I did the installing part, but day to day use is not an issue any more. Ubuntu is hands down much more user friendly than Windows 11

Problem: Uber is expensive, and you don't know how to drive, so getting around is a challenge.

Solution: Learn how to drive.

- Reaper

- Tracktion Waveform

- Bitwig

- Fairlight

- Zrythm

- Ardour

As for games, I've been 100% Linux for several years now, and haven't had much trouble. I'm only aware of issues with aggressive anticheat these days, but I refuse to give money to companies that push ring0-spyware anyway.

You can make music on anything, I'd imagine a skilled producer could do anything I can do in Maschine in Zrythm. But it's a matter of difficulty.

Maschine has a series of custom midi instruments which are simply amazing.

As for gaming, you could probably play the next Call of Duty with browser based cloud gaming when it hits gamepass.

I definitely understand the benefits of Linux though. I think dual booting is the way to go.

I only know these things from doing light audio work, mostly relating to video editing. In that world, DaVinci Resolve studio seems to be winning, and is thankfully cross-platform. Blackmagic is truly a wonderful company.

I think it comes down to wait ultimately matters to you.

Windows hasn't gotten so bad I want to avoid it entirely yet.

I've used Maschine for like a decade, I don't really want to have to learn a new tool just to spite Microsoft.

Plus if you have a job that requires Windows, it gets familiar... The devil you know

Honestly, buy an iPad. You can get a new iPad for as cheap as $300 and it will adequately serve all of your basic needs. If you're not tech-literate enough to install Ubuntu (which is extremely easy and straightforward in my experience) then I don't think you will need the extra bells & whistles of owning a laptop.

I look forward to see where developments can go from here, but Zorin is pretty good for a solid amount of games... Maybe not most.

This is a perfect example of a frustrating problem with Linux on the desktop. There is always a perfect distro that my aunt can just use and that never breaks. The problem is that once it was Mandrake, then Ubuntu, then Manjaro, then Pop_OS!, and many others. Most of them fade into obscurity after a couple of years, to be replaced by $shiny_distro that this time will be perfect for non-technical users, I promise! And a year later, there will be another one and everyone will start raving about it and dismiss $shiny_distro for being broken.

This does not work. To work with a general audience, a distro needs to look nice, behave well, be good at marketing, and last long enough to establish a presence. Maybe ZorinOS is good, I have no clue. But I never heard of it (and I am following what’s happening in tech in general), and i have no clue whether it will be around next year. So I’ll stay on Tumbleweed, and I still don’t have a really good solution for normal people who might want to use Linux.

Like you, I find the "hopping" nature of Linux enthusiasts to be exhausting. it's almost always nearly the same fucking bits at the end of the day. Great, you know how to use the package manager? Everything you like about NewShinyDistro's defaults can probably be hadon the distro you're on already.

Christ maybe the better approach is my other idea - customnixos.org. You always get nixos, but you get to pre-pick the desktop environment, theme, background, etc, and then it slips you an iso with those options set.

Frustration, mostly. I really like Linux and I think it should be more accessible, but the community keep shooting themselves in their metaphorical feet.

> Lol maybe even do it for every major distribution. Nvubuntu, fedoria, etc. And then we can be done with this? Idk.

That would help. NVidia drivers are a major pain point even for more experienced users, and yet are critical for something that can be used for gaming.

> Great, you know how to use the package manager? Everything you like about NewShinyDistro's defaults can probably be hadon the distro you're on already.

I know that, and I am very happy with Tumbleweed, but that’s not really something we can say to the general public.

> Christ maybe the better approach is my other idea - customnixos.org. You always get nixos, but you get to pre-pick the desktop environment, theme, background, etc, and then it slips you an iso with those options set.

A huge part would still be missing: the integration of all these pieces and setup so that they look like something that works and not a Rube Goldberg OS. Something that at least Ubuntu is doing, for all their faults.

Look at game controllers for example. That’s another major pain point for gaming on Linux. You can use all of them (the various generations of xBox and PlayStation gamepads that work over Bluetooth, not sure about the Switch ones) with quite a bit of fiddling. OTOH, on a Mac, iPhone or iPad you just pair them and they work, and can then be used with whatever game you want. No fiddling with the package manager, no config file wrangling. This integration work is important for an OS we want everyone to use.

I will never stop being annoyed at conversations around distros. Ever.

Yeah, let's imagine how they react to their entire system being broken and some rumblings of "well maybe if you change time". Yeah, sure, okay, I'm sure a user that can't install a package will be able to handle that. /s

Maybe it's simply because I AM a distro maintainer, that I just roll my eyes at all of this. What's pre-installed is so trivial it's almost nothing to me when I think about why I chose my distro. How fast can they react to security reports? Are they abreast of developments in the Linux ecosystem and adjusting and experimenting with defaults? Really truly? Because even in (my distro) where I can tell you the names of owners of specific areas, there's still some gaps we could cover better.

The curse of knowing too much. Or maybe my empathy meter is way off tonight. Idk.

Fuck. No.

I'm sorry but if the way we handle accessibility of Linux to non-Lijux-aware folks is to just push them to the latest flavor that has the most shit crammed in, well, I'm not sure what we expect the outcome to be.

Tossed in a 4TB SSD and I'm very happy with my purchase. I have Mint installed along with Windows.

Price out a 4TB Mac, you'll be spending an unholy amount of money. Plus in a few years when the 8TB SSDs are cheaper it's an easy upgrade.

Contrary to what both people who don't really play games and people who make their gaming rigs their entire identity tend to think, the vast majority of games on the market run just fine on half-decent hardware with a concession here and there as far as resolution, particle systems, etc go. At $700+ you can get plenty of bang for your buck; even more so if you buy secondhand.

[1] http://www.literaturepage.com/read/thusspakezarathustra-107....

I think it's more narrow than that. Yesterday, Brad Smith (president of Microsoft) went in front of the House committee for Homeland security and they were making the case that Microsoft is a national security risk.

Corporate customers may react based off of that testimony, but given the timing, it feels like the US government is the motivating factor for this announcement today.

Yeah, enjoy your just desserts of games that work, HDR that works, variable refresh rates that work, sleep and wake that works, the ability to run the software you need to use, one of the best IDEs available, fantastic backwards compatibility, etc

Before putting me in crazy fanboy fandom, I’ve used all three systems each for at least a decade now (and counting), and windows wins workstation pc award by simply being alone in the league of what works out of box with no additional expenses or headaches.

Edit: don’t get me wrong I hate ms, but I hate stupid bugs and restrictions much more.

Now they also want to attract the "masses" so in the end on Windows you'll get a lot of crappy "user-friendly" stuff. There is the ad situation also, but is really not as bad as I keep hearing about, I'm not even sure what it refers to exactly. The only times I see ads is when I mistype something in the start menu, and I start getting irrelevant web search results from bing or whatever, with ads, just like when googling. I guess that's what I "deserve"? It didn't bother me enough to try disabling it anyway.

And finally, obviously if I'm using Windows it means I accepted that I implicitly trust Microsoft, just like anyone with an iPhone/Android implicitly trusts Apple/Google. I try to minimize the number of actors which I trust. Actually Microsoft doesn't scare me too much because they are always under the spot lights, with lots of harsh criticism, so they have much more to loose than smaller/more "reputable" players. So, anyway, I don't really see why I should care that some new crappy feature could help them spy on me, as they could spy on me anytime anyway.