thomasahle
a month ago
For those who don't know, Microsoft Recall is a system that screenshots what you do every few seconds, and uses OpenAI's vision api to allow search on eveything you did in the past.
There's an article from Sep 27th where they promise you'll be able to uninstall Recall: https://www.theverge.com/2024/9/27/24255721/microsoft-window... , not sure what that means for this explorer.exe dependency.
mitthrowaway2
a month ago
Is this why a new privacy setting quietly turned up called "Activity history"?
> "Activity history: Jump back into what you were doing on your device by storing your activity history, including info about websites you browse and how you use apps and services. Review the Learn more and Privacy Statement to find out how Microsoft products and services use this data to personalize experiences while respecting your privacy"
"Copilot" also quietly turned up on my Windows 10 taskbar not long ago. I certainly didn't opt to install it.
hbn
a month ago
Copilot first appeared in my taskbar after an update as a pinned app, which I promptly I unpinned.
Another update not long after it appeared again in my taskbar, this time not as a pinned app icon, but it literally replaced my "show desktop" button in the bottom right corner! I had to search online for other confused people looking to restore a basic desktop navigation feature that's been around since like 2009, because they replaced it with the 17th ever-present option to jump into their preinstalled bloatware!
And just as a sidenote, Microsoft Copilot is by far the worst LLM I've tried to use, both in how dumb it is, but also in how infuriating it is when it gets stuff wrong while spamming a bunch of stupid emojis into every sentence like it's excited about how confidently stupid it is.
benterix
a month ago
Frankly I don't understand why anybody would be surprised over this. They have been doing this stuff for over a decade? (I specifically mean quietly introducing privacy-hostile settings without user consent or knowledge, not other user-hostile stuff that's been going on for much longer).
freitasm
a month ago
Activity History has existed for years. It's not new.
New is extra data collection and Copilot "understanding" your activities based on those records.
LinuxBender
a month ago
O&O's "ShutUp10" [1] used to be able to disable as apposed to remove this as of July 16th. Did they change it so it can't be disabled any more? If so is there a way to put an arrow in it's knee such as mounting a ram disk overlay where it stores data or creating a scheduled task that runs in the same security scope to truncate files?
smileybarry
a month ago
Windows Recall doesn’t use OpenAI or any online API. The indexing and OCR is done by a local model, in a Secure Enclave powered by VBS and encrypted with the system TPM. AKA: a virtualization-separated process with storage inaccessible to the OS (all lookup etc. is done over RPC).
Source: https://blogs.windows.com/windowsexperience/2024/09/27/updat...
blibble
a month ago
given Microsoft's excellent security record how long do you think that'll take to break into?
an hour? maybe two?
smileybarry
a month ago
Do you hold Apple Intelligence's local LLM to the same standard?
Apple Intelligence will index all of your messages, app data, etc. into a queryable index. That will also obviously reside on disk somewhere, encrypted. And it could be just as exfiltratable as your hypothetical. (Because both cases require compromising the host computer)
mistermann
a month ago
It is plausible MS is taking marching orders from a higher power, off the record.
hypeatei
a month ago
No, that scheme would be too hard to contain so the three letter agencies are blatant about it. They just let tech companies develop these things and know they'll have access to the data anyway.
For every real user that finds a tool slurping up data to be useful, there are 100 law enforcement agents also saying it's useful so everyone should hop on the bandwagon.
mistermann
a month ago
It's not possible for you to know how hard to contain it is.
The commonality of strange beliefs like this makes me seriously wonder if there is an initiative on social media to teach this form of thinking as being correct, because it is certainly the default. Try defecting from the game for a month and watch the other players from the sidelines, and see if you don't see what I'm talking about.
hypeatei
a month ago
Generally the more people you tell, the harder it is to keep a secret. I don't what makes that a "strange belief" but okay.
altruios
a month ago
Well: it's the generalization that a large corporation is communicating with an agency as a whole entity - thousands of employees aware, top to bottom - as opposed to just 1 or 2 people at the top receiving secret orders.
It is strange because that's exactly the opposite of how a corporation operates. If every employee (or even too many) employees are aware of the decision making process, that process stalls out.
The default view should be: the person at the top is being the one contacted, and the employees are not in the know.
hypeatei
a month ago
My point was that there isn't a secret scheme here where federal agents are pulling the strings at the top. They literally just ask private companies for data either through court orders or side channels and they'll get it eventually.
All out in the public view (essentially)
mistermann
a month ago
I think the disagreement is over whether the decision to ship the product was influenced. It is not hard to have a perfectly acceptable business reason, but also have secondary motive(s), and not many people need to be involved.
Plus it is not necessarily knowable.
mistermann
a month ago
Look how less ambitious this new characterization of your initial claim is.
> and know they'll have access to the data anyway
Here we agree.
hkon
a month ago
Companies dealing only with new features, products and other things that are meaningless in the greater picture manage to keep secrets for years all the time. Why wouldn't more nefarious things also be able to kept secret. Before Snowden, plausible deniability existed. But not anymore.
lostmsu
a month ago
It supposed to be local.
kobalsky
a month ago
~~it's supposed to be optional.~~
it's supposed to be local. <------ YOU ARE HERE
you can supposedly disable it.
it's supposed not to send your information to the cops if it's sees you being naughty.
whatshisface
a month ago
Or maybe,
It's supposed to be local.
Broad, anonymized statistics are aggregated by Microsoft.
Including your name.
It's only available to Microsoft's marketing department.
It's available to third-party affiliates.
A handful of resellers are affiliated.
Insurance companies, employers and law enforcement have as much of a right to buy the information as anyone else.
umanwizard
a month ago
There's another step:
"Okay, it'll send your information to the cops, but only if it sees you doing something REALLY, REALLY bad, and we pinky-promise we will not let cops in authoritarian countries decide what that means".
(Remember the iCloud photo scanning controversy?)
hagbard_c
a month ago
And then, the last step:
If you've got nothing to hide you've got nothing to worry over.
Why do you worry? What do you have to hide?
Don't leave your house, a Black Maria is on its way to pick you up.
lostmsu
a month ago
Did you mean "opt-in" rather than optional? Optional is the same as "you can disable it". Also, you scratched it out. Are you sure they just enable it without asking? The link above even has a screenshot.
skydhash
a month ago
Which is equally bad. Why am I wasting CPU power on that?
goalieca
a month ago
It sounds like an unnecessary security nightmare. Someone will figure out how to tap into this.
moffkalast
a month ago
I think someone quickly realized it was all being stored in an unencrypted database on the machine when the first version launched, so anyone with direct access can just list through the whole thing.
bboygravity
a month ago
An OpenAI model running locally, not sending data to OpenAI? Similar to how llama3 can be run locally?
Yeah, you'll have to bring some sources for me to begin buying that. It goes totally against everything Microsoft and OpenAI have been pushing.
KTibow
a month ago
What makes you say that it uses OpenAI models? From what I understand right now it only has search functionality, which could be easily done with a local embedding model (similar to the open-weights CLIP) and possibly OCR.