Techokami

“Every few seconds, screenshots are taken. These are automatically OCR’d by Azure AI, running on your device, and written into an SQLite database in the user’s folder,”

The database is stored locally on a PC, but it’s accessible from the AppData folder if you’re an admin on a PC. Two Microsoft engineers demonstrated this at Build recently, and Beaumont claims the database is accessible even if you’re not an admin.

Microsoft is currently planning to enable Recall by default on Copilot Plus PCs. In my own testing on a prerelease version of Recall, the feature is enabled by default when you set up a new Copilot Plus PC, and there is no option to disable it during the setup process unless you tick an option that then opens the Settings panel.

Everyone pushing for this needs to Be Made An Example Of, and I'm not joking

It's blindingly obvious that Recall was designed for one reason, and one reason alone: To Put More Laser Targeted Ads In Your Operating System

(well, that and selling new chips I guess)

#microsoft #fuck microsoft #"AI"#fuck "AI"#kill all "AI"bros #Recall (Windows)

Bruno Dias @bruno6/3/2024, 8:34 PM

This bit of it is so insane to me:

However, Recall doesn’t perform content moderation, so it won’t hide information like passwords or financial account numbers in its screenshots. “That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry,” warns Microsoft.

Holy shit dude, what are you doing. Do you employ any security experts? Could any of them get a job somewhere else?

Password cloaking is meant to stop a looking-over-your-shoulder attack when using a computer in public. Users constantly uncloak passwords when typing in a private setting – eg, to check how one has misspelled a long passphrase. This is normal and fine because one might assume that one's computer doesn't have a fucking KEYLOGGER INSTALLED IN IT BY DEFAULT FROM THE FACTORY.

Bruno Dias @bruno6/3/2024, 8:41 PM

Like, this needs to be said very clearly:

There is no secure way to implement this kind of feature.

You cannot be indiscriminately logging everything that passes through the output or input of a user's device. You cannot. Period. Doesn't matter if AI is involved or not, doesn't matter where you're storing it, this is not reasonable to do.

Techokami @techokami6/3/2024, 9:56 PM

I talked about this with my psychiatrist earlier today, because I knew something like this would be super dangerous for him and his patients, and yeah... if something like this was thrust upon him in a future Windows 11 update, he said he'd take me up on my offer to help him migrate to Linux, because this is a gigantic HIPAA violation

You must log in to comment.

in reply to @Turfster's post:

Keiya the Cyber-Kitty @keiya6/3/2024, 10:29 PM

... what part of this is even "AI"? it's just ocr and full text search. the former might use a machine learning model as part of it, I suppose...

IcedCocoa @IcedCocoa6/4/2024, 12:41 AM

This feels indifferent from back in early 90s when Daewoo advertised their refrigerators 'ai-powered' because it had more sophisticated cooling system

Fion @SuperBloodWolfMoon6/4/2024, 1:32 AM

Probably an LLM providing a summary of the scraped data

Lena Hojoz @PuncakeLena6/4/2024, 7:45 AM

It's AI in that it'll make investors happy because they slapped The Hot New Word™ on their product

See also, various products without a turbocharger labled "turbo"

in reply to @bruno's post:

Amy Dentata @amydentata6/3/2024, 8:55 PM

This def feels like "security experts detailed all of these problems and more, C-suite said too bad we need this"

Takel @takelgryph6/4/2024, 3:19 AM

that's my assumption

Christian Simmers @Xuelder6/3/2024, 9:09 PM

My brother is freaking out about this, he's a government employee who sometimes have to deal with sensitive information, and now this is going to be a standard feature going forward? This is an opsec nightmare.

Plum @plumpan6/4/2024, 12:05 AM

Currently this is just a feature on "Copilot+ PCs", which is Microsoft's name for the new ARM based PCs they're trying to sell.

It'd be ignorant to think they won't try to put it on the normal OS later, but at the moment this is isolated to a subset of weirdo laptops that, hopefully, no one will buy.

Ecter B.@ecter6/4/2024, 5:54 AM

Also, what a way to ensure that Windows on ARM will never catch on!
Two shots in the foot for a price of one.

in reply to @bruno's post:

Binary @binary6/3/2024, 8:51 PM

It is WILD that anyone thought this was in the remote vicinity of a good, reasonable, or workable idea.

Bullethell Mothgirl @GenesisMoth6/4/2024, 6:34 AM

this is as hilarious as it is enough to drive me into a laughing manic fit! great job michealsoft and pear, i give yall 5 (generous) more years before you're bankrupt and left with the credibility of dogecoin!

@barbarian-radish6/14/2024, 2:37 PM

my favorite part of this is how pointless their example use case is (https://support.microsoft.com/en-gb/windows/retrace-your-steps-with-recall-aa03f8a0-a78b-4b3e-b0a1-2eb8ac48701c)
looking up a recipe for goat cheese pizza you found online. a problem you could alternatively solve by searching your browser history for the same terms

in reply to @techokami's post:

Dansniel @Dans6/4/2024, 8:50 PM

On a business level it's even crazier, in a field where people can be sued or a company lose millions just from leaked emails, to have this kind of thing receiving investment from major tech companies is surreal that anyone who participates in this is not concerned about sensitive data and still giving the thumbs up

Pinned Tags

Education Yourself