this post was submitted on 04 Jun 2024
664 points (98.7% liked)

Technology

59979 readers
2290 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

this rootless Python script rips Windows Recall's screenshots and SQLite database of OCRed text and allows you to search them.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 6 months ago (6 children)

browser data is a potential liability, sure, but you have tools to manage it. you can delete pages or entire websites, you can use private windows, you can purge history older than 6 months or something like that, and at least a few browsers have a "forget" button that wipes out the last two hours of history. similar deals with cookies and other data, and we've collectively decided the benefit of having browser data is worth the risk.

not so here. Recall is a record of everything you've ever done on your PC. you can't selectively delete things like you can with browser history, the app and website exclusion is only as good as whatever Recall is using to detect apps and websites, and you can't redact sensitive info after the fact. people are generally okay with browser history and data because they know they have fine-grained controls to manage it, controls Recall doesn't have

[–] csm10495 0 points 6 months ago (5 children)

So if they had a ui with buttons to 'pause for X length (could be forever)', buttons to 'forget last X length (once again could be forever), but everything else stayed the same, would it be acceptable?

Like I'm genuinely curious here.

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago) (1 children)

When you go on the internet you are accessing content on other people's computers. You are saying, "I want such and such document". There's an inherent lack of privacy in browsing the internet. You can try to be private about it, but ultimately you're not changing that you're requesting data from other people's computers and sending them data.

When you are doing something else on your PC besides browsing the web, Recall is still taking screenshots and tracking you. What apps you use, pictures you view, and many other things that might be completely offline and you don't necessarily want a history of stored on your PC, with screenshots and searchable summaries. Do you want each and every one of your fap sessions recorded? Why would you want any of your offline activity recorded?

What if you forget to pause this feature and someone finds these screenshots? Who cares, right? What if your a closeted gay teen living in a conservative country and your family finds the history?

Then there are people who don't understand computers using offline business software for accounting, or whatever, and even if they store their data files on an encrypted drive or something, Recall is taking screenshots of everything they do. If they don't even know its happening, their PC could have years of data that could be stollen from them at any point in the future. Even if they never open those encrypted files again. Obviously, if their computer is pwned, then the hackers could just take the enencrypted files when they're next accessed, but Recall snapshots everything all the time, even if you delete it.

Edit a self nude photo on your PC and forget to turn off Recall, and then layer decide to delete the photo... Too bad, Recall still has it.

It's a feature that's... ok if you want it, but it should not be part of the operating system, and it definitely shouldn't be opt-out. It should be an app that you install with deliberate purpose if and only if you want itand understand the security and privacy risks.

Microsoft instead wants to install it by default and probably turn it on by default. Even if it ends up being opt-in, MS has a long history of asking people to enable features in misleading ways. And the vast majority of Windows users don't understand computers!

[–] csm10495 2 points 6 months ago

I tend to agree with a lot of what is said here. Though it is (assuming they're honest) local only to be clear.

If it was an opt in feature with robust configurations including encrypting the db based off your login session and was auto locked up on log off/reboot (until login again): is that good enough, or would folks then say we should assume the account is also compromised?

I'm trying to disambiguate between generalize ai dislike, Microsoft dislike, windows dislike, distrusts, etc. to consider a world where this exists in Windows and people who would use the feature would feel comfortable

In other words, consider an app that did the same thing. What security constraints would be expected?

load more comments (3 replies)
load more comments (3 replies)