Microsoft is relaunching its AI-powered Recall feature, which records everything you do on your PC by constantly taking screenshots.
  • In December, an investigation by Tom’s Hardware found that Recall frequently captured sensitive information in its screenshots, including credit card numbers and Social Security numbers — even though its “filter sensitive information” setting was supposed to prevent that from happening.
  • Psythik@lemm.eeEnglish
    57·
    1 hour ago

    I don’t understand why Lemmy is so obsessed with Recall. It currently only works if you have an ARM CPU with an NPU. Nearly every Windows user is on an x86-64 chip.

    Yes I agree that it shouldn’t exist in Windows at all, but everyone is complaining about a feature that less than 1% of users even have access to; the amount of people who opt into using is going to be even smaller.

    Stop obsessing over it so much and find something different to hate on Microsoft over. God knows there’s plenty of other reasons to dislike them. Seriously, it’s so annoying. I’m about to set a filter for the word “recall”.

  • Mr. Broken@lemmynsfw.comEnglish
    42·
    11 hours ago

    This is top tier comedy: Microsoft won the PC war to be benevolent and give it to Linux. How kind of them to shoot themselves in the foot for the good of mankind.

  • Septimaeus@infosec.pubEnglish
    56·
    14 hours ago

    Just a tip: if you must use consumer editions of Windows regularly, consider adding an automatic provisioning tool like AME to your workflow.

    The example above uses customizable “playbooks” to provision a system the way docker compose would a container image, so it can fill the role of a VM snapshot or PXE in non-virtualized local-only scenarios.

    The most popular playbooks strip out AI components and services (there are many more than just Recall) but also disable all telemetry and cloud-based features, replace MS bloatware with preferred OSS, curtail a truckload of annoying Windows behaviors, setup more sensible group policies than the defaults, and so forth.

    I have a few custom playbooks for recurring use cases so that, when one presents, I can spin up an instance quickly without the usual hassle and risk.

    • BearGun@ttrpg.networkEnglish
      8·
      6 hours ago

      consider adding an automatic provisioning tool like AME to your workflow.

      The example above uses customizable “playbooks” to provision a system the way docker compose would a container image, so it can fill the role of a VM snapshot or PXE in non-virtualized local-only scenarios.

      I know what most of these words mean individually

      • spooky2092@lemmy.blahaj.zoneEnglish
        2·
        2 hours ago

        Basically, a playbook is a set of instructions or baselines for how you want the system to look/be setup, and the provisioning tool will engage in however many tasks are required to configure the system to your specifications. I played around with something similar with PowerShell DSC, and its pretty cool to be able to eliminate config drift when it checks against the config and remediates any changes that weren’t updated in the playbook.

    • boatswain@infosec.pubEnglish
      11·
      13 hours ago

      This looks like useful stuff; thanks for sharing. I’m not on Windows myself any more, but this looks like info with passing on to those in my life who are.

    • Jay@lemmy.worldEnglish
      4·
      13 hours ago

      This is really interesting! I’ve usually installed Winaero Tweaker back when I still used Windows, if I knew this existed I probably would’ve gone with this instead. Having access to “playbooks” would be quite handy.

    • arakhis_@feddit.orgEnglish
      27·
      10 hours ago

      You for sure feels so good being this helpful. But TIN really don’t understand SHT if you use so many Technical terms(TT)

      But there’s a solution in brackets I just presented, that’s commonly accepted in academia if you still want to use TT like that

      • Septimaeus@infosec.pubEnglish
        5·
        4 hours ago

        Forgive me for not explaining better. Here are the terms potentially needing explanation.

        • Provisioning in this case is initial system setup, the kind of stuff you would do manually after a fresh install, but usually implies a regimented and repeatable process.
        • Docker lets you run software inside “containers” to isolate them from the rest of the environment, exposing only what they need to run, and Compose is a related tool for defining one or more of these containers, the resources they need, how they interact, etc. To my knowledge the only equivalent for Windows to date is Wine and its successors like Proton.
        • Virtual Machine (VM) snapshots are like a save state in a game, and are often used to reset a virtual machine to a particular known-working condition.
        • Preboot Execution Environment (PXE, aka ‘network boot’) is a network adapter feature that lets you boot a physical machine from a hosted network image rather than the usual installation on locally attached storage. It’s probably tucked away in your BIOS settings, but many computers have the feature since it’s a common requirement in commercial deployments. As with the VM snapshot described above, a PXE image is typically a known-working state that resets on each boot.
        • Non-virtualized means not using hardware virtualization, and I meant specifically not running inside a virtual machine.
        • Local-only means without a network or just not booting from a network-hosted image.
        • Telemetry refers to the data harvesting apparatus. Most software has it. Windows has a lot. Telemetry isn’t necessarily bad but it is easily abused by data-hungry corporations like MS, so disabling it is a precaution.
        • MS = Microsoft
        • OSS = Open Source Software
        • Group policies are administrative settings in Windows that control standards (for stuff like security, power management, licensing, software and file system access, etc.) for user groups on a machine or network. Most users stick with the defaults but you can edit these yourself for a greater degree of control.

        Many of these concepts are IT-related, as are the use-cases I had in mind, but the software is simple to use if you pick one of the premade playbooks. (The AtlasOS playbook is popular among gamers, for example.)

        Edit: added docker

  • floofloof@lemmy.caEnglish
    69·
    15 hours ago

    Well at least there are all kinds of checks and balances to prevent big tech and the US Government from abusing this information, right? Thank goodness we have no reason to worry about it being used for political surveillance and identifying who to send to foreign concentration camps, or anything like that.

  • N3Cr0@lemmy.worldEnglish
    84·
    16 hours ago

    They say you can disable Recall by keep pornhub videos running in foreground.

    • reksas@sopuli.xyzEnglish
      10·
      13 hours ago

      to vast majority of people this is unthinkable. They will also likely just not even notice news like this because they dont pay attention to such things and likely dont even care about their personal info until something bad happens to them because of that.

      • Fluffy Kitty Cat@slrpnk.netEnglish
        3·
        11 hours ago

        Stealing this info and posting it publicly is an important way to fight back. Once prole hear their credit card is being defrauded because of recall it will be untenable for it to stay

  • NihilisticWanderer@lemy.lolEnglish
    21·
    16 hours ago

    We already know this. It’s not just Microsoft; Google, Meta, and other big tech companies are also involved in similar practices.

    • Ledericas@lemm.eeEnglish
      2·
      2 hours ago

      google has on various phones, a app that records your phone, but you can delete it. google also uses vcaptcha V3 which they lent the technology to REDDIT as well.

        • Moose@moose.bestEnglish
          9·
          8 hours ago

          I mean, but we pretty much do know? The difference between Linux and Windows / MacOS is Linux is open source and can be checked and audited by anyone. If an exploit exists, it will be visible publicly and just needs to be spotted by those knowledgeable enough. Windows and MacOS are more than likely audited too but by private companies under NDA, so then it’s left up to Microsoft or Apple to decide what exploits are fixed.

          • Retro_unlimited@lemmy.worldEnglish
            2·
            7 hours ago

            I agree completely that open source can be audited by anyone, but I did read something tried to be sneaked into an update, and you never really know, software is complicated and maybe some roundabout way to have an exploit using code that looks like it’s intent was something different.

            • Moose@moose.bestEnglish
              2·
              5 hours ago

              Ah yes, I think that was when a FOSS maintainer had to step down and handed it off to someone else if I remember right? See this XKCD for relevance. It’s pretty ridiculous how much we (and companies with billion dollar revenues) rely on the free work of others for such important systems. But yes, an important distinction to make is that certain Linux distributions may use code by others that is not open source and malicious without them realizing.

  • Hastur@lemmy.caEnglish
    914·
    7 hours ago

    everywhere is copying your private messages. Google, facebook, microsoft, reddit, your phone texts, anything you’ve ever posted anywhere. This isn’t news

  • rottingleaf@lemmy.worldEnglish
    4·
    15 hours ago

    Makes sense why they want this technology so much, one thing has really been achieved - in year 2005 you couldn’t make a program that would be a keylogger and a useful thing all in one, so you had to make a keylogger somehow detect those rare events one can risk it running, or something like that. You couldn’t instruct it in English “send me his private messages on sites like Facebook”, you had to be specific and solve problems. Now you can. And these “AI”'s are usually one program with generic purpose. To stuff everything together with kinda useful things.