Windows 11's Recall is a brand-new headline feature for Copilot+ PCs. While the idea is interesting, researchers say it makes it way too easy to steal everything you viewed or typed on your computer.
Oh, you’re saying that Recall is a privacy nightmare and a sweet target for malware? Surprised_pikachu.jpg
The idea that a feature of this scope would only be gated by having access to your local account is so baffling to me. I’ve been around my share of bad corporate decisions, and even I genuinely have no idea what they were thinking or how it got this far into development without anybdoy raising a flag.
For now it’s an obvious thing to turn off immediately and tell all your friends and relatives to turn off immediately. And yeah, it’s a reason to avoid devices that support it out of the box, at least for less tech-savvy users.
That’s entirely unrealistic and not particularly helpful. I mean, if you can and want to, by all means, that solves most of this immediate issue. In practice, many people just don’t want to move, especially if they’re not tech-savvy, are locked into that ecosystem for work or have devices that only work well in Windows (hi, that’s me).
So for now mitigations matter. Plus this is, on paper, an optional feature only coming to some devices (and that’s assuming you believe they won’t be forced to back down from this absolute trainwreck). At this point, I’d recommend explaining the issue to Windows users who woudn’t be experienced enough to know. And hey, if you’re in a position to do what you do in a computer on a different platform and want to go that way, that’s also reasonable. That’s just not going to be everybody, or even most people.
I personally moved some of my family members to an Android device for home computing years ago and have never looked back, but I do use Windows on multiple devices and on most I either can’t or don’t want to switch, so… yeah, mitigation is important for many of my use cases.
I saw someone suggest that MS has thought about this, which is why they require a TPM chip for Win 11 and have recently started forcing Bitlocker enabled by default. Obviously, however, it’s not nearly enough.
But that’s my point, though. You have to be completely detached from reality to think that securing the login to the local device means the local device is secure. People aren’t going to get busted for this because they lack drive encryption, they’re gonna get busted for this because some nice sounding gentleman on their phone is going to get them to give them remote access and have a mainline to every single thing they did for the past month. Or because their partner is going to use their shared password and find out some stuff they shouldn’t have or whatever.
That’s obvious to anybody who thinks about it for more than two seconds. How could it not be obvious to MS?
The idea that a feature of this scope would only be gated by having access to your local account is so baffling to me. I’ve been around my share of bad corporate decisions, and even I genuinely have no idea what they were thinking or how it got this far into development without anybdoy raising a flag.
For now it’s an obvious thing to turn off immediately and tell all your friends and relatives to turn off immediately. And yeah, it’s a reason to avoid devices that support it out of the box, at least for less tech-savvy users.
Best avoid Microsoft all together in the future. There’s nothing of value left.
That’s entirely unrealistic and not particularly helpful. I mean, if you can and want to, by all means, that solves most of this immediate issue. In practice, many people just don’t want to move, especially if they’re not tech-savvy, are locked into that ecosystem for work or have devices that only work well in Windows (hi, that’s me).
So for now mitigations matter. Plus this is, on paper, an optional feature only coming to some devices (and that’s assuming you believe they won’t be forced to back down from this absolute trainwreck). At this point, I’d recommend explaining the issue to Windows users who woudn’t be experienced enough to know. And hey, if you’re in a position to do what you do in a computer on a different platform and want to go that way, that’s also reasonable. That’s just not going to be everybody, or even most people.
I personally moved some of my family members to an Android device for home computing years ago and have never looked back, but I do use Windows on multiple devices and on most I either can’t or don’t want to switch, so… yeah, mitigation is important for many of my use cases.
I saw someone suggest that MS has thought about this, which is why they require a TPM chip for Win 11 and have recently started forcing Bitlocker enabled by default. Obviously, however, it’s not nearly enough.
But that’s my point, though. You have to be completely detached from reality to think that securing the login to the local device means the local device is secure. People aren’t going to get busted for this because they lack drive encryption, they’re gonna get busted for this because some nice sounding gentleman on their phone is going to get them to give them remote access and have a mainline to every single thing they did for the past month. Or because their partner is going to use their shared password and find out some stuff they shouldn’t have or whatever.
That’s obvious to anybody who thinks about it for more than two seconds. How could it not be obvious to MS?