Microsoft Recall is MANDATORY

[+Edouard Subscriber²]

Ran across this video and am wondering what the general concensus is among Neowin visitors.

 

[adrynalyne]

What happened to it being opt-in?

[tsupersonic]

On 09/10/2024 at 21:34, adrynalyne said:

What happened to it being opt-in?

My thoughts - it was always intended to be installed on all W11 devices regardless if the system has an NPU (CoPilot+ branding) or not. MS received a huge backlash upon the announcement of Recall, and delayed the rollout. The delay was intentional so that it would skip news cycle, and MS could enable Recall on a future update (probably CoPilot+ devices first, then your traditional devices w/o NPU's) - that's because the devices w/ NPU's are a small % compared to the millions w/o NPU's. 

This is a feature I personally don't want or need, and definitely has privacy implications. I'm actually considering uninstalling Windows on my daily driver PC  - never thought I'd say that.

[+thexfile Subscriber²]

I'm using Canary build and there's no option to remove Recall in windows features anymore.

[+mram Subscriber²]

On 09/10/2024 at 18:02, Edouard said:

Ran across this video and am wondering what the general concensus is among Neowin visitors.

 

I'm running 24H2 and nothing he said in the video lines up.  It's not on my box or any other intel box I have it running on (several).  It doesn't show up as a program, as a windows feature, as a running task, executable, DLL, anything.  

So everything else is fruit from the poisoned tree ... I'd like to see some real evidence here, but the premise within the first 30 seconds of "Recall is being installed on every single 24H2 system" is not true.  "I can say that is definitely incorrect" is incorrect, so it's a battle of the incorrectness?  I mean -- he provided no way for me to check, but I tried.  Vague claims are also suspect.  There should be a very easy way to verify a grandiose claim such as this.

26100.2033 here.

A lot of the "problem" with recall stems from a few points:

1. Microsoft botched the initial beta for it, and there wasn't a lot of privacy.  They got called on it.  It's been addressed.  So some bad press on the security of the feature is deserved, not all of it. 
2. A lot of people can't see the use or value.  That's ok.  That doesn't mean it's bad, just don't use it if it's not for you.
3. Quite a few people think this is an invasion of privacy.  Don't use it then.  It's an opt-in system, see link above.  The security paradigm is well designed (subjective statement I agree), but no matter how much logic one can present, there are others who will immediately think this is Microsoft stealing your data.  In a nutshell, it's not been proven, and on paper. it doesn't.  I will leave it to the real professionals and hackers to prove Microsoft wrong (they will) so some schlub on the interwebs screaming "Microsoft bad!" is suspect right off.

From the above website:

Quote

Recall is always opt-in. Snapshots are not taken or saved unless you choose to use Recall. Snapshots and associated data are stored locally on the device. Recall does not share snapshots or associated data with Microsoft or third parties, nor is it shared between different Windows users on the same device. Windows will ask for your permission before saving snapshots. You are always in control, and you can delete snapshots, pause or turn them off at any time. Any future options for the user to share data will require fully informed explicit action by the user.

That's pretty comprehensive, and it's in print up-front, not obscured in a vague terms and conditions. 

So yeah, at first brush it's got a secure process, and I'm certain people will beat this apart and investigate the claims, but it's not like these issues are unknown or unanswered.  But there's definitely negative spin, and should be carefully watched.

I do have a Copilot machine in my kit -- I'll check out what is available from a release standpoint, if it's even out yet.

[+Edouard Subscriber²]

On 10/10/2024 at 13:00, tsupersonic said:

My thoughts - it was always intended to be installed on all W11 devices regardless if the system has an NPU (CoPilot+ branding) or not. MS received a huge backlash upon the announcement of Recall, and delayed the rollout. The delay was intentional so that it would skip news cycle, and MS could enable Recall on a future update (probably CoPilot+ devices first, then your traditional devices w/o NPU's) - that's because the devices w/ NPU's are a small % compared to the millions w/o NPU's. 

This is a feature I personally don't want or need, and definitely has privacy implications. I'm actually considering uninstalling Windows on my daily driver PC  - never thought I'd say that.

I'm also deeply concerned with recall.

I have never seriously considered leaving Windows...until now. FWIW, I cannot see a future where Recall is active on any device I own. Where that leads me is an open question for now.

[+Edouard Subscriber²]

On 10/10/2024 at 13:36, mram said:

I'm running 24H2 and nothing he said in the video lines up.  It's not on my box or any other intel box I have it running on (several).  It doesn't show up as a program, as a windows feature, as a running task, executable, DLL, anything.  

So everything else is fruit from the poisoned tree ... I'd like to see some real evidence here, but the premise within the first 30 seconds of "Recall is being installed on every single 24H2 system" is not true.  "I can say that is definitely incorrect" is incorrect, so it's a battle of the incorrectness?  I mean -- he provided no way for me to check, but I tried.  Vague claims are also suspect.  There should be a very easy way to verify a grandiose claim such as this.

26100.2033 here.

A lot of the "problem" with recall stems from a few points:

1. Microsoft botched the initial beta for it, and there wasn't a lot of privacy.  They got called on it.  It's been addressed.  So some bad press on the security of the feature is deserved, not all of it. 
2. A lot of people can't see the use or value.  That's ok.  That doesn't mean it's bad, just don't use it if it's not for you.
3. Quite a few people think this is an invasion of privacy.  Don't use it then.  It's an opt-in system, see link above.  The security paradigm is well designed (subjective statement I agree), but no matter how much logic one can present, there are others who will immediately think this is Microsoft stealing your data.  In a nutshell, it's not been proven, and on paper. it doesn't.  I will leave it to the real professionals and hackers to prove Microsoft wrong (they will) so some schlub on the interwebs screaming "Microsoft bad!" is suspect right off.

From the above website:

That's pretty comprehensive, and it's in print up-front, not obscured in a vague terms and conditions. 

So yeah, at first brush it's got a secure process, and I'm certain people will beat this apart and investigate the claims, but it's not like these issues are unknown or unanswered.  But there's definitely negative spin, and should be carefully watched.

I do have a Copilot machine in my kit -- I'll check out what is available from a release standpoint, if it's even out yet.

Interesting perspective. Thank you.

We shall see where this all lands.

[Astra.Xtreme]

There's no way this will fly in the business environment.  There has to be a kill switch somewhere.

[Steven P. Administrators]

I'm going back to Windows 10, but I can see Microsoft porting it over as well, just like they've ported other data gathering "features" to Windows 10.

On 11/10/2024 at 20:06, Astra.Xtreme said:

There's no way this will fly in the business environment.  There has to be a kill switch somewhere.

Yeah it makes me wonder if this will be foisted onto Enterprise or Windows 11 Pro for Workstations, these generally allow to remove all the bloat.

[+mram Subscriber²]

On 11/10/2024 at 11:06, Astra.Xtreme said:

There's no way this will fly in the business environment.  There has to be a kill switch somewhere.

There are two types of IT professionals (all roles from CIO/CTO down) -- those who are just scared and accept no risk and those who see the potential and will mitigate or address the risk.  Everyone falls somewhere in that spectrum, and that's totally fair.

If you use a iPhone, especially with Apple Intelligence, you will effectively have the exact same model of security here.  Do you trust Apple?  Do you trust Microsoft?  People are quick to jump on/off those platforms based on past actions.  But mindful and protected engagement with good data governance answers most if not all of the concerns.

However - Copilot alone is making massive inroads.  This isn't even copilot - more like copilot-adjacent -  it's just another feature that adds potential productivity value.  Corporations have been screaming with data explosion for nearly two decades now, that's what makes copilot so attractive, as this is.

Respectfully, there are hundreds of thousands of companies that put all their data in M365.  Securing, protecting, encrypting that data is standard - or should be.  I'm not writing this to say "no, you're wrong," just pointing out that from a corporate standpoint, do you really think they're going to even blink at the opportunity to potentially make endpoints more productive?

The only argument people have (esp on forums like this) is "boo, microsoft, tinfoil, everything sucks, they're evil" but you put a windows machine in a corporate environment with good data governance and endpoint DLP and nothing's going to leave that box you don't want it to.  Recall just is a tool that makes things easier.

[satukoro]

On 11/10/2024 at 14:06, Astra.Xtreme said:

There's no way this will fly in the business environment.  There has to be a kill switch somewhere.

I would expect it to at minimum be in a group policy on enterprise and education SKUs. I'm still appalled my coworker's domain joined Windows 10 Pro workstation is showing him a recommendation for Call of Duty MW3. This is pathetic coming from a company that used to be respectable.

[satukoro]

On 11/10/2024 at 14:58, mram said:

There are two types of IT professionals (all roles from CIO/CTO down) -- those who are just scared and accept no risk and those who see the potential and will mitigate or address the risk.  Everyone falls somewhere in that spectrum, and that's totally fair.

If you use a iPhone, especially with Apple Intelligence, you will effectively have the exact same model of security here.  Do you trust Apple?  Do you trust Microsoft?  People are quick to jump on/off those platforms based on past actions.  But mindful and protected engagement with good data governance answers most if not all of the concerns.

However - Copilot alone is making massive inroads.  This isn't even copilot - more like copilot-adjacent -  it's just another feature that adds potential productivity value.  Corporations have been screaming with data explosion for nearly two decades now, that's what makes copilot so attractive, as this is.

Respectfully, there are hundreds of thousands of companies that put all their data in M365.  Securing, protecting, encrypting that data is standard - or should be.  I'm not writing this to say "no, you're wrong," just pointing out that from a corporate standpoint, do you really think they're going to even blink at the opportunity to potentially make endpoints more productive?

The only argument people have (esp on forums like this) is "boo, microsoft, tinfoil, everything sucks, they're evil" but you put a windows machine in a corporate environment with good data governance and endpoint DLP and nothing's going to leave that box you don't want it to.  Recall just is a tool that makes things easier.

My bottom line argument here is that microsoft has repeatedly demonstrated they cannot be trusted to protect the privacy and security interests of its customers. Add recall to the pile of examples microsoft has introduced in the last decade which will phone home.

I should not need an enterprise SKU to have a private, secure computer at home. This is why i stopped using windows on my personal devices.

[Steven P. Administrators]

On 11/10/2024 at 20:58, mram said:

There are two types of IT professionals (all roles from CIO/CTO down) -- those who are just scared and accept no risk and those who see the potential and will mitigate or address the risk.  Everyone falls somewhere in that spectrum, and that's totally fair.

If you use a iPhone, especially with Apple Intelligence, you will effectively have the exact same model of security here.  Do you trust Apple?  Do you trust Microsoft?  People are quick to jump on/off those platforms based on past actions.  But mindful and protected engagement with good data governance answers most if not all of the concerns.

However - Copilot alone is making massive inroads.  This isn't even copilot - more like copilot-adjacent -  it's just another feature that adds potential productivity value.  Corporations have been screaming with data explosion for nearly two decades now, that's what makes copilot so attractive, as this is.

Respectfully, there are hundreds of thousands of companies that put all their data in M365.  Securing, protecting, encrypting that data is standard - or should be.  I'm not writing this to say "no, you're wrong," just pointing out that from a corporate standpoint, do you really think they're going to even blink at the opportunity to potentially make endpoints more productive?

The only argument people have (esp on forums like this) is "boo, microsoft, tinfoil, everything sucks, they're evil" but you put a windows machine in a corporate environment with good data governance and endpoint DLP and nothing's going to leave that box you don't want it to.  Recall just is a tool that makes things easier.

Blind trust in a company that doesn't let you opt out of data gathering, and consistently fails to deliver production quality updates to end users is also a bad thing.

Lets also not forget how Microsoft just decided that your documents and pictures belong in OneDrive too, without even asking you and then makes it difficult to back out of that, or even be left alone to use a different browser other than Edge without constant nags.

No, I am pretty much done with Microsoft in its current form. 

[MrElectrifyer]

I ran into the following video earlier, and was wondering how Recall, which he briefly referred to, would ever become the Microsoft equivalent of Apple's current CSAM function (which actively scans and reports iDevices to Apple) when it's not available on all devices...looks like we now have the answer that.

 

[Mockingbird]

I don't understand.

If it's "mandatory", what happens if you don't use it?

[+thexfile Subscriber²]

US Weighs Capping Exports of AI Chips From Nvidia and AMD to Some Countries

https://www.bloomberg.com/news/articles/2024-10-15/us-weighs-capping-exports-of-ai-chips-from-nvidia-and-amd-to-some-countries

It looks like some countries aren't getting key loggers.

[tsupersonic]

On 14/10/2024 at 22:56, Mockingbird said:

I don't understand.

If it's "mandatory", what happens if you don't use it?

It will happily collect all your data and take screenshots of everything you do. But the majority of users won’t care or know about it. 

[neufuse Veteran]

On 15/10/2024 at 00:19, thexfile said:

US Weighs Capping Exports of AI Chips From Nvidia and AMD to Some Countries

https://www.bloomberg.com/news/articles/2024-10-15/us-weighs-capping-exports-of-ai-chips-from-nvidia-and-amd-to-some-countries

It looks like some countries aren't getting key loggers.

key loggers? what does this have to do with recall? you aren't using nvidia chips with CUDA as a NPU that recall wants to start with

[adrynalyne]

On 15/10/2024 at 07:01, neufuse said:

key loggers? what does this have to do with recall? you aren't using nvidia chips with CUDA as a NPU that recall wants to start with

Don’t take the bait. 

[Mockingbird]

On 15/10/2024 at 02:23, tsupersonic said:

It will happily collect all your data and take screenshots of everything you do. But the majority of users won’t care or know about it. 

Stop running around like a chicken without a head.

The feature hasn't been rolled out to Windows Insider, never mind general availability.

[adrynalyne]

On 15/10/2024 at 11:30, Mockingbird said:

Stop running around like a chicken without a head.

The feature hasn't been rolled out to Windows Insider, never mind general availability.

Good consumer.  Good boy. *Pats head*

The very behavior you are complain about is what pushed MS to actually work on security with Recall. 
 

[tsupersonic]

On 15/10/2024 at 14:30, Mockingbird said:

Stop running around like a chicken without a head.

The feature hasn't been rolled out to Windows Insider, never mind general availability.

You are exactly the user Microsoft wants - the one that doesn't care about telemetry and all the privacy concerns about these upcoming features. 

In my eyes, it's always good to be informed about upcoming features - but this one has me (and others) rightfully concerned. Like adrynalyne said, user feedback/backlash has delayed this feature (and rightfully so). 

[JaredFrost]

I don't imagine this decision will last long, without a doubt they'll get sued by the EU, and in this case I would say rightfully so.

[neufuse Veteran]

I think this is being blown out of proportion...... the backend code might be mandatory, the libraries might be mandatory like webview/mshtml etc. are but you will still be able to turn it off... they are coding other parts of the OS to hook into it and if something it expects to be there is missing then issue.....

do i like the idea of this feature? no, i don't need something screenshotting stuff i do all day at work which involves a LOT of sensitive PHI/PII that if leaked would be a massive issue... I can secure the data all I want if MS keeps taking "snapshots" of the screen while I work with it and I can't easily control that then I have a major issue, and stuff like that is why I think this wont be required to be turned on... and no not everyone uses enterprise edition, most health companies use professional and have no intention of using enterprise except for very large organizations

[Mockingbird]

On 15/10/2024 at 11:50, tsupersonic said:

You are exactly the user Microsoft wants - the one that doesn't care about telemetry and all the privacy concerns about these upcoming features. 

In my eyes, it's always good to be informed about upcoming features - but this one has me (and others) rightfully concerned. Like adrynalyne said, user feedback/backlash has delayed this feature (and rightfully so). 

Want privacy?

Get rid of your smartphone.