WingNews

cybrexalpha|1 year ago

The whole concept is so fundamentally flawed that no amount of tweaking or improvement can save it. Of course the implementation is terrible, but even if the implementation was perfect it would be awful. Even if it ran locally-only, even if the implementation were pure free software, even if the LLM used was guaranteed to operate in your best interest.

Even then, we're still talking about a perfect surveillance engine that allows any future person to observe your behaviour across your past. Imagine what it would mean for the police to retroactively search your entire life for the past 30 days when they arrest someone. Or how this might affect people living with abusive partners, or LGBTQ+ kids in non-supportive households.

This technology, no matter the implementation, puts vulnerable people at risk.

bsmartt|1 year ago

I promise you there are better ways to manipulate people in this situation. Like a keylogger. That way, your hypothetical LGBTQ child can't evade your monitoring by using an incogneto tab or simply pausing recall when they login.

steal their browser data. i haven't wiped my browser history in years, and that is just easy to search list of URLs dont need to be parsed out of some db blob (not something many anti-LGBTQ parents know how to / are going to do...). Steal their cookies and access their logged in social media accounts directly. Steal their saved passwords. Browse through the cached images and videos.

> Even then, we're still talking about a perfect surveillance engine

not even close. not going to beat this to a pulp but just to give you an idea, this does not scale well, not at all. are you going to look through 25 gb of photos? what if it's 90% cat pictures.

username81|1 year ago

If you are worried about somebody reading what you do on your computer, you should to use full disk encryption (I consider it a requirement these days). There are a lot of things besides recall that can be compromised if somebody gets physical access to your machine.

talhah|1 year ago

Everyone has different threat models, vulnerable people don't need to use such a feature, assuming that it's all local and implemented perfectly.

It should also be opt out by default for Microsoft.

I personally see a lot of use for this if it was running entirely local. I always find myself in a position where there's things which I've browsed or come across but it's difficult retrieving it from my history.

torginus|1 year ago

You are the only one. It's mass surveillance and it's used to train their neural networks to be able to automate people out of their jobs.

No matter what 'guarantees' they offer, they're just an update and group policy setting away from removing them. Maybe they'll offer 'Recall Enterprise' for company owners, and normalize employers spying on their users while selling them the sales pitch of automating away their employees.

If it was a genuine value add, it would be a boxed product, possibly made by a third party, that people would pay money for.

Ukv|1 year ago

> it's used to train their neural networks

Is it? I thought the screenshots were stored and analyzed locally. This seems like something that can be verified with Wireshark.

If you mean they could sneaikily update Windows in the future to start sending screenshots to their server - I feel they could do that regardless of whether or not this local search tool exists, and it'd still get caught almost immediately. If anything, it'd seem counter-intuitive to draw lots of attention/scrutiny through marketing this feature.

chii|1 year ago

> Maybe they'll offer 'Recall Enterprise' for company owners, and normalize employers spying on their users while selling them the sales pitch of automating away their employees.

That would be fine, as long as the employees are told ahead of time and is part of their employment contract (which i assume would be, because software such as crowdstrike already would be just as nominally intrusive).

As for non-enterprise windows users, this should be at best an opt-in feature. Otherwise, it would be a huge breach of privacy.

bsmartt|1 year ago

i get the impression you aren't much aware of the existing ways employers monitor activity of their workforce at scale for both windows and mac users without needing to browse through GBs of screenshots on a regular basis.

username81|1 year ago

As I said, I think the idea is good, not the implementation that relies on Microsoft's servers.

ethbr1|1 year ago

Do I trust Microsoft, in its current/recent form, to implement this feature, including the ways it is likely to evolve?

No.

Even if it's built in a fully-local, privacy-first manner, I have no confidence it will stay that way.

Microsoft has shown itself again and again to prioritize turning Windows into an ad platform, over sound technical decisions.

Why would this be any different?

mrinfinitiesx|1 year ago

It won't be any different. My guess is they'll pull some stunt like Mozilla is with the Anonym with the PII removed to send data over to further turn Windows and Office 365 in to more of an ad platform.

I could be ignorant. I could be paranoid. I could be wrong. I want to be wrong.

But I don't think I am. And you aren't either. That's what's scary.

bsmartt|1 year ago

i mean... no one is going to convince you of anything if youre speaking of some hypothetical future possibility. But at least acknowledge theyve improved on security. Defender is included with windows, theyve been steady shipping significant and effective protections like device guard and smartscreen. and maybe you hate edge, but it unquestionably better than IE. i can't defend the heavy marketing and ads in windows 11 other than to say power users can disable that shit entirely. If that isn't good enough, then i think youre right and probably won't ever be one of their customers. thankfully there are other choices though :)

laserbeam|1 year ago

If it happens on a remote server, I ain't using it. If I can control the server or it's running locally, then it's not a horrible idea.

renegat0x0|1 year ago

Recall, even if run locally, is a security and privacy nightmare. Imagine all of your activities and data stored on one database. It was discussed many times by security experts.

bsmartt|1 year ago

> To help maintain your privacy, Recall processes your content locally on the Copilot+ PC and securely stores it on your device.

its an attempt by microsoft to flex about their new "AI PC" which just means it comes with this npu that is optimized for the processing workloads associated with various ai usecases. an attempt to profit on the AI hype by pitching their users reason to buy a new computer.

pjmlp|1 year ago

Well, in a way that is what happens in ChromeOS, and plenty of people swear by their Chromebooks, and having each click going through webservers all over the place, starting with Google's.

kkfx|1 year ago

The old memex https://en.wikipedia.org/wiki/Memex concept is a different thing and most important a thing is owning the system, another is having a limited usage license with a black box de facto at the vendor mercy.

Personally I have no memex alike, but I use versioned org-mode notes for anything, meaning my NixOS boot into EXWM with the daily note opened and that note is partially auto-generated to summarize things I might want to see in a single place, NixOS config itself as Emacs config are org-mode notes as well, so it's a kind of full-text-searcheable base with history as well. I've not automated things like Firefox places.sqlite and other data source simply because it's too long to being worth the effort and way to specific and might change "suddenly" following upstream decisions, but essentially that's enough for my needs and I've chosen daily notes model for a reason: I still generate too much "noise" to keep an useful and clean note-base. Chronological division allow to keep the noise "might be useful in future" without polluting too much, collecting screnshots like Recall it's definitively way too much for personal usage, while might be a nice mine of behavioral data for deep analysis on someone else CPU and storage...

moogly|1 year ago

Never once have I wanted to do this.

Now that I know it's possible, I still cannot think of a valid use case for me.

bsmartt|1 year ago

would you enable it when interviewing candidates for your team. so when you go to complete your assessment you can go back to something they said or some code they wrote?

1vuio0pswjnm7|1 year ago

The issue is control, i.e., who controls whether it is installed or not and whether it is on or off.

As we saw in the recent US v Google decision experts are teaching courts and the public that pre-installation and "default settings" are in effect a means of control.

In theory, any software or "feature" is a "good idea" as long as no one is forced or tricked into installing or using it. In practice, so-called "tech" companies strategically pre-install and remove or obfuscate consumer choice.

mschuster91|1 year ago

> but the core idea of being able to see what happened a week/month ago and process it using LLMs looks really useful

By definition, it's not only you who can recall what happened a month ago, it's also the cops, burglars, your partners, your children... everyone with access to your machine now has access to everything you did.

Eggpants|1 year ago

It was designed for corporate management to prove the WFH employees are goofing off. It’s the only way the lack of security passed any kind of giggle test at MS. Corporate accounts are the only MS customers that matters.

tarruda|1 year ago

> I'm looking forward to something like this, but local, FOSS and for Linux.

This will probably happen soon, but I wonder what are the disk space requirements for saving screenshots of everything you do

DaSHacka|1 year ago

I assume the screenshots are converted into a textual description quite quickly, so presumably the only disk usage would be screenshots in the buffer waiting to be processed.

4k93n2|1 year ago

i would imagine even a version of this idea where the screenshots are deleted after being ocr'ed and analysed would still be useful enough

luismedel|1 year ago

Idea (ok) vs execution (crap)

bsmartt|1 year ago

I got downvoted and patronized pretty hard in a thread a while back for pushing back (as much as I dont ever want to defend microsoft). https://news.ycombinator.com/item?id=40595344

I think it got shipped a bit hastily, but also dont think hackers will find it more attractive than dropping keyloggers, banking trojans, or ransomware. And screenshots can be photoshopped, so I don't know, I really doubt anyone will care to flip through 25 gb of screenshots.

Also, I'd be interested in a feature like this enabled while interviewing candidates as well as interviewing with potential employers, or while taking courses online, probably a lot of stuff ive not yet thought about too.

aurareturn|1 year ago

I want an LLM to ingest everything I do - on device.

TiredOfLife|1 year ago

Thats is literally what Recall is.

dgellow|1 year ago

I really want to try out before dismissing the concept. If implemented correctly that could be fantastic. But I can also see how employers could abuse it by forcing the feature on employees devices.

hnlmorg|1 year ago

Employers can already track every activity on an employees device if they wanted to.

If anything, I think employers are more likely to opt out of Recall because of security fears and cost of hardware rather than replace existing device management tools with this

bsmartt|1 year ago

i really don't see this being used in the enterprise environment. first off, employees without a need for an NPU probably wont be given one. its like who right now is giving out hardware to employees with sick graphics cards? i don't think anyone. There are much easier ways to spy on your workforce already, like deep traffic inspection.