• garretble@lemmy.world
    link
    fedilink
    English
    arrow-up
    88
    arrow-down
    1
    ·
    5 months ago

    Something I didn’t think about until I saw someone making a post about it on Mastodon is that you may not have to worry about just YOUR PC, but what happens when you are on a zoom call or using another screen sharing app and THEIR PC is taking screen shots?

    Now you just can’t worry about your own machine, but every machine out there that might interact with you in that type of way could be capturing data. And if you accidentally have your email up or maybe a password manager, could their PC just be gobbling that up without you knowing?

    • BCat70@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 months ago

      There was a funny joke from the early 90’s, that went “When you connect your computer to another computer, you are connecting to every computer that computer ever connected with.” That was such a funny joke. Funny…

    • somethingp@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      7
      ·
      5 months ago

      Hasn’t this always been a possibility? People could always record their screen or take screenshots during meetings or whatever

      • garretble@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        ·
        5 months ago

        Sure but not built in where you can then do an OS search like “find me text from the call I was just on where it showed their password for a moment.”

      • exanime@lemmy.today
        link
        fedilink
        English
        arrow-up
        5
        ·
        5 months ago

        Since the invention of traffic lights people could just ignore them… Now we know some AI “feature” will ignore them.

        See the difference?

      • Spotlight7573@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        5 months ago

        It’s always been a possibility that someone could do this but this makes it a default on feature for a lot of users you might interact with and makes them a prime target for malware to steal the sensitive data that wouldn’t have existed in most cases before.

  • BroBot9000@lemmy.world
    link
    fedilink
    English
    arrow-up
    75
    arrow-down
    8
    ·
    5 months ago

    No duh.

    Fuck M$ and this push for pointless Ai integration. Make them do some actual useful shit instead of robbing jobs and creating knockoff art.

    • 1024_Kibibytes@lemm.ee
      link
      fedilink
      English
      arrow-up
      66
      arrow-down
      3
      ·
      5 months ago

      This isn’t even A.I., no matter what they call it. It’s OCR and an SQLite database. Honestly, they could have done it 25 years ago .

      • Rolando@lemmy.world
        link
        fedilink
        English
        arrow-up
        58
        arrow-down
        1
        ·
        5 months ago

        That data they’re collecting is more valuable now that it can be used to train A.I.s. A couple years from now they’ll push some update that lets them exfiltrate it (or its usable features.)

        • niemcycle@lemmy.world
          link
          fedilink
          English
          arrow-up
          36
          arrow-down
          2
          ·
          5 months ago

          This is exactly it, they’re going to feed all this data into a model to try and get an AI to be able to perform operations in the OS like a human would.

          Which on the surface of it sounds reasonable, but only if they actually paid people to generate that data for them. And this isn’t even touching the privacy aspects of a record of everything you do being generated and stored in plaintext.

        • Hack3900@lemy.lol
          link
          fedilink
          English
          arrow-up
          7
          ·
          edit-2
          5 months ago

          Can’t wait to ask gpt6 what my neighbor was doing on the 19th of October 2024 at 17:00

      • NevermindNoMind@lemmy.world
        link
        fedilink
        English
        arrow-up
        23
        ·
        5 months ago

        The Ai part comes in when you search. Your not just doing keyword searches. You can use natural language and the Ai models “understand” what your looking for and will retrieve it. Also you need the AI for image recognition (what was that website I was looking at with the children’s book with a dog on the cover?)

    • yeehaw@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 months ago

      No. I want 2 copilot buttons. One on the bottom right. And one… No wait TWO in the start menu!

      /s…

  • Suavevillain@lemmy.world
    link
    fedilink
    English
    arrow-up
    32
    ·
    edit-2
    5 months ago

    It is way too risky even if this feature was that revolutionary, which it isn’t. It is a security nightmare for workplaces and at home.

    • exanime@lemmy.today
      link
      fedilink
      English
      arrow-up
      17
      ·
      5 months ago

      And for such small reward!

      Oh yes, I can ask about a brown bag once saw and don’t remember… Or maybe I forgot if that document I created was in my “Documents” folder or not … Wow, the future is now

  • Uriel238 [all pronouns]@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    24
    ·
    edit-2
    5 months ago

    Firstly, Microsoft has shown that it cannot refrainfrom abusing its access to private data when it’s not impartial. Microsoft has even threatened journalists.

    Secondly, Microsoft doesn’t have a clean record of security, and data in the hands of Microsoft has been compromised to unauthorized hackers.

    Thirdly, when US law enforcement asks Microsoft for your data without a warrant Microsoft rolls over like an attention starved puppy and yields everything without challenges. (same as Amazon and AT&T. Google required legal warrants ten years ago.)

    Fourthly, ChatGPT4 has used access to external means to fulfill testing tasks and it is capable of willfully lying to third parties to achieve steps. When Microsoft’s AI offerings are smart enough, it will know who you are and everything about you (assuming Microsoft fails to mitigate for this eventuality).

  • SeattleRain@lemmy.world
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    1
    ·
    5 months ago

    Honestly even if Microsoft were trustworthy this is too much power for anyone. I actually like the recall feature but it would require a fully open source code to trust.

    • Spotlight7573@lemmy.world
      link
      fedilink
      English
      arrow-up
      18
      ·
      5 months ago

      I feel like even if it was open-source, it would still be too big of a target for malware and data exfiltration to ever be justified for most people.

    • EngineerGaming@feddit.nl
      link
      fedilink
      English
      arrow-up
      8
      ·
      5 months ago

      Even with a fully open-source implementation, that thing tells on you more than normal system logs. I like it being called “privacy bomb” - waiting to give extra data to whoever gets into the computer.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      5
      ·
      5 months ago

      this is too much power for anyone

      Unfortunately by the time a service does this they’ve already got you by the balls and they know it. This is essentially Microsoft telling the world “what are you gonna do, not use Windows?” Because for most of the world that’s not really an option.

  • i2ndshenanigans@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    5 months ago

    And you’ll probably need Windows Pro to be able to disable it. The average user isn’t digging through a registry so it will stay on for most users.

  • Boozilla@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    1
    ·
    5 months ago

    I have to use Windows at work. Fortunately I’m a domain admin. I’ll be disabling this shit with conventional methods, and also write a scheduled task script to whack the SQLite DB…or whatever it takes to nuke it from orbit.

    For home users, there are tools like NTLite that let you create custom installation images for Windows. Hopefully those will be able to remove it completely.

    • yeehaw@lemmy.ca
      link
      fedilink
      English
      arrow-up
      7
      ·
      5 months ago

      For home users, most of you I’m sure are just using a web browser 99% of the time. For this, to beat a dead horse, there is Linux.

      • Boozilla@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        Unfortunately I do a lot more than browsing and gaming when it comes to Windows. I hope to retire soon, and then make the full switch. I do like Linux, and have used it for some things.

        I chose the wrong horse when I began my career over 3 decades ago.

    • Corkyskog@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      I assume the government gets a product exempted from this feature, or do they too have to do all the work to disable it?

  • Treczoks@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    ·
    5 months ago

    While initially all the screenshots will be stored locally (where people who own your computer through malware can access it), the time will come where Microsoft will deem it “necessary” to store them online, “for safety reasons”. Then the race is open: Will they fall prey to hackers and data leaks before they can happily exploit the data themselves?

    • daddy32@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      5 months ago

      Or they go the WhatsApp way and offer users a free “online backup” of the data, unencrypted, turned on by default.

      • Larry@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        5 months ago

        Whatsapp is doing this? How do I turn it off?

        edit:

        Settings, Chat, Chat Backup

        Was on me for me even though I never okayed it

  • net00@lemm.ee
    link
    fedilink
    English
    arrow-up
    14
    ·
    5 months ago

    I usually find reasons to keep using microsoft products, but right now it’s the first time I’m seriously considering ditching all my microsoft services for FOSS and move to linux.

    It’s gonna take a lot of effort and time migrating everything I use, but taking literal screenshots of your PC sounds fucking creepy, no matter how they sugar coat it. It’s like someone else literally watching all you do.

    Usually you know they get your data, but now they want exactly what you are seeing and exactly what you are doing, taking it right out of your screen. It’s literal and plain spyware.

    I have degoogled for a few years already, now I guess it’s microsoft’s turn.

    • exanime@lemmy.today
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 months ago

      If you have degoogled, even if partially, I doubt you’d find moving to Linux hard

      Probably the hardest part would be to chose a distro… Stick with the main ones (Debian, Fedora or Arch) to start (you can chose one of their derivatives but pick a famous one so you can have easier time finding documentation)

        • SapientLasagna@lemmy.ca
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          1
          ·
          5 months ago

          Most games work well; some don’t yet, and a few probably never will (CoD, PUBG). The easiest way to check is to go here: https://protondb.com and either look up the games you actually play, or just give it your steam profile URL on the profile page and have it scan your library.

        • blind3rdeye@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          ·
          5 months ago

          Steam works very well on Linux. There is a setting in Steam to enable ‘proton’ for all games - this allows you to play Windows games on Linux without having to do anything else. It has worked flawlessly for every game I’ve tried.

          As for your movies thing, I don’t know. I deliberately avoid software that automatically searches and catalogues stuff on my computer. So I’m not sure how easy it is to do what you are asking for. It’s something that I’d avoid rather than seek out.

          • Corkyskog@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            They are just movie files, saved in a folder. Nothing complicated, will Linux be able to find that folder or files?

            • alsimoneau@lemmy.ca
              link
              fedilink
              English
              arrow-up
              3
              ·
              5 months ago

              Move it to am external hard drive with anything else you want to keep, then you’ll have access to it on any computer no matter the OS.

        • exanime@lemmy.today
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          5 months ago

          Absolutely!

          In 2020 I built a gaming PC and at the time decided to dual boot because I wasn’t going to spend all this money and miss out on some games. However, not 6 months later I dissolved the dual boot config because my son and I never found a game we cared to try that was Windows only.

          Proton is a translation layer that helps run Windows games in Linux. It works seamlessly with Steam so you don’t have to worry about it at all… so far, ZERO problems. Of course, YMMV depending on the games you are interested in; however, you can check in advance in ProtonDB, this site will tell you if the game you want to play can be played well on Linux (assuming the game is not ported already).

          I also went with a derivative Linux distro that is geared toward gaming so it comes with almost everything you’d need. It’s called GarudaLinux I liked it so much it is now my daily driver for work as well (even though this is one of those “risky” Linux distro since it is a rolling release, meaning you are on the edge of tech available, and I update it weekly… other than some small issues here and there, it’s been going strong for 4 years)

          If you have a movie collection, you’d have no problem either unless they are DMR protected somehow… if so, there are ways to watch them but it would depend on what you downloaded… However, if these fishes we are talking about came from the high seas, you’d have no problem. There are some discrepancies regarding hardware support for certain codecs but it all boils down to efficiency, not whether you can play them or not.

          I have a VAST collection (3500+ movies, 400 TV shows) in a Linux server that I access throughout my house with many devices (PCs, phones, FireTV sticks, Raspberry Pi, etc) by using an Emby server… Emby is free to use but you get to pay for some features… if you want the fully free and open source version you can go with Jellyfin… I only went with Emby because 6 years ago (maybe more?) when I started, Jellyfin was a bit behind… now they have caught up but I already bought Emby so I keep using it.

          • Corkyskog@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            Wow, you somehow answered my follow up before I could even ask it.

            My main goal was to eventually do a plex or jellyfin type setup for the house. Good to hear that it works just as well on Linux. Is the setup more difficult, or are there enough guides and documentation that it’s not too bad?

            • exanime@lemmy.today
              link
              fedilink
              English
              arrow-up
              1
              ·
              5 months ago

              Glad I could help.

              Installing Emby/Jellyfin is dead easy… you won’t have trouble. Literally install, then run the web interface and configure from there

  • buddascrayon@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    5 months ago

    Microsoft: our new windows comes with not only a key logger but and EVERYTHING logger. Isn’t that great?!?!

    Users: WTF, we have antivirus for the sole purpose of keeping that shit off our computers!!!

    Microsoft: too late, it’s integrated. What are ya gonna do? Switch to Linux? (Laughs maniacally)

    • Buttons@programming.dev
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      5 months ago

      The market is filled with products people hate.

      Explain to me again how free markets and competition are supposed to work?

      • SquirtleHermit@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        5 months ago

        Well you see, when a capitalist and a politician love eachother money very much, they engage in an act of love collusion. This gets both of them very much money. So much in fact, that they couldn’t possibly hold on to all of it. And the money that falls out of their pocket trickles down to every one! Thus, products are improved, and everyone gets their needs met!

        This is the free market in action, and anyone who disagrees is a dirty Commie!

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    5
    ·
    5 months ago

    This is the best summary I could come up with:


    This, as many users in infosec communities on social media immediately pointed out, sounds like a potential security nightmare.

    Copilot+ PCs are required to have a fast neural processing unit (NPU) so that processing can be performed locally rather than sending data to the cloud; local snapshots are protected at rest by Windows’ disk encryption technologies, which are generally on by default if you’ve signed into a Microsoft account; neither Microsoft nor other users on the PC are supposed to be able to access any particular user’s Recall snapshots; and users can choose to exclude apps or (in most browsers) individual websites to exclude from Recall’s snapshots.

    This all sounds good in theory, but some users are beginning to use Recall now that the Windows 11 24H2 update is available in preview form, and the actual implementation has serious problems.

    Security researcher Kevin Beaumont, first in a thread on Mastodon and later in a more detailed blog post, has written about some of the potential implementation issues after enabling Recall on an unsupported system (which is currently the only way to try Recall since Copilot+ PCs that officially support the feature won’t ship until later this month).

    The short version is this: In its current form, Recall takes screenshots and uses OCR to grab the information on your screen; it then writes the contents of windows plus records of different user interactions in a locally stored SQLite database to track your activity.

    Data is stored on a per-app basis, presumably to make it easier for Microsoft’s app-exclusion feature to work.


    The original article contains 710 words, the summary contains 260 words. Saved 63%. I’m a bot and I’m open source!

  • GreatDong3000@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    4
    ·
    5 months ago

    People online sometimes get mad at me when I say I don’t want windows users to move to Linux, I don’t want Linux to be popular at all. I enjoy being a Linux home user who knows the community is small enough to not draw the wrong kind of attention from bad actors and corporations.

    Anyway, I enjoy seeing windows users get shit shoved down their throats like this, it is amusing and I can’t wait to see what Microsoft is gonna do next while most of their user base just accepts it or cries online only to continue on windows.

  • mryessir@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    At least the EU restricts this directly to your communication and make examples for its usages.