• Geyser@lemmy.world
    link
    fedilink
    English
    arrow-up
    88
    arrow-down
    2
    ·
    5 months ago

    “The ability to disable the…feature during the setup process…” does not mean opt in, that means opt out.

    Knowing windows setup, you need to click customize during the setup process and then go through several setup pages before you’re presented this option (or have to dig into additional/advanced settings to find it).

    Most people won’t do this, won’t know how to do this, or will receive the pc with the initial setup complete and won’t know if this is on or off.

    • Norgur@fedia.io
      link
      fedilink
      arrow-up
      50
      arrow-down
      1
      ·
      5 months ago

      And even if you find it, it will have an idiotic and obscure name, like “advanced history experience” or something absolutely nondescript

      • teft@lemmy.world
        link
        fedilink
        English
        arrow-up
        32
        arrow-down
        1
        ·
        5 months ago

        Also when you try to disable it they will use all sorts of dark pattern pop ups to dissuade you from disabling it.

      • MudMan@fedia.io
        link
        fedilink
        arrow-up
        12
        arrow-down
        13
        ·
        5 months ago

        The exact wording, which, again, is in the article you didn’t bother to read before posting, is “Quickly find things you’ve seen with Recall. Recall helps you find things you’ve seen on your PC when you allow Windows to save snapshots of your screen every few seconds”.

        Seriously, I don’t even like the feature. I will absolutely turn it off, just like I did Timeline, and I expect it’ll be gone in the next version, just like Timeline was.

        But I did look at the stupid article before posting. So there’s that.

        • Norgur@fedia.io
          link
          fedilink
          arrow-up
          12
          arrow-down
          2
          ·
          edit-2
          5 months ago

          So, are we done berating everybody passive-aggressively with just a sprinkle of condescension? Because maybe, just maybe, I was making a remark about the general practice of Microsoft to hide stuff behind nondescript bullshit names (especially in non-English versions where the English bullshit name gets translated literally most of the time, which yields even more nondescript results).

          Maybe, just maybe, you chose the wrong comments to act up on “PeOpLe NoT rEaDiNg ThE aRtIcLe” when all that was posted about was inconsequential stuff about the precise clicks needed to turn a feature off that’s not even in the respective menus yet. So this is not someone talking bullshit because they misunderstood the headline about a murder case or something.

          All that was said was about practices Microsoft has abused into oblivion: Hiding stuff behind obscure menus and hiding stuff behind obscure names. The comments made were a persiflage of exactly that.

          Maybe, just maybe, the precise placement and wording in a menu that doesn’t even exist yet is a topic inconsequential enough that people will not read the tenth article about the general subject (Copilot becoming “opt-in”) to make sure they wouldn’t miss this super irrelevant point to the story. A point which you guessed from screenshots that haven’t reached production yet (even if they are likely to go into production as shown, it can still change), so your condescending attitude is based on wobbly grounds.

          There are tons of articles where people post absolutely wrong and quite absurd stuff because they didn’t read the article. Some of them even matter (politics, world events). So let’s criticize people when they don’t read through actually important articles before posting, and agree that it’s okay to not read the exact article posted on unimportant sidenote stuff if one knows about the thing in general. Because if I’d be only allowed to comment on the article posted itself, I wouldn’t need Lemmy, I could just comment on the site that posted the article in the first place.

          Besides: You did notice that you commented on two different people, yes? Because you sure sounded like you didn’t read the usernames before commenting and thought you always replied to the same guy.

          • MudMan@fedia.io
            link
            fedilink
            arrow-up
            5
            arrow-down
            11
            ·
            5 months ago

            That is a very long rant to agree with me in that you care enough to rant about this online but not enough to read past the headline.

            So no, I have no intention to shut off the condescension, there is nothing passive about my aggression and people absolutely don’t read the article regardless of how important they feel the issue is. Yesterday this was all about the most important threat to the security of the average cosnumer, now it’s “unimportant sidenote stuff”. Somebody should have told MS how unimportant it is, could have saved the devs the crunch to fix it by the time it ships in 10 days.

            For the record, you’re right about how hard it is to find things sometimes in localized versions of OSs. That’s true of all of them, though, and I blame the fact that we’re all stuck here speaking the haegemonic language and reading about tech only in English while local journalists struggle to stay relevant, so we learn all the brand names and settings in English despite the software itself being available in localized versions. But that’s a whole other conversation.

            • conciselyverbose@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              5 months ago

              This is still a huge threat, because their “mitigations” are a joke. The only possible way this can be an acceptable feature is if it is built from the ground up with security as the primary concern. You can’t “tack on” security at the end and get a secure product.

              If security was in any way a consideration, there is no path to shipping anything where the database is unencrypted at any point. Not in an insider build. Not as a tech demo. Nothing.

              • MudMan@fedia.io
                link
                fedilink
                arrow-up
                1
                arrow-down
                2
                ·
                5 months ago

                I mean, no, that’s dogmatic weirdness. The feature is secure if the feature that is live is secure. Software isn’t magic, it doesn’t have karma, it works the way it works.

                Now, this is as secure as whatever they ship, but even assuming it’s ironclad it’s still a bad feature. You do not need an automatic screengrabber to remember what you did yesterday. Every piece of work software you may need to reopen has a recent files list, Windows has a file search function, browsers have a history. You have a brain. You don’t lose track of so much stuff that you need to be recording your entire activity just in case. This is a bad gimmick that covers no use case, just like Timeline was. And because it’s a bad useless feature the logical thing is to turn it off and forget about it, which is why everybody seems to have memory holed that Timeline ever existed.

                You guys really don’t need to get weird about it for it to be a bad idea, but since they’re railroaded into shipping it, at least it’s better to ship it with proper encryption and authorization features. Still turn it off, though.

                • conciselyverbose@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  5 months ago

                  The feature that is live cannot possibly be secure. That’s the entire point.

                  If you do not design every element that interacts with user data very consciously and deliberately around controlling access properly, you cannot get a result that is not massively vulnerable to bad actors. Security is a core design principle. It cannot possibly be achieved after the fact.

                  • MudMan@fedia.io
                    link
                    fedilink
                    arrow-up
                    1
                    arrow-down
                    1
                    ·
                    5 months ago

                    Yeeeah, I’m thinking this conversation isn’t worth pursuing. My point is already up there.

            • Norgur@fedia.io
              link
              fedilink
              arrow-up
              3
              arrow-down
              1
              ·
              edit-2
              5 months ago

              So your reply is, “but other people don’t read…”? Yeah, I’m not “other people”, so stop making me a scapegoat for behavior you’ve seen elsewhere (and on which I agreed with you, btw).

              Yet, you misunderstood my comment: Copilot is important. It not being encrypted is important (and hilariously naive). Where they put the turn on or off option in the setup menu ultimately is not. I wrote that pretty clearly. Didn’t you read my answer? That was the only information I could have gotten from the article I didn’t have already. Thing is: If I had read it (from a Screenshot I wouldn’t have seen anyway because I normally use reading mode, no less), I would still have commented on the dark patterns Microsoft uses to get you to send your “telemetry” to them.

              I have since skipped through the article and literally the only thing in there I didn’t know were those stupid screenshots. So why the heck would I read the article when I had read others just like it?

              You just saw something you’d been irritated about in other places and treated me (and others here) as if we were the offenders behind the things you saw as well, lashing out without provocation and felt justified because “it happens all the time”. While some of that’s correct, the people you went and “showed’em” aren’t the source of all evil, so skip the scapegoat bullshit and be civil towards people you’ve never talked to before, will ya?

              • MudMan@fedia.io
                link
                fedilink
                arrow-up
                3
                arrow-down
                2
                ·
                5 months ago

                Yeah, see, here’s how I know I’m not scapegoating you and you also didn’t read it.

                The article clearly explains they WILL in fact encrypt it and require a passkey to access it once per session.

                So yeah, no, my condescension is exactly about you. And others. But also you.

                • Norgur@fedia.io
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  5 months ago

                  Are you really this dense? The whole opt-in thing comes because Researchers found that Recall wasn’t encrypting shit and there was already a tool out to scrape this data automatically (Totalrecall). That was what I mentioned there. Come on, you must be trolling now. This is just laughable. But so you can’t be half-read my comments and make it fit your argument again, it’s even in the bloody article:

                  Microsoft’s changes to the way the database is stored and accessed come after cybersecurity expert Kevin Beaumont discovered that Microsoft’s AI-powered feature currently stores data in a database in plain text. That could have made it easy for malware authors to create tools that extract the database and its contents. Several tools have appeared in recent days, promising to exfiltrate Recall data.

                  • MudMan@fedia.io
                    link
                    fedilink
                    arrow-up
                    4
                    ·
                    5 months ago

                    Yes, I am aware. I read about that yesterday, and yes, I did read it again at the bottom of this piece. It was really bad.

                    Which is presumably why, a couple of paragraphs above, they explain that:

                    Microsoft will also require Windows Hello to enable Recall, so you’ll either authenticate with your face, fingerprint, or using a PIN. “In addition, proof of presence is also required to view your timeline and search in Recall,” says Davuluri, so someone won’t be able to start searching through your timeline without authenticating first.

                    This authentication will also apply to the data protection around the snapshots that Recall creates. “We are adding additional layers of data protection including ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates,” explains Davuluri. “In addition, we encrypted the search index database.”

                    Here’s the thing, it shouldn’t take somebody calling you out on it on the Internet and engaging in a defensive back-and-forth driven by pride for you to actually read the thing. Commenting should be secondary to following the link and figuring out what’s actually happening. But it’s not. That is the part that pisses me off. Not the stupid feature that is still bad even without glaring security holes. Only partially the stupid rooting for commerical products like they’re football teams. Fundamentally that our consumption patterns when it comes to information are broken and we think it only affects everybody else but not us.

                    That part is terrifying and infuriating.

    • umbrella
      link
      fedilink
      English
      arrow-up
      34
      ·
      edit-2
      5 months ago

      not to mention they are known to re enable telemetry on systems after updates.

      i doubt this will be any different.

    • MudMan@fedia.io
      link
      fedilink
      arrow-up
      11
      arrow-down
      3
      ·
      5 months ago

      There is a screenshot of the opt-in screen in the article. There is no default, just two buttons to say yes or no.

      I swear, outrage should only be allowed based on the amount of work one is willing to put in before expressing it. If you don’t do the reading, you don’t get to be publicly angry. It’d save us all so much trouble.

      For the record, the feature was always optional, as per the original announcement. Presumably the change is it is now part of the setup flow where it was going to be a settings toggle instead.

      Which is, incidentally, how this used to work the first time Windows had this feature, back when it was called “Timeline” in Windows 10.

      • Geyser@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        5 months ago

        The screenshot doesn’t show preceding flow to reach it, but I did miss the “requires windows hello to enable” bit, which does suggest that wherever it is, it would have to be opt-in.

        • MudMan@fedia.io
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          edit-2
          5 months ago

          It doesn’t because that’s one of the four or five screens during the initial Windows setup where you opt in and out of all the other spyware features. They all look the same and are prompted in sequence. Unless they’re doing something very weird you absolutely have to make a choice on each of them and they are unskippable otherwise.

          I mean, you don’t have to know, if you don’t know Windows you don’t have to recognize them. But if you do it’s pretty obivous, so you… you know, could have asked or looked it up.

          Or gone through the link, because come on, you didn’t. You were obviously just reacting to the headline.

      • Ibuthyr@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        The problem with MS is how they change these things in the future. It may be a clear choice now, but they will find a way to make it easier to “accidentally” opt in, or they’ll simply change it to an opt-out. They’ve been doing this sort of bullshit for quite some time now.

        • MudMan@fedia.io
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          They really haven’t. Their onboarding flow has included this exact type of forced option for advertising data, location data and bug reports for what now? A decade, give or take? They have a very specific design language for these.

          Plus, and I keep reminding people of this and they keep forgetting, they already made this feature once. It was on Windows 10, it was called Timeline, everybody turned it off and they never did much to change that, instead just adding a less intrusive offline version of it and ultimately removing it by the launch of 11 until… well, now.

          What I don’t understand is why you guys are so set on this specific list of grievances. You don’t need to dismiss the improvements they are making. They are improvements and they are a good thing.

          If you are set on rooting for or against OSs (and why would you, stop it, that’s weird) you can instead just point out that… well, the feature itself is still garbage. Even with a default opt out, even assuming it’s fully secure. It just covers no valid use case, unless you’re starring in Memento II. It remains a security vulnerability because social engineering and shared computers are a thing. It is exactly as dumb and useless as Timeline was, and there’s a reason nobody remembers that happened. The lack of AI search really, really isn’t why that failed.

          You don’t need to come across as a paranoid conspiracy theorist making up slippery slopes to keep criticising this about the things they are actually fixing. There are plenty of valid issues with it at a fundamental design level they are not changing. Being so wildly speculative about the eeeeevil corporate MS lying to us just makes the criticisms sound less valid when the actual thing they are doing is still pretty useless at best, and most likely really bad.

          • Ibuthyr@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            Look, I use Microsoft products. I have since PC-DOS became MS-DOS. You are plain wrong. Just look at the whole fiasco where MS is practically forcing users to tie their windows license to an account. It used to be easy to circumvent, nowadays it’s hidden like Waldo. They constantly do this shit. Stop shilling for corporations.

            • MudMan@fedia.io
              link
              fedilink
              arrow-up
              1
              ·
              5 months ago

              It is amazing to live in a world where pointing out that a feature is a trainwreck is “shilling for corporations”.

              That’s the part I just don’t get. Why you guys need people to be in denial or toeing a certain line, facts be damned. It’s not enough to be critical, people have to be critical at all times, of all things in the exact way everybody else is.

              The account crap is not a valid counterexample. Windows 11 (Home, at least) was always explicitly presented as requiring an account. The methods to install without it were always an usupported workaround. It does suck that they went the Apple path and traded up-front price for data mining, I would absolutely prefer the alternative on principle, even if I was already logging in on Win10 for work reasons. If there was a natively compatible Windows alternative without this requirement I’d default to that. My Windows installs have most of the related features disabled, where I can do that. I just recently got to a place where I can disable OneDrive now and I am incredibly happy about it, since we’re talking about it.

              But it’s not a slippery slope, it’s them gradually closing the unsupported loophole that was keeping some people from flipping out about it as it becomes clearer that vas majority of user are, in fact, logging in with a MS account.

              This is a datamining feature that is immediately unpopular and they are actively backtracking on it. There is clear precedent for this exact same functionality and it didn’t go that way. That’s not shilling, that’s just how reality worked last time this happened. Literally this. The same feature implemented in a very similar way.

              Again, there is plenty of legitimate stuff to complain about here. A lot of it is terrible even after the changes to opt-in and security. You don’t need to make up a fictional future scenario where they un-fix the stuff they are fixing. You can dislike the fixed version for actual, good reasons without having to sound like a weird online cultist.

    • gravitas_deficiency@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      5 months ago

      Remember when making a Microsoft cloud account was optional during Windows installs, and it was trivia to skip/opt out?

      Pepperidge Farm remembers.

      They are 100% going to do the same thing here.