This could make for a good action scene in a movie. A hacker has to get access to data secretly, so they constantly minimize what they're doing every 10 seconds to avoid the AI monitor.
In the end, just as they breathe a sigh of relief and stretch their arms, a popup gives them away.
Then the scene cuts to a security guard getting an email. Then the scene cuts back to the hackers booking it.
It really doesn't. Not a single person I've spoken to likes the idea of this, at all, and I'm not talking just tech people. Every last person I've spoken to of all ages and from all walks of life at best is like, "I can turn that off, right?"
My wife's jaw literally dropped when she first heard from me about the kind of fuckery-duckery Microsoft is trying to pull here. She's been an Apple girl since forever, no fan of Microsoft, and not particularly tech-savvy, but she knew exactly the implications of Recall and immediately figured out that it was a whole new level of awful, even for Microsoft.
I for one built something like this on Linux. It takes a screenshot every few seconds, when there is recent mouse or keyboard activity. Then applies OCR on the screen shots and indexes them. It was fun, but I don't want the overhead of maintaining it long term.
> Microsoft states that "Recall snapshots are kept on Copilot+ PCs themselves, on the local hard disk, and are protected using data encryption on your device and (if you have Windows 11 Pro or an enterprise Windows 11 SKU) BitLocker." From the wording here, that looks like your snapshots will only be encrypted if you have Windows Pro or a business Windows code.
I don't think that's what their main page is saying, but it is ambiguous enough to be confusing.
The parenthetical after the "and" is throwing people off. My interpretation of the sentence is that recall snapshots are protected using data encryption on your device, no matter the version of Windows 11. However, if you have Windows 11 Pro or the enterprise SKU, you gain the additional level of protection of using Bitlocker - which could mean that the key to encrypt those snapshots lives in the TPM (or not). It's just too ambiguous and needs clarification.
> Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11. Recall doesn't share snapshots with other users that are signed into Windows on the same device. Microsoft can't access or view the snapshots.
The data is still being recorded and saved. For example, it could make my security weaker by recording a password briefly displayed on screen. Now there's a second copy stored elsewhere on my computer than the password manager.
Also, that only mentions the snapshots (the images) themselves. It feels like its leaving them an out for data pulled from the pictures or summaries of locally processed data.
Yeah I have no doubt they would use the data gleaned from the images. All the data generated from processing the screenshots to be useful to the user would be just as useful to third parties. More useful than the screenshots themselves, in fact. I haven't heard anything about promises to keep the extracted information locally.
Device Encryption and BitLocker use the same encryption, BitLocker offers more options for key management.
If you login to a Windows Home machine as admin with a Microsoft account, then the key is stored in the TPM with a recovery key in the Microsoft account. Before that, the key is stored in plain text on the drive, meaning it's not really secure. There's no option to save the recovery key onto paper or a USB key.
So, they are really just saying the data is stored on your hard drive, which follows the usual hard drive format of Windows.
The already existing push to force everyone to log onto their local computer with an online Microsoft account (instead of a traditional local account), along side telemetry users cannot completely turn off already showed the company moving in a privacy hostile direction.
This move seems a lot like using machine local AI to feed additional user interest data into everyone's online profiles for Microsoft's growing ad business.
I'm also willing to bet that enterprise would value an additional way to track employees.
The beatings will continue until privacy concerns actually influence a large proportion of customers’ buying decisions.
The problem is that there are endless huge incentives to invade privacy: ads, selling data, product telemetry, even the push for internal metrics. Nothing counterbalances this. Most customers just don’t care.
I don't know how far US companies (and their NSA) have to go to make EU companies go "wait, they're doing industrial espionage on us".
Just the fact that companies outside the US use Outlook and OneDrive for everything is mind boggling to me, but this recall thing is industrial spyware to the extreme.
US (and the NSA) is our best friend. Thanks to US we have the freedom to choose our best friend. Our best friend gives us everything we need and helps us to make good decisions.
Even if our best friend looks at what we are doing, this is just to help us further.
I don't understand why people have such a big privacy issue with this. It all happens on your device.
I understand being concerned about Microsoft using it to target ads or moving it off device in the future But the four scenarios laid out in the article don't seem like a problem.
> You're using a public computer
> You're using a work computer
> You're using a shared family computer without a password protected profile
> Your computer gets stolen
You shouldn't expect privacy on public or work computers. For all you know, they could already be doing this.
Ditto for a PC where you share an account with other people.
And if your laptop is stolen and they have your passwords, you're fucked anyways.
"It's already bad, I don't see why making it worse is a problem. It's just one more thing to worry about."
There's more at stake here than passwords. These repeated screenshots are essentially a slow, silent video of all computer activity. That has far more information than you may think it does. It compromises HTTPS content, it records data that otherwise would only be in RAM, ...I could go on.
I log in to an end-to-end encrypted chat with a family member. We talk about life and the subject drifts to plane tickets we already bought for next month and how the neighbor across the street isn't going to be home until the end of this month.
The thief who stole my laptop now has also stolen a recorded conversation along with my passwords. Now they know when two houses will be empty. This would not have happened without pictures of my screen being taken frequently.
So this thief has access to your filesystem, therefore your machine's passsword? You can't just pull out the hard drive and put it in another system, at least not with even just decent practices.
But the thief will also have your browser history, any saved passwords, and so on?
Obviously Microsoft isn't going to sell their profile of you to petty thieves. But they probably will sell it to at-scale-grifters looking for marks or fascists looking for dissidents.
Thanks for coming up with a specific scenario for me.
I do agree that the outcomes in this case might be worse than an alternate universe without the recall feature.
That said, if someone steals my laptop and can log in, I am already pretty fucked. There are so many other ways they could get this or other information, from email, calendars, etc.
Even without everything else, a big threat vector is people not knowing better who have it on, and then give access to their machine not realizing what they've done.
Total, constant, omnipresent surveillance feeding an AI model of every single individual that is so powerful that it can persuade us deeply and without our knowledge.
Note: this is basically already happening.
It's just the sad tripling down on advertising technology being our most advanced technology.
>advertising technology being our most advanced technology.
This is a huge distinction I want to point out: Nothing anyone has done in the past twenty years has been to make advertising more effective, though that is what is often claimed. The system however, only works towards making advertising more profitable to Google and Facebook. Everything else, including advertising effectiveness, has been slaughtered at the altar of "Gotta make line go up" inside Google and Facebook.
Both companies benefit greatly if the amount you spend on advertising goes up because it's not as effective as it used to be.
They also run most advertising as explicitly adversarial instant auctions, meaning the ad that runs before your Youtube video isn't the one most likely to get you what you want, or fix a problem you have, or even please your dopamine system, but rather the ad you see is primarily driven by who spends the most. This means that every midsized company that is so stupid as to misconfigure their advertising run will run a lot of ineffective ads, while the lean company doing innovative things locally who can only afford a "reasonable" ad spend will end up running far fewer ads.
The system empowers those with deep pockets and silences those without. Intentionally. This also makes it pretty easy to keep your new competition from getting any oxygen in a market.
I believe Google says that they include other things in the bidding process, including a specific claim that if you run a shitty ad that nobody every clicks on, it will be down-ranked in the ad auction, but they have billions and billions of reasons to not do that as effectively as they could. They are financially motivated to make advertising less effective and more expensive for consumers and producers alike.
Getting your doors kicked in because you posted "disinformation" on the internet, or said something "unpatriotic" to a rando on the street and got reported to the cops. You won't have time to lock your computer, or if you do, the password will be pulled out of you with pliers, along with a couple of teeth. It's a daily reality in some parts of the world, including my own country and another one where I have many friends.
> I don't understand why people have such a big privacy issue with this. It all happens on your device.
It's not hard to imagine situations where this complete and total information package can be exfiltrated or otherwise abused. Roommates, stalkers, one night stands, domestic govt, foreign govt, domestic hackers, foreign hackers, computer repair techs, employers (seizing a personal device), etc, etc etc.
There is no scenario in a free society where this should be allowed or tolerated.
> Should I not be allowed to use a password manager because it would be problematic if my roommate or one night stand copied it?
You are free to use or not a password manager. What ms is doing is shoving things by force. It's not an opt in feature, their OS is becoming something ugly fast
This just pushes the question, what else should be opt-in because it could be abused by someone given full access to your laptop? Saving browser history? Persistent logins? Shell history? Document recovery? Spotify listening history?
This is why Windows has the "airtight hatchway" beyond which security against the user accessing their own data stops applying. Inside your login is by construction where your private data goes. Adding more of it shouldn't matter as it's all protected as the same. Like I agree that this feature is annoying but it's not a security risk, Windows promises no security against yourself.
> There is no scenario in a free society where this should be allowed or tolerated.
yes there is, I think you're lacking imagination. such a vision does require re-imagining a lot of what society is, and even of how we undertand ourselves relative to our many groups and super-groups which we belong to
Or a surge of competition from open source operating systems (to which I, for my part, have permanently migrated -- years before this new stride toward dystopia). :D
Does an open source OS have an AI watchman? You can check! If yes, you can fork and remove it.
All that's happening here is the lack of control over your hardware and software is being emphasized a little further. Put another way, you already live in totalitarianism. Microsoft or Apple have de facto totalitarian control over your computer. They always did.
Just depends on whether you trust Microsoft or not, and I already mentioned in my comment that I understand concerns about the on device part potentially changing in the future.
If that happens, I wonder if future generations will believe us when we insist that wasn't the intention; We just wanted a helpful AI that takes pictures of what you're doing every 5 seconds in case we forgot what chinese food place we like.
Can you explain, down to CPU instructions and network packets, what it is that "happens on your device"?
If the answer is anything else than "yes, I'm the absolute world authority on that" then you don't know how or whether Microsoft is respecting your privacy (same reasoning goes for Apple, for Google, for mobile phone radio stack, …).
Isn't this just a general argument against closed source software and nothing specific about this recall feature?
If you don't trust Microsoft then yeah I can see why you wouldn't want this feature but you probably aren't using Windows in that case anyways, so it is a moot point.
Up until recently, regardless of the source accessibility, certain things were just impossible. For example, a computer could not universally interpret and categorize what you’re using it for. Now it’s entirely possible, so naturally people’s attitudes change.
There are those of us who care about our spouses/children/family/friends and what this means for them, even it doesn't directly affect our daily lives. There is nothing wrong with our being concerned about that, and it doesn't make our opinions on the matter invalid.
What may be a moot point for me is not a moot point for millions of users. This feature seems to be enabled by default and needs poking into settings to disable.
Microsoft have proven time and again, by their acts and omissions, that they can't be trusted.
Relevant quote from the source: "During testing this with an off the shelf infostealer, I used Microsoft Defender for Endpoint — which detected the off the shelve infostealer — but by the time the automated remediation kicked in (which took over ten minutes) my Recall data was already long gone [ie. exfiltrated to a bad actor's device]."
Perhaps you have lived a charmed life. Stable government, never gotten on the nerves of power brokers, no former friends with abusive tendencies, never been a refugee of state actions. And you, nor those you care about, do not expect to be on the receiving end of any of that.
Then having less and less privacy is fine. And it's perfectly reasonable to trust Microsoft to implement this tool with honesty and care.
> Storage and processing happens on your device and it is encrypted
Microsoft controls this entire process. They could easily send copies back to "the mothership" like they probably already do with the processed results.
> It seems like the actual issue people have is that they don't trust Microsoft or they don't trust the government/people/everyone.
Whether or not this invasion of privacy is cause for concern depends on your level of trust. But it is still a privacy issue.
> Microsoft controls this entire process. They could easily send copies back to "the mothership" like they probably already do with the processed results
Microsoft controls the whole operating system, they can already do whatever they want with your data. They could be sending screenshots back to the mother ship already.
I can understand why people may not trust them but they already have the keys to the kingdom. This new feature isn't any more or less private than Windows already is.
Person trapped in abusive relationship gets forced by abuser to show their computer activity which exposes their attempts to reach out for help. The fact that the recorded history exists means that it will be used for harm.
>or they don't trust the government/people/everyone. Which is fine and understandable, it just isn't related to privacy.
You can't possibly believe that. What am I missing here? Can you explain why this doesn't have everything to do with privacy? In order for it to not be relevant to my privacy, I have to trust the software spying on me and that Microsoft and the government won't use it against you if it benefits them in some way. I do not trust that, even though I also live a charmed life relative to most people in the world, I think. That doesn't mean I haven't read how, historically, government and other people of power are not to be trusted any more than absolutely necessary.
> I don't understand why people have such a big privacy issue with this. It all happens on your device.
For now. It's not hard to predict that, sooner or later, Microsoft will want to send that information to be processed somewhere in the cloud (and of course, they will say that it's encrypted in transit, and will never be shared with anyone else...)
There's also a more fundamental issue: absent explicit recording, we treat everything that's output to the screen and speakers as ephemeral. Recording everything by default changes that paradigm. It's like having a hidden camera permanently recording on your bedroom: it's a place where we expect privacy.
> You shouldn't expect privacy on public or work computers. For all you know, they could already be doing this.
They could, but they shouldn't. It's like a hotel room: for all we know, it could have a hidden camera permanently recording everything that happens in it, but we still consider it a serious privacy violation when that actually happens.
> And if your laptop is stolen and they have your passwords, you're fucked anyways.
My laptop being stolen doesn't currently mean that the thief can know exactly what my screen was showing a couple of weeks ago.
> It's not hard to predict that, sooner or later, Microsoft will want to send that information to be processed somewhere in the cloud
I really don't believe that. It reminds me of the hysteria about Windows 10 telemetry (remember when people called it a keylogger?). Putting it in the cloud would cause huge backlash and brand damage. But somehow they're getting that backlash despite not putting it in the cloud.
> absent explicit recording, we treat everything that's output to the screen and speakers as ephemeral
Computer forensics experts would like a word. Your past activity has never been private from "yourself". The added privacy risk here is highly marginal. If I steal someone's laptop, I can Rewind and see what was in a PowerPoint slide they opened 2 weeks ago. But that PowerPoint is almost certainly still on the local drive anyway, so that makes no difference.
You can also rewind and see their whole banking workflow. Or you can rewind and see that they like people of the same sex and that's a death penalty in some place, etc....
I think it would be more likely that they would process it locally and let it extract lots of info at -your- expense and then upload that info,probably would result in 1000x less processing and storage expense. Also a lot of people are overlooking that we in the USA are facing an election in 6 months that could easily be the end of democracy in America and rise of an era of fascism where privacy means absolutely zero. Thus, we failed to think of the consequences of not voting/standing up for liberty and will pay a heavy price.
>> There's also a more fundamental issue: absent explicit recording, we treat everything that's output to the screen and speakers as ephemeral.
This is very much like why it feels quite different to have automated license plate readers tracking and recording where your car has been - even though that is clearly public and visible by the fact that your car is driving down public roads.
If I trusted Windows's security. If I trusted (the competency or integrity of) Microsoft developers. If I trusted this to not get swept up in telemetry, or accidentally left in some never-to-be-cleaned tempdir. If I trusted Microsoft to be able to develop Windows features that were actually entirely disable-able or removable.
If all those things were true, then meh, fine. But for me, none of them are true, and it makes me truly happy to already be a happy Linux user.
> you shouldn't expect privacy on public or work computers. For all you know, they could already be doing this.
It might be something I should expect, but I'd still slap my laptop over the head of my superiors if I found out that there was scren recording on employee computers. Regardless of whether it's legal, and regardless of whether I signed a form saying I understood that this was within their right. Any manager or corporate IT person who doesn't understand that actually implementing that would mean severe risk of being slapped in the head with laptops is clincally insane.
I agree there shouldn't be much privacy outrage for this particular windows feature so long as this is a local-only feature and I can disable it.
I am not at all confident that this is true. If we take Microsoft at their word, the raw data is stored on your device. But is processing ever done on Microsoft servers? Are the results of that processing ever sent to Microsoft servers?
Given that Microsoft is pretty aggressive about moving Windows to being an OS-as-a-service, it's hard for me to think that all the data Windows handles stays on-device.
I believe it operates on a site-by-site basis since there's settings to tell it to ignore screenshots of certain webpages (at least they're doing that). So one window is blacked out but the other is visible.
Just gotta remember to set up all the sites you want blocked which I expect to be made as complicated as possible and a little nag window on the bottom left every time I visit a blocked site, i.e., "Recall isn't able to take a snapshot of this webpage" with a big "FIX NOW" button.
its the sites that produce some javascript bloatwarae that tells the browser to display a blank page when a screenshot/screencapture software is used.
in my opionion that is giving the javascript ecosystem way too much power, though that is life with DRMs ... pretty sad times when folks pay providers and allow the providers to disable a screenshot lol
I'm sure you agreed to give them a non-exclusive, world-wide, royalty-free, un-fuck-with-able license (or some such) to any data saved to your hard drive when you accepted the terms of use for Windows. /s
But now I'm curious if there's case law around the question of passwords being copyrighted. That might be a decent avenue of protection but the aforementioned agreement probably
supersedes it.
From a quick search it doesn't look like they are, and there's no explicit law on who "owns" a password. Consensus right now is to operate under the assumption that the maker of the software is the owner of the password, not the user.
It's a built-in "feature" of the renderer/DRM they get "for free"
I used to work adjacent to screen capture at BigCo and advocated for enabling _some_ way to allow simple $STREAMING_VIDEO_PROVIDER screenshots. Turned out even with full source access and desire to prototype, you couldn't.
Air quotes mean "I hate this too", just posting to explain why the feature team would find ex. passwords capital H-hard versus DRM'd content.
Sailing the high seas continues to have a better user experience than paying for content. I suspect most media DRM causes lots of annoyance for legitimate customers while barely impeding pirates.
This is true, I don't even really know what this fuss is about or even what this "DRM" thing is except it's something the .nfo file says has been removed
I wish it were possible to enable a stricter mode that uses something like filesystem overlays to help contain known-unruly software like Adobe Creative Suite. Under this mode, any attempted filesystem reads outside of ~/Library/Application Support/<appname> that aren’t explicitly approved by the user would simply return nothing, and eliminating all traces of the software would be as simple as deleting its respective FS layer/sparseimage/etc.
This is actually one of the features I like in Android. You can strictly limit where an app can access. They are tightening the screws with each release as well.
Only if the same limitations were applied for Google services...
I'm torn about this feature. The case you describe is helpful, but I mostly notice this feature when it's preventing me from snooping in application-specific folders of third party apps. I hate the feeling of knowing that a lot of data my phone is processing is completely invisible and inaccessible to me, the phone's purported owner.
Yes, any such feature should be bypassable by the owner. I hate that on phone they've decided that the owner doesn't have complete rights to their own system.
This is what SELinux provides though, is the thing. What we've really messed up on with desktop is not getting this to a state where it's reasonably manageable.
Problem is again that these screws also do apply to the user and smartphone OS are the worst role models I can think of.
Smartphone OS now are neither particularly secure, nor very useful considering the relative power of what the devices could do in theory.
Sure, there are ways around it, but to me the ecology of phone OS is disastrous enough, that I just don't bother with it aside for doing calls and using it as a mobile router. Even if it is a shitty router that could be so much better.
And no, I don't want an OS that gives me an advertiser ID and gaslights me that that is for my best. And no, I don't care that I can randomize it with a press, it is designed to ID you and at some point you will be too lazy to care about your quite shitty operating system.
This is kind of how sandboxed apps on the Mac work - they can only see files or directories that the user has manually opened in the app though one of the OS facilities (double-clicking a file, drag & drop, or the OS-provided file open dialog)
It would have been nice if you could just force non-sandboxed apps (basically anything from outside the Mac App Store) to be sandboxed.
System log files have the potential to contain all kinds of sensitive data from all users of the system. Your own processes only have access to your own data.
You can't block one being taken but you can make it so the content isn't captured by the screenshot, and make the screenshot detectable, both of which are kernel level services provided by the OS or indeed even the hardware.
* The hieroglyphics on the left of the dialog box are supposed to distract anyone who is peering over your shoulder trying to learn your password as you type.
* The number of characters you type is hidden; a random number of X's appear instead of one asterisk per character.
it's probably going to get worse. Now that we have normalized using 2GB of ram for a text chat app because it's a bit easier to code, I bet it's only a matter of time before they go one abstraction level higher and start emulating an entire OS.
Well, it could capture only content of programs that ask to be captured, while they do.
Web browsers could not ask to be captured when sensitive content is on screen (perhaps the web server could communicate that in headers). So could code editors and other production software that deals with trade secrets and confidential information. As well as any government and armed forces, medical, legal and similar software.
SharePoint supports sensitivity labels for documents. These labels are synced to the device through OneDrive if my memory serves right. I think that could be (if it’s not already) extended to non-SharePoint documents. If an application deals with these documents, it could also not ask to be captured at that time.
Capturing for Recall should be opt-in per program, so no legacy software leaks info.
Even with visual captures, look at what Discord, Zoom and even PlayStation live streaming and captures do - they simply block out the parts of the UI that could contain sensitive info.
But bigger cross-program Windows API feature adoptions have been achieved, like dynamic DPI scaling, DirectX, multitouch support, UWP and similar.
They could do it, if they wanted to. But I think right now it may all be a half-baked executive idea. It will evolve into something though… there is an opportunity to do it right.
Indeed, it already won't capture Edge's equivalent to Incognito Mode because the OS already knows what that signal is shaped like. But there isn't an equivalent, general "This window should be private" OS-level signal because none was ever needed before.
try the native screen recording feature on iOS if you have an iPhone or iPad. go log into some website or app. the recording will show the keyboard come up, keypress animations, and the characters being entered into the username/email field, but when you focus the password field all of that disappears. I was surprised when I first saw it, but it totally works
All proprietary systems have been protecting the system from the user for a good while now. It's what they mean when they say "the system is more secure". It's not for your security, it's for securing their interests and their partners interests.
Microsoft’s primary customers have been businesses and government for decades. This includes PC OEMs. You usually have little to no relationship with them.
A company grows toward its customers like a plant grows toward light.
Haha, wow, I hadn't realized they'd finally moved ahead with blocking screenshots on my own computer. Anyone know what level that's happening at and how hard it is to circumvent?
The article says that the DRM block is "reassuring on the surface, but it's still far too vague for anyone to actually have any faith in it." I disagree--it's not reassuring on any level whatsoever.
When you play a video, you're (usually) sending the encoded video to the GPU for hardware-accelerated decode. The resulting decoded frames then live purely on the GPU.
However, rather than each video frame being decoded into a distinct VRAM texture with its own manipulable GPU handle, with hardware-accelerated decode, you just tell the GPU to allocate a single buffer — a mutable canvas, or "draw context" — and then tell it that, as the chunks of your encoded video stream are being played, decoded, and rasterized into frames by the GPU, the GPU should be writing each successive frame it's generating into this buffer.
In this setup, the only thing you can get a GPU handle for (besides the encoded video stream) is that buffer. That buffer is special, being the target of the GPU's own asynchronous hardware-accelerated rendering process; so that buffer is referred to as a "hardware-accelerated draw context."
(These days GPUs have enough VRAM that you really could get away with dumping each frame out to its own immutable VRAM texture buffer; but back in the early '90s when hardware-accelerated video decode was first invented, reusing a single buffer [or maybe a pair of them] for decoding was a practical necessity. Hardware-accelerated draw contexts have been core to how GPUs work since there were GPUs.)
In general, the GPU doesn't allow you to read directly from the VRAM backing a hardware-accelerated draw context (because doing so could block the GPU from writing to it, and also because doing so wouldn't get you a coherent single frame's state out.) The GPU locks that VRAM up and considers it to be "its to use" for as long as the draw context is the target of a hardware-accelerated pipeline. So the GPU will ignore any attempt to use any existing handle you had to the VRAM backing the draw context; only the handle to the wrapping draw-context ADT will work, and that handle doesn't have "read from" as part of its command-set.
So how does such a draw context even end up on the screen, then?
When a desktop window compositor sets up the GPU to display your windows, it takes various draw-contexts — some of which may be hardware-accelerated — and lays them out in 3D space, with a (usually orthographic) projection. The GPU itself is then told to take care of the rest (the final toplevel "get this scene out and onto a screen" part) internally. There's never a point under normal GPU rendering, where your entire screen-contents are rendered out to a single (externally-addressable) VRAM texture.
What happens when you take a screenshot, then? Usually, the compositor is pinged to ask it to render that screenshot; and it does so by allocating a screen-sized VRAM buffer, and then taking each GPU handle in turn and telling the GPU to copy the VRAM underlying that buffer, into the target buffer. But oh no — HW-accel draw-contexts don't have exposed VRAM handles!
It used to be (until... Windows Vista, I think?) that hardware-accelerated draw contexts in general (like videos being played using hardware decoding, or like 3D games) just weren't ever captured in screenshots, DRM or no. This was purely a question of GPU performance: a GPU with an architecture that could snapshot a frame of an HW-accel context, wouldn't perform as well as a GPU with an architecture that couldn't.
When this ability was later added, it was done so by adding a feature to the GPU: a command was added on HW-accel draw contexts, that would prompt them to stop whatever rendering is happening into the buffer for a moment, at a coherent point; to snapshot that coherent state of the internal VRAM state, copying it over into a non-HW-accelerated buffer; and to then get the accelerated rendering going again. The compositor therefore now had the ability to ask the such draw-contexts for such snapshots, to then be re-copied out into a WIP screenshot.
> there's never a point under normal rendering where your entire screen-contents are flattened into a single (externally-addressable) VRAM texture.
...although there used to be, back at the dawn of GPUs. The first "3D acceleration cards" didn't do any 2D drawing — and so PCs would actually have distinct 2D and 3D video cards!
The oldest 2D video cards for PCs, were just persistent framebuffers — their "VRAM" being just for what was on the screen. They relied on the OS to find anything that had been uncovered, and tell the app to repaint it.
But the last and greatest 2D video cards, from before 3D took over, were masters of copying memory around. Each frame, they'd be doing all of these huge accelerated rectangular blits of windows and their controls — some VRAM-to-VRAM, some from main memory using DMA — to bake down a VRAM buffer. They were hardware-accelerated 2D compositors, and they were great at it.
When early 3D cards came along, all that changed at first, was that your OS would tell your 2D card that there was a certain region it was to avoid drawing anything on. The 2D card would leave a black rectangle there.
The 2D card would render and rasterize its VRAM to VGA — and the 3D accelerator card would then be passed this same VGA signal, along a cable, as if it was a display. It would mostly just repeat everything it saw. But when the signal hit the timings for where those black rectangles should appear, then it would instead emit its rendering of the 3D content. (In other words: early 3D cards were https://en.wikipedia.org/wiki/Genlock cards!)
A "hardware-accelerated draw context", in this very early conception of the term, was precisely the geometry, defined by your OS, that your 2D card knew to not bother to draw; which was also the geometry that your 3D card knew was its to draw on.
2D and 3D video cards later merged, and at first you just got one card that did both of these things, as separate phases, with the bridging now internal. But the concept of an HW-accel context lived on.
But later on, actual "GPUs" emerged — in the form of 3D hardware that was now sorta-okay at doing VRAM-to-VRAM copies, and also provided legacy VGA BIOS emulation. So people ditched their 2D cards.
But this change actually kind of sucked, because it meant that all the per-frame 2D blitting (which, again, GPUs were just barely passable at) was now contending for GPU time with 3D stuff. And modern OSes had grown highly dependent on being able to do lots of 2D blitting each frame.
This was why "full-screen mode" was, for the longest time, the way to get the best 3D performance out of a GPU, even at the same display resolution. If you tell the GPU that you want to cover the entire screen with a 3D hardware-accelerated draw context... then it will realize that it'd be pointless to keep drawing the "2D world", and so it will stop spending its time each frame doing 2D VRAM copies to render the 2D-composited layer. It takes the whole OS window-drawing VRAM-copy command-queue out of the loop.
(And also — once there was OS support for this — switching to full-screen mode would also cause the GPU to flush out all the VRAM textures for rendered windows, fonts, icons, etc — giving a 3D app or game far more VRAM to work with. Coming out of full-screen mode would likewise ping the OS to reload all the system brushes and textures into VRAM; and then ping all the running apps to redraw themselves.)
If I thought it would be appropriate, there’d be a :hands-clapping: emoji here thanking you for that infodump (and the reply). That’s a great and useful explanation that’s easily modeled mentally. (“easily” lol)
Question, what stops you from modifying the GPU driver to make it so the command to set a draw-context to be DRM'd is a no-op? That way the gpu would happily let you snapshot the context, and the OS would be none the wiser. Or is gpu driver tampering something nvidia explicitly designs against?
EDIT: oh wait, i bet the driver is signed and the OS checks it and only allows DRM content to play if the driver is signed by nvidia. That would make sense.
I think at least the last bit is incorrect: DRM protected video is still often decoded by a hardware decoder built into GPU.
I am also in doubt about the claim that there's never a single VRAM texture that contains the entire desktop, because while I see potential ways for GPU during sending frame to the monitor to assemble said frame on the fly, it sounds implausible vs just reading it from a premade buffer.
> I think at least the last bit is incorrect: DRM protected video is still often decoded by a hardware decoder built into GPU.
I misspoke, sorry — the last paragraph is meant to say that the CPU "decrypts", not "decodes", the video (inside the Intel SGX enclave.)
> I am also in doubt about the claim that there's never a single VRAM texture that contains the entire desktop
Some GPUs do work this way internally, but my phrasing was specific — even when such a VRAM texture buffer exists, it's not addressible outside the CPU itself. You can't get a handle to it. (And even if you could, it'd just be another HW-accel draw context — and so would be DRM-tainted if-and-when any buffer being copied onto it is considered tainted.)
But why wouldn't you want a GPU work this way? What's the advantage of not having some kind of "final screen buffer"?
It mostly comes down to a quirk of history. Movies are 24FPS, while computer CRTs were mostly designed for 60Hz refresh rates (with no support for 24Hz modes.) And when people see "hardware-accelerated video playback" as a feature on the box of a video card, one of the primary things that people expect that to mean, is that you should be able to play back your 24FPS movie on the 60Hz display. In windowed mode. With the desktop being refreshed behind the 24Hz movie. Smoothly.
If videos were mostly 30FPS, this would be easy, because 30Hz divides 60Hz; each video frame could just be copied to the 60Hz "final screen buffer" twice with the same content. But 24Hz doesn't cleanly divide 60Hz — you'd need each video frame to appear for 2.5 "final screen buffers." (And just doing that naively — that's called 2-2-3 rendering — is very stuttery.)
If you're doing this by trying to render out a "final screen buffer" VRAM texture in lockstep with your display frequency, all in advance of sending that texture down the pipe to the display, then for each frame, you need to complete that rendering pass with enough time left to communicate it to the display. But what happens when it takes a really long time to send the signal down the wire, leaving you only a little time each frame to actually render everything? In fact, what happens when the display is analogue — like a CRT — where the timing of sending the data down the wire is directly related to the timing of drawing?
Well, certainly, you can pipeline this final rendering — i.e. make everything show up one frame behind, so that you can work on each frame for an extra entire frame-time. But gamers won't like you messing with their draw-contexts that way. And gamers are the core audience for your product.
And also, that still doesn't let you render the video in windowed mode "smoothly." It just means that you have now have slightly less than one full frame-time, each frame, to do the concurrent work of decoding... 2.5 (or some even worse multiple) frames of video, and then doing something with them to squeeze it down to one frame.
And also, how should an active hw-accel video-decode draw context react to the OS changing the display resolution to one that uses a different frequency? Or worse — though not invented at the time — to a Variable Refresh Rate monitor, that can be arbitrarily sent frames using FreeSync?
What the GPU vendors decided to do to make this work, was to require one of two things — either:
1. that the algorithm of the video codec directly support decoding of a fractional frame position; or
2. that the creator of the draw-context pass it a VRAM buffer with enough space for not just one, but several (usually specifically three) full extracted frames. This buffer gets used as a ring buffer, with each new frame becoming a source texture; and these frames are then interpolated together (with some GPUs offering fancy motion-interpolations, and others just doing a linear interpolation) ac...
I forgot to mention the best part — a trick that modern GPUs can only pull off because of how they feed their DPEs:
Take a modern computer with a modern GPU, and plug the GPU into one 75Hz monitor and one 60Hz monitor. In your OS, arrange the resulting displays to be aligned horizontally. Start an (HW-accelerated) video playing. Now, place that video so it straddles the boundary between the two screens.
When you do this, each DPE will actually be demanding frames from the video draw-context on a different schedule; and so each DPE will actually be getting a snapshot copy of (its slice of) that buffer using a different time-weighted interpolation of two frames! But the result will look perfectly smooth and synchronized!
This synchronization would literally not be possible if the HW draw-context wasn't being snapshotted using each DPE's current rasterization/wire-encoding clock as an input.
The input required for this could — in theory, at least — be synthesized in a pure-functional manner internal to the GPU's compute, by having a final VRAM-to-VRAM copy that is done by a compute-shader with some extra logic to map each pixel position to a simulated DPE's raster-clock time.
But just having a DPE that really does things that way — keeping a physical raster-cycle clock, a "narrow" (much smaller than screen-sized) ring-buffer, and a demand circuit that issues fill orders for the GPU to write lines or tiles into the ring buffer according to the clock — is cheaper even than not synchronizing at all; let alone to doing synchronization through extra VRAM (for the mastering buffer, and for a per-pixel draw-context centroid UV texture) + an extra compute-shader pass with a virtual raster clock.
> but who's telling it? Is it a driver? And if so, can a driver be made that just doesn't do it?
Yes, but then Microsoft haven't signed the driver, and it won't have the correct hardware root of trust to decode the key, so it will fail and the service will fallback to a less secure mechanism which is why services will normally limit the resolution of the content delivered via those mechanisms to 720p or less.
> So while you can't capture a screenshot of the decoded frame, you could in theory capture the (encoded) video in RAM.
There was a simpler technique. Open a second video player, then screenshot to your heart's content. Windows hardware acceleration for video had only one gpu thread or something like that, I don't remember the exact details.
Print screen already doesn't work with DRMed content, so why would this be any different. On the other hand, how can you guarantee that it won't capture passwords? Even the passwords you enter into Firefox in a web page after clicking the "show password" button?
Yeah but a screenshot is an explicit action by the user where they have the opportunity to curate what is captured. That is not the case when it's just going on in the background.
What about Window's built in "Capture last 5 minutes" screen recording, as a part of their gaming features? Or the same feature that's just enabled from the nvidia drivers?
Also an explicit action. Look, most people don’t know anything about computers. If it says use recommended settings, they will go for it. Even an explanatory first-install screen with “consent” is just jumbo jumbo to regular folks. It’s not comparable to installing custom software or enabling a feature from the settings. It’s incredibly irresponsible.
Even so, such invasive features need to renew consent and/or periodically alert users. The risks with someone else enabling them to spy are too high.
> The fact that it ensures to not take a snapshot of DRM content but also explains that it doesn't hide PASSWORDS in snapshots is INSANE to me!
The article gives the impression that passwords will only be captured if they are displayed. So there are only three scenarios where I can envision this happening: the end user opens a document that contains their passwords, the end user opens their password manager and chooses to display their passwords, or the user chooses to reveal the password field.
Case 1 is bad practice, plain and simple. (Though I will acknowledge that people do it.)
Case 2 and case 3 can probably be fixed, provided the software doesn't define custom controls, since there is already the option to protect DRM content. Microsoft should have provided this functionality and given developers time to adopt it (not doing so is a bad move on their part).
On the whole I think this is just trying to rush things to market, rather than the product of any form of malice.
That being said, I am glad that I don't use Windows outside of the work environment. Something also tells me that my employer is also likely to disable this feature. (They have more to loose from a data breach of confidential data than they have to gain from tracking employee computer usage.)
> there is already the option to protect DRM content
I never needed to use that option. Still, based on what I read in the documentation about Windows graphics programming, I believe that option is only applicable to video, and is prohibitively complicated to use for a password manager. Read that article https://learn.microsoft.com/en-us/windows/win32/medfound/pmp... you can’t even play DRM video from your own process, it requires a special OS component called Protected Media Path, and that process can’t run arbitrary code only components signed by Microsoft which means you can't generate DRM-ed video frames from something else with your own code.
The problem with the last example (show password in manager) are sites and applications that don't let you copy/paste a password. I've literally fought against those kinds of requirements as weakening security, not strengthening it.
Windows keeps adding these anti-consumer features, ads, and other things. And people keep using it??? I used to work there and I can't believe they keep doing this stuff.
Windows is a business and school launchpad. If universities started putting Linux on everything, you might see some change, but from what I can tell, these features are for business concerns which are increasingly invasive.
Sooner or later only people who wear shirts with big brand logos and constantly sing music from the Beatles will be the only ones not permanently recorded by the system. Hell, add a photo of a topless woman somewhere in the mix and bam, instant privacy.
I've always been kind of interested in that idea. I'm not sure what to call it - a sort of civil resistance by selective non-palatability. Preventing commercial AI from being trained on your art by making sure there's some throbbing hard cocks in there somewhere, for example, or releasing source code that is explicitly NOT open source licensed, for the benefit of people who don't care about the license, and to the detriment of entities that do.
I expect it would just blank out the movie window in the screenshots, leaving the rest visible. The way to get privacy is to turn it off or use another OS.
"Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry."
Aside from the very questionable direction Windows is going, with features nobody ever asked for (nope, businesses did not do so either), I believe this is heavily illegal in my country without a very active and clear consent of the user.
I wouldn't want such a feature in a 1000 years and I cannot see the supposed "casual user" that would profit from this.
to be fair there is a mechanism for preventing drm content to be captured down to hardware level. it is much more trickier to implement a way to recognize sensitive info on the screen visually.
but the incentives are of course not aligned in consumer's favour.
It's not only a privacy headache but will most likely impact performance as well. Especially on a low powered ARM device, I can imagine the user experience being pretty terrible. Strange that Microsoft is getting into hardware again, you'd think they'd have learned their lesson by now. Every tech company I've worked for that pivoted into hardware went bankrupt shortly after. It's not trivial navigating manufacturing and real engineering processes.
What do you mean "getting into hardware again"? They have been making surface laptops for quite some time. This is like the 10th iteration? Maybe more?
It's more accurate to say, going all in on hardware again. Surface laptops were not the primary focus, just a throwaway product to grab a small percentage of entry level laptop consumers. This is positioned as a direct ARM MacBook competitor.
I haven't brought one myself, but know enough about the lineup over the years[1] to know this creates a distinction where there is none. They certainly weren't only entry-level. Been a perfect mirror of Steve Jobs-era Apple of having 2 choices, consumer and professional.
I do agree they're excited to announce an ARM laptop, but there's not a commensurate bigger "bet"/investment in hardware.
I'd argue there's less investment: Internal Dell documents has Snapdragon at $145, versus $276 for i7.[2]
> just a throwaway product to grab a small percentage of entry level laptop consumers
Yeah I don't think this take is accurate, my employer (state-owned, largest utility in my country) issues Surface laptops to many employees so I think there is likely significant enterprise use of these.
I do agree that this refresh seems like a renewed effort to compete in the consumer space though.
> Strange that Microsoft is getting into hardware again, you'd think they'd have learned their lesson by now
They've been making surface devices for a decade, I am not sure what you mean by "again".
As for performance, there is a reason the feature is limited to laptops with 16 gigs of RAM or more and a dedicated NPU of a certain speed. I dont think there will be performance issues when they are controlling the hardware spec that tightly.
Imagine the treasure trove of information that law enforcement will have access to, for free! they won't even have to infer your activity from online access wiretaps - it will all be laid out right in front of them. And may whatever deity you believe in help you if you live or work under a repressive regime, because they will have evidence of your nefarious activities immediately to hand (not that they actually need actual evidence, but you know ...)
There are two sides to this: investigations and monitoring. For HR and security investigations, this rewind capability would be very useful, is legal, and at least partially already performed using forensics tools.
Monitoring is where you run into moral and, in some places, legal problems. This would probably be a good topic for new legislation.
I honestly think that in some legislations with stronger worker protections it'd be legally at least dubious to use something like that for HR or security investigations (in a broad sense) without employee consent.
In any case, an overwhelming amount of Very Bad Things are legal due to corporate laziness, commercial propaganda and anti-education campaigns. "It's legal" cannot be the basis of an argument in favor of legally protecting predatory behavior.
This is literally the same feature as Windows 10 Timeline (Activity History); they're even using the same UserActivity API [1]. If it works like that, it's an unencrypted sqlite database in your %APPDATA% and a subfolder with jpeg screenshots.
The only AI-ness on top that I see is some OCR and some image captioning.
That begs the question: why resurrect the Activity History feature (that was deprecated just 3 months ago[2]) and add almost nothing on top? The "glass half empty" folks among us would probably say to get ready for what comes next (new "functionality" they can light up with the data).
Well I mean it's also presumably likely that Microsoft is under pressure from investors / marketers to shove AI into everything just as much as the rest of us are.
I love how Windows Recall is essentially just a clone of Rewind that I’ve been successfully using to fight ADHD for a looooong time on macOS. If it’s remotely as useful…
Yeah, folks are so doom and gloom about a product that, if it was made by anyone other than Microsoft who attracts all the blogspam hate, would get articles like "How this startup is using AI to help ADHD sufferers." People really need to stop falling for "<Household Name> Does Thing, Here's Why It's Bad" outrage bait.
That it's Microsoft doing it is a big part of the objection, true. It's not unreasonable. Microsoft doesn't exactly have a great reputation when it comes to data collection and the like for good reasons.
There's nothing hypocritical here. There are lots of things that are harmless/beneficial when you choose to do them which become sinister once they're enabled by default.
Well yeah, which is why you have to specifically go out and buy a "Copilot" computer that prominently advertises this as the reason you would want it. Does that meet the bar for disabled by default?
It seems really implausible that someone would find themselves using one of these PCs and not knowing it.
Very plausible. I'm pretty sure the vast majority of purchasers have only a dim notion of what RAM beyond more==better is, let alone "Copilot". Especially if it is marketed as a feature, which it is.
Given how heavily they’re pushing these AI features, I have to assume in a few years all mid to high end offerings from virtually every big brand will be a Copilot+ PC (MS is still the king at naming things btw). After all the only differentiator is a NPU.
FWIW, "startup" is almost just as bad as "Microsoft" in this headline. Hell, I'd trust Microsoft more with my ADHD than a random startup, because the former is a large legal and media target and has a lot to lose, while many startups - including a lot of well-known ones - are glorified fly-by-night operations that, even if they won't screw you outright, will disappear in a couple of years (whether by shutting down or getting acquired), leaving you with sunk costs and no alternatives (well-funded startups tend to suck out air from the space they're operating in before disappearing themselves).
you probably installed that and activated by choice. This will be installed, turned on by default, and most users won't be aware that it's running there spying on them without any notice for a hacker/spouse/cop/${bad_actor} to use against them.
To me, this actually sounds like a nice feature, if you have full control over it, i.e. you are sure all data stays on your device, it's a local AI, etc. And also, you can easily enable/disable it, and you can easily see its current state. E.g. maybe a small red dot in the corner which indicates that it is currently enabled, and clicking on it will switch it off to gray, clicking again enables it again. And of course, Recall should be disabled by default.
I actually did exactly this for myself for a while: A script took a screenshot every few seconds and dumped it into a DB. I had a few fun ideas and projects based on this:
* https://github.com/albertz/png-db: Store multiple PNG files more efficiently by sharing common data. This gives a compression rate of about 400-500%. (Maybe Windows Recall could use sth similar?)
* https://github.com/albertz/screenshooting: Scripts to analyze the screenshots. E.g. I wanted to collect the amount of time I was having coding in Eclipse. It was a reason to play around with OpenCV.
Regarding logging the time, I later developed a simpler solution: Some script which records the focused app window and its opened content URL: https://github.com/albertz/timecapture
Obviously it can be used for specific purposes. However this is a universal, omnipotent snapshot film of everything you do which will be readily available for hackers and hostile government officials, and there likely won't be a way to remove it easily if you hate that sort of thing. Probably have to write a script that monitors the files and deletes them, since MS has a knack for restoring things you delete by hand that they want you to keep for their benefit. Or they'll make it core to the system so you can't delete it without breaking the OS
I came here to post "Am I the only person who thinks this is a good idea?" I guess you do too. I like the idea that I can go back and see what was on my screen at some point in the past.
I think with the focus on passkeys, we can worry less about snapshotting passwords.
IMO, maybe they need a way for documents (that have passwords) and windows (for password managers) to flag that they should not be snapshotted.
How much do you like the idea of Microsoft having a copy of everything you ever display on your screen, in perpetuity, for their gain as they see fit? Does your stance change if you consider the probability of that data remaining secure on their cloud approaching zero over time?
Do you have any evidence of Microsoft doing similar spying tactics?
If you don't trust your computer's supply chain, (hardware, software, internet, services,) you shouldn't use it. I don't trust Microsoft any more or less than any other vendor, and that includes open-source.
With automatic updates, anyone (hardware vendor through drivers, software vendor) can backdoor you and grab all that information. We're even finding backdoors in (gasp) open-source software now.
I don't trust Microsoft and I don't use their software. When they say this data will be secure, they mean they're going to stream it to their servers and look after it with the industry standard security of "whoops, we left the door unlocked again".
The main issue is not that "Microsoft having a copy of everything you ever display on your screen", the main issue is that they will sell it to other companies and government agencies.
> I like the idea that I can go back and see what was on my screen at some point in the past.
Never once I thought "Wouldn't it be nice to rewatch what I've done on a particular date and time?"
But I certainly have wanted a particular command I entered in a shell (solved by shell history), a version of a file (git, backups,...) a site I've browsed (bookmarks, history,...).
This is a non-solution for a problem that doesn't even exist. It's like asking for a camera to be pointed at you 24/7 in case you forgot where you put your keys.
Have you ever scrolled back in your shell window or looked at your browser history?
Heck, every once in awhile I dig into Google Maps to see where I was on a certain day. (You do know that Android phones track where you've been and you can look it up, right?)
That IF is carrying a metric fuckton of weight. And Microsoft has been so shady before that I wouldn't be inclined to trust something like a dot or a toggle - I'd want a hardware killswitch vetted by multiple reputable third parties.
But not DRM content. The system will recognize and avoid screenshotting that.
Banking details? Fine.
Passwords? A-OK!
Copyrighted content? STOP, YOU FOOLS, BEFORE YOU ANGER THE MOUSE!
This whole thing is dystopian, but making it a priority to avoid DRM controlled content is wild to me. The screenshots are ostensibly a cache, which is part of how video is displayed anyway. Is avoiding caching a 6 frame per minute cache really a higher priority than all of the privacy this undermines?
You haven't been able to take screenshots of DRM controlled content for as long as DRM controlled content has existed. That's what makes it DRM. This technology isn't doing anything special at all. If you wanted to develop it for Windows, you could, and it would work the same way.
This doesn't sound very likely. In order to show pixels on a screen, something has to write those numbers somewhere. Screenshot should be writing those pixels to a file as an image format, not consulting whatever programs are running to ask if there are areas that they don't want to draw.
The pixels are literally encrypted on PCIe on their way over to the GPU, it's quite draconian. Been this way since Vista ("Blu-ray is a bag of hurt" - Steve Jobs)
This is rank populism. You're implying sinister intent, when the technical and legal constraints that resulted in that should be obvious. You already can't screenshot DRM content.
That might suggest that we have sinister copyright law. Aside from that I am pretty sure that this feature will threaten to violate a full battalion of privacy laws.
To me, it's a really difficult name to accept upon first read. I was wondering how bad Windows had to be that Microsoft had to issue a recall, and then wonder what a software recall would actually look like.
Seems like a trip to a thesaurus might have been useful: Microsoft Evoke, Microsoft Conjure, Microsoft Hearken, Microsoft Summon. At least none of those has an immediate negative potential
Are there really that many versions out there these days? I've been away from the windows world for 10+ years at this point. I do use the system occassinally but certainly not daily.
well they called their x86 to ARM translation layer Prism, just like the covert NSA program they were revealed to be part of by Snowden. I guess they don’t really care about naming…
Perhaps when increasing efforts in implementing spyware directly into your OS it would be good to dilute the namespace as to not find relevant information.
Either that or someone's giving a not so subtle hint.
I do think the program is probably far out of the consciousness of most people at this point (outside of older technical people), and the younger generation probably wouldn't know or care.
Computers are a privacy nightmare, so is the internet. Glad we all agree. Given that baseline, this is hardly noteworthy.
Afraid of Microsoft getting your data? According to Internet lore, Microsoft already scoops up every bit of data on your computer every nanosecond.
Afraid of the "gubment" snooping on you? According to that same internet lore, the government is like a vampire and can only enter your PC if you invite them in. But we all know that's not true. If they wanted screenshots of your desktop they would have them.
314 comments
[ 3.9 ms ] story [ 250 ms ] threadIn the end, just as they breathe a sigh of relief and stretch their arms, a popup gives them away.
Then the scene cuts to a security guard getting an email. Then the scene cuts back to the hackers booking it.
It really doesn't. Not a single person I've spoken to likes the idea of this, at all, and I'm not talking just tech people. Every last person I've spoken to of all ages and from all walks of life at best is like, "I can turn that off, right?"
I don't think that's what their main page is saying, but it is ambiguous enough to be confusing.
For reference, the quote being referenced is "How is your data protected when you use Recall?" on this page: https://www.microsoft.com/en-us/windows/copilot-plus-pcs?r=1...
The parenthetical after the "and" is throwing people off. My interpretation of the sentence is that recall snapshots are protected using data encryption on your device, no matter the version of Windows 11. However, if you have Windows 11 Pro or the enterprise SKU, you gain the additional level of protection of using Bitlocker - which could mean that the key to encrypt those snapshots lives in the TPM (or not). It's just too ambiguous and needs clarification.
The support page for Recall (https://support.microsoft.com/en-us/windows/privacy-and-cont...) provides some clarification in this area that drives the point home:
> Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11. Recall doesn't share snapshots with other users that are signed into Windows on the same device. Microsoft can't access or view the snapshots.
Also, that only mentions the snapshots (the images) themselves. It feels like its leaving them an out for data pulled from the pictures or summaries of locally processed data.
Misinterpreting it does help your argument when you're against it though.
If you login to a Windows Home machine as admin with a Microsoft account, then the key is stored in the TPM with a recovery key in the Microsoft account. Before that, the key is stored in plain text on the drive, meaning it's not really secure. There's no option to save the recovery key onto paper or a USB key.
So, they are really just saying the data is stored on your hard drive, which follows the usual hard drive format of Windows.
"AI PCs are the final nail in the coffin of open computing", 52 comments, https://news.ycombinator.com/item?id=40436975
"How the new Microsoft Recall feature fundamentally undermines Windows security", 48 comments, https://news.ycombinator.com/item?id=40433884
This move seems a lot like using machine local AI to feed additional user interest data into everyone's online profiles for Microsoft's growing ad business.
I'm also willing to bet that enterprise would value an additional way to track employees.
The problem is that there are endless huge incentives to invade privacy: ads, selling data, product telemetry, even the push for internal metrics. Nothing counterbalances this. Most customers just don’t care.
This is it, but also to put the framework in place to train models to do employee grunt work.
Just the fact that companies outside the US use Outlook and OneDrive for everything is mind boggling to me, but this recall thing is industrial spyware to the extreme.
Even if our best friend looks at what we are doing, this is just to help us further.
/s
- OneDrive
- Windows Device Linking
- Edge
- Bing
- Cortana
- Copilot
- Outlook / 365
You'll never track down all the included Windows services that default to sending data to their cloud.
I understand being concerned about Microsoft using it to target ads or moving it off device in the future But the four scenarios laid out in the article don't seem like a problem.
> You're using a public computer
> You're using a work computer
> You're using a shared family computer without a password protected profile
> Your computer gets stolen
You shouldn't expect privacy on public or work computers. For all you know, they could already be doing this.
Ditto for a PC where you share an account with other people.
And if your laptop is stolen and they have your passwords, you're fucked anyways.
There's more at stake here than passwords. These repeated screenshots are essentially a slow, silent video of all computer activity. That has far more information than you may think it does. It compromises HTTPS content, it records data that otherwise would only be in RAM, ...I could go on.
I log in to an end-to-end encrypted chat with a family member. We talk about life and the subject drifts to plane tickets we already bought for next month and how the neighbor across the street isn't going to be home until the end of this month.
The thief who stole my laptop now has also stolen a recorded conversation along with my passwords. Now they know when two houses will be empty. This would not have happened without pictures of my screen being taken frequently.
But the thief will also have your browser history, any saved passwords, and so on?
I do agree that the outcomes in this case might be worse than an alternate universe without the recall feature.
That said, if someone steals my laptop and can log in, I am already pretty fucked. There are so many other ways they could get this or other information, from email, calendars, etc.
Note: this is basically already happening.
It's just the sad tripling down on advertising technology being our most advanced technology.
This is a huge distinction I want to point out: Nothing anyone has done in the past twenty years has been to make advertising more effective, though that is what is often claimed. The system however, only works towards making advertising more profitable to Google and Facebook. Everything else, including advertising effectiveness, has been slaughtered at the altar of "Gotta make line go up" inside Google and Facebook.
Both companies benefit greatly if the amount you spend on advertising goes up because it's not as effective as it used to be.
They also run most advertising as explicitly adversarial instant auctions, meaning the ad that runs before your Youtube video isn't the one most likely to get you what you want, or fix a problem you have, or even please your dopamine system, but rather the ad you see is primarily driven by who spends the most. This means that every midsized company that is so stupid as to misconfigure their advertising run will run a lot of ineffective ads, while the lean company doing innovative things locally who can only afford a "reasonable" ad spend will end up running far fewer ads.
The system empowers those with deep pockets and silences those without. Intentionally. This also makes it pretty easy to keep your new competition from getting any oxygen in a market.
I believe Google says that they include other things in the bidding process, including a specific claim that if you run a shitty ad that nobody every clicks on, it will be down-ranked in the ad auction, but they have billions and billions of reasons to not do that as effectively as they could. They are financially motivated to make advertising less effective and more expensive for consumers and producers alike.
It's not hard to imagine situations where this complete and total information package can be exfiltrated or otherwise abused. Roommates, stalkers, one night stands, domestic govt, foreign govt, domestic hackers, foreign hackers, computer repair techs, employers (seizing a personal device), etc, etc etc.
There is no scenario in a free society where this should be allowed or tolerated.
Should I not be allowed to use a password manager because it would be problematic if my roommate or one night stand copied it?
This isn't fundamentally different to any other feature.
You are free to use or not a password manager. What ms is doing is shoving things by force. It's not an opt in feature, their OS is becoming something ugly fast
This is why Windows has the "airtight hatchway" beyond which security against the user accessing their own data stops applying. Inside your login is by construction where your private data goes. Adding more of it shouldn't matter as it's all protected as the same. Like I agree that this feature is annoying but it's not a security risk, Windows promises no security against yourself.
Everything? I don’t understand the question. It’s obviously everything.
yes there is, I think you're lacking imagination. such a vision does require re-imagining a lot of what society is, and even of how we undertand ourselves relative to our many groups and super-groups which we belong to
Does an open source OS have an AI watchman? You can check! If yes, you can fork and remove it.
All that's happening here is the lack of control over your hardware and software is being emphasized a little further. Put another way, you already live in totalitarianism. Microsoft or Apple have de facto totalitarian control over your computer. They always did.
any garantee on that ? or that will not change one windows update or two down the line ?
There is an unknown, but not zero, number of zero day exploits available _right now_ to do precisely this.
This is very much "cart before the horse" corporate thinking.
If the answer is anything else than "yes, I'm the absolute world authority on that" then you don't know how or whether Microsoft is respecting your privacy (same reasoning goes for Apple, for Google, for mobile phone radio stack, …).
If you don't trust Microsoft then yeah I can see why you wouldn't want this feature but you probably aren't using Windows in that case anyways, so it is a moot point.
What may be a moot point for me is not a moot point for millions of users. This feature seems to be enabled by default and needs poking into settings to disable.
Microsoft have proven time and again, by their acts and omissions, that they can't be trusted.
Relevant quote from the source: "During testing this with an off the shelf infostealer, I used Microsoft Defender for Endpoint — which detected the off the shelve infostealer — but by the time the automated remediation kicked in (which took over ten minutes) my Recall data was already long gone [ie. exfiltrated to a bad actor's device]."
It's more in the feelings space than rational space, just like privacy in general
Then having less and less privacy is fine. And it's perfectly reasonable to trust Microsoft to implement this tool with honesty and care.
Storage and processing happens on your device and it is encrypted, so I don't see how this feature makes my information less private at all.
It seems like the actual issue people have is that they don't trust Microsoft or they don't trust the government/people/everyone.
Which is fine and understandable, it just isn't related to privacy.
Microsoft controls this entire process. They could easily send copies back to "the mothership" like they probably already do with the processed results.
> It seems like the actual issue people have is that they don't trust Microsoft or they don't trust the government/people/everyone.
Whether or not this invasion of privacy is cause for concern depends on your level of trust. But it is still a privacy issue.
Microsoft controls the whole operating system, they can already do whatever they want with your data. They could be sending screenshots back to the mother ship already.
I can understand why people may not trust them but they already have the keys to the kingdom. This new feature isn't any more or less private than Windows already is.
And probably ban the software you can already install to monitor someone's computer activity.
Isn't this argument just the classic "think of the children" dressed up in new clothes?
You can't possibly believe that. What am I missing here? Can you explain why this doesn't have everything to do with privacy? In order for it to not be relevant to my privacy, I have to trust the software spying on me and that Microsoft and the government won't use it against you if it benefits them in some way. I do not trust that, even though I also live a charmed life relative to most people in the world, I think. That doesn't mean I haven't read how, historically, government and other people of power are not to be trusted any more than absolutely necessary.
For now. It's not hard to predict that, sooner or later, Microsoft will want to send that information to be processed somewhere in the cloud (and of course, they will say that it's encrypted in transit, and will never be shared with anyone else...)
There's also a more fundamental issue: absent explicit recording, we treat everything that's output to the screen and speakers as ephemeral. Recording everything by default changes that paradigm. It's like having a hidden camera permanently recording on your bedroom: it's a place where we expect privacy.
> You shouldn't expect privacy on public or work computers. For all you know, they could already be doing this.
They could, but they shouldn't. It's like a hotel room: for all we know, it could have a hidden camera permanently recording everything that happens in it, but we still consider it a serious privacy violation when that actually happens.
> And if your laptop is stolen and they have your passwords, you're fucked anyways.
My laptop being stolen doesn't currently mean that the thief can know exactly what my screen was showing a couple of weeks ago.
I really don't believe that. It reminds me of the hysteria about Windows 10 telemetry (remember when people called it a keylogger?). Putting it in the cloud would cause huge backlash and brand damage. But somehow they're getting that backlash despite not putting it in the cloud.
> absent explicit recording, we treat everything that's output to the screen and speakers as ephemeral
Computer forensics experts would like a word. Your past activity has never been private from "yourself". The added privacy risk here is highly marginal. If I steal someone's laptop, I can Rewind and see what was in a PowerPoint slide they opened 2 weeks ago. But that PowerPoint is almost certainly still on the local drive anyway, so that makes no difference.
This is very much like why it feels quite different to have automated license plate readers tracking and recording where your car has been - even though that is clearly public and visible by the fact that your car is driving down public roads.
If all those things were true, then meh, fine. But for me, none of them are true, and it makes me truly happy to already be a happy Linux user.
I wish we could fork windows 10 and put whoever’s working on vscode and half of OneNote in charge of it.
It might be something I should expect, but I'd still slap my laptop over the head of my superiors if I found out that there was scren recording on employee computers. Regardless of whether it's legal, and regardless of whether I signed a form saying I understood that this was within their right. Any manager or corporate IT person who doesn't understand that actually implementing that would mean severe risk of being slapped in the head with laptops is clincally insane.
I agree there shouldn't be much privacy outrage for this particular windows feature so long as this is a local-only feature and I can disable it.
I am not at all confident that this is true. If we take Microsoft at their word, the raw data is stored on your device. But is processing ever done on Microsoft servers? Are the results of that processing ever sent to Microsoft servers?
Given that Microsoft is pretty aggressive about moving Windows to being an OS-as-a-service, it's hard for me to think that all the data Windows handles stays on-device.
God forbid it takes a screenshot of Bridgerton but my bank account password, that's fair game!
Just gotta remember to set up all the sites you want blocked which I expect to be made as complicated as possible and a little nag window on the bottom left every time I visit a blocked site, i.e., "Recall isn't able to take a snapshot of this webpage" with a big "FIX NOW" button.
in my opionion that is giving the javascript ecosystem way too much power, though that is life with DRMs ... pretty sad times when folks pay providers and allow the providers to disable a screenshot lol
But now I'm curious if there's case law around the question of passwords being copyrighted. That might be a decent avenue of protection but the aforementioned agreement probably supersedes it.
I used to work adjacent to screen capture at BigCo and advocated for enabling _some_ way to allow simple $STREAMING_VIDEO_PROVIDER screenshots. Turned out even with full source access and desire to prototype, you couldn't.
Air quotes mean "I hate this too", just posting to explain why the feature team would find ex. passwords capital H-hard versus DRM'd content.
This even happens with the iPhone, try taking a screenshot of netflix
Historical unix permissions are not really aligned with desktop use of a single user
Only if the same limitations were applied for Google services...
Smartphone OS now are neither particularly secure, nor very useful considering the relative power of what the devices could do in theory.
Sure, there are ways around it, but to me the ecology of phone OS is disastrous enough, that I just don't bother with it aside for doing calls and using it as a mobile router. Even if it is a shitty router that could be so much better.
And no, I don't want an OS that gives me an advertiser ID and gaslights me that that is for my best. And no, I don't care that I can randomize it with a press, it is designed to ID you and at some point you will be too lazy to care about your quite shitty operating system.
It would have been nice if you could just force non-sandboxed apps (basically anything from outside the Mac App Store) to be sandboxed.
You meant your hacker's processes ...
Now I'm wondering if people have outrage over OBS and Zoom capturing passwords.
OBS and Zoom are screen recorders, not utilizing AI. That's an oranges to apples comparison.
iOS device unlock password field _magnifies_ content as visible plaintext.
Web browsers could not ask to be captured when sensitive content is on screen (perhaps the web server could communicate that in headers). So could code editors and other production software that deals with trade secrets and confidential information. As well as any government and armed forces, medical, legal and similar software.
SharePoint supports sensitivity labels for documents. These labels are synced to the device through OneDrive if my memory serves right. I think that could be (if it’s not already) extended to non-SharePoint documents. If an application deals with these documents, it could also not ask to be captured at that time.
Capturing for Recall should be opt-in per program, so no legacy software leaks info.
Even with visual captures, look at what Discord, Zoom and even PlayStation live streaming and captures do - they simply block out the parts of the UI that could contain sensitive info.
But bigger cross-program Windows API feature adoptions have been achieved, like dynamic DPI scaling, DirectX, multitouch support, UWP and similar.
They could do it, if they wanted to. But I think right now it may all be a half-baked executive idea. It will evolve into something though… there is an opportunity to do it right.
A company grows toward its customers like a plant grows toward light.
The article says that the DRM block is "reassuring on the surface, but it's still far too vague for anyone to actually have any faith in it." I disagree--it's not reassuring on any level whatsoever.
However, rather than each video frame being decoded into a distinct VRAM texture with its own manipulable GPU handle, with hardware-accelerated decode, you just tell the GPU to allocate a single buffer — a mutable canvas, or "draw context" — and then tell it that, as the chunks of your encoded video stream are being played, decoded, and rasterized into frames by the GPU, the GPU should be writing each successive frame it's generating into this buffer.
In this setup, the only thing you can get a GPU handle for (besides the encoded video stream) is that buffer. That buffer is special, being the target of the GPU's own asynchronous hardware-accelerated rendering process; so that buffer is referred to as a "hardware-accelerated draw context."
(These days GPUs have enough VRAM that you really could get away with dumping each frame out to its own immutable VRAM texture buffer; but back in the early '90s when hardware-accelerated video decode was first invented, reusing a single buffer [or maybe a pair of them] for decoding was a practical necessity. Hardware-accelerated draw contexts have been core to how GPUs work since there were GPUs.)
In general, the GPU doesn't allow you to read directly from the VRAM backing a hardware-accelerated draw context (because doing so could block the GPU from writing to it, and also because doing so wouldn't get you a coherent single frame's state out.) The GPU locks that VRAM up and considers it to be "its to use" for as long as the draw context is the target of a hardware-accelerated pipeline. So the GPU will ignore any attempt to use any existing handle you had to the VRAM backing the draw context; only the handle to the wrapping draw-context ADT will work, and that handle doesn't have "read from" as part of its command-set.
So how does such a draw context even end up on the screen, then?
When a desktop window compositor sets up the GPU to display your windows, it takes various draw-contexts — some of which may be hardware-accelerated — and lays them out in 3D space, with a (usually orthographic) projection. The GPU itself is then told to take care of the rest (the final toplevel "get this scene out and onto a screen" part) internally. There's never a point under normal GPU rendering, where your entire screen-contents are rendered out to a single (externally-addressable) VRAM texture.
What happens when you take a screenshot, then? Usually, the compositor is pinged to ask it to render that screenshot; and it does so by allocating a screen-sized VRAM buffer, and then taking each GPU handle in turn and telling the GPU to copy the VRAM underlying that buffer, into the target buffer. But oh no — HW-accel draw-contexts don't have exposed VRAM handles!
It used to be (until... Windows Vista, I think?) that hardware-accelerated draw contexts in general (like videos being played using hardware decoding, or like 3D games) just weren't ever captured in screenshots, DRM or no. This was purely a question of GPU performance: a GPU with an architecture that could snapshot a frame of an HW-accel context, wouldn't perform as well as a GPU with an architecture that couldn't.
When this ability was later added, it was done so by adding a feature to the GPU: a command was added on HW-accel draw contexts, that would prompt them to stop whatever rendering is happening into the buffer for a moment, at a coherent point; to snapshot that coherent state of the internal VRAM state, copying it over into a non-HW-accelerated buffer; and to then get the accelerated rendering going again. The compositor therefore now had the ability to ask the such draw-contexts for such snapshots, to then be re-copied out into a WIP screenshot.
But I emphasize "ask"...
> there's never a point under normal rendering where your entire screen-contents are flattened into a single (externally-addressable) VRAM texture.
...although there used to be, back at the dawn of GPUs. The first "3D acceleration cards" didn't do any 2D drawing — and so PCs would actually have distinct 2D and 3D video cards!
The oldest 2D video cards for PCs, were just persistent framebuffers — their "VRAM" being just for what was on the screen. They relied on the OS to find anything that had been uncovered, and tell the app to repaint it.
But the last and greatest 2D video cards, from before 3D took over, were masters of copying memory around. Each frame, they'd be doing all of these huge accelerated rectangular blits of windows and their controls — some VRAM-to-VRAM, some from main memory using DMA — to bake down a VRAM buffer. They were hardware-accelerated 2D compositors, and they were great at it.
When early 3D cards came along, all that changed at first, was that your OS would tell your 2D card that there was a certain region it was to avoid drawing anything on. The 2D card would leave a black rectangle there.
The 2D card would render and rasterize its VRAM to VGA — and the 3D accelerator card would then be passed this same VGA signal, along a cable, as if it was a display. It would mostly just repeat everything it saw. But when the signal hit the timings for where those black rectangles should appear, then it would instead emit its rendering of the 3D content. (In other words: early 3D cards were https://en.wikipedia.org/wiki/Genlock cards!)
A "hardware-accelerated draw context", in this very early conception of the term, was precisely the geometry, defined by your OS, that your 2D card knew to not bother to draw; which was also the geometry that your 3D card knew was its to draw on.
2D and 3D video cards later merged, and at first you just got one card that did both of these things, as separate phases, with the bridging now internal. But the concept of an HW-accel context lived on.
But later on, actual "GPUs" emerged — in the form of 3D hardware that was now sorta-okay at doing VRAM-to-VRAM copies, and also provided legacy VGA BIOS emulation. So people ditched their 2D cards.
But this change actually kind of sucked, because it meant that all the per-frame 2D blitting (which, again, GPUs were just barely passable at) was now contending for GPU time with 3D stuff. And modern OSes had grown highly dependent on being able to do lots of 2D blitting each frame.
This was why "full-screen mode" was, for the longest time, the way to get the best 3D performance out of a GPU, even at the same display resolution. If you tell the GPU that you want to cover the entire screen with a 3D hardware-accelerated draw context... then it will realize that it'd be pointless to keep drawing the "2D world", and so it will stop spending its time each frame doing 2D VRAM copies to render the 2D-composited layer. It takes the whole OS window-drawing VRAM-copy command-queue out of the loop.
(And also — once there was OS support for this — switching to full-screen mode would also cause the GPU to flush out all the VRAM textures for rendered windows, fonts, icons, etc — giving a 3D app or game far more VRAM to work with. Coming out of full-screen mode would likewise ping the OS to reload all the system brushes and textures into VRAM; and then ping all the running apps to redraw themselves.)
Question, what stops you from modifying the GPU driver to make it so the command to set a draw-context to be DRM'd is a no-op? That way the gpu would happily let you snapshot the context, and the OS would be none the wiser. Or is gpu driver tampering something nvidia explicitly designs against?
EDIT: oh wait, i bet the driver is signed and the OS checks it and only allows DRM content to play if the driver is signed by nvidia. That would make sense.
I am also in doubt about the claim that there's never a single VRAM texture that contains the entire desktop, because while I see potential ways for GPU during sending frame to the monitor to assemble said frame on the fly, it sounds implausible vs just reading it from a premade buffer.
I misspoke, sorry — the last paragraph is meant to say that the CPU "decrypts", not "decodes", the video (inside the Intel SGX enclave.)
> I am also in doubt about the claim that there's never a single VRAM texture that contains the entire desktop
Some GPUs do work this way internally, but my phrasing was specific — even when such a VRAM texture buffer exists, it's not addressible outside the CPU itself. You can't get a handle to it. (And even if you could, it'd just be another HW-accel draw context — and so would be DRM-tainted if-and-when any buffer being copied onto it is considered tainted.)
But why wouldn't you want a GPU work this way? What's the advantage of not having some kind of "final screen buffer"?
It mostly comes down to a quirk of history. Movies are 24FPS, while computer CRTs were mostly designed for 60Hz refresh rates (with no support for 24Hz modes.) And when people see "hardware-accelerated video playback" as a feature on the box of a video card, one of the primary things that people expect that to mean, is that you should be able to play back your 24FPS movie on the 60Hz display. In windowed mode. With the desktop being refreshed behind the 24Hz movie. Smoothly.
If videos were mostly 30FPS, this would be easy, because 30Hz divides 60Hz; each video frame could just be copied to the 60Hz "final screen buffer" twice with the same content. But 24Hz doesn't cleanly divide 60Hz — you'd need each video frame to appear for 2.5 "final screen buffers." (And just doing that naively — that's called 2-2-3 rendering — is very stuttery.)
If you're doing this by trying to render out a "final screen buffer" VRAM texture in lockstep with your display frequency, all in advance of sending that texture down the pipe to the display, then for each frame, you need to complete that rendering pass with enough time left to communicate it to the display. But what happens when it takes a really long time to send the signal down the wire, leaving you only a little time each frame to actually render everything? In fact, what happens when the display is analogue — like a CRT — where the timing of sending the data down the wire is directly related to the timing of drawing?
Well, certainly, you can pipeline this final rendering — i.e. make everything show up one frame behind, so that you can work on each frame for an extra entire frame-time. But gamers won't like you messing with their draw-contexts that way. And gamers are the core audience for your product.
And also, that still doesn't let you render the video in windowed mode "smoothly." It just means that you have now have slightly less than one full frame-time, each frame, to do the concurrent work of decoding... 2.5 (or some even worse multiple) frames of video, and then doing something with them to squeeze it down to one frame.
And also, how should an active hw-accel video-decode draw context react to the OS changing the display resolution to one that uses a different frequency? Or worse — though not invented at the time — to a Variable Refresh Rate monitor, that can be arbitrarily sent frames using FreeSync?
What the GPU vendors decided to do to make this work, was to require one of two things — either:
1. that the algorithm of the video codec directly support decoding of a fractional frame position; or
2. that the creator of the draw-context pass it a VRAM buffer with enough space for not just one, but several (usually specifically three) full extracted frames. This buffer gets used as a ring buffer, with each new frame becoming a source texture; and these frames are then interpolated together (with some GPUs offering fancy motion-interpolations, and others just doing a linear interpolation) ac...
Take a modern computer with a modern GPU, and plug the GPU into one 75Hz monitor and one 60Hz monitor. In your OS, arrange the resulting displays to be aligned horizontally. Start an (HW-accelerated) video playing. Now, place that video so it straddles the boundary between the two screens.
When you do this, each DPE will actually be demanding frames from the video draw-context on a different schedule; and so each DPE will actually be getting a snapshot copy of (its slice of) that buffer using a different time-weighted interpolation of two frames! But the result will look perfectly smooth and synchronized!
This synchronization would literally not be possible if the HW draw-context wasn't being snapshotted using each DPE's current rasterization/wire-encoding clock as an input.
The input required for this could — in theory, at least — be synthesized in a pure-functional manner internal to the GPU's compute, by having a final VRAM-to-VRAM copy that is done by a compute-shader with some extra logic to map each pixel position to a simulated DPE's raster-clock time.
But just having a DPE that really does things that way — keeping a physical raster-cycle clock, a "narrow" (much smaller than screen-sized) ring-buffer, and a demand circuit that issues fill orders for the GPU to write lines or tiles into the ring buffer according to the clock — is cheaper even than not synchronizing at all; let alone to doing synchronization through extra VRAM (for the mastering buffer, and for a per-pixel draw-context centroid UV texture) + an extra compute-shader pass with a virtual raster clock.
but who's telling it? Is it a driver? And if so, can a driver be made that just doesn't do it?
Yes, but then Microsoft haven't signed the driver, and it won't have the correct hardware root of trust to decode the key, so it will fail and the service will fallback to a less secure mechanism which is why services will normally limit the resolution of the content delivered via those mechanisms to 720p or less.
There was a simpler technique. Open a second video player, then screenshot to your heart's content. Windows hardware acceleration for video had only one gpu thread or something like that, I don't remember the exact details.
Windows has been doing this since Vista, 17 years ago https://en.wikipedia.org/wiki/Protected_Media_Path
Print screen already doesn't work with DRMed content, so why would this be any different. On the other hand, how can you guarantee that it won't capture passwords? Even the passwords you enter into Firefox in a web page after clicking the "show password" button?
Even so, such invasive features need to renew consent and/or periodically alert users. The risks with someone else enabling them to spy are too high.
Oh but crimes affecting the common folk? That's too hard, sorry.
The article gives the impression that passwords will only be captured if they are displayed. So there are only three scenarios where I can envision this happening: the end user opens a document that contains their passwords, the end user opens their password manager and chooses to display their passwords, or the user chooses to reveal the password field.
Case 1 is bad practice, plain and simple. (Though I will acknowledge that people do it.)
Case 2 and case 3 can probably be fixed, provided the software doesn't define custom controls, since there is already the option to protect DRM content. Microsoft should have provided this functionality and given developers time to adopt it (not doing so is a bad move on their part).
On the whole I think this is just trying to rush things to market, rather than the product of any form of malice.
That being said, I am glad that I don't use Windows outside of the work environment. Something also tells me that my employer is also likely to disable this feature. (They have more to loose from a data breach of confidential data than they have to gain from tracking employee computer usage.)
I never needed to use that option. Still, based on what I read in the documentation about Windows graphics programming, I believe that option is only applicable to video, and is prohibitively complicated to use for a password manager. Read that article https://learn.microsoft.com/en-us/windows/win32/medfound/pmp... you can’t even play DRM video from your own process, it requires a special OS component called Protected Media Path, and that process can’t run arbitrary code only components signed by Microsoft which means you can't generate DRM-ed video frames from something else with your own code.
Windows keeps adding these anti-consumer features, ads, and other things. And people keep using it??? I used to work there and I can't believe they keep doing this stuff.
"Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry."
https://support.microsoft.com/en-us/windows/privacy-and-cont...
I wouldn't want such a feature in a 1000 years and I cannot see the supposed "casual user" that would profit from this.
but the incentives are of course not aligned in consumer's favour.
I do agree they're excited to announce an ARM laptop, but there's not a commensurate bigger "bet"/investment in hardware.
I'd argue there's less investment: Internal Dell documents has Snapdragon at $145, versus $276 for i7.[2]
[1] Purchased two as gifts.
[2] https://videocardz.com/newz/snapdragon-x-series-chips-cost-o...
Yeah I don't think this take is accurate, my employer (state-owned, largest utility in my country) issues Surface laptops to many employees so I think there is likely significant enterprise use of these.
I do agree that this refresh seems like a renewed effort to compete in the consumer space though.
It's also the third one that is just called "surface pro", along with the firs generation and fifth generation devices.
They've been making surface devices for a decade, I am not sure what you mean by "again".
As for performance, there is a reason the feature is limited to laptops with 16 gigs of RAM or more and a dedicated NPU of a certain speed. I dont think there will be performance issues when they are controlling the hardware spec that tightly.
Imagine working remote with this and IT pulls your recall logs. Better yet us "AI" to determine how productive you were yesterday.
I was so hyped for these laptops, but this is just stupid.
This will be abused. It’s not an “if” but a “when”.
Monitoring is where you run into moral and, in some places, legal problems. This would probably be a good topic for new legislation.
In any case, an overwhelming amount of Very Bad Things are legal due to corporate laziness, commercial propaganda and anti-education campaigns. "It's legal" cannot be the basis of an argument in favor of legally protecting predatory behavior.
You can bet that's exactly where this is going for the corporate world.
The only AI-ness on top that I see is some OCR and some image captioning.
That begs the question: why resurrect the Activity History feature (that was deprecated just 3 months ago[2]) and add almost nothing on top? The "glass half empty" folks among us would probably say to get ready for what comes next (new "functionality" they can light up with the data).
[1] https://learn.microsoft.com/en-us/windows/ai/apis/recall#use...
[2] https://support.microsoft.com/en-us/windows/-windows-activit...
It seems really implausible that someone would find themselves using one of these PCs and not knowing it.
Some minor % of the population doing what they want? Eh, who cares, thats called freedom.
A large chunk of the population having their experience changed in a very important manner by default is a whole other ball game.
It does matter more because it's Microsoft doing it.
The acquisition of valuable user data is frequently used as a bargaining chip during funding negotiations.
Probably not the best kind of solution for whatever ADHD issue you are trying to address.
I actually did exactly this for myself for a while: A script took a screenshot every few seconds and dumped it into a DB. I had a few fun ideas and projects based on this:
* https://github.com/albertz/png-db: Store multiple PNG files more efficiently by sharing common data. This gives a compression rate of about 400-500%. (Maybe Windows Recall could use sth similar?)
* https://github.com/albertz/screenshooting: Scripts to analyze the screenshots. E.g. I wanted to collect the amount of time I was having coding in Eclipse. It was a reason to play around with OpenCV.
Regarding logging the time, I later developed a simpler solution: Some script which records the focused app window and its opened content URL: https://github.com/albertz/timecapture
I think with the focus on passkeys, we can worry less about snapshotting passwords.
IMO, maybe they need a way for documents (that have passwords) and windows (for password managers) to flag that they should not be snapshotted.
(It's not like MS downloads everything on your hard drive.)
If you don't trust your computer's supply chain, (hardware, software, internet, services,) you shouldn't use it. I don't trust Microsoft any more or less than any other vendor, and that includes open-source.
With automatic updates, anyone (hardware vendor through drivers, software vendor) can backdoor you and grab all that information. We're even finding backdoors in (gasp) open-source software now.
Nothing in the article states that Microsoft will upload screenshots to their servers.
Microsoft does not have a history of uploading users' private data to their servers, without users consent a knowledge. (IE, OneDrive)
Never once I thought "Wouldn't it be nice to rewatch what I've done on a particular date and time?"
But I certainly have wanted a particular command I entered in a shell (solved by shell history), a version of a file (git, backups,...) a site I've browsed (bookmarks, history,...).
This is a non-solution for a problem that doesn't even exist. It's like asking for a camera to be pointed at you 24/7 in case you forgot where you put your keys.
Heck, every once in awhile I dig into Google Maps to see where I was on a certain day. (You do know that Android phones track where you've been and you can look it up, right?)
Banking details? Fine.
Passwords? A-OK!
Copyrighted content? STOP, YOU FOOLS, BEFORE YOU ANGER THE MOUSE!
This whole thing is dystopian, but making it a priority to avoid DRM controlled content is wild to me. The screenshots are ostensibly a cache, which is part of how video is displayed anyway. Is avoiding caching a 6 frame per minute cache really a higher priority than all of the privacy this undermines?
https://en.wikipedia.org/wiki/Protected_Media_Path
Seems like a trip to a thesaurus might have been useful: Microsoft Evoke, Microsoft Conjure, Microsoft Hearken, Microsoft Summon. At least none of those has an immediate negative potential
- Home Starter
- Home
- Home Premium
- Standard
- Business
- Professional
- Professional Plus
- Enterprise
Either that or someone's giving a not so subtle hint.
I do think the program is probably far out of the consciousness of most people at this point (outside of older technical people), and the younger generation probably wouldn't know or care.
Afraid of Microsoft getting your data? According to Internet lore, Microsoft already scoops up every bit of data on your computer every nanosecond.
Afraid of the "gubment" snooping on you? According to that same internet lore, the government is like a vampire and can only enter your PC if you invite them in. But we all know that's not true. If they wanted screenshots of your desktop they would have them.
Another Windows ARM push... If Recall is only available on these devices I think it's doomed to failure.