Talk About Tennis 2.0

He is really not that much into democracy.

Microsoft’s new Recall feature for Copilot+PCs criticized as ‘spyware’

This week, Microsoft is hosting its annual developer conference Build from the Seattle Convention Center, and amid the flurry of AI-related announcements from the valuable software company, one has struck a false note among many tech industry followers on X (formerly Twitter).

Of many Microsoft announcements, perhaps the biggest was the introduction of new Microsoft Copilot+PCs — laptops and desktop computers outfitted with a new version of Microsoft Windows that contains its AI assistant Copilot baked into the very fabric of the operating system itself.

Copilot, in turn, is powered by a range of underlying AI models including the new GPT-4o introduced last week by Microsoft partner and investment OpenAI.

Yet the one feature in particular, Recall, stood out to some observers — and not in a good way. The Recall feature essentially records a user’s screen activity on their Copilot+PC, including mouse movements and application actions — whether a user is sending messages, checking email, editing a document or image — and allows the user to go back, replay them to find a detail or interaction they want to access again. Microsoft describes Recall this way in a blog post announcing the Copilot+ PCs:

“With Recall, you can access virtually what you have seen or done on your PC in a way that feels like having photographic memory. Copilot+ PCs organize information like we do – based on relationships and associations unique to each of our individual experiences. This helps you remember things you may have forgotten so you can find what you’re looking for quickly and intuitively by simply using the cues you remember.”

Microsoft elaborated that the feature will allow users to “get back to where you were, whether to a specific email in Outlook or the right chat in Teams.”

Microsoft execs equated the feature to being like “photographic memory” on your PC:

A program that records all your PC activity may sound Orwellian/dystopian or ill advised, but in that same blog post, the company sought to quell concerns over privacy and security, stating that the data was “stored entirely on your device,” in something called a “personal semantic index.” As the blog post goes on:

“Your snapshots are yours; they stay locally on your PC. You can delete individual snapshots, adjust and delete ranges of time in Settings, or pause at any point right from the icon in the System Tray on your Taskbar. You can also filter apps and websites from ever being saved. You are always in control with privacy you can trust.“

A spokesperson for Microsoft reiterated those privacy and security mechanisms to VentureBeat in a brief phone call, and they also stated that the data was stored in an encrypted format on the user’s PC, would never be sent up to the cloud or the web, nor would it be used to train any Microsoft AI models — on device or elsewhere. The spokesperson said it was always in the user’s control — not any system administrator from a company.

Yet a number of users on X immediately greeted the feature and demos of it with alarm. Some even equated it to spyware or keyloggers, malware that records a user’s keystrokes and can be used to record sensitive information such as passwords.

Some pointed out the risks of having even a copy of your PC activity stored on device if the device was seized by an antagonistic party, say a government agency or security apparatus.

Others recalled how Microsoft itself, as the largest software company in the world by sheer number of devices running variants of Windows and Office, has already been subject to many hacks and cyber attacks, making this kind of on-device activity storage a potentially enticing target for hackers.

Even in a more benign case, losing your device or having it stolen — users expressed concern that their sensitive information, such as passwords, could be accessed through the Recall feature.

Even X owner Elon Musk joined in the pileup on Microsoft’s Copilot+PC Recall feature, stating “this is like a Black Mirror episode,” in reference to the dystopian sci-fi/horror series on Netflix.

Whether this backlash is deserved or not, it will be interesting to see how it impacts sales of Microsoft Copilot+PCs — if it does at all — and if any of the concerns materialize into concrete harms caused by this new Recall feature. Or, in the best case scenario for Microsoft and users of the new devices, the system works as designed and manages to provide benefits of rewinding to the past without sacrificing privacy and safety.

https://venturebeat.com/security/micros ... m-spyware/

How about the other side of security? Real story (just a couple of days ago).
My GF needed to run a program that runs in Linux. So I told her that the best, FREE linux out there is Ubuntu, and I downloaded the latest version (24.04). So I created a bootable USB, and tested it on my W10 laptop. No issues whatsoever.
I then ran it on her W11 laptop. I showed her how it works, and how she needed to boot up her laptop from the USB. We then logged out from Ubuntu and went back to W11.
Bad luck. When I ran the laptop from the USB, W11 triggered Bitlocker, an internal program from MS that locked and encrypted her hard drive because it "felt" that the Ubuntu run was a hacking attack. So, in order for her to recover her laptop, we needed to go into he MS account and get the Bitlocker recovery key. Which she could not because, having been "hacked", she needed a confirmation code sent to her recovery account, and that account was an account she had in college and she did not have her password (she had forgotten it). We eventually found it, but she was without a PC for wo days (and we are working).

In short. This drive towards AI means that companies like MS need to make their security ever stronger. To the point that if you do something that slightly resembles an attack, you are locked out of your own data, and recovery is a painstaking ordeal.
I also find it rich that Elon is talking about the security of the feature. Because, you know, X/TWT is not a prime target for security breaches.

BTW: My laptop ran Ubuntu with no triggering of Bitlocker because I never associated my laptop to my MS account, so Bitlocker has been effectively disabled in my laptp.