• DefederateLemmyMl@feddit.nl
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    2
    ·
    edit-2
    7 months ago

    They’re just going to do a classical boil-the-frog operation:

    • Step 1: Make it opt-in and present it as the new cool thing.
    • Step 2: Make it opt-out, and if the users opts out, show a scary warning about how the cool thing won’t work anymore.
    • Step 3: Silently opt-in, and hide the opt-out option deeply in a settings menu.
    • Step 4: Silently opt-in, remove opt-out, but it still works with a registry hack. Microsoft apologists will still thinks it’s cool because “just use this simple registry hack bro”.
    • Step 5: Remove opt-out alltogether, and silently opt-in everyone who had previously opted out.
    • Step 6: Enjoy their boiled frog!
  • Mereo@lemmy.ca
    link
    fedilink
    English
    arrow-up
    35
    arrow-down
    1
    ·
    7 months ago

    They will just enable it by default later when the heat passes. They always do. You no longer own Windows.

    • lectricleopard@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      7 months ago

      Never did. It’s just more and more obvious with each new “feature” that it’s built for monetization, not for user functionality.

      • Mereo@lemmy.ca
        link
        fedilink
        English
        arrow-up
        6
        ·
        7 months ago

        In the '90s and early 2000s, Microsoft’s business model was the classic one of selling products to customers. Today, it’s all about the cloud, advertising, and AI, where the product is the user.

    • yeehaw@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      7 months ago

      My prediction is essentially one day windows pcs will be Linux that act like thin clients that go to windows 365.

  • Geyser@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    ·
    7 months ago

    “The ability to disable the…feature during the setup process…” does not mean opt in, that means opt out.

    Knowing windows setup, you need to click customize during the setup process and then go through several setup pages before you’re presented this option (or have to dig into additional/advanced settings to find it).

    Most people won’t do this, won’t know how to do this, or will receive the pc with the initial setup complete and won’t know if this is on or off.

    • Norgur@fedia.io
      link
      fedilink
      arrow-up
      15
      ·
      7 months ago

      And even if you find it, it will have an idiotic and obscure name, like “advanced history experience” or something absolutely nondescript

      • teft@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        7 months ago

        Also when you try to disable it they will use all sorts of dark pattern pop ups to dissuade you from disabling it.

      • MudMan@fedia.io
        link
        fedilink
        arrow-up
        1
        arrow-down
        4
        ·
        7 months ago

        The exact wording, which, again, is in the article you didn’t bother to read before posting, is “Quickly find things you’ve seen with Recall. Recall helps you find things you’ve seen on your PC when you allow Windows to save snapshots of your screen every few seconds”.

        Seriously, I don’t even like the feature. I will absolutely turn it off, just like I did Timeline, and I expect it’ll be gone in the next version, just like Timeline was.

        But I did look at the stupid article before posting. So there’s that.

        • Norgur@fedia.io
          link
          fedilink
          arrow-up
          3
          ·
          7 months ago

          So, are we done berating everybody passive-aggressively with just a sprinkle of condescension? Because maybe, just maybe, I was making a remark about the general practice of Microsoft to hide stuff behind nondescript bullshit names (especially in non-English versions where the English bullshit name gets translated literally most of the time, which yields even more nondescript results).

          Maybe, just maybe, you chose the wrong comments to act up on “PeOpLe NoT rEaDiNg ThE aRtIcLe” when all that was posted about was inconsequential stuff about the precise clicks needed to turn a feature off that’s not even in the respective menus yet. So this is not someone talking bullshit because they misunderstood the headline about a murder case or something.

          All that was said was about practices Microsoft has abused into oblivion: Hiding stuff behind obscure menus and hiding stuff behind obscure names. The comments made were a persiflage of exactly that.

          Maybe, just maybe, the precise placement and wording in a menu that doesn’t even exist yet is a topic inconsequential enough that people will not read the tenth article about the general subject (Copilot becoming “opt-in”) to make sure they wouldn’t miss this super irrelevant point to the story. A point which you guessed from screenshots that haven’t reached production yet (even if they are likely to go into production as shown, it can still change), so your condescending attitude is based on wobbly grounds.

          There are tons of articles where people post absolutely wrong and quite absurd stuff because they didn’t read the article. Some of them even matter (politics, world events). So let’s criticize people when they don’t read through actually important articles before posting, and agree that it’s okay to not read the exact article posted on unimportant sidenote stuff if one knows about the thing in general. Because if I’d be only allowed to comment on the article posted itself, I wouldn’t need Lemmy, I could just comment on the site that posted the article in the first place.

          Besides: You did notice that you commented on two different people, yes? Because you sure sounded like you didn’t read the usernames before commenting and thought you always replied to the same guy.

          • MudMan@fedia.io
            link
            fedilink
            arrow-up
            0
            arrow-down
            3
            ·
            7 months ago

            That is a very long rant to agree with me in that you care enough to rant about this online but not enough to read past the headline.

            So no, I have no intention to shut off the condescension, there is nothing passive about my aggression and people absolutely don’t read the article regardless of how important they feel the issue is. Yesterday this was all about the most important threat to the security of the average cosnumer, now it’s “unimportant sidenote stuff”. Somebody should have told MS how unimportant it is, could have saved the devs the crunch to fix it by the time it ships in 10 days.

            For the record, you’re right about how hard it is to find things sometimes in localized versions of OSs. That’s true of all of them, though, and I blame the fact that we’re all stuck here speaking the haegemonic language and reading about tech only in English while local journalists struggle to stay relevant, so we learn all the brand names and settings in English despite the software itself being available in localized versions. But that’s a whole other conversation.

            • conciselyverbose@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              7 months ago

              This is still a huge threat, because their “mitigations” are a joke. The only possible way this can be an acceptable feature is if it is built from the ground up with security as the primary concern. You can’t “tack on” security at the end and get a secure product.

              If security was in any way a consideration, there is no path to shipping anything where the database is unencrypted at any point. Not in an insider build. Not as a tech demo. Nothing.

              • MudMan@fedia.io
                link
                fedilink
                arrow-up
                1
                arrow-down
                2
                ·
                7 months ago

                I mean, no, that’s dogmatic weirdness. The feature is secure if the feature that is live is secure. Software isn’t magic, it doesn’t have karma, it works the way it works.

                Now, this is as secure as whatever they ship, but even assuming it’s ironclad it’s still a bad feature. You do not need an automatic screengrabber to remember what you did yesterday. Every piece of work software you may need to reopen has a recent files list, Windows has a file search function, browsers have a history. You have a brain. You don’t lose track of so much stuff that you need to be recording your entire activity just in case. This is a bad gimmick that covers no use case, just like Timeline was. And because it’s a bad useless feature the logical thing is to turn it off and forget about it, which is why everybody seems to have memory holed that Timeline ever existed.

                You guys really don’t need to get weird about it for it to be a bad idea, but since they’re railroaded into shipping it, at least it’s better to ship it with proper encryption and authorization features. Still turn it off, though.

                • conciselyverbose@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  7 months ago

                  The feature that is live cannot possibly be secure. That’s the entire point.

                  If you do not design every element that interacts with user data very consciously and deliberately around controlling access properly, you cannot get a result that is not massively vulnerable to bad actors. Security is a core design principle. It cannot possibly be achieved after the fact.

            • Norgur@fedia.io
              link
              fedilink
              arrow-up
              0
              ·
              7 months ago

              So your reply is, “but other people don’t read…”? Yeah, I’m not “other people”, so stop making me a scapegoat for behavior you’ve seen elsewhere (and on which I agreed with you, btw).

              Yet, you misunderstood my comment: Copilot is important. It not being encrypted is important (and hilariously naive). Where they put the turn on or off option in the setup menu ultimately is not. I wrote that pretty clearly. Didn’t you read my answer? That was the only information I could have gotten from the article I didn’t have already. Thing is: If I had read it (from a Screenshot I wouldn’t have seen anyway because I normally use reading mode, no less), I would still have commented on the dark patterns Microsoft uses to get you to send your “telemetry” to them.

              I have since skipped through the article and literally the only thing in there I didn’t know were those stupid screenshots. So why the heck would I read the article when I had read others just like it?

              You just saw something you’d been irritated about in other places and treated me (and others here) as if we were the offenders behind the things you saw as well, lashing out without provocation and felt justified because “it happens all the time”. While some of that’s correct, the people you went and “showed’em” aren’t the source of all evil, so skip the scapegoat bullshit and be civil towards people you’ve never talked to before, will ya?

              • MudMan@fedia.io
                link
                fedilink
                arrow-up
                0
                arrow-down
                1
                ·
                7 months ago

                Yeah, see, here’s how I know I’m not scapegoating you and you also didn’t read it.

                The article clearly explains they WILL in fact encrypt it and require a passkey to access it once per session.

                So yeah, no, my condescension is exactly about you. And others. But also you.

                • Norgur@fedia.io
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  7 months ago

                  Are you really this dense? The whole opt-in thing comes because Researchers found that Recall wasn’t encrypting shit and there was already a tool out to scrape this data automatically (Totalrecall). That was what I mentioned there. Come on, you must be trolling now. This is just laughable. But so you can’t be half-read my comments and make it fit your argument again, it’s even in the bloody article:

                  Microsoft’s changes to the way the database is stored and accessed come after cybersecurity expert Kevin Beaumont discovered that Microsoft’s AI-powered feature currently stores data in a database in plain text. That could have made it easy for malware authors to create tools that extract the database and its contents. Several tools have appeared in recent days, promising to exfiltrate Recall data.

    • umbrella@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      7 months ago

      not to mention they are known to re enable telemetry on systems after updates.

      i doubt this will be any different.

      • tigeruppercut@lemmy.zip
        link
        fedilink
        English
        arrow-up
        4
        ·
        7 months ago

        Even without all the invasion of privacy implications, I’m skeptical it would even work. Source: 20 years of “Windows is checking for a solution to the problem” that has never worked even once.

        • FaceDeer@fedia.io
          link
          fedilink
          arrow-up
          2
          ·
          7 months ago

          I’ve actually had those troubleshooters work for me several times in recent years. Mostly fixing networking issues.

    • gravitas_deficiency@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      7 months ago

      Remember when making a Microsoft cloud account was optional during Windows installs, and it was trivia to skip/opt out?

      Pepperidge Farm remembers.

      They are 100% going to do the same thing here.

    • MudMan@fedia.io
      link
      fedilink
      arrow-up
      0
      arrow-down
      2
      ·
      7 months ago

      There is a screenshot of the opt-in screen in the article. There is no default, just two buttons to say yes or no.

      I swear, outrage should only be allowed based on the amount of work one is willing to put in before expressing it. If you don’t do the reading, you don’t get to be publicly angry. It’d save us all so much trouble.

      For the record, the feature was always optional, as per the original announcement. Presumably the change is it is now part of the setup flow where it was going to be a settings toggle instead.

      Which is, incidentally, how this used to work the first time Windows had this feature, back when it was called “Timeline” in Windows 10.

      • Ibuthyr@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        The problem with MS is how they change these things in the future. It may be a clear choice now, but they will find a way to make it easier to “accidentally” opt in, or they’ll simply change it to an opt-out. They’ve been doing this sort of bullshit for quite some time now.

        • MudMan@fedia.io
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          They really haven’t. Their onboarding flow has included this exact type of forced option for advertising data, location data and bug reports for what now? A decade, give or take? They have a very specific design language for these.

          Plus, and I keep reminding people of this and they keep forgetting, they already made this feature once. It was on Windows 10, it was called Timeline, everybody turned it off and they never did much to change that, instead just adding a less intrusive offline version of it and ultimately removing it by the launch of 11 until… well, now.

          What I don’t understand is why you guys are so set on this specific list of grievances. You don’t need to dismiss the improvements they are making. They are improvements and they are a good thing.

          If you are set on rooting for or against OSs (and why would you, stop it, that’s weird) you can instead just point out that… well, the feature itself is still garbage. Even with a default opt out, even assuming it’s fully secure. It just covers no valid use case, unless you’re starring in Memento II. It remains a security vulnerability because social engineering and shared computers are a thing. It is exactly as dumb and useless as Timeline was, and there’s a reason nobody remembers that happened. The lack of AI search really, really isn’t why that failed.

          You don’t need to come across as a paranoid conspiracy theorist making up slippery slopes to keep criticising this about the things they are actually fixing. There are plenty of valid issues with it at a fundamental design level they are not changing. Being so wildly speculative about the eeeeevil corporate MS lying to us just makes the criticisms sound less valid when the actual thing they are doing is still pretty useless at best, and most likely really bad.

          • Ibuthyr@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            Look, I use Microsoft products. I have since PC-DOS became MS-DOS. You are plain wrong. Just look at the whole fiasco where MS is practically forcing users to tie their windows license to an account. It used to be easy to circumvent, nowadays it’s hidden like Waldo. They constantly do this shit. Stop shilling for corporations.

      • Geyser@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        The screenshot doesn’t show preceding flow to reach it, but I did miss the “requires windows hello to enable” bit, which does suggest that wherever it is, it would have to be opt-in.

        • MudMan@fedia.io
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          7 months ago

          It doesn’t because that’s one of the four or five screens during the initial Windows setup where you opt in and out of all the other spyware features. They all look the same and are prompted in sequence. Unless they’re doing something very weird you absolutely have to make a choice on each of them and they are unskippable otherwise.

          I mean, you don’t have to know, if you don’t know Windows you don’t have to recognize them. But if you do it’s pretty obivous, so you… you know, could have asked or looked it up.

          Or gone through the link, because come on, you didn’t. You were obviously just reacting to the headline.

  • the_doktor@lemmy.zip
    link
    fedilink
    English
    arrow-up
    17
    ·
    7 months ago

    …says the company that wanted to destroy every bit of your privacy. I don’t care what they “promise”, don’t listen to them.

    Microsoft is finished. Install Linux.

  • x0x7@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    7 months ago

    They use dark patterns and cryptic dialog boxes to get old people to opt in.

    • Agent641@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      edit-2
      7 months ago

      Are you certain you don’t want to enhance your Microsoft experience?

      ^YES, I CRAVE A LIMITED ESPERIENCE^

      NO, GIVE ME THE BEST THING

  • NaibofTabr@infosec.pub
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    7 months ago

    Ok, let’s assume (for the sake of argument) that everything is on the up-and-up, and Microsoft will behave in a completely equitable and user-friendly way with regard to this feature going forward. Where does that leave us?

    There is a spyware feature built into Windows 11. It is off by default, but a malware that wants to capture this kind of information doesn’t have to install anything, and it doesn’t have to run any background processes that might get caught by a system monitor or blocked by application whitelisting. All it has to do is turn this built-in feature on, and then exfiltrate the data later.

    Setting this off by default doesn’t remove the security issue.

    • sugartits@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      7 months ago

      Ok, let’s assume (for the sake of argument) that everything is on the up-and-up, and Microsoft will behave in a completely equitable and user-friendly way with regard to this feature going forward

      This is so fantastical that there’s no point in even having the hypothetical discussion about it.

      • HauntedCupcake@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        You’re right, it’s fantastical, but it’s still worth talking about.

        It’s worth talking about as it solidifies the argument more than just assuming your opponent is acting poorly. The argument of “Even if Microsoft is a saint, it’s still a bad idea. But we know Microsoft also has a history of data collection, spying, anti-patterns etc.” is a much stronger argument than the latter half on its own

        • sugartits@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          You’re right, it’s fantastical, but it’s still worth talking about.

          Is it though?

          It’s a feature which is very clearly evil and of very little benefit to the user. Only a shit business like Microsoft would even attempt it, lie about it being secure, then make it “optional” (and we all know what that means) and it will still be an insecure mess when it’s done, sucking down resources from a machine I purchased for no benefit to myself.

          The “feature” by it’s current definition can only be conceived of by a piece of shit organisation like Microsoft.

          No need to separate the art from the artist in this case, as they are perfectly aligned.

  • Sensitivezombie@lemmy.zip
    link
    fedilink
    English
    arrow-up
    6
    ·
    7 months ago

    No one is going to opt-in to having screenshots taken of their activities on the OS. If no one opts-in then it will hinder Microsoft’s original plan of collection such data for copilot. Along comes the new marketing language to soften the approach and they still collect data.

    • x0x7@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      7 months ago

      No one would opt-in to having all of their personal files sent to the cloud. But Windows managed to get my father using OneDrive even though he had no idea what it was. He was absolutely pissed when I told him. Somehow that wasn’t enough to get off of windows completely though.

    • kboy101222@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      10
      ·
      7 months ago

      Cause they’re going to show a pop-up that advertises some “cool new feature”, and the 99% of users who aren’t tech literate will say yes and never think about it again.

      People on this site severely overestimate how much the average person cares and their overall level of tech.

      • aStonedSanta@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        Yup. Average user doesn’t know what pop or imap is and can’t use their tv remote to change an input.

    • pixel_prophet@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      7 months ago

      People will be deceived into opting in via some UI anti pattern like they do with the online user accounts and onedrive now.

    • floofloof@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      7 months ago

      Because they’ll add it to the list of coercively and deceptively worded questions they force you to answer before you can use a WIndows account, phrase it so as to sound useful and harmless, and have a big friendly “Sounds great!” button and a tiny “No thanks, I prefer my life to be shit” link.

  • IninewCrow@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 months ago

    *Windows won’t take screenshots of everything you do after all (that the company will admit to without you knowing)— unless you opt in

  • FaceDeer@fedia.io
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    7 months ago

    We had a good solid enraged mob going here, and Microsoft is ruining it! The bastards!

    • conciselyverbose@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      This moves it from “actually fucking laughable” to “you should still run away from Windows fucking fast”.

      Their approach to security is still a trainwreck. Security cannot happen as an afterthought.

    • towerful@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      Browser history was implemented before companies massively abused privacy.
      It was an honest feature for users.
      We also learned a lot about security regarding password/credential extraction from browsers.

      Windows Recall might be an honest feature. It might be super secure and really useful.
      But Microsoft doesn’t have the trust to pull this off

      • HauntedCupcake@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        Browser history also holds significantly less information than a screenshot of you using your computer taken every 3 seconds

        • conciselyverbose@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          Exactly.

          Actual security happens from the ground up. It’s the first consideration of every step of every module of code that has any interaction with user data.

          The fact that there was any version anywhere near shipping to anyone that resulted in an unsecured database being accessible to other programs tells you that it’s not possible that it’s secure.