"It looks like you have some private personal and financial details on display! I'll take a screenshot and store it in a folder someone can access later. "

About MS Recall

The problem

So, apparently Microsoft decided to put an AI on their operating system that uses regular screenshots to store, index, and describe every single thing the user does on their computer. If you enter a password -- it's stored and indexed; if you send a message: it's stored and indexed. It stores all that in a neat little unencrypted database that doesn't require elevated privileges to access, meaning any hostile program only needs a few seconds at most to perform weeks worth of data collection, and it's already processed for easy use by the cracker. Even if the data stays on device, the applications for facilitating domestic abuse are absolutely terrifying.

I don't use DOS, so it doesn't affect me, right?

Wrong. Chances are, your bank, your hospital, your employer, your school, your tax office use it. This "feature" can be deactivated, and I seriously hope it will be on every single system handling sensitive data (or better stop using that operating system altogether), but it only takes one employee viewing it on their personal computer for a major data leak to occur.

The wider problem

The data is supposedly and presumably stored on-device which should mean Microsoft doesn't collect it, but the operating system as a whole is also proprietary and closed-source, meaning:

it's very hard to tell what the system does or doesn't do, the only recourse we have are to look at outgoing data packets (not foolproof) or study the disassembly (difficult and illegal)

it is both extremely hard and illegal to make and maintain forks (modified versions), which means if they do something their users absolutely can't agree with, they're left with three choices:

use an outdated version -- not the best for security, and Microsoft makes updates mandatory

switch operating systems -- can be time-consuming and costly to do, especially if the user relies on system-specific functionality (I'd recommend getting started on this asap)

just accept it -- what most will probably end up doing

Windows Recall Has Already Been Exploited

If its existence wasn't already bad enough, everything Recall stores is kept in an unencrypted SQL database.

Even if Microsoft pinkie promises that Recall data is only stored locally, that will not stop malware from slurping everything you have done, are doing, or will do, from your PC.

If you're thinking you can just turn it off when it arrives in your Windows updates and be fine, consider the fact that your personal information is likely going to be on someone else's PC at some point.

I have worked IT for a Fortune 500 retailer and can tell you; if you make any large purchase, be it a car, an instrument, windows or doors for a home, or have any sort of custom order made, that task is done through a Windows PC that will have your personal info and payment information on it at some point.

Financial and medical institutions will have more care about this, but I can guess with a high degree of certainty that nearly any PC in a retail environment is susceptible to malware from unsavvy employees, and even more susceptible to a simple physical attack. In a busy store, basically anyone could walk up and plug a USB drive with a malicious payload to a PC used for transactions. Cash registers/tills are generally safer, since they will be running a maximum-stability older version of Windows that will not have these kinds of updates.

I'd love to hope that businesses realize this and demand a version of windows with AI features disabled, but AI is such a buzzword in the current market that products are popping up all over the place that do not directly have anything to do with AI, but are slapped with the label anyway. Microsoft does not care if home users complain. They care if investors, large business accounts, and system integrators do. Those people are nothing if not techbro hype train riders, so good luck with that.

The takeaway here is to be extremely careful. And switch to Linux if it meets your needs.

This? This is super bad. Like super duper what the fuck are they doing bad.

I don't want to be That Person, but y'all might want to consider switching to Linux.

Literal definition of spyware:

Also From Microsoft’s own FAQ: "Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. 🤡

If you use a Windows machine running Windows 11, you may wish to disable the Recall feature immediately. It's doing some pretty shady shit.

Yeah, that's why all of my work computers are Linux and have been since 2018.

People ask me if im worried about AI taking my job (Cybersecurity).

No im not

Linux Ain't Hard. Just Different. Come Play.

Microsoft Recall has been making waves in privacy circles. Some are calling it a privacy nightmare, some others are calling it a privacy nightmare, and privacy experts are sounding the alarm about it1. As usual, when Microsoft does a stupid – and in my eyes, this is a pretty big stupid – people talk about migrating to Linux. Of course, people still think that people who use Linux wear funny hats…

View On WordPress

Weekly output: link rot, Microsoft and Google's AI sales pitches, tech brand reputations, T-Mobile rate hikes, Bluesky DMs

A lightly-scheduled week wrapped up with my wife and I seeing two D.C. teams that didn’t exist 20 years ago play against two Seattle teams: the Spirit’s 3-2 win against the Reign Friday night, then the Nats’ 9-5 loss to the Mariners Sunday afternoon. In between, a bike ride to and then through Rock Creek Park offered me a peek at actual construction progress of Maryland’s snakebit Purple Line…

View On WordPress

Windows 11 and the Last Straw

Bit of a rant coming up. TL;DR I'm tired of Microsoft, so I'm moving to Linux. After Microsoft's announcement of "Recall" and their plans to further push Copilot as some kind of defining feature of the OS, I'm finally done. I feel like that frog in the boiling water analogy, but I'm noticing the bubbles starting to form and it's time to hop out.

The corporate tech sector recently has been such a disaster full of blind bandwagon hopping (NFTs, ethically dubious "AI" datasets trained on artwork scraped off the net, and creative apps trying to incorporate features that feed off of those datasets). Each and every time it feels like insult to injury toward the arts in general. The out of touch CEOs and tech billionaires behind all this don't understand art, they don't value art, and they never will.

Thankfully, I have a choice. I don't have to let Microsoft feature-creep corporate spyware into my PC. I don't have to let them waste space and CPU cycles on a glorified chatbot that wants me to press the "make art" button. I'm moving to Linux, and I've been inadvertently prepping myself to do it for over a decade now.

I like testing out software: operating systems, web apps, anything really, but especially art programs. Over the years, the open-source community has passionately and tirelessly developed projects like Krita, Inkscape, and Blender into powerhouses that can actually compete in their spaces. All for free, for artists who just want to make things. These are people, real human beings, that care about art and creativity. And every step of the way while Microsoft et al began rotting from the inside, FOSS flourished and only got better. They've more than earned trust from me.

I'm not announcing my move to Linux just to be dramatic and stick it to the man (although it does feel cathartic, haha). I'm going to be using Krita, Inkscape, GIMP, and Blender for all my art once I make the leap, and I'm going to share my experiences here! Maybe it'll help other artists in the long run! I'm honestly excited about it. I worked on the most recent page of Everblue entirely in Krita, and it was a dream how well it worked for me.

Addendum: I'm aware that Microsoft says things like, "Copilot is optional," "Recall is offline, it doesn't upload or harvest your data," "You can turn all these things off." Uh-huh. All that is only true until it isn't. One day Microsoft will take the user's choice away like they've done so many times before. Fool me once, etc.

If you have Windows 11, please turn off the Recall feature unless you have Bitlocker on your computer. This is because it takes screenshots of your PC and stores them in such a way that the screenshots could be stolen and passwords etc. taken. (It can be encrypted automatically by Bitlocker, so if you do have that enabled, turning Recall off is optional). If you want to turn off Recall, please do the following:

Please open "Settings".

Next, please click on "Privacy & Security".

Select the "Recall & Snapshots" page.

Turn off the “Save snapshots” toggle switch.

Do this for every account on the computer (the setting is saved per account).

This will completely turn off the Recall option on the account. If you use Windows 10 or earlier, you can put your feet up and relax - Recall isn't available on these operating systems. Obviously, it's a non-issue on non-Windows computers too.

I am linking an article so folks can actually read about the new Recall feature for Windows 11, but the subtitle is actually the most important line:

"The new feature on Copilot+ PCs will take over a chunk of your hard drive—and it has no qualms about screenshotting your passwords."

Emphasis mine.

This feature is not rolling out on every single Windows 11 computer - in fact, many Windows computers don't even have the processing power to handle running Copilot+ and Recall. While it is absolutely still vital to criticize Microsoft for this feature, most of us can breathe a sigh of temporary relief that it is not going to roll out for every single Windows 11 computer. According to the article, the newest version of the Surface Laptop will be the first Windows machine shipping with Copilot+ and Recall installed.

This is something you will have to look out for when buying a new Windows computer, not necessarily something you will have to worry about on an older Windows computer.