Can’t wait for the discovery that, somehow, this can be forced re-enabled and have all the data fed back to some other location through a Teams exploit.
Wow. Whoever thought this was a good idea was an idiot. Thanks for taking a screenshot of my open password manager which happened to have a password visible you jerks. Not only that but running it through image to text translation.
Regardless of if we can trust that it’s still terrible saved locally. When your computer is unlocked recall will be decrypted by bitlocker and accessible, meaning someone with access (malware or physically) to your computer will be able to access it. It is a potential nightmare for victims.
Does it explicitly say that they're only saved locally? Everything I've read up till now says that they are saved locally, with no specific mention as to how that data is handled from there.
You guys realize the data stored on disk and in memory and in edge’s volatile memory is much higher fidelity than screenshots of your fucking password manager gui right? Good grief.
This might be hard to accept but Microsoft done been having access to all ur passwords for a minute.
As soon as I saw this I was like so this is basically a keylogger and password stealing feature. That's going to be a hard no from me dog. I still won't even sign into my personal machine with a Microsoft account no matter how many times they ask me.
I had this reaction too, and I’m not trying to criticize. But hear me out. Any of this make a difference to you? It’s ultimately about transitioning to OAuth, whatever it looks like at the presentation later. I guess I realized that A) deprovisioning / off boarding is a real problem and B) you have to manage cloud identities nowadays anyways and linking them to legacy user accounts is a liability and pain, you’ll have to reset passwords / mfa for cloud identities and legacy, and forensically linking a cloud identity with an on Prem legacy identity is inevitably going to be necessary (for CSIRT/etc). Ultimately everyone pays a price for end users ability to maintain legacy accounts and authentication protocols (anything other than OAuth).
I mean OAuth is great but I don't need that for my local home computer. I just need a local username and password. I don't want my login to cloud identities to be synced to my computer login. Just do OAuth in the browser and then let me login that way.
It's a first step. But blacklist approaches always have leaks. It's why whitelists are recommended for security instead.
For instance, my password manager shows a plain text suggested password in the browser when creating new accounts on sites.
So turn it off?
It's not for everyone, but could have it's uses.
Also, why is your password visible? It should never be visible, click....click...auto-fill...login. Bam done.
Gasp.....oh no....this optional, locally stored data might ne able to see my 64 random character password that I use for Netflix! And, here's the kicker.....I can disable it!!!!
Cover mouth in horror!
This is a mountain out of a mole hill. People have been giving Chrome Extensions the same access for years and nobody cares:
https://www.malwarebytes.com/blog/news/2023/09/password-stealing-chrome-extension-smuggled-on-to-web-store#:~:text=Researchers%20at%20the%20University%20of,and%20privacy%20standard%2C%20Manifest%20V3
Those extensions that check your grammer.....yeah they can also see your passwords. The best part is, it doesn't even have to be plain text!!! They see EVERY form field your password is auto-filled into.
I'm a genius, so I thought of a workaround.....put phrases at the end of the passwords you create:
- generate and copy new password.
- paste into field, type phrase after pasted text.
- type save phrase when saving password.
Bam done. If you aren't already doing this, do you "actually" care about security?
Who uses chrome?
Your comment is very disingenuous and is addressing hypotheticals that you're pulling out of the air and likely only applies to a small subset of people you're talking to, if that.
There's no harm in bringing up the information you have, I personally found it useful. It's just odd that you decided to show your ass while doing it.
Most of the planet uses Chrome:
https://gs.statcounter.com/browser-market-share
Hypothetical??? Isn't this program catching your random password and sending it to Russian hackers also a Hypothetical? Isn't every single fear about this a Hypothetical?
What???
Microsoft's announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking that it has created massive privacy risks and a new attack vector that threat actors can exploit to steal data.
Revealed during a Monday AI event, the feature is designed to help "recall" information you have looked at in the past, making it easily accessible via a simple search.
> the feature is designed to help "recall" information you have looked at in the past, making it easily accessible via a simple search.
Something that literally nobody is asking for. Once again creating solutions for problems that don't exist.
Try to use history to find (or find based on) anything other than time, URL, and subject. I used to use a FF extension that saved a plaintext copy of every site I visited. I loved that. If this feature is in any way similar, I'm on board
That’s literally what user experience is all about, if users could nail down perfectly what they want every time into beautiful words, I could see this being meaningful.
Microsoft: sells their security tools to secure their own platforms at a hideous price.
Can’t keep their own infrastructure clean.
Has more 0 days than any other provider by an insane amount.
But yeah trust them this time.
Yeah , they have more zero days by a large amount, but what percentage of enterprise systems do they hold? When the top target is the user, targeting the main user OS is kinda a no brainer.
This is dumb, but it can be disabled, and will be in every enterprise environment running Windows 11 and beyond. Every time MS does something like this the comments are filled with people saying companies will move to Linux for client endpoints. That's literally never happening for a laundry list of reasons, and even suggesting it makes you look dumb. Moving to Apple products would be tough enough, but no one is moving to Linux for anything that isn't a server.
it can be disabled... FOR NOW... guarantee they remove that ability in a later version just like they removed disabling other concerning features as time went on.
Like what? You can disable pretty much anything via GPO/Intune right now. Just because you can't disable certain things through the GUI doesn't mean you can't disable them through enterprise admin channels. I guarantee they WON'T remove the ability to disable this feature on enterprise versions of their OS's because government sectors use Windows all over the world and would lose their shit at the privacy implications of this feature being enabled on their machines.
Yeah the DOD uses Windows for the vast majority of desktops and laptops. This is a nightmare for sensitive and classified files. There has to be an option to remove it on professional versions of Windows or they will loose millions of computers in the government alone.
Any line of reasoning that ends with "Microsoft will have a way to make this compliant" is stupid because if they had such forethought and planning, this spyware would have died on the whiteboard for the stupid idea it is.
Literally disabling this feature makes compliance issues a moot point. I work as a compliance engineer for a FedRAMP compliant SaaS, you don't know what you're talking about. STIG benchmarks require all the Windows OS tracking and communications bullshit to be disabled. It's not that hard.
Dude this recall shit is bringing out a lot of people who think they know tech and they don’t, as if Microsoft is gonna just gut its enterprise desktop side with this shit and not allow disablement is insanely stupid. People really have no fucking clue and apply their own personal pc usage as if Microsoft gives a shit.
This is reflected in the countless topics in this sub that are asking for advice to get into cyber security. It seems like half of this sub doesn't even do this professionally and is completely ignorant of how this industry and large enterprises actually work.
This cheetah fellah asked 60 days ago about paths to get into IT in Antarctica as a career switch. He has no clue what he’s talking about. This whole thread is full of people who very clearly have no enterprise IT experience.
Because you guys are literally the same type of people who went "Look, facebook said they deleted your photo, so it has to be deleted. A billion dollar company isn't just going to lie in order to make even more money."
Why...why do you honestly think Microsoft is going to push so fucking hard to put data collection software on their Operating systems and then NOT use it to collect data on the most lucrative targets? Because it might be illegal? You've lived for the past how many decades and still think fortune 100 companies are worried about consequences from the government? You honestly think that clicking "disable" is going to ACTUALLY disable this data collection because... Microsoft is suddenly just going to do the right thing. I am stunned by that level of gullibility. Please don't go around talking about who doesn't have a clue about tech.
The most Dunning thing that's ever been Kruger'd. You have zero clue what you're talking about and have no idea how MSFT and DOD/gov customers work together to secure each other's systems.
I hear you, I hear you, and I've got this Nigerian Prince who was looking for someone as gul...trustworthy as you. He wants to give you a lot money if you'll just send him some first.
And I'm sure your professional experience is far more applicable to the subject than mine is and you're not just talking out of your ass as a Linux fanboy who doesn't even work in the field. Microsoft is totally over there interested in illegally gathering information from government entities and obliterating compliance standards that would lose them billions in government contracts so they can use the data for what again? You're not even ignorant, you're just dumb.
Okay so I've just been working on both, and while there are challenges to deploying Linux workstations, it is feasible and I would definitely recommend it for sensitive administration machines.
MacOS is an absolute nightmare on that matter.
Companies will take one look at SLA and the manageability of Linux Clients, laugh in your face and continue to use Windows. Most if not all of the down sides of windows just don't exist for companies. GPO and/or Intunes can easily take care of everything. And from a company and security policy enforcement standpoint, Linux can't hold a candle to windows
One thing I don't see brought up is the user experience. Having worked support for a long time, the single biggest thing you can do to piss off the masses is make a change. It could be something like moving the EDIT menu from next to file to next to HELP in the top menus. People will lose their fucking mind.
I witnessed this happen at one company. They wanted to ditch Adobe Pro licenses for Foxit or something or other. Because they would save something like at least $50 per license, maybe more. They did the whole thing. UAT. Roll out to one group. Get feedback. Etc. A whole ass fucking project to do this. The day came. Adobe Pro was no more. The licensing server was decommissioned. All fucking hell broke loose. Phone lines were jammed. I took a call from a C-suite PA. Did the whole customer service "It's dead, not coming back". She was not happy but thankfully didn't take it out on me. Went for a smoke break and made a comment that Adobe would be back in two days. I was wrong. it was back the next morning.
They had to have spent I have no idea amount of money on testing, servers, cancelling adobe contract, new servers for the new licensing, etc. And it was all undone because it broke the user experience.
No one cares about Windows licensing costs. Companies care about their employee productivity, software compatibility, and endpoint management which Windows absolutely destroys all their competitions in all of those areas which is why at an enterprise level basically everyone uses Windows and a few use OSX. You simply don't understand how any medium to large company works if you think you're making solid points about Linux.
Have your CFO try to convince your CEO to fully convert user desktops/laptops to a Linux distro as a cost saving measure and report back how that goes.
They're encrypted on your own machine and not accessed by Microsoft.
I still have issues with this system, but its not as bad as people in this thread are making it out to be. You can also just turn this feature off.
Microsoft and other tech companies have a history of lying about this stuff. Like upgrades to windows 11 aren’t mandatory (but we’re going to make it a living hell to avoid it behind the scenes)
Or openai, that’s not scarjo’s voice I promise. Or Alexa keeping recordings and finding out Amazon employees are for sure going in for fun. That and ring employees and other cameras.
I used to love MS, but since Bill left, it keeps getting worse.
Ok they learned with windows 8... Windows 10 was perfect.
No here comes windows 11 (shit show, nobody likes). Oh let's make it worse, your perfectly good and capable of running it computer... Is not supported.
Oh and by the way, we'll change all the settings and feature location to make sure you can't find them anymore...
Oh you don't want to use a microsoft account to log into windows... sure it's not mandatory.... for now... oups now it is...
Oh you want us to stop changing UI in office365/azure... better love writing process documentation, we
Microsoft’s consistent failures at security and privacy means this is way too much risk. I’ll be forced to somehow switch to Linux or Apple if they accidentally put this in one of there “updates” like all their other garbage they are pushing on users.
This is legitimately the thing to get me to go to Linux as my daily driver.
I've been ignoring the bullshit trying to get me to upgrade to 11 for years, and they're warning me with the impending end of life for 10..... but yeah seriously fuck that spyware. Anyone know which Distro is best for gaming?
Seems like individual privacy is less important than exciting new “features”.
I recently bought a Surface Pro 9 because they were offering a great deal on it but now I’m not so sure…
Granted, I don’t do a whole lot on my PC other than schoolwork, online courses, and deploy VMs, but it’s still weird that they basically repackaged a keylogger as some AI tool and said “yoooo guys, check this out!”
Has me looking at Linux finally. Not looking forward to relearning an OS. Have been Windows-only since Windows 98, when I was using my older siblings' machines. Hell, I've even bought legit copies of Windows or prebuilts that came with Windows.
Linux is far easier than people make it sound, probably due to many people having tried it years ago and not recently. I built a gaming PC and chucked Fedora Linux on it a few months ago and I'm already more comfortable with it than with Windows. Depends what software you want to run obviously but for gaming, software engineering, and web browsing it's been awesome. Somehow far less janky than windows as well, which is crazy considering it's just a bunch of random people online throwing an OS together.
Bunch of random people throwing an OS together definitely does lead to a lot of jank, but it's mostly behind the scenes. The easily accessible jank gets fixed when one person with the relevant skillset is annoyed by it.
You can try Linux Mint which has the Cinnamon desktop environment which is designed to be easy for a windows user. You can try it on your PC before installing it. There are plenty of youtube tutorials to show you how.
PopOS, Debian, Ubuntu all have nice UI that is not very hard to personalize to closely resemble what you may be used to in Windows (actually some of the stuff is WAY better and easier). There’s other distributions that have better looking Desktops setups I hear like Zorin but I’ve honestly never bothered to delve into that.
I will be messaging you in 2 months on [**2024-07-22 13:58:34 UTC**](http://www.wolframalpha.com/input/?i=2024-07-22%2013:58:34%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/cybersecurity/comments/1cy79xe/microsofts_new_windows_11_recall_is_a_privacy/l5bnxnx/?context=3)
[**CLICK THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fcybersecurity%2Fcomments%2F1cy79xe%2Fmicrosofts_new_windows_11_recall_is_a_privacy%2Fl5bnxnx%2F%5D%0A%0ARemindMe%21%202024-07-22%2013%3A58%3A34%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201cy79xe)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
If you're looking for a UI that's not windows-like, gnome desktop is great. It's the default desktop on Fedora, the distro I use (the name is awful but the distro is solid).
I knew I was making the right decision with keeping my ass on W10. But damn, this is beyond any bad doing I expected from Microsoft with W11. It's unreasonably stupid and anti-consumer, even for big company standards.
Consider Linux if you don't play games with anticheat, or rely on Windows-locked software for work/whatever else you use your computer for. It's genuinely very usable now.
I've been tempted to do so a few times, but I'm indeed kinda locked into Windows-only software. Especially videogames, since I play a lot, and many of them are not compatible with Linux (including many old titles that are already tricky to execute even on W10).
But I'll see what happens when Microsoft decides to kill W10. If a bullshit-loaded system is the only alternative they offer by then, I guess I will be noping out of Windows, at least for all the uses I can.
I moved to Ubuntu on an 8th gen i5 laptop with 8GB of memory. There have been some bumps, but it performs far better than either Windows 10 or Windows 11. It would take at least 16GB and a much more recent CPU to make Windows feel like Ubuntu does on that computer. I'm not sold on GNOME yet, but for the most part it's been enjoyable.
Only reservation is that I'm on a surface book with nvidia gpu. Which I feel isn't going to play great. Only just starting to dip my toes into moving in cyber security after being IT for 7 years.
But Linux is it the top on my to-do list for Skilling up.
It should work just fine. There are the open source Nouveau drivers that do most things pretty well, or there are the closed source official drivers that do gaming better. Granted, their attitude towards Linux and open source in general are one of the reasons I don't touch Nvidia at all, so your experience may vary. Overall though, once you adjust to the ... creative ... interface decisions you'll find in Linux sometimes, it is enjoyable.
Once you get past the graphical interface stuff, Linux absolutely fantastic. If you're considering a move to security, I would suggest learning it inside and out. It's not just important, it's vital. Most of your best tools are going to be in Linux. Everybody knows about Kali, but there's more focused distros like SIFT, Tsurugi, and Caine.
I've honestly tried, but I can't find a single thing about Mac that Linux doesn't do better. And don't say "Walled garden" because I'm moving away from Windows because of bullshit I don't want being forced on me by the OS.
I have a ton of apps that do not run on Linux. Also nothing is forced on you on Mac. But I don’t have the energy and motivation to explain it, I’m not a Mac evangelist. For me it is the perfect desktop OS for engineering, development, etc. But you do you.
> For me it is the perfect desktop OS for engineering, development,
Oh I can totally see that, but my home computer is my home computer, not my work computer. If I were at work I'd love a mac as I wouldn't have to fuck with stuff to get my job done. When I'm at home I've got more time to tinker and deal with compatibility issues. Also I don't play games on my computer at work which between than and youtube is 99% of my home PC's average use. That's why Windows has worked for me for so long, but now having to abandon it, in my use case I just can't see what benefit a Mac would offer. Work/Office? Yes Mac absolutely. Home / Casual use? I just don't see it.
Also this isn't a "HOW DARE YOU NOT FIGHT ME ON THE INERNET! I DEMAND YOU ARGUE AND DEFEND MAC!" I get ya, but if someone else wants to jump in and "well actually" I'm honestly arguing in good faith. If someone can show me why Mac would actually be a good move for me I'm willing to shell out the money for one.
I work as an IT Admin and I used to love windows and MS but I think people are finally getting fed up of crap like this, I’m using a Mac for the past year and I’m v happy with it.
I was asked to use ICloud on the Mac once or twice but I said no and forgot about it, whereas with MS OneDrive is forced upon you and very hard to bypass
Can't wait to learn this can be re-enabled and multiple attacks steal sensitive data.
Best advertising for switching OS to Linux. I would install a Mac on my pc rather than use one with this feature.
>Microsoft also says it will not create screenshots of Microsoft Edge's InPrivate windows (and other Chromium-based browsers) or content protected by DRM. However, they have not confirmed whether other browser's private modes, like Firefox, will be supported.
After a year of Windows 11 Recall, PornHub will show a rise to Chromium Based browsers in their stats.
Seriously though, while this is a privacy nightmare, I can't wait to see what forensic artifacts this will provide.
Immediate thoughts:
Man this is a red teams wet dream. Not even going to have to put effort into cracking systems. Any agency with Windows 11 will be susceptible. Passwords aren’t even the top of the iceberg on this. If it’s capturing the first three months with snap shots it could capture admin set up info, which could allow for privilege escalation.
May 3: https://www.microsoft.com/en-us/security/blog/2024/05/03/security-above-all-else-expanding-microsofts-secure-future-initiative/
“Implementing and enforcing best-in-class standards across all identity and secrets infrastructure, and user and application authentication and authorization.”
May 20: Windows 11 Recall
“Recall works by taking a screenshot of your active window every few seconds, recording everything you do in Windows for up to three months by default.”
I’m having a real hard time reconciling the two🤦🏼♀️
Suppose I were to do something illegal and Microsoft were to see it, and Microsoft were to inadvertently make itself liable to prosecution, could legal action be taken against Microsoft?
And do Microsoft illegal shit if this is illegal in USA or in my country? I have so many questions 😤
Ever want an example why I think ANY security professional who works with Microsoft products is a idiot... THIS is it right here.
Any company who thought hey lets screenshot your browser every couple seconds for 3 months is a good choice for also securing your endpoint is smoking a fat ol bowl.
I got a tale of a cyber security firm switching from Linux to Windows (thanks to the bright idea of an external consultant). The top talent left, new recruits used to Windows never were as good in the security side of things. It took vastly more money running the same operation, results got mediocre, company went belly up in less than a year. lol
Can’t wait for the discovery that, somehow, this can be forced re-enabled and have all the data fed back to some other location through a Teams exploit.
just like edge default settings…
What was that?
Wow. Whoever thought this was a good idea was an idiot. Thanks for taking a screenshot of my open password manager which happened to have a password visible you jerks. Not only that but running it through image to text translation.
Why? It's not like they've been breached multiple times in the past, right? /s
But the images are supposed to only be saved locally. Ofcourse is another question if we should trust that.
Narrator: We should not
Regardless of if we can trust that it’s still terrible saved locally. When your computer is unlocked recall will be decrypted by bitlocker and accessible, meaning someone with access (malware or physically) to your computer will be able to access it. It is a potential nightmare for victims.
Does it explicitly say that they're only saved locally? Everything I've read up till now says that they are saved locally, with no specific mention as to how that data is handled from there.
[удалено]
Hot take, yet true
You guys realize the data stored on disk and in memory and in edge’s volatile memory is much higher fidelity than screenshots of your fucking password manager gui right? Good grief. This might be hard to accept but Microsoft done been having access to all ur passwords for a minute.
[удалено]
Yeah. Edge is excellent.
They got me with Vertical Tabs, ngl it’s nice to know I am content with the default browser again (still don’t use it as my main).
As soon as I saw this I was like so this is basically a keylogger and password stealing feature. That's going to be a hard no from me dog. I still won't even sign into my personal machine with a Microsoft account no matter how many times they ask me.
I had this reaction too, and I’m not trying to criticize. But hear me out. Any of this make a difference to you? It’s ultimately about transitioning to OAuth, whatever it looks like at the presentation later. I guess I realized that A) deprovisioning / off boarding is a real problem and B) you have to manage cloud identities nowadays anyways and linking them to legacy user accounts is a liability and pain, you’ll have to reset passwords / mfa for cloud identities and legacy, and forensically linking a cloud identity with an on Prem legacy identity is inevitably going to be necessary (for CSIRT/etc). Ultimately everyone pays a price for end users ability to maintain legacy accounts and authentication protocols (anything other than OAuth).
I mean OAuth is great but I don't need that for my local home computer. I just need a local username and password. I don't want my login to cloud identities to be synced to my computer login. Just do OAuth in the browser and then let me login that way.
It will probably have access to your clipboard too...
I hope you aren’t assuming your clipboard is some sort of Secure Enclave. It’s basically a New Orleans gloryhole.
Let's say you did turn this on, wouldn't you just set that as an app in the black list for it to not capture from?
It's a first step. But blacklist approaches always have leaks. It's why whitelists are recommended for security instead. For instance, my password manager shows a plain text suggested password in the browser when creating new accounts on sites.
Lol @ whoever thinks this is an expansion of privacy violations not currently exposed. I bet the msft team was like wait, how naive can they be?
Welcome to Apple’s Time Machine. Except Apple did it in 2007.
What are you talking about? Time Machine are backups, not screenshots interpreted by AI.
So turn it off? It's not for everyone, but could have it's uses. Also, why is your password visible? It should never be visible, click....click...auto-fill...login. Bam done.
Because when I click generate it shows me the password so I can view it or edit it to make sure it complies with that site's rules.
Gasp.....oh no....this optional, locally stored data might ne able to see my 64 random character password that I use for Netflix! And, here's the kicker.....I can disable it!!!! Cover mouth in horror! This is a mountain out of a mole hill. People have been giving Chrome Extensions the same access for years and nobody cares: https://www.malwarebytes.com/blog/news/2023/09/password-stealing-chrome-extension-smuggled-on-to-web-store#:~:text=Researchers%20at%20the%20University%20of,and%20privacy%20standard%2C%20Manifest%20V3 Those extensions that check your grammer.....yeah they can also see your passwords. The best part is, it doesn't even have to be plain text!!! They see EVERY form field your password is auto-filled into. I'm a genius, so I thought of a workaround.....put phrases at the end of the passwords you create: - generate and copy new password. - paste into field, type phrase after pasted text. - type save phrase when saving password. Bam done. If you aren't already doing this, do you "actually" care about security?
Who uses chrome? Your comment is very disingenuous and is addressing hypotheticals that you're pulling out of the air and likely only applies to a small subset of people you're talking to, if that. There's no harm in bringing up the information you have, I personally found it useful. It's just odd that you decided to show your ass while doing it.
Most of the planet uses Chrome: https://gs.statcounter.com/browser-market-share Hypothetical??? Isn't this program catching your random password and sending it to Russian hackers also a Hypothetical? Isn't every single fear about this a Hypothetical? What???
I just want an option to forget/delete everything older than 3 months ago. I was a different person then, I swear.
What a great feature, now how do I disable it and prevent it from ever being re-enabled?
[удалено]
I’m going back to DOS and floppy disks.
Microsoft's announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking that it has created massive privacy risks and a new attack vector that threat actors can exploit to steal data. Revealed during a Monday AI event, the feature is designed to help "recall" information you have looked at in the past, making it easily accessible via a simple search.
> the feature is designed to help "recall" information you have looked at in the past, making it easily accessible via a simple search. Something that literally nobody is asking for. Once again creating solutions for problems that don't exist.
Isn't that what the history feature was for?
I am having a hard time discerning the difference between the two. I am legitimately curious. (Recall vs. history)
Try to use history to find (or find based on) anything other than time, URL, and subject. I used to use a FF extension that saved a plaintext copy of every site I visited. I loved that. If this feature is in any way similar, I'm on board
Oh look, late stage capitalism in a sentence.
Unless it's all smoke and mirrors. Their aim is another.
That’s literally what user experience is all about, if users could nail down perfectly what they want every time into beautiful words, I could see this being meaningful.
No thanks Microsoft, i don’t need to “recall” all the porn I watch. I prefer new unseen content.
Just watch it in Chromium based browsers, duuuuh
I just want to easily find some fucking email I’m sure I have somewhere in my a Outlook inbox. Can you do that Microsoft?
> Why don't you ask for help with that in Teams! Shall i get you signed up?
Microsoft: sells their security tools to secure their own platforms at a hideous price. Can’t keep their own infrastructure clean. Has more 0 days than any other provider by an insane amount. But yeah trust them this time.
Yeah , they have more zero days by a large amount, but what percentage of enterprise systems do they hold? When the top target is the user, targeting the main user OS is kinda a no brainer.
[удалено]
What OP said is more or less commonsense
This is dumb, but it can be disabled, and will be in every enterprise environment running Windows 11 and beyond. Every time MS does something like this the comments are filled with people saying companies will move to Linux for client endpoints. That's literally never happening for a laundry list of reasons, and even suggesting it makes you look dumb. Moving to Apple products would be tough enough, but no one is moving to Linux for anything that isn't a server.
Ah yes, "disabled."
it can be disabled... FOR NOW... guarantee they remove that ability in a later version just like they removed disabling other concerning features as time went on.
Like what? You can disable pretty much anything via GPO/Intune right now. Just because you can't disable certain things through the GUI doesn't mean you can't disable them through enterprise admin channels. I guarantee they WON'T remove the ability to disable this feature on enterprise versions of their OS's because government sectors use Windows all over the world and would lose their shit at the privacy implications of this feature being enabled on their machines.
Classified computers use Windows 11. Ain’t no way they’re letting this on government computers.
Yeah the DOD uses Windows for the vast majority of desktops and laptops. This is a nightmare for sensitive and classified files. There has to be an option to remove it on professional versions of Windows or they will loose millions of computers in the government alone.
Any line of reasoning that ends with "Microsoft will have a way to make this compliant" is stupid because if they had such forethought and planning, this spyware would have died on the whiteboard for the stupid idea it is.
Literally disabling this feature makes compliance issues a moot point. I work as a compliance engineer for a FedRAMP compliant SaaS, you don't know what you're talking about. STIG benchmarks require all the Windows OS tracking and communications bullshit to be disabled. It's not that hard.
Dude this recall shit is bringing out a lot of people who think they know tech and they don’t, as if Microsoft is gonna just gut its enterprise desktop side with this shit and not allow disablement is insanely stupid. People really have no fucking clue and apply their own personal pc usage as if Microsoft gives a shit.
This is reflected in the countless topics in this sub that are asking for advice to get into cyber security. It seems like half of this sub doesn't even do this professionally and is completely ignorant of how this industry and large enterprises actually work.
This cheetah fellah asked 60 days ago about paths to get into IT in Antarctica as a career switch. He has no clue what he’s talking about. This whole thread is full of people who very clearly have no enterprise IT experience.
Because you guys are literally the same type of people who went "Look, facebook said they deleted your photo, so it has to be deleted. A billion dollar company isn't just going to lie in order to make even more money." Why...why do you honestly think Microsoft is going to push so fucking hard to put data collection software on their Operating systems and then NOT use it to collect data on the most lucrative targets? Because it might be illegal? You've lived for the past how many decades and still think fortune 100 companies are worried about consequences from the government? You honestly think that clicking "disable" is going to ACTUALLY disable this data collection because... Microsoft is suddenly just going to do the right thing. I am stunned by that level of gullibility. Please don't go around talking about who doesn't have a clue about tech.
This a legit brain dead strawman take and you wrote all that shit out lol.
The most Dunning thing that's ever been Kruger'd. You have zero clue what you're talking about and have no idea how MSFT and DOD/gov customers work together to secure each other's systems.
I hear you, I hear you, and I've got this Nigerian Prince who was looking for someone as gul...trustworthy as you. He wants to give you a lot money if you'll just send him some first.
And I'm sure your professional experience is far more applicable to the subject than mine is and you're not just talking out of your ass as a Linux fanboy who doesn't even work in the field. Microsoft is totally over there interested in illegally gathering information from government entities and obliterating compliance standards that would lose them billions in government contracts so they can use the data for what again? You're not even ignorant, you're just dumb.
Okay so I've just been working on both, and while there are challenges to deploying Linux workstations, it is feasible and I would definitely recommend it for sensitive administration machines. MacOS is an absolute nightmare on that matter.
What if… you told them it was free to switch to Linux and the distro had a one click installed from windows with high success rate?
Companies will take one look at SLA and the manageability of Linux Clients, laugh in your face and continue to use Windows. Most if not all of the down sides of windows just don't exist for companies. GPO and/or Intunes can easily take care of everything. And from a company and security policy enforcement standpoint, Linux can't hold a candle to windows
One thing I don't see brought up is the user experience. Having worked support for a long time, the single biggest thing you can do to piss off the masses is make a change. It could be something like moving the EDIT menu from next to file to next to HELP in the top menus. People will lose their fucking mind. I witnessed this happen at one company. They wanted to ditch Adobe Pro licenses for Foxit or something or other. Because they would save something like at least $50 per license, maybe more. They did the whole thing. UAT. Roll out to one group. Get feedback. Etc. A whole ass fucking project to do this. The day came. Adobe Pro was no more. The licensing server was decommissioned. All fucking hell broke loose. Phone lines were jammed. I took a call from a C-suite PA. Did the whole customer service "It's dead, not coming back". She was not happy but thankfully didn't take it out on me. Went for a smoke break and made a comment that Adobe would be back in two days. I was wrong. it was back the next morning. They had to have spent I have no idea amount of money on testing, servers, cancelling adobe contract, new servers for the new licensing, etc. And it was all undone because it broke the user experience.
It will save them subscription costs yearly, Linux can be tailored to the companies workflow and make hardware last longer. Minus firmware updates.
No one cares about Windows licensing costs. Companies care about their employee productivity, software compatibility, and endpoint management which Windows absolutely destroys all their competitions in all of those areas which is why at an enterprise level basically everyone uses Windows and a few use OSX. You simply don't understand how any medium to large company works if you think you're making solid points about Linux.
Our CFO definitely cares lol
Have your CFO try to convince your CEO to fully convert user desktops/laptops to a Linux distro as a cost saving measure and report back how that goes.
Don't tell my CFO this.
Worked for two MSPs over 3 years. Why are you so aggressive man lmao
Working for an MSP is not the flex you think it is.
It just means I do know how medium to large companies work. You find out what they care about and wrap your objective around it
Still not a reason to move to Linux from an enterprise level outside software guys.
I’m down 2-1 on Reddit. Time to change my mind
People have hard enough time implementing true 2FA, you think they are going to switch to Linux lol?
For individual users, maybe. For companies, though, just switching software is never free.
Guilty for being an idealist
Glad we’re an Apple shop… at least till they do it at well, then we’re an Ubuntu shop.
Different post in r/cybersecurity suggest that Apple is already scanning your files on MacOs though? "For AI" apparently
There was a post implying there were weight files in the OS. Is not quite the same thing as recording your screen 24/7.
You know when it first rolls out there’s going to be a breach of the databases that keep all the recordings.
They're encrypted on your own machine and not accessed by Microsoft. I still have issues with this system, but its not as bad as people in this thread are making it out to be. You can also just turn this feature off.
Microsoft and other tech companies have a history of lying about this stuff. Like upgrades to windows 11 aren’t mandatory (but we’re going to make it a living hell to avoid it behind the scenes) Or openai, that’s not scarjo’s voice I promise. Or Alexa keeping recordings and finding out Amazon employees are for sure going in for fun. That and ring employees and other cameras.
Was this a customer or customers ask?
Don't worry guys, it's encrypted. /s
I used to love MS, but since Bill left, it keeps getting worse. Ok they learned with windows 8... Windows 10 was perfect. No here comes windows 11 (shit show, nobody likes). Oh let's make it worse, your perfectly good and capable of running it computer... Is not supported. Oh and by the way, we'll change all the settings and feature location to make sure you can't find them anymore... Oh you don't want to use a microsoft account to log into windows... sure it's not mandatory.... for now... oups now it is... Oh you want us to stop changing UI in office365/azure... better love writing process documentation, we
Using windows has officially become a serious hazard. Maybe microsoft wants to really crash and burn this time?
How long until we all get that email “your user agreement has been updated/changed” and they start using all your data to train Ai and sell to others.
I’m always confused when Microsoft pushes features people don’t want.
Microsoft’s consistent failures at security and privacy means this is way too much risk. I’ll be forced to somehow switch to Linux or Apple if they accidentally put this in one of there “updates” like all their other garbage they are pushing on users.
This is legitimately the thing to get me to go to Linux as my daily driver. I've been ignoring the bullshit trying to get me to upgrade to 11 for years, and they're warning me with the impending end of life for 10..... but yeah seriously fuck that spyware. Anyone know which Distro is best for gaming?
[удалено]
Helldiver's 2 works on pop os and has a Kernal level anti cheat. Proton also has run times for each and battleye
I installed arch linux a month ago thinking I would just try it. I didn’t boot into windows since then. Maybe go check r/linux_gaming
Most major distros are fine for gaming. I use fedora because it's a good all-rounder distro and the default UI doesn't remind me of windows.
Seems like individual privacy is less important than exciting new “features”. I recently bought a Surface Pro 9 because they were offering a great deal on it but now I’m not so sure… Granted, I don’t do a whole lot on my PC other than schoolwork, online courses, and deploy VMs, but it’s still weird that they basically repackaged a keylogger as some AI tool and said “yoooo guys, check this out!”
RemindMe! 60 days
Google.com "How to stop Windows Recall from working in my InPrivate browser sessions" No Results. Fuck
Man on death bed: “delete my history…wait just set the house on fire”
Class action lawsuit incoming... Bet on it...
Has me looking at Linux finally. Not looking forward to relearning an OS. Have been Windows-only since Windows 98, when I was using my older siblings' machines. Hell, I've even bought legit copies of Windows or prebuilts that came with Windows.
Linux is far easier than people make it sound, probably due to many people having tried it years ago and not recently. I built a gaming PC and chucked Fedora Linux on it a few months ago and I'm already more comfortable with it than with Windows. Depends what software you want to run obviously but for gaming, software engineering, and web browsing it's been awesome. Somehow far less janky than windows as well, which is crazy considering it's just a bunch of random people online throwing an OS together.
Bunch of random people throwing an OS together definitely does lead to a lot of jank, but it's mostly behind the scenes. The easily accessible jank gets fixed when one person with the relevant skillset is annoyed by it.
Well tbf I'm not sure windows has any less behind the scenes jank lol.
probably
I've never been a big fan of linux UI but this might be the final straw that pushes me over to it.
You can try Linux Mint which has the Cinnamon desktop environment which is designed to be easy for a windows user. You can try it on your PC before installing it. There are plenty of youtube tutorials to show you how.
PopOS, Debian, Ubuntu all have nice UI that is not very hard to personalize to closely resemble what you may be used to in Windows (actually some of the stuff is WAY better and easier). There’s other distributions that have better looking Desktops setups I hear like Zorin but I’ve honestly never bothered to delve into that.
RemindMe! 60 days
I will be messaging you in 2 months on [**2024-07-22 13:58:34 UTC**](http://www.wolframalpha.com/input/?i=2024-07-22%2013:58:34%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/cybersecurity/comments/1cy79xe/microsofts_new_windows_11_recall_is_a_privacy/l5bnxnx/?context=3) [**CLICK THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fcybersecurity%2Fcomments%2F1cy79xe%2Fmicrosofts_new_windows_11_recall_is_a_privacy%2Fl5bnxnx%2F%5D%0A%0ARemindMe%21%202024-07-22%2013%3A58%3A34%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201cy79xe) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
If you're looking for a UI that's not windows-like, gnome desktop is great. It's the default desktop on Fedora, the distro I use (the name is awful but the distro is solid).
I knew I was making the right decision with keeping my ass on W10. But damn, this is beyond any bad doing I expected from Microsoft with W11. It's unreasonably stupid and anti-consumer, even for big company standards.
Consider Linux if you don't play games with anticheat, or rely on Windows-locked software for work/whatever else you use your computer for. It's genuinely very usable now.
I've been tempted to do so a few times, but I'm indeed kinda locked into Windows-only software. Especially videogames, since I play a lot, and many of them are not compatible with Linux (including many old titles that are already tricky to execute even on W10). But I'll see what happens when Microsoft decides to kill W10. If a bullshit-loaded system is the only alternative they offer by then, I guess I will be noping out of Windows, at least for all the uses I can.
If you haven't already, check out protondb to see if the games you play work well on Linux. Most games are alright unless they use anticheat.
This might be the push that gets me to try Linux. At the very least I'll be going back to windows 10.
Linux is awesome, fully recommend. Makes older hardware run like a dream as well
Sooooooo clean
I moved to Ubuntu on an 8th gen i5 laptop with 8GB of memory. There have been some bumps, but it performs far better than either Windows 10 or Windows 11. It would take at least 16GB and a much more recent CPU to make Windows feel like Ubuntu does on that computer. I'm not sold on GNOME yet, but for the most part it's been enjoyable.
Only reservation is that I'm on a surface book with nvidia gpu. Which I feel isn't going to play great. Only just starting to dip my toes into moving in cyber security after being IT for 7 years. But Linux is it the top on my to-do list for Skilling up.
It should work just fine. There are the open source Nouveau drivers that do most things pretty well, or there are the closed source official drivers that do gaming better. Granted, their attitude towards Linux and open source in general are one of the reasons I don't touch Nvidia at all, so your experience may vary. Overall though, once you adjust to the ... creative ... interface decisions you'll find in Linux sometimes, it is enjoyable. Once you get past the graphical interface stuff, Linux absolutely fantastic. If you're considering a move to security, I would suggest learning it inside and out. It's not just important, it's vital. Most of your best tools are going to be in Linux. Everybody knows about Kali, but there's more focused distros like SIFT, Tsurugi, and Caine.
Mac on the desktop, Linux on the server, Windows when the customer forces me. Smooth sailings for 20+ years. Edit: oh I have upset 4 Redditors :)
I've honestly tried, but I can't find a single thing about Mac that Linux doesn't do better. And don't say "Walled garden" because I'm moving away from Windows because of bullshit I don't want being forced on me by the OS.
I have a ton of apps that do not run on Linux. Also nothing is forced on you on Mac. But I don’t have the energy and motivation to explain it, I’m not a Mac evangelist. For me it is the perfect desktop OS for engineering, development, etc. But you do you.
> For me it is the perfect desktop OS for engineering, development, Oh I can totally see that, but my home computer is my home computer, not my work computer. If I were at work I'd love a mac as I wouldn't have to fuck with stuff to get my job done. When I'm at home I've got more time to tinker and deal with compatibility issues. Also I don't play games on my computer at work which between than and youtube is 99% of my home PC's average use. That's why Windows has worked for me for so long, but now having to abandon it, in my use case I just can't see what benefit a Mac would offer. Work/Office? Yes Mac absolutely. Home / Casual use? I just don't see it. Also this isn't a "HOW DARE YOU NOT FIGHT ME ON THE INERNET! I DEMAND YOU ARGUE AND DEFEND MAC!" I get ya, but if someone else wants to jump in and "well actually" I'm honestly arguing in good faith. If someone can show me why Mac would actually be a good move for me I'm willing to shell out the money for one.
MacOS has more software that runs right out of the box but Linux will run anything if you tinker a little bit.
I work as an IT Admin and I used to love windows and MS but I think people are finally getting fed up of crap like this, I’m using a Mac for the past year and I’m v happy with it. I was asked to use ICloud on the Mac once or twice but I said no and forgot about it, whereas with MS OneDrive is forced upon you and very hard to bypass
In theory a really cool idea. In practice, not so great.
Can't wait to learn this can be re-enabled and multiple attacks steal sensitive data. Best advertising for switching OS to Linux. I would install a Mac on my pc rather than use one with this feature.
And everyone's worried that China's gonna spy on your naked ass... Guess that's a child play compared to this bullshit!
This just makes it cost-reward ratio for China's malfeasance shift even stronger to the reward side.
its horrendous! For now you can disable it but who knows if they will stop letting you do that in newer releases.
>Microsoft also says it will not create screenshots of Microsoft Edge's InPrivate windows (and other Chromium-based browsers) or content protected by DRM. However, they have not confirmed whether other browser's private modes, like Firefox, will be supported. After a year of Windows 11 Recall, PornHub will show a rise to Chromium Based browsers in their stats. Seriously though, while this is a privacy nightmare, I can't wait to see what forensic artifacts this will provide.
The best part is they already tried this with timelines minus the AI - am hoping a public outcry happens and kills this project asap
i'm hoping that doesn't happen, so that way more people stop using Windows
One step closer to linux. This may be the final push
Immediate thoughts: Man this is a red teams wet dream. Not even going to have to put effort into cracking systems. Any agency with Windows 11 will be susceptible. Passwords aren’t even the top of the iceberg on this. If it’s capturing the first three months with snap shots it could capture admin set up info, which could allow for privilege escalation.
lol I was reading this headline and thought windows 11 was being recalled or something like a car with a defective brake pedal.
MS leadership: “Yes, let’s do this!!” what in the literal actual serious fuck are you people thinking?!!?
I for one can't wait for the SANS course entirely focused on how to use this feature for forensics
May 3: https://www.microsoft.com/en-us/security/blog/2024/05/03/security-above-all-else-expanding-microsofts-secure-future-initiative/ “Implementing and enforcing best-in-class standards across all identity and secrets infrastructure, and user and application authentication and authorization.” May 20: Windows 11 Recall “Recall works by taking a screenshot of your active window every few seconds, recording everything you do in Windows for up to three months by default.” I’m having a real hard time reconciling the two🤦🏼♀️
Suppose I were to do something illegal and Microsoft were to see it, and Microsoft were to inadvertently make itself liable to prosecution, could legal action be taken against Microsoft? And do Microsoft illegal shit if this is illegal in USA or in my country? I have so many questions 😤
If this isn't the last straw that makes me finally switch to linux for everything I don't know what else it could be
Convenience is the enemy of security… another brilliant decision by M$ /s
Well guess I’ll be going full Linux now. Thanks Microsoft been using your OS since 3.11.
This is an actually good reason for companies to start using Linux!
No shit. Its Windows but worse, like in a haunted mansion.
These sorts of headlines are often sensational, this does not seem like that at all.
Man I am glad I switched to Linux a long time ago. Some really interesting porn habits and bank information leaks are due to happen in 3.. 2.. 1..
Ever want an example why I think ANY security professional who works with Microsoft products is a idiot... THIS is it right here. Any company who thought hey lets screenshot your browser every couple seconds for 3 months is a good choice for also securing your endpoint is smoking a fat ol bowl.
I got a tale of a cyber security firm switching from Linux to Windows (thanks to the bright idea of an external consultant). The top talent left, new recruits used to Windows never were as good in the security side of things. It took vastly more money running the same operation, results got mediocre, company went belly up in less than a year. lol
Mikeysoft can blow me with this. I'll switch to fuckin mac