If anybody wonders if Recall classifies what porn you watch, yes. Aside from OCRing text it also classifies images in videos.
9 minute 50 second mark in this, screen is blurred for obvious reasons.
If anybody wonders if Recall classifies what porn you watch, yes. Aside from OCRing text it also classifies images in videos.
9 minute 50 second mark in this, screen is blurred for obvious reasons.
Here’s the clip translated around adult content with Microsoft Recall.
They filter search terms in English like naked - but don’t filter it in other languages.
Everything you view - including in videos - is classified and stored in the database.
This is pretty good - detecting Microsoft Recall misuse for data exfil. https://youtu.be/SV9-dn-5uEY?si=jVz9sC4A2wKxeiBt
I tested this against the latest release of Recall and both TotalRecall and these detections still work.
Obviously Recall may well alter before it hits Insider preview channel, nobody needs to rush out detections yet.
Btw all through this saga, Microsoft Defender never triggered Recall specific alerts for me. Sophos did.
Nail on head.
@GossiTheDog Rubbish. This is nothing to do with software not being tested, but the pure arrogance of a company on an insidious path to steal every scrap of data from its entire clientele, including potential rival businesses and take-over targets.
@GossiTheDog Come on, anybody with eyes knows where they are going.
@GossiTheDog Ok. I respect your authority on this subject and admire your work, but I think you are being a little naive here. We'll see where we are in ten years' time!
Apple on Microsoft Recall.
Windows 11 24H2 preview release has been rereleased (but only for Copilot+ devices). It doesn’t include Recall any more.
Additionally the Copilot+ PCs now have an update which enables the other AI features. This wasn’t available until a few hours ago, hence the lack of unsupervised reviews of the devices. It means you will see those reviews drop after the devices launch tomorrow.
@GossiTheDog So, the next time, we should better shut up and giggle in anticipation?
@GossiTheDog My point is destroying Microsoft’s reputation is a good thing in the long run. ;)
There’s a website which gives some insight into how the UI and marketing push for Copilot+ Recall came together. The actual video appears to have gone MIA.
.@JohnHammond’s video on Recall is great, and a lot of fun - should also history being rewritten on this one later.
I got ahold of what I think is the latest Microsoft Recall (Copilot+ Recall? Nobody knows the branding) build and.. well.. Total Recall still works with the smallest of tweaks to export the database, it's still accessible as a plaintext database with marketing as the security layer.
Another observation, the Recall backlog must be very large as it's just becoming a truck load of features being dumped on.
One thing MS needs to fix in Recall, before the Insider canary build hits again, is the MSRC bug bounty.
As far as I can see, if you find a critical or high in Recall it qualifies for *drumroll* $1k bounty, unless I'm misinformed.
That probably needs clarifying as nobody is going to sell photographic memory access to Windows devices to MS for that value.
Linus Tech Tips on Copilot+ and Recall, after their embargo lifted. https://youtu.be/w5h_1Buf54I
Microsoft have started running paid adverts for Recall, apparently unaware the feature didn’t ship. https://www.tomshardware.com/software/windows/new-microsoft-ads-tout-unavailable-recall-feature-dont-mention-it-was-indefinitely-delayed-due-to-privacy-concerns
Something about Recall which I don’t think got enough (any?) coverage is it was marketed by Satya as using the NPU.. but it didn’t.
Should Microsoft Recall ever reappear I plan to keep checking how secure it is, because the next evolution of security cannot be Microsoft pouring petrol onto the infostealer fire. https://www.wired.com/story/infostealer-malware-password-theft/
XDA Developers, who were a good source of behind the scenes info during the Microsoft Recall saga, are saying Microsoft have kicked Recall into the long grass and they think it may never launch. https://www.xda-developers.com/thread/microsoft-wants-you-to-forget-about-copilot-recall-it-seems/
It’s been almost two months since Microsoft said it would launch for Insiders in “weeks” instead.
Microsoft now say Recall will available for Insider testing in October on select Copilot+ PCs.
As a community we’ll need to test the security implications out extensively.
Due to hardware requirements this will obviously be a problem, unless we can hack it to install on non-NPU systems again - I don’t know if that has been ‘fixed’ or not.
https://www.theverge.com/2024/8/21/24225439/microsoft-recall-windows-ai-feature-october-testing
The Microsoft Recall saga continues - Microsoft accidentally introduced the ability to uninstall it. They say this was an error and you won’t be able to uninstall it in the future. https://www.theverge.com/2024/9/2/24233992/microsoft-recall-windows-11-uninstall-feature-bug
Recall is back.
Overall the planned changes here are much more robust.
Some of the things are boomerangs - eg they said it wasn’t uninstallable weeks ago, but it is now. Also they said it wasn’t developed under Secure Future Initiative a few months ago.. but now say was originally.
The proof is in the pudding obviously so hands on tests will be required. They’ve locked it to Copilot+ PC systems now, which will limit research.
@GossiTheDog
Why would anyone believe them regarding these changes? They could still turn it on surreptitiously and store/look at whatever data they wanted.
Microsoft need to go back and fix this if true, as Explorer shouldn’t be tied to Copilot and Recall. https://news.itsfoss.com/microsoft-windows-recall/
@GossiTheDog so if i read this correctly you can uninstall it but your explorer gets downgraded to the old one?
Thats pity but managable
@GossiTheDog you can remove it with DISM without breaking explorer.
Microsoft have recalled Recall again.
It still hasn't even made it to Insider preview yet, that's been delayed too, now in December.
Good, by the way. They should take the time to get it right. I still don't know what they were thinking when they had the CEO stand on stage and say it was launching on devices 6 months ago and would be fully secure, when they hadn't even done a basic security review of it.
https://www.theverge.com/2024/10/31/24284572/microsoft-recall-delay-december-windows-insider-testing
I'd be surprised if it is released in December btw, as Redmond is a ghost town in the office from basically now until mid January.
@GossiTheDog a conspiracy theory I have is that Recall has been developed for the Visual Capturing feature in Purview Insider Risk for better indexing of user activity. Somebody realised it was better purposed to ship to consumers. 0 proof but otherwise I really don’t understand what even brought the idea of Recall to life; literally nobody asked for it.
In a newly released blog entitled "Windows: AI-powered, cloud-enabled, and secure", Microsoft say the business versions of Windows will ship with Recall disabled by default - IT departments will have to enable the feature before it is available.
This is a smart move and frankly it was incredible that the original idea was to ship this enabled by default in business - it was never, ever going to fly and hopefully Microsoft is rightly humbled by the experience.
Microsoft are getting positive press for calling Recall “one of the most secure experiences it has built”.
I’d point out - they haven’t provided a Preview build to Insiders still, and there’s been no externally provided build (outside of NDA), so nobody has been able to assess the security and talk about it. There’s no specific bug bounty for it either.
When they first announced Recall, they called it totally secure - which was laughably inaccurate. It feels like a lot of premature high fiving
@GossiTheDog the statement could still be accurate and "most secure experiences it has built" is incredibly low bar including the old Windows 95 authentication control users could just close.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.