Keeping in mind that Apple just got busted for not deleting old data.
“Recall uses Copilot+ PC advanced processing capabilities to take images of your active screen every few seconds,” Microsoft says on its website.
2 Likes
Looking at the announcement and the bug I wouldn’t be surprised if Apple joined Microsoft in having constant autosave snapshots as a feature in the notsodistant. I can’t personally see much of a use to this, and can see many downsides 
1 Like
The Copilot+ chip is only available from Qualcomm. And it looks as though Qualcomm has an important lead over Intel, AMD, and Apple: realizing fears that companies must adopt machine learning or lose market share.
But if the “killer app” this enables is taking images of everyone’s screen every few seconds, this is a terrible idea. This is the definition of Big Brother.
It just seems like it doesn’t matter what happens to society or individuals as long as the stock price goes up.
One of the anecdotes I read was that you can ask Copilot+ how to solve a puzzle in a video game. But, of course, you can’t ask who Ned Stark is because DRM content won’t be captured.
1 Like
The bigger picture IMHO is that this is a step towards AI on the edge. It’s coming for consumer and corporates. And I don’t mean Edge. Though it will come to browsers too.
It’ll be the way Apple go from being AI followers to AI darlings in media eyes. Nadella probably wanted to get his Recall boasting in before Apple’s WWDC24 on June 10. Boasting should get a roasting and with some tech aware folks it did.
2 Likes
The Windows feature, called “Recall”, that took a screen capture every few seconds and stored the results unencrypted has been updated and released.
- Microsoft made a number of tweaks, including requiring biometric authentication and encrypting the data.
- Recall is now opt-in, and users can choose which apps use the feature and which do not.
2 Likes
“Recall is now opt-in.”
Bold emphasis mine.
A very detailed review Microsoft Recall on Copilot+ PC: testing the security and privacy implications | by Kevin Beaumont | Apr, 2025 | DoublePulsar
1 Like
this is insanity of course and, if i understand correctly from other sources (Braxman), there’s no getting around these dedicated AI chips since they’re going on all new main boards apparently
anyone knocking together a new PC might find some relief here - check out Raptor and System76, but i don’t know whether System76 will include these chips
pretty convinced at this point that computer privacy is DEAD - even with products like Raptor, encryption and VPNs/Tor, there’s still ways to track network traffic, plus us privacy geeks often still have to communicate with those… people… who use proprietary software and “free” services
1 Like
I’ve been pretty discouraged in my work so far to escape big tech and get some actual privacy. My viewpoint going in was that the situation was… close to hopeless. And now that I’m more informed, my perception is still that it’s… close to hopeless.
At this point I guess it’s more about doing what you can and then hoping that the intelligence agencies/data aggregators don’t connect all the dots successfully. Admittedly, though, I find it seriously dissatisfying that there aren’t complete solutions.
i was being overly dramatic when i said that digital privacy is dead - that’s not entirely true, obviously, but i’m pissed at all this surveillance and have been for a very long time (late 90s)
there’s a distinction that needs to be made - capabilities of the intel and private sector differ … sort of … granted intel has very close relationships with some of the private sector and so the capabilities of that segment of the private sector might run high in terms of the technology they have access to, but then there’s the rest of the private sector (marketing, maybe ISPs, misc. data collection, maybe social media, etc.) that doesn’t have that kind of access
far as i know, protecting yourself from the former is literally not possible, i don’t care what precautions one takes, but protecting yourself from the latter is very possible and while the former is the bigger threat in the long run, i think the latter is the biggest annoyance in our daily lives
point is, don’t throw in the towel - and remember, what you do to protect your privacy also benefits those you communicate with
1 Like
In your research, have you found any insurmountable barriers other than network traffic analysis/tracking as well as communication with those using insecure/nonprivate forms of communication?
I am aware of the hardware and firmware mess with UEFI/Secure Boot/Intel ME/AMD PSP, and I’m pretty upset about it, but at least there are things that can be done.
Just trying to keep an eye on what I need to look out for as I wade deeper. Any information is great.
no, but i’m not really the guy to ask - i’m not a super-geek, so i’m relying largely on the research of others
i brought up peripherals with a friend who is big into this stuff (i think he’s the one who built a Raptor system) - things like mice, keyboards, printers, microphones, speakers, thumb drives, USB devices - all/many of these things have chips and proprietary firmware - so the problems potentially extend even beyond the ME/PSP stuff - even USB cables are a potential source of malware/spyware (i see some newer boards are incorporating PS/2 ports for gamers which resolves some of the USB problems)
1 Like
@Colin, thanks for your link. That was helpful to me.
I guess I just slightly disagree with the author of that article, Kevin Beaumont.
In the article, Beaumont said that you should have to unlock Recall with biometrics each time you use it. And, this makes sense so that, for example, your roommate cannot access your private data. He cites an example where his girlfriend was able to access Recall when he asked her to try.
But, from a technical perspective, you cannot meaningfully enforce passwords (or biometrics) within a user’s login session. As some might remember, this is the same fight as the one over whether or not to require a user’s OS password to reveal the website passwords stored in Chrome.
And, so, the real issue is securing the user’s session and not what happens once someone has access to that.
To be clear, this means that no authentication mechanism within a user session would be effective. (That’s unless the data was stored directly in the TPM. And, Recall data wouldn’t fit there.)
But, Beaumont is also making a different error by implying that biometrics (face unlock or fingerprint) are superior to a four-digit PIN.
A four-digit PIN, face unlock, and fingerprints all provide the same level of protection.
So, what Beaumont is saying is that biometrics would still protect his Recall data when his girlfriend knows his PIN.
And, what I’m saying is that he should change his Windows Hello PIN.
For these reasons, I also think that the implied criticism of Windows Hello is unfair. Windows Hello works for what it was designed to do.
- Google In Hot Water Over Big Security Hole In Chrome | HuffPost
- Accuracy Biometrics / La biométrie: précision | Jean-François Mainguet
Where “USB problems” refers to infected firmware, or compromised USB-C, HDMI, or Apple Lightning chips which are embedded in USB cables that include those connectors.
As an aside, PS/2 ports have a dedicated IRQ (and, historically, a dedicated chip on the motherboard). Whereas, all USB peripherals are polled.
And, older PS/2 keyboards offered an “infinite” N-key rollover. Whereas, early USB competitors had limited rollover (e.g., 6-key rollover). If key rollover has been solved for USB keyboards, I’m not sure what the technical issue was. It might have just been design limits in specific USB keyboards.
Anyway, PS/2 is a better keyboard port. That’s also why you only get one PS/2 port nowadays (instead of the historical two). I think that’s because mice are sampled anyways. So, USB mice have no inherent disadvantage to PS/2 mice.
So, I would expect PS/2 to be offered for its superior gaming performance rather than for security reasons.
Of course, many modern games’ anti-cheat software is little more than spyware that you install yourself.
n-key rollover seems to be dependent on the hardware, not USB - i have a USB keyboard with optical switches and it does n-key rollover, however i don’t think that’s doable with normal mechanical switches (could be wrong)
assuming USB server/client latency is still a thing–and i assume it is since USB is still polled far as i know–then PS/2 would be preferred by FPS/twitch gamers for both keyboards and mice, but i think something’s been done to reduce or possibly eliminate USB latency now??? maybe it’s more like IMAP?
but the reason i mention PS/2 for security reasons is because a) it eliminates the server/client/firmware aspect of USB and the possibility of malware that entails and b) far as i know, you can’t send data over PS/2 (correct me if i’m wrong)
yes, and same is true for anti-virus … the concept of which i describe as tantamount to depending on guard rails to keep your car on the road
ps: let me add that i see AV as being similar to AI insomuch as both are a shortcut to thinking
With regard to USB latency, I found this page through Mojeek:
https://web.archive.org/web/20240907045242/https://deskthority.net/wiki/Polling_rate
I’m not sure about IMAP.