I got Ubuntu, Lubuntu, Manjaro, Endeavour, Mx Linux, Fedora, Red Hat, Debian, Gentoo galore. Desktop Linux has come a long way, and if you like true unix here let me tell you some more. I got GhostBSD (https://www.ghostbsd.org/) rocking MATE IDE, if you want lightweight Linux desktop I got LXDE, LXFC, Gnome, KDE, and a whole lot more.
If you want true freedom, ditch the spyware and head on over to desktop Linux where we'll welcome you with open arms.
The excuse of 'But this... and that...' let me stop you right there.
You don't need to configure anything. Download Kubuntu and have fun with customizing everything in the settings.
When it comes to Windows and Microsoft products the answer is 'No.'
It rhymes! I’m assuming it matches the meter/rhyme scheme of a particular song, but I’m music stupid, so I can’t really make a guess. But the point is to be funzies and light hearted :)
It's just something I come up with when I want to share my love for Linux. No need to look too much in to it. I use to have it rhyme more after my 'tell you some more' bit but, not this time.
I hate to reign on your parade but Canonical (Ubuntu) is doing the same thing as Microsoft just to a slightly lesser extent.
The same pretty much goes for any of its many derivatives. Redhat is no longer open. Arch and alpine based have hardware issues.
The choices you once had with Linux are far less today than they have been in the past. You almost need to know how to build a distro from scratch to get comparable features and privacy to yesteryear.
The situation is totally different. First of all, it's not comparable with the Recall crap that's going with Windows at all. Second, if they really try something fishy, you can just switch to Debian or any of the other distributions.
As for hardware, there is plenty of stuff that doesn't cause any troubles at all.
Just do some basic research.
Dig into tracker-miner-fs, d-bus activation re-parenting, as well as the snap callbacks that can trigger arbitrary local code execution. Usually found in a directory under /usr/libexec in addition to its regular install location, not touching on the spiderweb of cross-connections.
If you try to remove or pull out parts of those distro integrations in Ubuntu, you will find that it keeps launching, despite making a clear choice for not wanting those features. There is a spiderweb of cross connections where if you shut down various parts, it fixes and regenerates its capabilities... like malware.
They clearly aren't giving people the choice to do what they want on their own hardware.
tracker-miner-fs collects metadata, and Recall is just an accessible interface to metadata that is already collected. The underlying metadata is for the most part similar.
You will find this also in the package repository where they have named packages, that those packages have been corrupted in a way that makes the corrupt packages indistinct from their legitimate counterparts (to the package manager), the manager launches fixup scripts without notification, and which are embedded to force and regenerate your use of snap.
Debian is certainly not immune since tracker-miner-fs is embedded in Gnome.
As for hardware, that is also incorrect. There are very few manufacturers that meet full compatibility requirements, they may allow you to boot into a shell (only as a result of the linux kernel devs), but compatibility for standard desktop or server use is not guaranteed.
The manufacturers that dominate the market are those who use proprietary firmware blobs through an embedded intermediate firmware based controller. The ideapad lines of Lenovo, and their many off-name rebrandings attest to the hardware compatibility issues even after significant re-engineering effort done to make it compatible still leaves features lacking.
When your thermal subsystem cannot expose temperature, power management, or has severe hysteresis gaps, lack of proper enumeration and lack of control of fans/advanced features, its hard to believe it doesn't cause trouble.
That's like saying a flaming pile of brick in your lap doesn't cause trouble.
Research fails in the absence of source of truth information.
Manufacturers regularly omit, misadvertise/misinform, or don't provide documentation at all (i.e. WD with SMR), or correct technical specs to evaluate it prior to a buy, test, return strategy (which isn't research) and a risky approach.
I think you should take more than a cursory look around at the current market. Its pretty bad, expensive (for the circuitry involved) and with few choices.
Gnome Fedora 41 is super pleasant and instantaneous on Apple silicon via Asahi. I haven't run into a single issue since installing, really impressive work. AFAIK thunderbolt support is the only thing lagging behind.
> My Google Pixel continuously asks me if I want to enable photo backup.
Google Photos does this on non-Pixel android phones too. Many times when I open the gallery app I'm confronted with a dialog where the backup checkbox is enabled and there's a continue button. It's like Google is trying to trick me into enabling it. This is an incredibly user hostile design. One day I will do it by mistake.
I mentioned this to a friend once and he said his kid got ahold of his phone for a few minutes and did enable it, causing a massive upload that put his Google account over quota. Of course it's a huge hassle to go through and unsync the photos without deleting them from the device.
Why do you guys keep using it then? I am currently a grapheneos user but even when I was using android smartphone with manufacturer's provided rom, I would just disable apps I don't want to inadvertently use. Main apps I was using at the time were the "simple mobile tools" (now fossify) apps.
I use it because it's the photo gallery app that my camera app uses, and I haven't disabled it because I occasionally do want to share photos through Google Photos.
Your camera app might be hardcoded to always use Google Photos if it is enabled (some manufacturers do that) but it would more than likely look for another gallery app if you disabled Google Photos.
Google itself has one such alternative gallery app called Gallery:
jinx! yes I'm happy with fossify too, thinking about taking a day to unlock my bootloader and put graphene on my xperia, but something was stopping me before... maybe the banking apps that refuse to run on a modified bootloader? But really I don't need to be banking on my phone. I think there are some proprietary video codecs I was afraid of losing.
Only other hurdle to open source nirvana is OsmAnd is not as slick and smooth as Google Maps. I spent a few days acclimating to it and once downloading the gigabytes of address-data-to-GPS-coords I could start enjoying offline navigation, but when it comes to finding local restaurants' and whether they're open its hard to beat the Goog.
sadly you can only install grapheneos on pixels due to the strong security requirement grapheneos requires on devices for them to support it (like relocking the bootloader with a third party os installed)
seems like xperia is supported by divestos though which is still a good alternative
https://eylenburg.github.io/android_comparison.htmhttps://divestos.org/pages/devices
I can't be bothered to set up things again or even refresh login sessions [to gain Graphene]. Simpler to disable Photos and use Gallery instead. Eyeroll.jpg
To be devil's advocate: if they didn't push this so aggressively, the news would be flooded with stories about how Google lost Grandma's photos, an iPhone users don't have this problem (because apple silently enables it, not even giving you a choice).
Play Store shows me a notification to ask whether I want to enable important notifications. In 3 years of having this phone I probably closed that thing 100 or more times, yet all it would take for it to go away is for me to say yes once.
Recall was the catalyst for me switching to Linux. I do not wish to tinker with Windows so that it doesn't feed my credit card information into an AI black box.
Telemetry by default is unacceptable as well, but not to that degree.
A long time ago, Windows was a simple, hassle-free system to run games on. I knew Linux, but I knew Linux would take time to maintain and tinker around with, since that was my job. Thus, my private systems stuck with Windows.
Then Wine and especially Steam and Proton started to get to work, and Windows started to turn anti-consumer to a degree. At that point, I was kinda on the fence. Actively switching seemed somewhat scary, but if I had to setup something new, it was kinda... meh either way.
Then my Windows-OS SSD died. So I had to reinstall my OS anyway. Then I made the choice to install Fedora and switch back to Windows when it grows annoying. That was... two or three or more years ago? And the thing is, games work. Apps work. Funny enough, old games work better with DosBox and Wine than on windows. I have like two old games I can't get to run, but that's mostly because I don't have the energy to figure out QEMU with Direct3D support, which VirtualBox dropped some time ago for security reasons.
I managed Linux and BSD on servers all over the place. I worked pretty much exclusively using a Linux VM ... under Windows. Keeps most of the gremlins at bay. Hardware stuff's all handled by Windows, so it generally just works. Trying to play a game? Just run it in Windows and don't worry about it.
Every year or so I'd grab a live image and boot it and see what happened. But always ended up at "okay, too much hassle still".
Then a few things happened:
1. Valve invested heavily in Proton. They released the Steam Deck so suddenly developers _wanted_ their games to work in Proton.
2. One day I booted up a linux live image and stuff like my webcam just worked out of the box.
3. Microsoft released Windows 11.
Upgraded my computer at one point and I just went ahead and threw Debian on it and haven't really run Windows since. (Though I still have it installed. I still haven't found a good alternative to Adobe Lightroom.)
I too am really glad I got off of that ride when I did.
In contrast to Recall, they pixelate credit card information in Teams calls. Wanted to use the credit card of a colleague and we had to meet face to face like some cavemen. His office was 10m away too.
One reason it didn't take off was probably lacking compatibility layers to Win32 apps though.
And a world were you provision apps only through the Windows Store is pure hell. Perhaps it was a strategic decision to not support "legacy" apps. If so, Windows RT was killed by just that.
I was someone who switched to Linux in the last 12 months due to what was for me an increase in user hostile behavior of Windows. Care to share why, for you, Recall was important enough to switch OS from macOS/Linux(?) to Windows?
> When I entered a credit card number and a random username / password into a Windows Notepad window, Recall captured it, despite the fact that I had text such as “Capital One Visa” right next to the numbers.
That undesirable outcome doesn't surprise me at all. Even if someone coded up logic to look for surrounding clues that X is a secret, that other data ("X is a password") might only become available seconds or weeks later.
For the foreseeable future, these idiot-savant systems (especially with append-only autocomplete at their core) will continue to be smart enough to get into trouble but not smart enough to get out of it.
Well it's just kind of silly that Microsoft is silo'd enough that they didn't just use data loss prevention that they've implemented elsewhere in the office stack. Microsoft outlook stops me from sending bank wire details over email.
With a DLP policy, you can identify, monitor, and automatically protect sensitive items across:
Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive accounts
Office applications such as Word, Excel, and PowerPoint
Windows 10, Windows 11, and macOS (three latest released versions) endpoints
non-Microsoft cloud apps
on-premises file shares and on-premises SharePoint
Fabric and Power BI workspaces
Microsoft 365 Copilot (preview)
DLP detects sensitive items by using deep content analysis, not by just a simple text scan. Content is analyzed:
For primary data matches to keywords
By the evaluation of regular expressions
By internal function validation
By secondary data matches that are in proximity to the primary data match
DLP also uses machine learning algorithms and other methods to detect content that matches your DLP policies
I don’t even know if this is a negative aspect of what Recall is intended to do.
The whole point of Recall seems to be to allow you to…recall previous work you were doing.
It reminds me a lot of whole-device backups. If you have some secrets in plain view then the backup itself is going to need to be secured.
From the Microsoft website:
> To use Recall you need to opt in to saving snapshots, which are screenshots of your activity. Snapshots and the contextual information derived from them are saved and encrypted to your local hard drive. Recall does not share snapshots or associated data with Microsoft or third parties, nor is it shared between different Windows users on the same device. Windows will ask for your permission before saving snapshots. You are always in control, and you can delete snapshots, pause or turn them off at any time. Any future options for the user to share data will require fully informed explicit action by the user.
It's doing what Microsoft intends, but not what customers intend. Entering my credit card or social security details in a secure form should not result in it being copied to a different folder on my local storage or added to my backups without my approval.
Snapshots present a new way of circumventing data protection implemented by other apps and websites (if it was visible on your screen, that data is now copied somewhere else).
Yes you can delete snapshots AFTER you've determined something sensitive has been inappropriately captured, but you are not warned or prompted to do so and at that point why even use the feature.
This customer, at least, is firmly entrenched into "if I wanted you to remember it I'd tell you so", which actually describes many everyday activities like saving a document with a filename, clicking "save" in my password-manager, making a browser bookmark, etc.
In contrast, any assistant that is "constantly looking over my shoulder" (human or AI) to implicitly remember things needs to be trustworthy to (a) have my best-interests at heart, and (b) to understand what it's seeing and what my intent is. I don't think the current bleeding-edge is ready to provide both of those.
P.S.: An interesting exception might be automatically-kept data like bash history or browser-history, however I feel those are very different from "anything I type anywhere", since each is a narrow and regimented kind of data/purpose. Both also have "forgetting" rules as a required feature.
> but you are not warned or prompted
And perhaps not even capable of noticing the problem, such as where a semi-transparent border-decor of a window overlaps the secret password text just enough that you can't see it but an aggressive OCR proess can pick it out.
More generally, I fear a world where someone uses a botnet to make a funny picture go viral, and the picture contains subtle pixels to make each victim's Artificial Stupidity Assistant exfiltrate all their passwords back to the attacker.
Do you think you would describe yourself as above or below average in technical ability?
For example, do you know what terms like "3-2-1 backup" and "swap file" mean?
If you answered yes to either, I don't think you are the primary customer. You are the type of person who will turn this off and move on with their day.
I think this argument you are making is essentially the same that a person would make for preferring a manual transmission car instead of automatic. But we all know that 90% of people just want the car to go when the right pedal is pressed down, they don't really care about their ability to tell the car exactly what to do.
Personally I think the average person would be very excited to have a feature that can recall things they were working on or looking at that they forgot to save. I don't know how many times I've had to tell the non-tech inclined "sorry you didn't save it, it's gone."
As far as capturing sensitive information, I'm not really sure it's all that much worse than anything else the non-technical people do. I think at all these attack vectors are no worse than someone convincing you to install conventional malware. Both require you to elevate permissions and dismiss strong warnings.
I find it interesting that searchable history of computer activity is a problem with enough interest that independent developers have worked on solutions themselves, some of them open source. But a company like Microsoft ought to have much more resources such that they can fix these edge cases or realize they can't fix them all and design the service accordingly.
So I guess my question is: is a company as big as Microsoft that approaches this problem space doomed to fail from the start, because of the perception issues? Would this be any different if say Apple had developed a Recall alternative and they also found it impossible to censor credit card information in an arbitrary Notes window someone whipped up as an edge case, like in the article? Or could a stricter (outward) stance on privacy make it palatable again?
Suppose if everything were assured to be kept under enough layers of encryption and the data wasn't synced online at all, would storing a credit card number surreptitiously captured on my computer be seen as much better if it's Microsoft/Apple I have to trust to engineer their AI recall feature in a secure manner?
There's a universe of difference between an individual choosing to install this kind of software of their own volition on their own machines (or making their own version as you pointed out), and the comically evil megacorporation that is microsoft forcing it on everyone who uses windows with no way of knowing if disabling it actually disables it, and with no way to trust a single word they say because, again, it's microsoft we're talking about. The same company that already phones home with egregious amounts of data for everything you do and see and shoves ads and other bloatware right into your taskbar which requires user scripts to temporarily disable before being reinstalled anyway on a system update.
How anyone can have trust that rewind won't be misused is baffling to me, I wouldn't trust a Janitor at M$ to not sell their own family out for a 1% YoY profit increase, yet alone the engineers working there and their psychotic C-suite.
Even if you trust Microsoft not to keep it, not to access it and index it on their cloud, and even if they were kept encrypted and local, it is still searchable and index is available on runtime. So you have yet another process that has this unencrypted in memory. Great target for malware no matter what.
EDIT: I may have spoken too soon on the below; I checked myself, and the journalist's test card numbers in the OP do not, in fact, pass the Luhn algorithm! So perhaps some grace is deserved. But I'm preserving my comment below, if anything to be illustrative of how companies should approach this, and that if you want your product to be secure from criticism from journalists who don't know how to make test credit card numbers, you should possibly use even more robust approaches than what one random person on HN comes up with in real time.
We're not nearly at the level of https://xkcd.com/1425/ - and even that canonical example has been entirely solved by now.
The problem isn't that these things are fundamentally impossible. And the problem isn't even that Microsoft decided speed to market was more important than safeguarding their users' data - I get speed to market!
The problem, allegedly, is that Microsoft said these things were fixed without actually fixing them [EDIT: see above], and didn't think that their users' data was important enough to assign a red team or even an empowered SDET to do even the simple tests this journalist did before making that announcement.
I do not want Microsoft snooping everything I do, I don't trust that they won't do it either intentionally or not, and it's the main reason I'm leaving Windows across all of my systems after 3 decades. It's all just too much.
Rewind made a big ballyhoo about being local, not reliant on cloud services, not syncing anywhere etc
Windows 11 is practically a cloud OS when paired with office365 and OneDrive, users may be forgiven for expecting their history will be exfiltrated from their machine, employers will have access to their screen recordings etc.
I'm not apologizing for MS, and I have no idea what PII protection Recall actually has. If Recall does have real PII logic, it should recognize that a legitimate VISA payment card numbers must start with '4' + be 16 digits in length, and AmEx cards must start with '34' or '37' + be 15 digits in length; also, the LUHN algorithm must be satisfied over the card digits.
With Recall, it seems false positives for PII-type protection rules would be more acceptable than false negatives. But with the negative press already around the technology. I'm not sure it will ever gain acceptance.
While I agree as a whole, there are parts that are easily captured even with some small false positive rate, like credit card numbers. I do think it's acceptable to do PII detection probabilistically for some classes of identifiers/quasi-identifiers, because you can't really do any better without crazy false positive rates, things like credit card numbers have enough structure that it's more work to do it entirely via an ML model with a higher chance of failure, versus just building a simple heuristic for it.
Add to that the fact that missing a credit card number is way higher stakes than missing something like a zip code, you can understand why something like this is just not acceptable in a product like this, with the resources Microsoft has at their disposal.
If there isn't a law yet, there should be: if something can be done incorrectly, Microsoft will do it incorrectly multiple ways.
Granted, we're a somewhat technical bunch here, so I have to ask: do regular people not know that Microsoft is so bad at security and self awareness that they literally can't do something like protect users from their own products? Do people still think, "Oh, well - 80% of the world can't be wrong"?
I bet they're going to make it exceedingly difficult to disable or uninstall, like Edge, once it becomes a mandatory part of Windows, aren't they?
> do regular people not know that Microsoft is so bad at security and self awareness that they literally can't do something like protect users from their own products?
Some people don't know, some are paid to not know. /s
Please correct me if I'm wrong, but IIRC Recall is opt-in and keeps data on-device, and doesn't share it with any other systems or parties. And if one's device is compromised, they're screwed either way (keyloggers, password managers' data, etc), so while Recall data can be an interesting target, it's not like it's some game changer. I could be wrong, but I believe first iteration was user-accessible SQLite3 database (which was an issue), but Microsoft had tightened the permissions and isolated those files, so AFAIK it now requires additional authentication to access. I don't currently use Windows, so I can't really check, but that's what I've read.
If something is opt-in, local-only and partitioned away (inaccessible to regular-user processes to avoid easier abuse by malware and exploits) that sounds like a decent privacy-respecting option to me. There are plenty of crappy anti-user moves Microsoft had pulled with Windows, but Recall doesn't seem like one to me.
Unless, of course, they're forcing this on people (like how they aggressively do with Edge and OneDrive), or pull this data somewhere despite saying they don't do it, etc etc.
For now, until Microsoft decides to silently enable it an update like they already do with all of the telemetry and similar features in Windows 10 and 11. Barring a legally binding promise that they will never reenable it without consent they are not trustworthy enough to believe on this
>And if one's device is compromised, they're screwed either way
With Recall the level of screwed we're talking can be significantly higher, because the kinds of information that can be captured are things that wouldn't necessarily be captured by other methods (and Recall will have been capturing data from before the computer was compromised too).
>but Microsoft had tightened the permissions and isolated those files, so AFAIK it now requires additional authentication to access
Which, as you yourself already mentioned, would be trivial to access because you can already put a keylogger or similar on the device to get what you need to access the Recall files.
> For now, until Microsoft decides to silently enable
Sure. And that's quite possible and something to be aware of. But can we agree that in its current state, it's as privacy respecting as it could be?
> the level of screwed we're talking can be significantly higher, because the kinds of information that can be captured are things that wouldn't necessarily be captured by other methods
The only difference it makes is immediately after the machine is compromised. Then - yes - after you get elevated privileges, you immediately have more information for malware to sweep. However, I've read that typical malware quietly lives on machines for a while - for months or even years. It can do its own screen recordings just fine, so it's all the same in the long run.
Let's not forget that Recall is not some malware forced on unaware people, but a legit opt-in feature with a reasonable use case - remembering things when our memory fails us. One can analyze this risk and make an informed decision if benefits overweigh the risks or not.
I have no love for Microsoft or any other big corporations, but I feel like defending this particular feature, because I do have some love for transhumanist ideals, where machines enhance and improve our capabilities - and it's one of those things I would like to have for myself. As long as Microsoft doesn't move away from opt-in and clear language, I'm on their side because they did it right (by my book) this particular time. But - of course you are correct - a caution is warranted (and that's why I don't use Windows, huh).
If you believe that Microsoft is stealing Recall data behind its users' backs do you also believe Microsoft is stealing any or all of the files stored on Windows devices belonging to billions of personal and business users? If Microsoft isn't doing that could it be because that would be suicidal from a business perspective?
I don't believe they are proactively stealing user files, but they absolutely pit in backdoors for the NSA and other western intelligence agencies to exploit at will (and I'm sure non-western agencies do it too any time they can discover them).
I'm sorry but I do not fully understand what you're trying to say.
I have used Microsoft products. I have a Windows VM, and an old Windows laptop somewhere. I have no love for Microsoft, and is perfectly aware they can do user-hostile things. Yet, when analyzing something, I'm trying my best to avoid biases and remain neutral and detach from my feelings (or propaganda/ragebait/memes/whatever you call it) when I'm thinking of something. And this particular time, for this particular feature, so far, I believe they did alright.
Have you ever been on the phone with a bank? Any bank? Banks don't lose. If this goes mainstream, you can bet there will be limiting legislation lobbied by banks to reduce their liability in the first week.
That's if you willingly give out your card information? If you pull out your card and someone unauthorized looks behind your shoulder (or, more accurately, looks at a camera recording and sees your card in there), it doesn't make them authorized somehow.
The fact it is on your machine at all and cannot be removed means it is forced. The fact that it is for now opt-in is irrelevant; windows is well known for enabling features without user permission that were previously not.
Specifically for credit card numbers those should be easy to detect as they are a specific format.
But generally for PII, passwords etc there is no way to know when something is or isn’t secret or sensitive so either you should accept that the recordings are protected enough or just not record.
Did this controversy arise from Microsoft first assuming that the ”recordings are safely stored” would be enough but then public reception was negative and now they are trying to ”fix” it?
> We’ve updated Recall to detect sensitive information like credit card details, passwords, and personal identification numbers.
What's up with companies giving these kinds of non-answers? It rubs me the wrong way every single time. This is definitely not an answer to the author specifically telling MS that their defense measures aren't working.
My plan is to run HardenedBSD for most things, MacOS for games, and Windows for anything that absolutely won't run otherwise. Nadella has shown his contempt for power users way too often.
How is this even possibly a valid software pattern to enable on normal users?
Regularly capturing screenshots of their entire desktop, that 90% of users likely do not comprehend, and obviously associate with malware behavior. Screenshots. They're not even capturing the forms, or the specific input data. Taking entire desktop pictures of typing on Notepad.
Using a software that's difficult to tell whether it's installed. And then it keeps the credentials, makes it difficult to tell whether they've been stored, what info has been stored, whether they've been deleted correctly, and makes it difficult for the actual computer user to even access the stored images.
The screenshots appear to be files in a subfolder called AsymStore.
I couldn’t open those either and I tried to open them as PNGs, BMPs or JPGs.
Perhaps hackers will figure out how to open these files, but as far as I could tell, a typical user can’t open them outside of the Recall app.
This reads like a virus pattern.
Several notable examples of malware, creepware, Remote Access Trojans (RAT) that do almost this exact activity: Agent Tesla [1], Dark Comet [2], Bifrost [3], and just the general category of Remote Access Trojans [4]. Corporate malware.
It would be, if it would be stealthy enabled, unbeknown to machine owner. That - and not the fact it records screen - is what differentiates malware from legit software.
It is opt-in, which makes it equivalent of user explicitly setting up a camera to record their work, for a well-intended ability to review those recordings if they need to recall something.
If we'll start saying that end-users are somehow incapable of comprehending what screen recording means, then we're basically giving up our agency and arguing we need a nanny. I sincerely hope we don't. Like, literally, it's a screen recording, anyone with a working brain (no matter whenever they're technically literate or not) should be able to tell what consequences - positive and negative it would have.
I found a screenshot - the opt-in prompt literally says "Allow Windows to save snapshots of your screen?" If that's not clear or comprehensible, I don't know what is. People who are caught by this must simply ignore and not read what it says on the screen.
Maybe if it did something very specific you had to set up. Maybe.
"You're using Microsoft Edge, would you like to record your (specific) usage of passwords, personal data, and form entries?" (that can be found encrypted (here) if you're interested)
Not some large scale screenshot operation. The issue is with taking "snapshots of your screen" with no real knowledge of what is even going to be worked on or recorded afterward. How horrible are the identity theft issues? (BS non-threats requiring logins: social blab / news website account with no money attached, Normal dangerous stuff: credit card use (cancel/contest), Somewhat rare: bank accounts (long bank fight), Rare and dangerous: scanned federal IDs (endless nightmares with the feds)) It even makes the task a greater difficulty because there's so little specificity about what's being recorded or what form the recorded information is going to take. And the results are notably spotty like the article mentions.
Also, 95% users. [1] "Across 33 rich countries, only 5% of the population has high computer-related abilities, and only a third of people can complete medium-complexity tasks" Even if we put this in the "only Poor and Terrible skill users would fail" that's still ~50% of the population.
How many click through stuff with "Yet another BS alert to get rid of. Go away, I want to actually use my computer." The WWW has long ago deadened most to annoying spam popup authorizations.
So the argument is actually I know better and because I know
better my decision should be forced on others for their safety.
It's easy to make this argument when you believe you have the truth on your side but what happens when you're on the other side of someone else's obvious truth— secure boot can't be disabled, you can only install apps from the app store, programmatic ad blocking is too dangerous, replacement parts have to be genuine, you're forbidden from performing maintenance on your electric car, we can't let you have unrestricted AI access, we couldn't possibly let you see the source code of your cellular chip, we scan all your private photo uploads for csam, all for your safety of course.
> secure boot can't be disabled - arguing for the ability of fine scale control on "secure boot"
> only install apps from the app store - arguing for "install apps with known behaviors" and "specifically identified hardware access"
> programmatic ad blocking is too dangerous - arguing for fine scale filters that the user has awareness of and the ability to choose specific types of content to remove
> replacement parts have to be genuine - arguing for "parts with tested and verified behaviors" documented by a reliable testing agency with layers of verifiable history and previous known functional parts supported by users with well documented case study examples
> forbidden from performing maintenance on your electric car - arguing for "you as the user can do literally anything you want to your own car (within the known legal limits of your state or nationality)" rather than having the auto company install a bunch of secondary BS you have no idea what its actually doing
> we can't let you have unrestricted AI access - arguing "each user can download whatever variation of each 'AI' each user desires tailored toward their own specific use cases"
> let you see the source code of your cellular chip - arguing for the "right to maintain, disassemble, and repair your own hardware" if you've bought the hardware
> we scan all your private photo uploads for csam - arguing for "no one anywhere is allowed to have external access to your hardware without an extremely well documented rationale."
They're all real life examples of some person or group arguing for denying users control of or access to their own systems under the pretense that denials are for the user's safety or best interest. And that interest is so self-evident that the decision should be made for them because we know better than they do.
You're making the exact same case for the scare screens Android uses.
Honestly at this point did they actually bother to make something specifically built and trained to remove sensitive data or did they just modify a system prompt to "Don't save possibly sensitive data like credit card numbers" and hope that an LLM could magically handle this properly?
Why do I have a feeling its the later given all of the other issues around this entire thing.
"Microsoft continues to have a terrible abusive relationship with its customers. It's what Microsoft wants, not what the customer wants."
Yup, that pretty much sums up why I left for Linux.