[18978] in Privacy_Forum
[ PRIVACY Forum ] Script of my national radio segment yesterday
daemon@ATHENA.MIT.EDU (PRIVACY Forum mailing list)
Tue May 28 16:54:52 2024
Date: Tue, 28 May 2024 13:44:54 -0700
To: privacy-dist@vortex.com
Content-Disposition: inline
MIME-Version: 1.0
Message-ID: <mailman.52.1716929095.3272.privacy@vortex.com>
From: PRIVACY Forum mailing list <privacy@vortex.com>
Reply-To: PRIVACY Forum mailing list <privacy@vortex.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: privacy-bounces+privacy-forum=mit.edu@vortex.com
Here is the script of my national radio tech segment from yesterday on
the topic of #Microsoft's new "Recall" feature. As always, there may
have been some very minor word variations from this script as I
presented it live.
- - -
So I touched on this very briefly recently, but now we have a lot more
details and it really has a lot of privacy and security experts
shaking their heads and saying, what the blazes is Microsoft thinking?
It's really quite bizarre and for many observers, including myself,
calls into question Microsoft's management.
So they've announced with great fanfare a new feature named Recall,
that will initially be restricted to an upcoming new line of Windows
PCs but will spread rapidly once more PCs are released with suitable
CPUs. In fact experimenters have already been working on making this
run on older computers, which is important to help understand all of
the risks. So Recall is basically a full-time kind of spying system
for those computers. That is, Microsoft enables it by default, so if
you do nothing it's turned on in the background.
And this baby takes a screenshot of everything you do on that PC
(except for limited categories like explicit browser private modes and
of course watching movies and such) and takes a screenshot every five
seconds and saves it potentially for months or even years. And then
there's this supposedly on-device AI system that lets you ask
questions and dig through all that saved material.
And Microsoft loudly proclaims that users are in control, and this can
be encrypted, and it's safe since it runs locally and blah blah blah.
But you don't have to be a privacy expert or a security expert or a
computer scientist to see what an enormously dangerous idea this is
when anything goes wrong. Think of all the personal (for example
health data and so much more) information and for businesses, their
proprietary data that crosses these screens. Microsoft says that the
system will happily capture usernames and passwords and pretty much
anything else that isn't already protected in some other way. And
this system means that anything you *wanted* deleted, including old
email, notes, photographs, documents, whatever, could still be held in
that Recall storage for, as I mentioned, months, years -- depending on
the size of configured storage space.
Now it's one thing if you accidentally delete something and want it
back. It's something else entirely when there are items you need
deleted and you thought they were deleted but in reality there're
still present. So the risks are obvious. What happens if PCs running
Recall fall into unauthorized hands. What if they're hacked. What
will authorities in repressive countries do with the knowledge that
they can get access to pretty much anything a user has done on a PC
for such long periods of time. Anytime you're looking at something
that can store so much personal or critical business data, the primary
concern has to be how that capability can be abused, especially in an
environment when there are so many reported ransomware attacks and
other kinds of kinds of exploits.
Sure, there are some valid use cases for Recall, those would
particularly be the case if users had to choose to turn it on and be
aware of what it's doing, rather than have Microsoft turning it on by
default. But the general consensus I'm seeing about this is that the
abuse potential is so enormous that any potential positive benefits
drastically pale by comparison.
You may not find yourself on a PC with Microsoft's Recall in your
immediate future, but you may very well be using one before too much
time has passed, and if that's the case, it's one feature you should
strongly consider turning off on day one and keeping turned off. For
sure, I certainly would.
- - -
L
- - -
--Lauren--
Lauren Weinstein
lauren@vortex.com (https://www.vortex.com/lauren)
Lauren's Blog: https://lauren.vortex.com
Mastodon: https://mastodon.laurenweinstein.org/@lauren
Founder: Network Neutrality Squad: https://www.nnsquad.org
PRIVACY Forum: https://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility
Tel: +1 (818) 225-2800
_______________________________________________
privacy mailing list
https://lists.vortex.com/mailman/listinfo/privacy
