You’ll have the icon on your taskbar if it is. You can also hit Meta+J to check

From The Verge’s obsequious article:

Recall won’t work with every Windows 11 computer. You’ll have to buy one of several fresh new “Copilot Plus PCs” powered by Qualcomm’s new Snapdragon X Elite chips, which have the neural processing unit (NPU) required for Recall to work.

Do we know if there are services or files that Co-pilot needs to function?

Co-pilot requires windows. I’m going to try Linux Mint and see how that goes.

Are you… Are you saying EVERYTHING can be hacked with one line of code?

I did an interview where the candidate said that if it’s one line, it runs in constant time. And they were completely serious. And this was in the context of Python list comprehensions.

They claimed this ran in constant time:

new_list = [value for value in my_list]

Whereas this ran in linear time:

new_list = []
for value in my_list:
    new_list.append(value)

We asked clarifying questions, like what happens to the runtime if the list gets really large, and they doubled down.

And this was for a senior Python dev position… No, they didn’t get the job.

It’s encrypted; the author is pointing out that it has to be decrypted to be used, and then the data can be obtained.

Security and privacy concerns aside, I saw someone commenting on the use case, asking who would ever want something like this.

One problem I hadn’t appreciated for a long time was that some people apparently have real problems with dealing with the Windows UI in terms of file access. They don’t know where their data is being saved. This, in my opinion, is in significant part a Microsoft UI problem induced by various virtual interfaces being slapped on top of the filesystem (“Desktop”, “My Documents”, application save directories, etc) to try to patch over the issue that the filesystem layout was kinda organically-designed in a kind of cryptic way back in the day.

But if you can remember a snippet of text in what you were working on, you can find that thing again even if you have no idea where you stored it. Like, it’s content-keyed file access.

That’s not very useful to a techie. They know how to navigate their system’s filesystem, and even if they lose track of a particular thing, they know how to use the system’s filesystem search tools to search for filenames or content. They can search for recently-modified files. They know how to generally get ahold of stuff.

But for the people who can’t do that, reducing their interface to a single search box might make file access more approachable.

Now, let me reiterate that I think that a whole lot of this is Microsoft repeatedly patching over UI problems they created in the past rather than fixing them. And they’ve done this before over the decades with stuff other than document access. It’s hard to navigate the filesystem to find an installed program a la the MS-DOS era, so they stick stuff in a Start Menu to make it more accessible. That gets too crowded, installers start slapping shortcuts on the desktop. That gets too crowded, installers start adding system tray icons. That gets too crowded, the Start Menu becomes searchable. Each interface just becomes progressively less-usable and the solution each time is to stick a new interface in on top of the old one, which in turn contributes to the complexity of the system as a whole.

But that doesn’t mean that they aren’t trying to address a real problem.

I think that they’d do better with something like having a rapidly-accessible log of recently-accessed files (like, maybe have the filesystem maintain a time-based doubly-linked list of those) and be able to rapidly search the content of documents based on mod time so that recent stuff gets hit quickly, then trying to make their existing search tools more accessible. That doesn’t replicate data across the system and produce some of the problems here. It also permits for fully-searching content, rather than just the stuff that was on a screen when the Recall system grabbed a screenshot and OCRed it. Maybe they’ve done something like that in recent years; I’m many years out-of-date on Windows.

I’d also add that I think that personal computer systems in general would benefit from giving users better control over where their data is replicated to. It’s kind of confusing…you’ve got swap (well, encrypted swap probably helps somewhat with this). Browser history. Any clipboard manager’s retention. Credentials stores. Application-saved copies of in-progress files. Various caches. If you use some kind of cloud-based storage, you’re pushing data out to other computers. Backups. Just a lot of state that can be replicated all over the place and is hard to go back and track down and remove. That’s even before stuff like issues with doing secure deletion on existing filesystems (which we had a conversation about the other day, everything from log-structured filesystems to wear-leveling on SSDs inducing data replication). If you want something definitely gone, be able to manage your data’s lifetime, something that I think that a lot of people – even non-techies – would like, you really have to have a lot of technical knowledge of the system’s internals as things stand today. This Recall thing is egregious, replicates data all over, but it’s far from the first feature that makes it harder for people to understand and control the lifetime of data on their computer.

I don’t think that the software world has done a great job of letting people control that data lifetime. And I think that it’s something that a user should reasonably be able to expect out of their computer.

They’re a surveillance capitalism corp first and foremost. All other considerations, including security, are secondary.

The damage is mitigated by the fact it only recalls last 3 days by default

Can you elaborate on what “subpoenable information” means. Like I have a vague idea but im not super clear if thats like a legal term with special considerations or whatever. Elaboration would be helpful.

deleted by creator

No major corp I’m aware of is excited about these changes. Legal especially would like there to be the minimum records retention required by law, and a months long AI searchable database of individual user actions on a PC is a nightmare scenario for them.

Check out bazzite.gg

It is a very beginner friendly, gaming focused distro that essentially aims to be steamOS on PC. It even has rollback functionality if you accidentally break something.

You’re gonna get lots of suggestions, lol.

I’d say look at Zorin. It’s a Ubuntu-based distro so it has lots of support, and also has several baked-in themes to customize your desktop the way you want it right out of the box. You can make it look like Windows 7/10/11 or macOS without any other apps or themes, which might help your transition.

Bazzite has been designed to be an out of the box SteamOS distro. It’s not based on Arch, so if that’s what you’re familiar with then that’s not the same, but give it a try.

SteamOS is arch based and uses KDE Plasma as the default DE, so you could probably run Endeavour OS and be pretty darn close

Not that it solves the problem, but since I’m not the King of M$ this is about all I can do: you could easily get around all that by turning off secure boot and booting into a persistant live-usb containing a linux distro of your choice (Tails for extra privacy/ease, if you can use Tor) to do all your secret agent computing needs. The host PC can’t see shit of what happens on Tails.

Edit: lol you downvoted me because I can’t singularly change an entire corporation’s mind and instead offer workable solutions that you could make within the next 30 minutes to mitigate the problem until such time as your plan for Microsoft domination comes to fruition and you can change it back?

Ok I guess, “chump don’t want no help, chump don’t get no help. Jive ass fools ain’t got no brains, anyhow.”

-Barbara Billingsly

Ultimately privacy is part of security so, if anything, everything you mentioned is just more reinforcements that this is a major security concern.

As someone that has been obsessed with tech since being a kid in the 90s I think the tech side of this is super cool and very exciting stuff. As a user, though, I only like this if I’m the one implementing and using it. I do not trust a mega corporation (or really any company) to “leave it locally on my computer and totally not use that data for other purposes”. Right now it’s supposed to be (as far as I last heard) only on your machine but we’ve seen EULAs and TOS’ etc change many times over the years but especially over more recent years as data continues to be king and data like this is a literal bottomless diamond mine.

I know this isn’t your point but it’s just worries I have in addition to your points. And let’s not even start about what this means for law enforcement abuse. No thanks, I’ll wait for a FOSS equivalent that at least gives me and the community the opportunity to evaluate how it works.

It’s basically the same shit at this point

There cant be.

It literally screenshots what you’re doing every few seconds, and builds a plain text database of any and all text it captures.

Incognito mode is not having it installed.

The writing style is a bit weird, but I think the concerns are valid. That sqlite file is a treasure trove for hackers/scammers.

Do you think it would be a better idea to wait until it’s installed and active on every Windows computer before we start a discussion on how bad Copilot is?

I heard this same argument from people all the time. Until it affects you in a meaningful way to change your mind, it’ll be too late.

Agreed that there is a bit of exgaerated dread… but honestly this has all the hallmarks of a monkey knife fight in an elevator, it’s hard to imagine how this won’t end in disaster

We’ve seen it before, it’s not idle speculation. Windows machines have been the hosts of the largest botnets in the world. Whenever a company does something stupid like this it invariably gets into the wrong hands. It’s not even a question of if it will happen just when it will happen.

Oh and it’s not “Linux users” saying it, it’s everybody with an ounce of technical common sense. We’re all here shouting at Microsoft “it’s a bad idea” and they won’t care and it will go exactly as badly as predicted.

very likely won’t cause any security issues.

Hahahahaha. Oh wait, you’re serious? Let me laugh even harder. HAHAHA

Are you braindead? Yes yes taking regular screenshots of the desktop can’t possibly be a security risk, right?

Did you read the article?

This system basically do a character recognition on EVERYTHING the user is displaying and save the results in a very small file not that well protected.

The data is very small (I guess because it’s basically text?), seems easy to find. That means the history of all you did on your computer (apparently only for the last three feays by default,but well…) can be stolen at once, in a minuscule file.

I’m not an IT specialist, but I don’t see in which world this can remotely be a good idea…

Oh it WILL cause security issues. It’s just a tradeoff against if they are worth the benefits.

Hardware controls are meaningless if an attacker gets you to click on a dodgy link in a phishing email or you fall for a social engineering scam when “Microsoft” calls you because your computer has a virus.

Umm, no. Just…yeah, no.

The main problem with this theory is that Microsoft is absolutely abysmal at user end security, and they always have been. Frankly, they do not understand the issue.

But, more to the point, the whole TPM/secure boot stuff is a compromise; originally (I think this was about the time of Vista), they partnered with OEMs to have them include a DRM chip that made it literally impossible to install any non-windows OS on your laptop. They’ve managed to still get an implementation of TPM that makes switching your OS too confusing/difficult for the average user.

Anyway, bottom line is they only care about money, and they neither care or even understand the security needs of the end user.

Nah dude. TPMs have always been about implementing DRMs. These companies hate that they can’t control our PCs, they want to be sure we can only run their approved apps. Like it works in iOS and (to a lesser degree for now) in Android. And even there they are pushing hard for even more restrictive DRM.

For example, some years ago I worked with a SaaS that implemented and sold some security products. One of our customers was a big retailer (for specialized products, not going into more details to avoid doxxing) that was having a problem with scalpers buying all their inventory as soon as they released it. So they were trying to put a show for regulators about stopping scalpers because their customers were complaining. We suggested that the only real solution was to have some real life verification of purchases. But in the end they went with the awful attestation APIs offered by Apple and Google to “fix” this. And in case you are not familiar, these APIs are just TPM based DRMs. So now, if you have a rooted/jailbroken phone you can’t even buy with this retailer anymore.

Note that this company wasn’t trying to fuck customers directly, they were just lazy and incentivised to not really fix the problem (a sale is a sale, even if to a scalper). But even then the end result is that their customers got their digital freedom rights restricted. It’s just a terrible technology IMO, the incentives from companies are all terrible. And that’s before we start considering the real intentions of awful companies like Microsoft, Apple and Google. IMO they are actually pushing for techno feudalism, but that’s my conspiracy theory hahaha.

So no, I doubt they were thinking about security with this recall bullshit. As other people have explained in their comments it doesn’t really protect much in practice. Plus this whole AI push has just been a stupid scramble from these companies to grab a big piece of the stupid AI pie from other companies hahaha, there is no long term plan here, don’t lie to yourself and us.

Because Windows not only encrypts the system disk (C:) but also all connected hard drives

And they’re gonna just enable it without asking if i want all my hard drives encrypted first?

That’s not an unpopular opinion, it’s an outrageously stupid and uninformed one and you should keep it to yourself.