Windows 11's Recall is a brand-new headline feature for Copilot+ PCs. While the idea is interesting, researchers say it makes it way too easy to steal everything you viewed or typed on your computer.
Oh, you’re saying that Recall is a privacy nightmare and a sweet target for malware? Surprised_pikachu.jpg
This has already been happening on the Web for quite some time. For example Microsoft Clarity records everything you do on those dodgy Web sites you visit. And they assign a universal identifier to you that can be correlated with the IDs Google and your device have already created and broadcast to profile you.
And you think “oh but I use x, y, and z to prevent tracking”. Guess what: They make your browser do nonsense tasks in the background to benchmark your hardware and then assign a UUID to you based on that.
The only thing that can help this situation is privacy legislation with real teeth.
This is far far worse of a potential risk than a tracking identifier. Bank passwords, balances, social media pages, full text chat Windows, everything you ever view all OCRed and put in a neat searchable database for a hacker.
Yes the developer sees it, and also the data brokers they sell all their user data to see it, aggregate it, and corollate it. Not to mention whatever Microsoft does with it.
This has already been happening on the Web for quite some time. For example Microsoft Clarity records everything you do on those dodgy Web sites you visit. And they assign a universal identifier to you that can be correlated with the IDs Google and your device have already created and broadcast to profile you.
And you think “oh but I use x, y, and z to prevent tracking”. Guess what: They make your browser do nonsense tasks in the background to benchmark your hardware and then assign a UUID to you based on that.
The only thing that can help this situation is privacy legislation with real teeth.
This is far far worse of a potential risk than a tracking identifier. Bank passwords, balances, social media pages, full text chat Windows, everything you ever view all OCRed and put in a neat searchable database for a hacker.
My main point is that “observability” tools like Clarity are screen grabbing whole Web sessions and have been for some time.
But Clarity is an app a web developer adds to their own web site. So, yeah a website you visit sees everything you do on their website.
That’s not new.
Screen capping everything on your PC at all times is new.
Yes the developer sees it, and also the data brokers they sell all their user data to see it, aggregate it, and corollate it. Not to mention whatever Microsoft does with it.
I would be interested in learning what people find objectionable about my comments, if anyone would care to share.