News Microsoft Recall screenshots credit cards and Social Security numbers, even with the "sensitive information" filter enabled

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
palladin9479 said:
End users aren't the customers for this "Feature", government agencies are. This is just another way for Microsoft to get paid to spy for various governments.
Click to expand...
I am not updating to 24H2. Either Microsoft needs to can Recall with Satya Nadella himself pledging an oath to never bring it back, or I'm not updating.
 
  • Like
Reactions: Fox Tread33
this is true. this is only on those laptop/tablets made specifically with AI compute thingies (probably not the technical term for them) built in if i recall right.

i assume eventually they'll migrate it over to using reg cpu or gpu cores to do the work so they can get it on every pc.
 
  • Like
Reactions: RedBaron616
ezst036 said:
A feature nobody wanted anyways, and were furious about it initially that it had to be canned for a period.

But Microsoft continues to have a terrible abusive relationship with its customers. It's what Microsoft wants, not what the customer wants.
Click to expand...
This is what monopolies do. Customers don't matter because where are they going to go? I am willing to bet this program is at the request of the NSA, FBI, and similar agencies who illegally spy on Americans.
 
DS426 said:
This ^. "Abusive" is actually kind of astute thinking IMO as indeed many "need" or at least rely on Windows and M365 in various ways and appreciate the good aspects (esp. those not found in the Linux or Mac camps), yet MS will give and take as they please with minimal regard to how that changes the quality of life of affected customers.

The effort that went into developing Recall could have been used elsewhere for much better use -- opportunity cost.
Click to expand...
It is what monopolies do. There is no true effective competition. Microsoft's Windows division should be busted up.
 
I've read all 31 comments that have been posted here so far . From what I gather, in the near term, a user will have to manually turn on Recall, and the things related to it. I assume that it is not on by default. It is obvious that big Tech sees their "customers" as theirs' to be used as they see fit. I avoid all "conveniences" offered by most businesses, because those conveniences often make it very easy for hackers/scammers to access my important information and data. I don't download any but the most basic apps. Which include an ad blocker, VLC, a PDF reader, a screen recorder, and most recently Gimp, (which I will rarely use). Further, I have a fairly diverse Tech ecosystem. I have a Chromebook, a Apple Mac Mini, Win10 machine ( to be converted to Linux at some point), and a Win11 machine that I need for the few Windows games I own. I think the more apps people put on their devices, is like knowing a lot of people who can harm you in some way, or be conduits for other people to harm you. In my opinion, people should be extremely careful as to the apps they put on their devices, avoid the "conveniences" of auto-pay (as much as possible), and syncing. Auto-pay is like giving someone your wallet, and syncing is like a row of dominos that will allow hackers to invade every account and device that are linked. The companies that encourage syncing are the same ones that get consistently hacked, and only offer their customers/users information on how to monitor their accounts through the use of Credit Bureaus.
 
RedBaron616 said:
This is what monopolies do. Customers don't matter because where are they going to go? I am willing to bet this program is at the request of the NSA, FBI, and similar agencies who illegally spy on Americans.
Click to expand...
You could stop being lazy and switch to Linux.

Customers "don't matter" because they choose to do more complaining and less action. For all the negative comments I make about Microsoft (and there are a LOT) I fully recognize that it's also the customer's fault as well for continuing to let it happen.
 
1. Question at the bottom.

2. According to MS,
"Your PC needs the following minimum system requirements for Recall:
• A Copilot+ PC that meets the Secured-core standard
• 40 TOPs NPU (neural processing unit)
• 16 GB RAM
• 8 logical processors
• 256 GB storage capacity
◦ To enable Recall, you’ll need at least 50 GB of storage space free
◦ Saving snapshots automatically pauses once the device has less than 25 GB of storage space
• Users need to enable Device Encryption or BitLocker
• Users need to enroll into Windows Hello Enhanced Sign-in Security with at least one biometric sign-in option enabled in order to authenticate
Supported browsers, and their capabilities include:
• Microsoft Edge: filters specified websites and filters private browsing activity
• Firefox: filters specified websites and filters private browsing activity
• Opera: filters specified websites and filters private browsing activity
• Google Chrome: filters specified websites and filters private browsing activity
• Chromium based browsers (124 or later): For Chromium-based browsers not listed above, filters private browsing activity only, doesn’t filter specific websites"

3. Why may be safe.
According to AMD they only have NPUs on their EPYC CPUs. I have an AMD Ryzen Threadripper Pro 7975ws.
I removed CoPilot as soon as it installed on my Windows 10 Pro (how long I can stay on Windows 10 is a question as I think I am about to be forced to an upgrade to Windows 11 at the end of December).
I never turned on BitLocker and have checked and it is turned off for all my drives.
The ESS stuff drove me nuts trying to follow it on MS pages. But I have no built in camera. I have camera software deleted in Settings --> Apps (as well as a lot of other bloatware). I have no fingerprint device. Other than mouse and keyboard, I have a microphone and television antenna going into a tv tuner card. At some point I will have to activate the camera for my CZur book scanner (bad eyes, so I scan in my online class textbooks so I can display on my 55 inch tv screen (my monitor)).


4. Am I, based on this information, supposedly safe from "Recall"?
 
I got end of Dec because I got a message from Microsoft Windows Update that it had downloaded Windows 11 Pro and was going to install. I used the delay for (I think 30 days) feature to stop the installation. But that would just delay.
 
JamesJones44 said:
Not surprising that an ML model has difficulty detecting sensitive areas based on capturing a random image. IMO for this to work correctly MS needs apps to populate some kind of metadata that they can associate with an image and location. That way the ML model can use hints in the metadata to understand that an area of the image contains a sensitive field based on the specified HTML tag for example. Without that, this will always be difficult to be accurate with sensitive field detection.
Click to expand...
In fact, they have a model to analyze the screen or a screenshot: https://huggingface.co/microsoft/OmniParser It's a small model. This could have been used to make Recall without storing images, just text... This still is using computer vision. Otherwise, they may have just used info from the OS, and which window, tab, or textbox...

For the filtering, it should improve if it is obvious the webpage has fields with payment details... But a PAN pasted in Notepad is not a good idea.

In fact, Recall only annotates each screenshot with minimum metadata, and then only when searching for something specific, some images are more thoroughly analyzed. So it is more efficient and looks good.
 
subspruce said:
I am not updating to 24H2. Either Microsoft needs to can Recall with Satya Nadella himself pledging an oath to never bring it back, or I'm not updating.
Click to expand...
You can disable it, or understand how it works...
It's local, in a folder with proper permissions, already hard to break, then ciphered, and protected by Windows Hello, then find something worth anything...
Are you expecting some state-sponsored hackers to try and steal your data? because the data is probably really uninteresting... like mine...
 
NatalieEGH said:
1. Question at the bottom.

2. According to MS,
"Your PC needs the following minimum system requirements for Recall:
• A Copilot+ PC that meets the Secured-core standard
• 40 TOPs NPU (neural processing unit)
• 16 GB RAM
• 8 logical processors
• 256 GB storage capacity
◦ To enable Recall, you’ll need at least 50 GB of storage space free
◦ Saving snapshots automatically pauses once the device has less than 25 GB of storage space
• Users need to enable Device Encryption or BitLocker
• Users need to enroll into Windows Hello Enhanced Sign-in Security with at least one biometric sign-in option enabled in order to authenticate
Supported browsers, and their capabilities include:
• Microsoft Edge: filters specified websites and filters private browsing activity
• Firefox: filters specified websites and filters private browsing activity
• Opera: filters specified websites and filters private browsing activity
• Google Chrome: filters specified websites and filters private browsing activity
• Chromium based browsers (124 or later): For Chromium-based browsers not listed above, filters private browsing activity only, doesn’t filter specific websites"

3. Why may be safe.
According to AMD they only have NPUs on their EPYC CPUs. I have an AMD Ryzen Threadripper Pro 7975ws.
I removed CoPilot as soon as it installed on my Windows 10 Pro (how long I can stay on Windows 10 is a question as I think I am about to be forced to an upgrade to Windows 11 at the end of December).
I never turned on BitLocker and have checked and it is turned off for all my drives.
The ESS stuff drove me nuts trying to follow it on MS pages. But I have no built in camera. I have camera software deleted in Settings --> Apps (as well as a lot of other bloatware). I have no fingerprint device. Other than mouse and keyboard, I have a microphone and television antenna going into a tv tuner card. At some point I will have to activate the camera for my CZur book scanner (bad eyes, so I scan in my online class textbooks so I can display on my 55 inch tv screen (my monitor)).


4. Am I, based on this information, supposedly safe from "Recall"?
Click to expand...
Ah, the "bloatware"... and indeed Copilot may have taught you something, even outputting facts!!! You did the right thing.
You seem quite distrustful. Relax, read Microsoft documentation, or learn how to do your own investigations... There is nothing to fear in Windows 11. Otherwise, you'll be able to keep 10 for years, I bet...
If you really want to pursue the conspiracy road, https://www.fsf.org/ a masterpiece. Then stop using the internet...

Yes, ESS in Bing (or something safer and privacy-friendly: google.com), you'll see this is pure evil: Windows Hello Enhanced Sign-in Security... you might want to check the documentation; it's... elaborate. And for the camera, face recognition uses multiple cameras and sensors.

Aaaah BitLocker is there to protect data at rest... otherwise, you can just plug in your SSD or NVMe, or maybe your connected clay tablets to another computer and read all the data. This is what BitLocker does... It does not allow anyone to access remotely your shutdown PC... whatever, I don't want to know.

Look for ONNX files on your machine; if you see some, those are AI models, maybe spying on you for years!
Because this is what Microsoft wants: to spy on you and collect your data...
They are not collecting data 'in secret," nor have they ever stolen your data... They do not care at all. They offer services to tens of millions of companies and hundreds of millions of people, and being trusted that your data is safe and private is far more important than anything. If you do not trust them, don't bother finding an explanation...
Read the privacy notice for all MS products; it is one page, very clear. Find the Apple one, or instance; it's some easter egg, a treasure hunt to get the full privacy notice! Fun, reading it, people should freak out a little; they aren't really good with software cloud, AI...
And in fact, nobody ever really did... Google tracked your every move (and mail; if you use their services, it's been 28 years...); Meta revenues are 95% from ads, so they want to sell ads, not steal PANs or recall images...

The microphone is a reason to worry... you should make sure there is some a 33 or 45 RPM playing at all time...
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom