The worst thing about it is, even if you switch to Linux for privacy yourself, you’ll also need your friends to switch as well, otherwise if you message them on their desktop, they’re a liability, as the damn recall will be there too, leaking your data.
It’ll be hell for activists.
Funnily enough, Signal has circumvented the issue by marking their chat window as DRM content, making it invisible to Recall.
Lol
The same has been true of email for years, but less bad. Activists will need to be even more careful in who they trust.
In what sense?
- if you send plaintext, their email service could spy on them
- once they decrypt, they could accidentally reply with the decryped text, or it could get backed up if they store a copy somewhere
- screen readers could store decrypted email
In general, if you don’t trust the receiver, you shouldn’t send sensitive information. Windows Recall doesn’t change that, if they’re competent, Windows Recall won’t be enabled.
I think this is more an issue for less technical users instead of activists, because activists will be more careful about who they trust than a secretary or something for a powerful individual.
Of course it is. It’s invasive by design. The “recent tweaks” were because of backlash, but now that’s died down
I am surprised by how rabid the Recall backlash continues to be compared to similar features elsewhere. Apple’s equivalent, in particular, seems to not be a concern to anybody. I don’t have anything Apple, so I’m not sure if they ever rolled this out, but they sure announced it to a whole bunch of crickets.
In fairness they’re not the same thing - recall records everything you do making a nice single honeypot of all your actions. Apple’s thing is really just a search bar that can reach into apps like email, calendar, etc - it’s not recording your bank logins. Google Play Services tracks everything you do on Android and sells it to advertisers.
deleted by creator
Um, the core feature is privacy invasion. It does what it says on the tin.
It’s fine if some people want that functionality, as long as it’s not enabled by default.
One could argue that it’s a feature that could be done on-client without sending to a server. Or with its server component doing nothing more than syncing with E2E encryption.