back to article Windows 11's Recall feature is on by default on Copilot+ PCs

Microsoft's controversial Recall feature is enabled by default during Windows setup and users must delve into Windows Settings to turn it off. Over the weekend, The Verge's Tom Warren posted screenshots showing Microsoft's latest Out-of-Box Experience (OOBE), in which the Recall feature can't be turned off unless the user …

  1. Pascal Monett Silver badge
    Angel

    My hardware is not compatible

    Thank $Deity for that . . .

  2. b0llchit Silver badge
    FAIL

    Why not turn on the camera and microphone as well in an undetectable manner? Then these inputs can be AI-processed and detect if the correct owner is operating the device and warn of license violations if the wrong person is operating the device.

    The microphone is paramount to prevent the most heinous crimes. The brand new AI will listen for tell-tale signs of seriously problematic behaviours in the vicinity of the device and alerts the proper authorities when improperly licensed music, games or videos are detected.

    1. Anon the mouse

      Microsoft have a patent on detecting the number of people in front of a device and stopping that device from working/showing content if it's over the licence limit for that content. Streaming services with a per person limit coming soon.

    2. Doctor Syntax Silver badge

      And, as it can be labelled "the future of computing" it shouldn't be possible to turn it off.

  3. Dan 55 Silver badge
    FAIL

    Sinofsky noted that the default was "the least problematic part of the feature."

    Proving the guy who was in charge of Windows 8 hasn't got any idea. Imagine you're business inside UK or the EU and each of your PCs starts recording data on customers which your users accessed during the course of their work using Citrix or RDP to avoid data getting onto the local PC.

    Now you've suddenly got data on the local PC. You don't know how Copilot's copy is stored, modified, or deleted so you can't deal with subject access requests, you don't know how much of it gets slurped by Microsoft, and you're suddenly responsible for it all.

    1. Andrew Hodgkinson

      Re: Sinofsky noted that the default was "the least problematic part of the feature."

      Proving the guy who was in charge of Windows 8 hasn't got any idea.

      I don't understand why you have 20 upvotes. You're saying the same thing he was saying, just in different words. He's saying that the default is the least problematic part. The greater problems are - everything else about the feature, including but not limited to the things you list. Surely you've seen similar variations of the very common phrase "...was the least of its problems" before?

      Sinofsky isn't out of touch here - he is exactly right and you're actually in total agreement with him - though you apparently don't recognise it.

      1. Dan 55 Silver badge

        Re: Sinofsky noted that the default was "the least problematic part of the feature."

        I meant what I said. All of the problems stem from being opted into it and the greatest problem is being opted in to this in the first place. All of these problems listed in the comments and elsewhere (GDPR, malware, etc...) are brought about because Recall is opt-out meaning it will be used at scale meaning all of its design failures will be evident at scale.

        Why hasn't there been this amount of push back caused by Rewind? Because it's third party software, it's not supplied with every computer and running by default.

        Like so many problems in Windows brought about because stupid OS features are either opt-out or defaulted to the least secure option. This is and always has been the cause of most of Windows' problems, right back to hiding known file extensions and autorun.

        This should be an optional feature which defaults to off. By optional feature I mean listed in System > Optional features > More Windows features which defaults to uninstalled. If MS really want to they could add a page when installing which tries to get you to opt in but they know most people just click through those pages.

  4. Anonymous Coward
    Anonymous Coward

    "I It will not hide information such as passwords or financial account numbers"

    Forget having it turned off. I'd want the code stripped out completely and the ability to confirm the same..

    Nasty little fuckers

    1. TReko Silver badge

      Do you trust Microsoft?

      If it is turned off in the settings, is it really off?

      1. Fruit and Nutcase Silver badge

        Re: Do you trust Microsoft?

        Of course!

        There is no way that Microsoft would have employed that rogue programmer who worked for Google at one point and slurped all the WiFi access point data via StreetView survey kit.

        1. eldakka

          Re: Do you trust Microsoft?

          Doesn't even have to be a rogue employee. The current common ransomware technique is for the malware to silently turn on windows built-in disk encryption, except using a password the malware knows that is unknown to the user. Once encryption is complete, delete the password from the configuration, viola, your data is now accessable only to the controller of the malware.

          So now, in addition to holding you ransom to your own disk encryption system, they can use the built in screen-logger. Silently turn it on, collect some data, then threaten to blackmail you over the contents of the data - or even just skim any credentials captured and use them themselves.

      2. GoneFission

        Re: Do you trust Microsoft?

        In the same way that deleting a Google Photos or Apple iCloud image gets rid of it entirely. If it's perfectly legal to simply hide the data or feature from any non-EU user when they hit "delete" or "disable", why wouldn't you take advantage of that? They even explicitly opted in by "carefully reading & signing" the ToS / T&C.

        1. 0laf Silver badge
          Big Brother

          Re: Do you trust Microsoft?

          Most big companies don't give a shit about the legalities. They have deep enough pockets to ensure any action lasts indefinitely without ever coming to a conclusion they might not like.

      3. hedgie Bronze badge

        Re: Do you trust Microsoft?

        Only until yet another forced update. Then it gets re-enabled. When you disable it again, that only lasts until the *next* update. Until it can no longer be disabled at all.

      4. EricB123 Silver badge

        Re: Do you trust Microsoft?

        Do you need an idea for your Ph.D thesis?

      5. Doctor Syntax Silver badge

        Re: Do you trust Microsoft?

        "is it really off?"

        Right up to the point that next month's update has an undocumented error that quite accidentally not only turns it on again but introduces a further bug by turning it on at every reboot.

  5. Inventor of the Marmite Laser Silver badge

    Sueball

    Incoming in 3, 2, ............

  6. Ken Hagan Gold badge

    On by default

    "Features that are the future of computing should be on by default and turning things off should not be part of any routine or default customer experience. If it can't be on then it isn't a platform feature."

    The choice of which features are on should be made by the owner of the computer, and that is the person who paid for it, not the OS vendor. Since real people vary, the defaults should be conservative.

    OS vendors who fail to grasp this simple point should kindly FOAD.

    1. nintendoeats

      Re: On by default

      I agree with you, but I also take his point. "features that are the future computing" can be interpreted as "features that most people will want turned on". Obviously such things should typically be enabled by default.

      Corollary: this is not the future of computing.

      1. Doctor Syntax Silver badge

        Re: On by default

        True, but in Microsoft's opinion only Microsoft's peoples' views need to be considered.

    2. Chet Mannly

      Re: On by default

      I think what he means is that if you introduce a new feature and it's turned off by default it's likely to stay that way and it will never be a central part of the platform. So from MS' perspective they have no choice but to have it on by default if they really want this to be part of the platform.

      Of course from my perspective they can go to h*ll with this and it will be the first thing turned off and uninstalled. Many users (maybe even the majority?) just accept defaults though so it would be running on a huge number of pcs and I have no doubt that while processing is done locally MS have a way of getting the AI training from all this data fed back into the greater copilot program so they can win the AI war.

  7. Andy Non Silver badge
    Thumb Down

    I had no intention

    of ever using Windows ever again. Now I'll doubly never use it again!

    1. Neil Barnes Silver badge
      Mushroom

      Re: I had no intention

      You and me both.

      But the problem is the dozens of people handling my data - banks, councils, insurance etc - who _are_ using it, with all the potential issues listed upthread.

      1. Andy Non Silver badge

        Re: I had no intention

        Very good point.

      2. navarac Silver badge

        Re: I had no intention

        I don't think many shills for Recall have thought about the rank amateurs in councils, insurance etc., let loose with Recall (aka MS Keylogger supreme). Asbestos Umbrellas to the ready!

      3. Anonymous Coward
        Anonymous Coward

        Re: I had no intention

        Breathtakingly bad. I bought a new laptop and Windows S was on it. 3 days to get it to switch off S-Mode so I could install other non-MS store software.

        Touchpad scroll sensitivity is not fixable so it's like using a Win3.1 machine. Sound constantly goes out of sync even when just playing from the laptop.

        Ive not tried using Windows properly since Vista. Nothing has changed. It is still a steaming pile of sh1t and that Microsoft feeling, that sickening, Ive been ripped off feeling prevails.

        For the first day or so I was quietly impressed and thought OMG they have finally produced a decent OS. But no, the next few days the same types of problems we had with XP start showing up. Laptop blindly fast day 1. Day 4 it's a crawl. Firefox is unusable and at least 3 times slower than Edge and I think that MS are doing that deliberate.

        I had forgotten how deeply I could hate until I switched on Win11. It's a hate like no other. It's like going back to someone who abused you.

  8. Boris the Cockroach Silver badge
    Big Brother

    It begs the question

    Why?

    Why does m$ want to take screenshots of your desktop every 2 minutes(or whenever), it cant be for the user's benefit since creating and saving the screenshot will impact on your computer's performance.

    So only reasons I can see is so m$ can see what programs you are using so they can tell if you're using a pirated copy, and so that they can issue commands to your pc to search said screenshots for content so they can then sell advertising aimed at you. oh and law enforcement

    The telling feature is if it is only available on home versions not corperate ones... as getting their ass sued off by companies, countries, and trade blocs is not in the game plan (unless they have some nice juicy blackmail from someone's home computer thats just had recall reactivated by an 'update')

    1. GoneFission

      Re: It begs the question

      The Recall feature's contents may not be accessible by outside sources (and only to anyone with physical system access, since that never happens unauthorized), but it's guaranteed that they're harvesting the metadata from its generation process. That would be an absurd amount of potentially revenue-generating user and behavioral data left on the table.

      1. Anon the mouse

        Re: It begs the question

        There's proof of concepts already showing that you can drop malware on a machine and exfiltrate the recall DB before the antivirus kicks in a few seconds later and removes the malware. The recall DB isn't that large so it only takes a second to upload to a remote server.

    2. Doctor Syntax Silver badge

      Re: It begs the question

      Can't you boot from USB?

  9. mpi

    "Microsoft's latest Out-of-Box Experience (OOBE)"

    More like "can stay in the box for all I care" experience.

    Since I even transitioned my gaming platform to Linux (thanks steam and proton!), I literally have no reason left to have this stuff in my house :-)

    1. original_rwg
      Facepalm

      Re: "Microsoft's latest Out-of-Box Experience (OOBE)"

      Out-of-Box Experience (OOBE)

      Out-of-Brains Experience

      FTFY

  10. Dan 55 Silver badge
    FAIL

    An absolute shitshow

    When Microsoft said it was encrypted, they meant by BitLocker (i.e. transparent to the software running at the time, including malware).

    The data is held in unencrypted in SQLite databases in AppData.

    Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

    1. that one in the corner Silver badge

      Re: An absolute shitshow

      > The data is held in unencrypted in SQLite databases in AppData

      Damn shame it is impossible to add encryption to an SQLite database - oh, wait a moment:

      https://learn.microsoft.com/en-us/dotnet/standard/data/sqlite/encryption?tabs=netcore-cli "SQLite doesn't support encrypting database files by default. Instead, you need to use a modified version of SQLite like SEE, SQLCipher, SQLiteCrypt, or wxSQLite3. This article demonstrates using an unsupported, open-source build of SQLCipher, but the information also applies to other solutions since they generally follow the same pattern."

      Perhaps MS devs aren't allowed to "waste their time" reading the MS "learn" website?

      1. Anonymous Coward
        Anonymous Coward

        Re: An absolute shitshow

        "Perhaps MS devs aren't allowed to "waste their time" reading the MS "learn" website?"

        What you *mean* is that MS don't learn !!!

        This is totally believable !!!

        Windows 11 is a Horror show that has escaped from a deranged mind .... the deranged mind appears to be *still* in control, hence 'Recall' !!!

        There is *NO* possible upside to Recall, it is a security failure waiting to be enacted !!!

        Even switching it off is *not* safe as if the code is still there it can be re-enabled by some miscreants s/w !!!

        Wait carefully while someone shows how to do it in the next 3-6 months ... or possibly less !!!

        Thanks MS ... what more can you do to help me to lose *all* my important personal information / data !!!

        :)

        1. Anonymous Coward
          Anonymous Coward

          Re: An absolute shitshow

          "Wait carefully while someone shows how to do it in the next 3-6 months ... or possibly less !!!"

          I was wrong ..... I meant 3-6 HOURS !!!

          See https://github.com/xaitax/TotalRecall?is=de8f99f633779c48394560419ed2ff46c36627f60fd2bd92d66c65518957cfdd

          MS ... do you still think this is a good idea & secure !!!

          :)

  11. that one in the corner Silver badge

    Turning things off

    > turning things off should not be part of any routine or default customer experience.

    So, anybody else here got a list of things that are routinely hunted down and turned off whenever they install Windows?[1] Either by hand or by IT supplying their own ready-to-go image.

    Frankly, I'd think turning things off ought to a routine for pretty much everyone - it is daft[2] to believe that every "amazing new feature" is worth the resources to *every* user.

    And as for believing *your* every feature is "the future of computing" that everyone ought to use...

    [1] actually, any OS - I find that even Linux installs are best followed by a routine of removing stuff that gets added by default, as well as the obvious "install other stuff you do like". And, yes, I do know about creating one's own distro respins: following the routine isn't arduous, just tedious: it isn't a big enough issue to warrant the need for a respin, let alone a Corner Linux distro.

    [2] nicest way to frame it; other descriptions, using the word "pathological", are available

    1. Doctor Syntax Silver badge

      Re: Turning things off

      "So, anybody else here got a list of things that are routinely hunted down and turned off whenever they install Windows?"

      All of it.

    2. Doctor Syntax Silver badge

      Re: Turning things off

      "I find that even Linux installs are best followed by a routine of removing stuff that gets added by default,"

      As a matter of interest, what things and what distro? I'm curious as I'm apt to find myself adding things rather than removing them but that might just depend on the choice of distro.

    3. X5-332960073452
      Megaphone

      Re: Turning things off

      Edge - I change 84 settings that are in M$'s interest, not mine !

  12. Alien Doctor 1.1

    I still fondly...

    remember games back in the day where you put disk 1 into the machine and rebooted. I would be so pleased to see the days of software with their own on disk os back; it would solve so many modern problems.

  13. sneakythumbs

    When I first heard about this feature, I was sure that the 'snapshots' were a record of the OS state, so that you could roll forwards or back - kind of like a global 'undo'.

    Is it truly just a series of screenshots? Must be an extremely obscure use case. Even if copilot is able to 'search' the content of the screenshots.

    1. tiggity Silver badge

      @sneakythumbs

      Basically, lots of screenshots. "AI" OCR then run on screenshot and the scraped / "AI" interpreted text stored.

      So DBs will tend to be fairly small (as not storing lots of images)

      A fairly small DB means very quick to steal....probably a reasonable chance of Recall DB targeting malware to upload recall DB somewhere before anti malware software detects & quarantines it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like