I thought this was a serious take for a second (until I looked at microsoft_recall_linux.exe - lol).
Having said that, I would actually be keen for something similar that is both open-source and totally local so that I could use the output as AI fodder (for a local inference model of course).
It's a joke yes but it does work, in a really crude way. The exe is actually a short bash script, it takes a screenshot every 5 seconds, feeds it to tesseract (OCR) and dumps the result in ~/.recall.
When I was working in audits, I used to record everything happening on my screen with 3 fps and then rewatching it with 10x speed, just not to forget anything.
When Recall was announced, I was in minority who thought it was super cool technology.
As long as it's stored and processed locally, I don't really see the implications being that much worse than someone getting all your local IRC/IM/email logs. (Those or their equivalents are stored in the cloud nowadays but disregard that for now for the sake of argument.)
It has been over a decade that big tech has been playing this script:
* Introduce a feature that is abysmal for user privacy
* Promise it's okay because $reasons
* Make the feature opt-out
* Change the EULA so that $reasons are no longer applicable/valid
* Roll out an update that "accidentally" turns the feature back on for everyone
* Apologize, deny, divert, deflect
* Siphon off all that sweet sweet user data
Rinse and repeat. Get away with it every time. People still go "oh I don't see the problem, they said $reasons". This time "it's stored locally". Until it won't.
You are merely objecting to Microsoft being the developer behind Recall. Great I don't fault you for that. But now consider hypothetically what if the Linux Foundation developed and announced Recall?
The linux foundation would introduce this is an optional thing you can download, with documentation on how it works, and where you can find the source. Within 3 days the community would make self hosted servers for it.
They are not known for siphoning user data through dark patterns, so there is nothing to object from me. If they were to try it the same underhanded way as microsoft, I'd be just as much against it.
That's exactly what I would think too in this thought experiment. So Recall itself isn't the problem; it's the way Microsoft built it. I am personally still in fact waiting for a reputable organization to build it.
If it was any other company than Microsoft, I might have agreed with you that it's fine as long as those things happen.
But if history is any indication of the future, as soon as the tool gets popular, Microsoft will try to claw back whatever data it can about it's users, or add Pro features only available to signed up Microsoft users who pay, or something similar.
I think many of us have been burned by these companies doing bait-and-switch so many times, that it's almost impossible to not see the writing on the wall here and even spend five minutes trying it out.
I much rather wait for the inevitable (serious) FOSS clone that will be safer to use instead.
> I much rather wait for the inevitable (serious) FOSS clone that will be safer to use instead.
Yep - though I've no interest in a tool like Recall (I don't really see the point, it doesn't do anything for me I'd want) I do understand that others may feel differently but even if I did want it, I'd wait for the FOSS version as well.
Anything stored locally can be exfiltrated by malware. Run OCR on the archives, check when someone opens their password manager, copy and exfiltrate the password.
Oh and partners, ex-partners and children can also abuse such data. Even if you clear your browsing history, forget about clearing the Recall cache and whoops, they can see your browsing habits post-facto.
Employers and law enforcement agencies are another bad actor that's to guard against. Even if laws such as GDPR or employee safety regulations prohibit companies from screenrecording, there's not much stopping them from using a feature Microsoft tries its hardest to prevent people from opting out of.
the privacy implications are really no worse than people who have a web browser cache/history, use a password manager, and have their entire email/message history available for offline perusal on their computer/device.
just like an attacker can go after the recall data, they can go after those well known sources of data as well, which are generally not encrypted.
Which is why, for example, the changes signal made to prevent recall from working when it was visible, were pure virtue signalling. By default signal on the PC keeps all messages sent available in a db that any attacker can easily download.
The entire criticism aimed at recall ignored all the other ways this data is stored on one's PC.
I think there is a difference between "I can audit the code, it's encrypted, I want to run this and want to use this" and "Microsoft installs it, it's not encrypted and wants to turn it on by default, potentially sharing data to them soon(tm)"
Like several modern pieces of technology, it would in fact be "super cool" if only it ran locally and respected your privacy, and if it weren't in fact just a paper-thin excuse for massive and constant surveillance.
> When Recall was announced, I was in minority who thought it was super cool technology.
I think almost every serious computer professional want something like Recall, I don't think you were in the minority at all.
But the amount of people who want the least security-minded company of probably all time to manage that software, and for that program to ignore the last three decades of security/privacy methodologies, is probably something way less people want, and is why Recall is being shit on.
If a non-profit managed it, it had a security/privacy-first mindset/goals, and was run by non-Microsoft people, I think it could be a really useful tool.
https://github.com/mediar-ai/screenpipe is promising, however it has some issues with my setup. I'm personally just dumping all the data with ffmpeg + x11grab, will figure out what I want to do with it later
> I would actually be keen for something similar that is both open-source and totally local
Did you actually look at it? Or just look at it? Because it is actually open-source and totally local.
# ... nonsense
while true; do
grim - | tee ~/.recall/$(date "+%Y-%m-%dT%H-%M-%S").png | tesseract stdin stdout 2>/dev/null >~/.recall/$(date "+%Y-%m-%dT%H-%M-%S").log
# ... other nonsense
done
I think all the nonsense/emojis are supposed to be funny, but that actually does the thing. Replace "tesseract" with whatever local AI you want; replace grim with some other screenshotting tool if you like.
I've done something like this for over a decade (although I have a diff that deletes duplicate frames) and I like to partition by date (do that "T" becomes a "/") because that makes other things easier, but my script isn't much more complicated than that.
That's the biggest problem I have with Recall. Not that the idea or functionality is bad, but that the probability that the company behind it will abuse it is so large that it's not worth the risk.
If the system worked fully locally, didn't come from Apple/Microsoft/Google/Facebook/etc., and had decent data isolation, I would probably turn it on.
Unfortunately I find that getting basic OCR to work reliably on Linux is a challenge in itself compared to Windows' APIs and quality of OCR results, so I doubt an honest, well-intentioned implementation will make it to Linux.
For the Outlook haters out there here's my 2c of anecdata. At home I use BetterBird, at work Outlook, and I used to use Apple Mail/Calendar on my phone. I access multiple mailboxes: Microsoft 365, Google Workplace and Apple iCloud.
1. There is no planet on which BetterBird/Thunderbird is better than Outlook as a mail client. None.
2. I hate having my mail and calendar apps separated, so on the phone moved from Apple Mail+Calendar to the Outlook iOS app. Been using it for a couple of years. Can't imagine going back.
In my experience, the Outlook client provides features I want in a way that is usable across multiple clients. While I use BetterBird on my personal linux laptop (mainly for sync, so I always have a local copy of my mailboxes), I also use the web Outlook client (much more usable).
On Linux I've also used Evolution - not a massive usability difference with the FooBird. If anyone can recommend a combined mail + calendar client for Linux that is polished and power-user functional, and can work well with differing mailbox providers, I'd love to give it a try.
What? Are there UX "standards", the lack of which might impede an end-users experience of the product? Or are you referring to protocol and/or interoperability standards, which make it difficult for 3rd parties to integrate (though, looking at my current work desktop, I can see that Zoom integrates very well with Outlook).
This was 2 years ago; compression in Azure Front Door works only when you enable caching in Azure Front Door. This is made up rule by Microsoft. It is not standard.
Also I was compressing my responses in my back-end but Azure Front Door was decompressing them. Why?!!!
I think the difference now is that traditional software ultimately comes down to a long series of if/then statements (also the old AI's like Wolfram), whereas the new AI (mainly LLM's) have a fundamentally different approach.
Look into something like Prolog (~50 years old) to see how systems can be built from rules rather than it/else statements. It wasn't all imperative programming before LLMs.
If you mean that it all breaks down to if/else at some level then, yeah, but that goes for LLMs too. LLMs aren't the quantum leap people seem to think they are.
Yeah, the result is pretty cool. It's probably how it felt to eat pizza for the first time. People had been grinding grass seeds into flour, mixing with water and putting it on hot stones for millennia. Meanwhile others had been boiling fruits into pulp and figuring out how to make milk curdle in just the right way. Bring all of that together and, boom, you have the most popular food in the world.
We're still at the stage of eating pizza for the first time. It'll take a little while to remember that you can do other things with bread and wheat, or even other foods entirely.
This kind of thing does tend to get reported. But that one study outcome summarising many lives becomes one article (one blip, one news cycle), while every individual homicide can get its own article.
I agree that FSF and similar groups should be focusing efforts on influencing government policy at least as much as on software. The problem is that in practice, you’ll get a bunch of people who are erstwhile free software supporters, shouting back that the FSF should “stay n their lane” and stay out of politics (missing the point that in life, everything is politics).
reply