The world is up-in-arms over Windows Recall, but why? It stems from Microsoft's seeming lack of care for Windows and its users.
It's a nightmare scenario for Microsoft. The headlining feature of its new Copilot+ PC initiative, which is supposed to drive millions of PC sales over the next couple of years, is under significant fire for being what many say is a major breach of privacy and security on Windows. That feature in question is Windows Recall, a new AI tool designed to remember everything you do on Windows. The feature that we never asked and never wanted it.
Microsoft, has done a lot to degrade the Windows user experience over the last few years. Everything from obtrusive advertisements to full-screen popups, ignoring app defaults, forcing a Microsoft Account, and more have eroded the trust relationship between Windows users and Microsoft.
It's no surprise that users are already assuming that Microsoft will eventually end up collecting that data and using it to shape advertisements for you. That really would be a huge invasion of privacy, and people fully expect Microsoft to do it, and it's those bad Windows practices that have led people to this conclusion.
For the retail market, most people just have phones not computers anymore. Microsoft has already lost The Battle of Windows phone.
For the Enterprise market none of this recent b******* is going to enterprise customers anyway, they would have group policies and volume licensing deals to avoid all the b*******.
For those poor retail customers who still run Windows, they suffer, but they're minor, not significant
This is for the enterprise market more than anything. Large companies are already logging and mining everything. Slack, Teams chat, Teams voice, email, keystrokes...literally everything. Microsoft's problem is that Enterprises are using third party products to do so. Recall solves that competitive issue for MS. I have no doubt that it will be tied to their cloud offerings, and I have no doubt that MS will retain the right to use it all of the data from the consumer side for AI training.
I've worked extensively in the Enterprise environment, and data exfiltration is a massive concern for any company with intellectual property, which is most of them.
Having data leak at all, another vector for exfiltration, is a huge huge risk.
Heck, I'd be surprised if Microsoft itself let its own developers run Total recall
As an infosec professional for way longer than I care to remember, you are preaching to the choir. That said, all of our clients are both large enterprise and critical infrastructure, and they all log (and mine) everything. Not only that, they are shipping this directly to third parties. It makes me break out into a cold sweat every time I think about it, but here we are.
PS: OK, all the US based ones. Our EU based client does not do this to my knowledge and I assume it has to do with EU regulations, but that's just a wild guess.