Windows user accounts used to work locally. At some point during Windows 10's life it became a hassle to use a local account on a new computer. Now in Windows 11, short of modifying the ISO or using other unintuitive workarounds (some of which Microsoft has patched out), you are required to be connected to the Internet and use a Microsoft account when setting up your new computer (even for Windows 11 Pro!) If despite that you choose to work around that requirement, several features are disabled, including ones that enhance security!
Notably, you lose out on full-disk encryption on Windows 11 Home. On Home and Pro you lose out on facial recognition login (Windows Hello), which can be a useful tool for avoiding shoulder surfing attacks in public. But by using a Microsoft account, your computer's password can be reset remotely. There's no way (official or otherwise) to maximize security on Windows 11. Outside of Enterprise, there's not even an official manner to setup an air-gapped Windows 11 PC!
Until they received massive backlash, Microsoft planned on requiring Xbox One users to have a Kinect (camera, mic, and motion sensing device) connected at all times when the console is on, as well as connect to the Internet once a day to use the console.
https://www.pcmag.com/news/microsoft-xbox-one-wont-require-k...
To an extent the theoretical concerns that people are stating about Recall sound like paranoia, but the examples above show Microsoft has a bad history when it comes to privacy. Connecting Recall to the Internet sounds like a terrible idea, but so does restricting/limiting local accounts on Windows and (planning on) mandating that your home game console has a camera and mic connected and is connected to the Internet each day.
From the article, the US Department of Homeland Security claims that Microsoft has "a corporate culture that deprioritized enterprise security investments and rigorous risk management."
So while on the surface the concerns about Recall seem unreasonable, I think the fear is more understandable given Microsoft's many previously unthinkable actions, in addition to their poor security.
Notably, you lose out on full-disk encryption on Windows 11 Home. On Home and Pro you lose out on facial recognition login (Windows Hello), which can be a useful tool for avoiding shoulder surfing attacks in public. But by using a Microsoft account, your computer's password can be reset remotely. There's no way (official or otherwise) to maximize security on Windows 11. Outside of Enterprise, there's not even an official manner to setup an air-gapped Windows 11 PC!
Until they received massive backlash, Microsoft planned on requiring Xbox One users to have a Kinect (camera, mic, and motion sensing device) connected at all times when the console is on, as well as connect to the Internet once a day to use the console. https://www.pcmag.com/news/microsoft-xbox-one-wont-require-k...
To an extent the theoretical concerns that people are stating about Recall sound like paranoia, but the examples above show Microsoft has a bad history when it comes to privacy. Connecting Recall to the Internet sounds like a terrible idea, but so does restricting/limiting local accounts on Windows and (planning on) mandating that your home game console has a camera and mic connected and is connected to the Internet each day.
Unfortunately, they also have a bad history when it comes to security. Recent example: https://www.theverge.com/2024/4/3/24119787/microsoft-cloud-e...
From the article, the US Department of Homeland Security claims that Microsoft has "a corporate culture that deprioritized enterprise security investments and rigorous risk management."
So while on the surface the concerns about Recall seem unreasonable, I think the fear is more understandable given Microsoft's many previously unthinkable actions, in addition to their poor security.