I thought this was a serious take for a second (until I looked at microsoft_recall_linux.exe - lol).
Having said that, I would actually be keen for something similar that is both open-source and totally local so that I could use the output as AI fodder (for a local inference model of course).
It's a joke yes but it does work, in a really crude way. The exe is actually a short bash script, it takes a screenshot every 5 seconds, feeds it to tesseract (OCR) and dumps the result in ~/.recall.
When I was working in audits, I used to record everything happening on my screen with 3 fps and then rewatching it with 10x speed, just not to forget anything.
When Recall was announced, I was in minority who thought it was super cool technology.
As long as it's stored and processed locally, I don't really see the implications being that much worse than someone getting all your local IRC/IM/email logs. (Those or their equivalents are stored in the cloud nowadays but disregard that for now for the sake of argument.)
It has been over a decade that big tech has been playing this script:
* Introduce a feature that is abysmal for user privacy
* Promise it's okay because $reasons
* Make the feature opt-out
* Change the EULA so that $reasons are no longer applicable/valid
* Roll out an update that "accidentally" turns the feature back on for everyone
* Apologize, deny, divert, deflect
* Siphon off all that sweet sweet user data
Rinse and repeat. Get away with it every time. People still go "oh I don't see the problem, they said $reasons". This time "it's stored locally". Until it won't.
You are merely objecting to Microsoft being the developer behind Recall. Great I don't fault you for that. But now consider hypothetically what if the Linux Foundation developed and announced Recall?
The linux foundation would introduce this is an optional thing you can download, with documentation on how it works, and where you can find the source. Within 3 days the community would make self hosted servers for it.
They are not known for siphoning user data through dark patterns, so there is nothing to object from me. If they were to try it the same underhanded way as microsoft, I'd be just as much against it.
That's exactly what I would think too in this thought experiment. So Recall itself isn't the problem; it's the way Microsoft built it. I am personally still in fact waiting for a reputable organization to build it.
If it was any other company than Microsoft, I might have agreed with you that it's fine as long as those things happen.
But if history is any indication of the future, as soon as the tool gets popular, Microsoft will try to claw back whatever data it can about it's users, or add Pro features only available to signed up Microsoft users who pay, or something similar.
I think many of us have been burned by these companies doing bait-and-switch so many times, that it's almost impossible to not see the writing on the wall here and even spend five minutes trying it out.
I much rather wait for the inevitable (serious) FOSS clone that will be safer to use instead.
> I much rather wait for the inevitable (serious) FOSS clone that will be safer to use instead.
Yep - though I've no interest in a tool like Recall (I don't really see the point, it doesn't do anything for me I'd want) I do understand that others may feel differently but even if I did want it, I'd wait for the FOSS version as well.
Anything stored locally can be exfiltrated by malware. Run OCR on the archives, check when someone opens their password manager, copy and exfiltrate the password.
Oh and partners, ex-partners and children can also abuse such data. Even if you clear your browsing history, forget about clearing the Recall cache and whoops, they can see your browsing habits post-facto.
Employers and law enforcement agencies are another bad actor that's to guard against. Even if laws such as GDPR or employee safety regulations prohibit companies from screenrecording, there's not much stopping them from using a feature Microsoft tries its hardest to prevent people from opting out of.
the privacy implications are really no worse than people who have a web browser cache/history, use a password manager, and have their entire email/message history available for offline perusal on their computer/device.
just like an attacker can go after the recall data, they can go after those well known sources of data as well, which are generally not encrypted.
Which is why, for example, the changes signal made to prevent recall from working when it was visible, were pure virtue signalling. By default signal on the PC keeps all messages sent available in a db that any attacker can easily download.
The entire criticism aimed at recall ignored all the other ways this data is stored on one's PC.
I think there is a difference between "I can audit the code, it's encrypted, I want to run this and want to use this" and "Microsoft installs it, it's not encrypted and wants to turn it on by default, potentially sharing data to them soon(tm)"
> When Recall was announced, I was in minority who thought it was super cool technology.
I think almost every serious computer professional want something like Recall, I don't think you were in the minority at all.
But the amount of people who want the least security-minded company of probably all time to manage that software, and for that program to ignore the last three decades of security/privacy methodologies, is probably something way less people want, and is why Recall is being shit on.
If a non-profit managed it, it had a security/privacy-first mindset/goals, and was run by non-Microsoft people, I think it could be a really useful tool.
Like several modern pieces of technology, it would in fact be "super cool" if only it ran locally and respected your privacy, and if it weren't in fact just a paper-thin excuse for massive and constant surveillance.
https://github.com/mediar-ai/screenpipe is promising, however it has some issues with my setup. I'm personally just dumping all the data with ffmpeg + x11grab, will figure out what I want to do with it later
> I would actually be keen for something similar that is both open-source and totally local
Did you actually look at it? Or just look at it? Because it is actually open-source and totally local.
# ... nonsense
while true; do
grim - | tee ~/.recall/$(date "+%Y-%m-%dT%H-%M-%S").png | tesseract stdin stdout 2>/dev/null >~/.recall/$(date "+%Y-%m-%dT%H-%M-%S").log
# ... other nonsense
done
I think all the nonsense/emojis are supposed to be funny, but that actually does the thing. Replace "tesseract" with whatever local AI you want; replace grim with some other screenshotting tool if you like.
I've done something like this for over a decade (although I have a diff that deletes duplicate frames) and I like to partition by date (do that "T" becomes a "/") because that makes other things easier, but my script isn't much more complicated than that.
That's the biggest problem I have with Recall. Not that the idea or functionality is bad, but that the probability that the company behind it will abuse it is so large that it's not worth the risk.
If the system worked fully locally, didn't come from Apple/Microsoft/Google/Facebook/etc., and had decent data isolation, I would probably turn it on.
Unfortunately I find that getting basic OCR to work reliably on Linux is a challenge in itself compared to Windows' APIs and quality of OCR results, so I doubt an honest, well-intentioned implementation will make it to Linux.
Having said that, I would actually be keen for something similar that is both open-source and totally local so that I could use the output as AI fodder (for a local inference model of course).