OpenRecall

37 points by dragonbonheur 1 year ago | 24 comments
  • nicce 1 year ago
    In reality, only way to protect your privacy in this case, is to not to collect that data at all.

    Otherwise, you cannot use it like you want to.

    Anyone who hacks you computer, is able to access the same data as the end-user.

    > Privacy-focused: Your data is stored locally on your device, and you have the option (soon to be implemented) to encrypt it with a password for added security

    And password does not matter, since remote attacker can log your keyboard inputs.

    • blitzar 1 year ago
      > you have the option (soon to be implemented) to encrypt it

      If this is not in the first pass when implementing the idea then its a big no for me. Security should have been part of the original design, not shoehorned in after the event.

      • nicce 1 year ago
        Honestly, some sort of 2FA backed short-session private cloud would be better.

        But there is still small risk that attacker can access it for short time.

        • blitzar 1 year ago
          I am thinking some kind of rotating quantum key encryption that would silo off every interaction into its own secure enclave.
      • dgrin91 1 year ago
        If they have already hacked your computer then its basically the same problem, no? The hackers can install keyloggers, or even OpenRecall and exfiltrate data.
        • nicce 1 year ago
          > The hackers can install keyloggers, or even OpenRecall and exfiltrate data.

          Keyloggers have access to the potential future data, while Recall provides guaranteed access to historic data.

          • prmoustache 1 year ago
            I would say if the user has access to the historic data there is a good chance that any program having similar privileges would have access to it as well.
        • faeranne 1 year ago
          Ignoring the problematic details of this specific implementation (Seriously? they didn't make encryption the first thing to implement?), I think the biggest thing to remember is that, while the only sure-fire way to prevent this data from being stolen is to not record it, the likelihood some 2-bit hacker is gonna access this data goes way up when it's easy to expect it to be there.

          CoPilot Recall is a massive target because if you break into a system, there would be a good chance that data is there since it was opt-out by default. open-source recall implementations are not only opt-in, but require additional overhead to install, so the likelihood that one would find this data on the drive is such a low target as to be not worth including in an automated scanner.

          Remember that surface-area does matter in things like this. If you believe you're a large enough target for some amount of focus (and you might be if your involved in mid-scale open-source projects, like XZ apparently), then it's good to be cautious. If you're not that kind of target, then just remember you only need to be more complex than the average person, and something like this absolutely qualifies as "more complex".

        • ChrisArchitect 1 year ago
          Show HN: from the developer:

          https://news.ycombinator.com/item?id=40572260

          • drpossum 1 year ago
            I have seen this hyped several times over the last week with little traction and engagement.
            • mtndew4brkfst 1 year ago
              I've seen the author on just about every possible comment thread about Recall saying to check it out, incessantly and shamelessly. Good way to sour some people (like me) sight-unseen. I know HN is more tolerant of self promo than many platforms but I find it exceptionally off putting in this example.
            • junaru 1 year ago
              Back in the day we called it spyware but now its a 'productivity tool'. It's horrifying how this became the norm.
              • yjftsjthsd-h 1 year ago
                The difference is who controls it. I've run a tool on my machine that recorded every key press because I was researching how to optimize keyboard layouts. If someone else did that, it would be a keylogger and it would be very much not okay. But since I did it intentionally, it was a useful tool - though, granted, short lived because it made me nervous having that data around even in encrypted form. There's something there about tradeoffs and informed consent.
                • Alifatisk 1 year ago
                  The "recall" feature is not something new, rewind.ai has been offering this for years.
                • vikramkr 1 year ago
                  Calling this privacy focused and then shipping a version that doesn't even encrypt the data saying it's coming soon has to be one of the wildest possible ways to launch this lol. Microsoft set the bar low with how they addressed privacy concerns with their version of recall but apparently it was just the start of a limbo contest
                  • eterps 1 year ago
                    I can imagine a lot of developers are living mostly in the terminal and browser. Wouldn't it be much more efficient to integrate on that level instead of taking screenshots?
                  • eterps 1 year ago
                    Regardless whether you'd want to use something like this, in which cases could it be useful?
                    • nutrie 1 year ago
                      Exactly. It’s difficult enough to cope with the future, let alone the past :)
                    • vwampage 1 year ago
                      Privacy first!

                      ...encryption coming in a later update

                      • Refusing23 1 year ago
                        i tried this but it wouldnt run... so..

                        that was disappointing

                        • 1 year ago
                          • anais9 1 year ago
                            [flagged]