Comments

TimH May 23, 2025 11:12 AM

Signal’s next step needs to be to advise a user whether or not any other client on the chat is on Windows with Recall enabled. That will increase security (alert people to the possiblity of unexpected surveillance), and encourage users to disable Recall.

TimH May 23, 2025 11:24 AM

A further thought… should MS decide to fix the API so that the Signal client can’t use it, then will be clear that the underlying purpose of Recall is to provide surveillance.

See ElReg which says:

Redmond insists the data all stays on your PC’s local storage.

“Recall does not share snapshots or associated data with Microsoft or third parties,” it said, “nor is it shared between different Windows users on the same device.

Per a comment:

The statement could have been “Recall snapshots and associated data remain on the computer” if they weren’t intending to allow weasel room.

Clive Robinson May 23, 2025 2:08 PM

Thin edge of nightmare that is client side scanning

Many have noted that they,

“Have no need or want of recall”

Unfortunately that is not true. It is one of those insidious things you unknowingly become reliant on.

Think of it as the silent servant who tidies up and cleans behind you, and most importantly puts things “back in their place”, so you do not have to think about where they are.

Anyone who currently has more than three or four “browser tabs open” are obvious shoe ins so

“Will be seduced by the dark side Recall is.”

Microsoft know this from the earliest user testing of Win 3 and earlier.

In a way Recall will replace the need for people to think and remember. This in turn will on the surface enable them to get more done in less time…

So will change the way they work to just “load pages” then “skim with recall” and treat it as their own “search engine” etc.

And that is why it will become essential for the weak of will and those who do not learn to use a work tool correctly.

Which brings up the flip side…

For as long as mankind has been able to record thoughts on objects like mud paint on cave walls he has used tools.

Proficiency in the use of tools has two advantages,

1, They act not just as force multipliers but enable other force multipliers to be made, so increasing an individuals ability to survive.

2, All tools because they are force multipliers are dangerous to use and can easily cause harm to the user and those around them.

So a person who uses tools has to learn skills to get the benefit not the harm from them.

However since the Victorian era and the cost of developing skills, “inventors” have come up with ways to constrain force multipliers such that the cause less harm and become much easier to use.

In WWII and the post war 1950/60’s was an era when factories went up everywhere and just about anyone who could “walk and talk” could be given well paying jobs. It was also the time modern semiconductors were invented and valves/tubes replaced. Soon countries in the Far east were using those semiconductors to manufacture goods “more desirable” than those based on valves/tubes and by the 1970’s factories in the US and Europe could nolonger compete and started to close. The rest of US and EU factories tended to follow suit and closed.

In a way this did not matter much because in the 1980’s the “knowledge industries” came into being. And for those that could make the switch work was less physically stressful and increasingly better paid.

Some are saying that AI “assisted by client side scanning” will provide factories for the “knowledge industries”. “AI in use” actually started back in the 1980’s with “fuzzy logic” and “expert systems” quite skilled jobs such as train drivers and doctors started to be replaced by control systems and computers, because they had become inexpensive enough.

Likewise those working in factories in the Far East started to be replaced by “robots” that were in effect trained by skilled workers being “observed at work”.

It is this latter point that people need to consider carefully. Because Recall will get used by Microsoft to “train their systems” thus make anyone with a repetitive task be it physical or mental “replaceable”.

I’ve talked in the past about the two basic types of “Make Work” and how something like 20-30% of the workforce falls into either type. So something like 50% of jobs will get replaced by much more basic AI systems than the current LLM and ML systems we see and talk about.

The thing is you will not be able to buy and own any of these worker replacement AI Systems. You will only be able to rent them and thus become subject to what are in effect monopolistic organisations like Microsoft.

Worse with each tiny change, you will have to sign up to new ever more invasive agreements where Microsoft etc can take the skills of your workers and then rent them back to you.

I’ve warned about this with Palantir that aims to kill off human detectives, investigators, and analysts and replace them with their systems. Also they gain access to all the data that they then “repackage” to be used by other organisations at high price.

I for one as a UK Citizen am not pleased that all my confidential medical records are in Palantir’s systems thus available to any and all of their “paying customers” such as the US ICE etc.

Imagine what Microsoft could gain from you via “client side scanning” not just of what you do, but how you do it. Ask yourself which is more valuable to you, the “work content” or how you “process the work” to add real value to it, thus earn an income?

But further consider others with significant interest in “client side scanning”. We know that law enforcement have desires you can not believe about “Client Side Scanning” hooked up to AI systems.

Think about how they have backdoored users web browsers, mobile phones etc and get away with it because they run rings around the intent of the law if not the letter.

Microsoft Recall is going to become a “silent partner” to all “police states” and all states will use Recall to become step by step “police states”…

And Microsoft, Palantir and others see vast fortunes to be made in “renting” these systems and the data and skills they collect back to people to short sighted or stupid to realise just what these systems will do, not just to individuals, organisations and even themselves.

Look on Recall and all “client side scanning” as a form of “gateway drug” that will turn people into addicts that Microsoft etc will more ruthlessly exploit than the worst of “Street Dealers” working school playgrounds etc…

Nik May 23, 2025 5:27 PM

Relying on Microsoft Windows to block Recall… Isn’t that like relying on the fox to guard the hen house?

I’m just waiting for the inevitable…

@Clive: Geeze, how could you write all that & miss so much? Social Media – Facebook, Twitter, Reddit, etc – have been mining all our private information for a long time! Amazon’s Alexa devices, along with the corresponding cell phone apps, well many folks believe they have been eavesdropping on our conversations. Folks claim they talk about buying a new car and suddenly there’s a ton of car advertisements everywhere they look. And people put these devices everywhere. There’s even been a push to put them in the bedroom, with a camera to digitally try on outfits. Google gave everyone free email, and now they are using that for AI (“Smart Replys”). Folks claim both Microsoft & Apple have been sending identifiers (checksums) on the applications you run back to the mothership, ostensibly for “security” to verify they’re safe. That isn’t the only use. It also lets them track what you’re doing.

Connect the dots already. Microsoft forcing AI on everyone, and Windows Recall, and killing Windows 10 next October when, like, 40% to 70% (depending on your source) of Windows 10 computers don’t have the hardware to upgrade to Windows 11 AND our (U.S.) supply chains & prices are, shall we say, in “a state of extreme flux”… This is Microsoft playing catchup in the spying on consumers sector.

Not the first time Microsoft has fallen behind in tech [cellphones], and they’re still standing. But this time… This time around Linux is actually good enough to compete. With complete privacy, no less. And free apps for everything from Word Processing (LibreOffice) & Graphical Editing (GIMP, Inkscape, ImageMagik, etc) to Games (Sol[solitare], sgt-mines, gnome-tetravex, dreamchess, & much much more PLUS the Steam platform) & Movie watching (VLC, mplayer) & Google Chrome AND so much more. ADD in the middle & lower classes being poorer, and struggling to get by with (reportedly) higher prices & fewer jobs… Well, it’ll be interesting to see how this plays out.

In regard to Windows Recall: Where it really shines is for employers. Recall is ready-made to watch over their employees’ shoulder, literally looking at exactly what each & every employee did all day, every day, every week, every month, every year, all to find something, anything, any day when some specific employee wasn’t 100% effective, like say debugging software, so the employer can use that to justify firing that employee.

As for me: I’m retired. I’m making popcorn, sitting back, and watching the whole show as it unfolds in realtime. It’s a lot more interesting than what passes for TV & Movies these days.

Clive Robinson May 23, 2025 7:44 PM

@ Nik,

With regards,

“Geeze, how could you write all that & miss so much? Social Media – Facebook, Twitter, Reddit, etc – have been mining all our private information for a long time!”

I did not miss them, they are not really relevant, because they are not new and have been discussed multiple times on earlier threads on this blog.

But also they are the “cheese” to Microsoft’s “chalk”.

If you want to compare Apples with Apples, I was talking about “embedded in the OS” “client side scanning” of the worlds most used OS family. I could have mentioned Apple and Google and their OS’s, but honestly ask yourself,

“How long now before clint side scanning gets built into linux?”

By say “Agent P” who now works for Microsoft and is ideally placed to slip in the base “unavoidability” for Client Side Scanning to be built on.

You can guarantee if Microsoft get Client Side Scanning they way they want it on your computer… the autocrats in Government will have wet dreams over it and force “Client Side Scanning” onto all user OS’s by law using “think of the children” style dog whistles.

Because “Embedded in the OS” Client Side Scanning, can not be easily avoided unlike PII gathering in an app or online service.

The point is also Microsoft has “previous” in “boiling the frog” that is it might allow some user control initially but in a relatively short time, screw it down via updates etc so there is no user choice and no user back out. Which suits them and suits the autocrats in government.

If you are a longterm reader you will know that

“I don’t do”,

1, Apps especially supposedly secure apps like Signal.
2, Social media.
3, Email.
4, External communications with any of my computers.
5, “Air Gapping” but more secure “Energy Gapping”.

There are several other “Don’ts” on my list that I’ve mentioned in the past on this blog, like I don’t use “consumer / commercial” security devices, for two reasons,

1, They are all compromised in some way thus have known security flaws.
2, I build my own devices.

Also I try not to “paint a target on my back” so I don’t use digital communications the way most are forced to do “by custom and convention”.

Bozo in ideho May 23, 2025 9:59 PM

@Clive Robinson,
“Also I try not to “paint a target on my back””

If you’ve come to this Blog, congratulations – you’ve painted the Bull’s Eye on your back. Or did you manage to use the Internetz without an IP Baddress – please do lemme know as I’d love to get that kind of OpSec goin’ 4 moi. Merci.

Who? May 24, 2025 3:23 PM

@ TimH

A further thought… should MS decide to fix the API so that the Signal client can’t use it, then will be clear that the underlying purpose of Recall is to provide surveillance.

There are easier way to get this ‘fixed’, just pass regulations like EU’s Child Sexual Abuse Regulation (“CSAR”), also known as Chat Control, that will make illegal Signal’s bold movement.

Who? May 24, 2025 3:45 PM

@ Clive Robinson

“How long now before clint side scanning gets built into linux?”

Cannot talk about Linux, but at least open source projects as OpenBSD will never implement client side scanning techniques*

————
*Now that I cite OpenBSD… Mr. Trump’s imperialist ambitions can make Canada part of the United States. I know for sure, OpenBSD will resist any NSL they will receive.

Nik May 24, 2025 9:24 PM

This sounds like a “Tempest in a teapot”. I’ll worry about Recall being forced on Open/Net/Free-BSD & Linux when it happens.

Microsoft Windows Recall storing a snapshot every few (5?) seconds eats up a lot of disk space. So much so that it won’t run on Windows if you don’t have enough free disk space, which is a common occurrence with games being enormous (some are now over 300GB).

SSD’s have a finite write capacity. While it has increased over the years, Recall will wear the drive out sooner, shortening the SSD lifespan by years. And with SSD’s soldered unreplaceably to the motherboard…

Do you see it now? This is less about law enforcement and more about getting you to buy a new computer and repurchase all your Microsoft software more frequently.

Where are Open/Net/Free-BSD & Linux primarily utilized today? Cloud servers. Chromebooks. Small devices. None of which are going to appreciate the storage & CPU & power requirements of Recall. These uses make the Tech companies a lot of money. Including Microsoft. Especially the cloud servers. They won’t want to be burdened by Recall.

With Open/Net/Free-BSD & Linux being Open-Source, I can edit & recompile everything myself. It’s time consuming, but not particularly difficult. I can run whatever I want.

Legally enforcing it kills the marketplace. Many very wealthy tech firms won’t like losing sales.

If recall was really going to be forced on Linux, then why give us things like the ability to delete our web browser search-history & cookies? Perhaps because Law Enforcement doesn’t need to get that data from the client-side.

I’m sure Law Enforcement will appreciate Recall where it is available. But forcing (& enforcing) someone like Clive to use Recall is more trouble than it’s worth. At least for now. It’s just a lot less effort & cost to merely enjoy the low-hanging fruit than to overreach for more.

MikeOh Shark May 26, 2025 8:34 AM

I think everyone here is trying to not be the low-hanging fruit.

I see a couple books on my shelf by our esteemed host but none by Clive. :{

@Clive, any chance we will ever see a compilation of actionable steps we can take to at least minimise our digital dossiers?

My email runs in a tighter firejail with it’s own firewall rules, allowing only ports 995 and 465 and only to my ISP, and set to text only. Personal correspondance is encrypted and limited.

Like everyone else, I am sure there are things we are missing. 🙁

Clive Robinson May 26, 2025 3:09 PM

@ MikeOh Shark,

With Regards,

“[A]ny chance we will ever see a compilation of actionable steps we can take to at least minimise our digital dossiers?”

The answers to that have to a certain extent already been given on this blog in the past.

But the important thing to realise is as far as we can tell we’ve been homosapiens for a very long time, and in many respects we have not really changed for ten thousand years or more. Also that we are not likely to change much if at all in the next twenty generations or so unless our technology becomes existential in some way.

But briefly the first actionable step is to,

“Understand your environment”

By that I mean “from the dirt up” and “from three centuries or more ago”. That is before we had anything we would these days call technology.

Yes, lives were comparably short and often brutish but people lived and from their perspective often thrived.

The second actionable step is to

“Know your place in your environment”

Look at what mankind has done, not so much the successes but how the failures happened and the lessons learned. As I’ve mentioned before I have an interest in “industrial history / archeology” not just the taming of the environment and the development of tools and technology but importantly the human aspects. There is after all a couple of reasons why the “english word” sabotage is derived from the “french word” for a wooden shoe.

The third actionable step is,

“Know other peoples place in your environment.”

This was untill recently the “human aspect” of “trust” that many will try to tell you is “paranoia” untill they come running to you because they have over trusted and that trust has been betrayed.

Whilst I won’t say,

“Every one is out to get you”

It rather depends on where you are. A look into the history of the old East Germany under Honecker and his Wife will probably make you reasses quite a few of your trust boundaries,

‘https://historyreclaimed.co.uk/meeting-margot-memories-of-a-marxist-monster/

Unfortunately similar authoritarian behaviours are now spreading in the Western World irrespective of political flavour. What they have in common is power by violence, control, and narcissism as well as the usual criminal activities.

An understanding of the hierarchy power structures and the associated “authoritarian followers” and thus the “guard labour” is way beyond a short comment post. I’ve mentioned in the past Canadian Prof Bob Altemeyer,

https://en.wikipedia.org/wiki/Bob_Altemeyer

‘https://theauthoritarians.org/

As being a good place to learn about such things (and everybody should for their own protection).

The next actionable step I will mention is,

“Understand the three modes information exists in you environment”

These are,

1, Information Communications.
2, Information Storage.
3, Information Processing.

The important thing to remember is that Information is not matter or energy and effectively not subject to physical forces.

Because information is

“Impressed on, or modulates, physical matter or energy”

Thus it is constrained when we can interact with it by the laws of nature that effects matter and energy.

Which brings us to the next actionable step

“Study communications”

It get’s split into two parts, the message and the delivery system, a solid understanding of both is essential in many ways.

There is the story of shaving a slaves head and tattooing a secret message… Or the more practical putting a message under the wax of a soft tablet. These were just basic “concealment”. Later the use of a staff of fixed diameter gave the first “transposition cipher” and Creaser supposedly gave us our first “substitution cipher”. It was quite a time before somebody chose to do both to the same message. Though before that substitution was expanded from letters to words and sentences with codes. The purpose of all of these was to “break the statistics” at various semantic levels. Modern systems still do the same thing even those seen as mathematical ciphers. That is all you are doing is a shuffle and flip the bit states in some way [1]. That only the two parties know even if the methods are well understood and well known to others (Auguste Kerckhoffs Principle of “The enemy knows the system”).

People need to learn the history of the delivery systems used prior to “digital networking”. There are an abundance of lessons to be learned even using “in plain sight” systems like newspaper adverts, postal services, and radio broadcasts.

When looking at “digital communications” remember whilst the recipients address needs to be valid, the senders address does not. In TCP terms consider UDP used in actual “half duplex” mode the receiving node cares not from where the data packet came from all it has to know is the packet is legitimate (it’s why early DDoS attacks worked and to some extent still do).

Further consider that both the DoD/DARPA and ISO-OSI stacks are designed to sit on top of other unknown networks that get lumped into the “Physical Layer”. Thus you could send data via one network and this then drops into the Internet at some other point in the world. In turn the Internet can be the physical layer for another network which is the idea behind Tor and Mix Nets and “Fleet Broadcast” systems.

Ham / Amateur radio operators do this as “standard practice” these days and reading up on the history of the hobby since the 1980’s might give food for thought see how “Hot Spots” and “Reflectors” work. Likewise remember as you go up in frequency EM radiation becomes easier to focus and direct. Back in times past flame or lime light “shrouded lamps” were used through telescopes to give increased privacy for long distance signalling like a highly focused spot-light. Have a look at LoRa / Meshtastic systems and the use of high gain antennas that due to the way they are mounted have little or no side-lobes. The fact you get link encryption using AES can also be of interest. But also consider modern infra-red laser diodes they can do “line of sight” as far as you can see if not further various Ham operators have built digital systems around them. But also as you get down the other end of the radio spectrum into the low HF bands you can beam your TX signal upwards and have it bounce off of the ionosphere back down again look up “Near Vertical Incident Skywave”(NVIS) it gives a regional area of coverage out to a couple of hundred miles. But due to the way reflected low HF works you can really only “direction find” traditionally what is called the “ground wave”. A suitable choice of antenna and location will thus give an NVIS system a modicum of covertness.

There are many other physical layer technologies you can use for delivering messages and importantly as with the older postal systems you can have separation of sending and receiving locations and each of those can be in effect changed message after message. All you need is some way to synchronise. It’s why one of my interests are “Anonymous Rendezvous Systems”.

But as noted in WWII or earlier by Claude Shannon, all communication of information requires “redundancy”. Further as noted By Gus Simmons some years later, where there is redundancy you can form a covert communications channel.

So there are other tricks using Spread Spectrum, working at the edge of the Shannon limit, and “Multiple Input Multiple Output”(MIMO) techniques to produce “Low Probability of Intercept”(LPI) systems.

Thus you do not have to have your location known to protocols or third parties to communicate successfully.

This the brings us to a more problematic actionable,

“Private Storage of Information”

Under usual use the desire is to store all wanted information as long as possible, but unwanted information not at all. Also for Privacy a way to keep stored information from third parties and the ability to reliably erase it.

Most modern technology does not make erasing stored data easy or actually viable in most cases. Which means Privacy has to be obtained in some other way. The two basic ways are segregation and encryption. The problem with segregation is “Might is Right” and “Evil Maids” and similar. You therefore have to assume segregation is at best transitory if not impossible sometimes even in the short term.

Therefore “data at rest” should always be encrypted, and where possible data in active use should also be encrypted in RAM etc.

The problem with encryption and storage is that even though encryption for communications is hard, it’s in effect trivial in comparison to encryption used with storage both short term and longterm.

Consider a stream cipher and a text editor. It’s easy to end up with two files where the plaintexts are broadly the same but are not but encrypted under the same key. The resulting differences opens things up to various attack techniques.

Thus much security of information is despite good storage encryption still done by segregation at as many levels as possible.

It’s in that broad overlap between information storage and information processing.

In the past I’ve talked about having two “energy gap” segregated systems. One on which you do your private work etc and it’s never connected to external communications. the other you use for public communications such as the Internet and is assumed to be compromised at all times.

I’ve also warned about “end run attacks” where by things in your environment can “shoulder surf” you and it’s a subject that would fill several books.

The other issue is modern hardware is designed to use external communications all the time. In past discussions I’ve indicated I have pre-1995 systems I use for development and support. This vintage is the last where external communications was not built in in some way. By the time you get to 2005 hardware external communications is realistically “boiled in” in PC hardware and disabling it difficult at best.

I also use “Embedded / microcontroller development Systems” or systems I have built using microcontrollers. I’ve my own somewhat primitive BIOS/OS and compilers and interpreters that are CLI only and some go back to the 1980’s. It also means I’ve had to write the apps in the past… However these days you can find source code for “minimalist apps” you can strip back to make more “reliable” especially the ditching of anything other than Plain 7bit ASCII and open formats such as CSV etc.

This leaves the problem of “gap crossing” which I have talked about in the past here in reasonable detail. As such it’s a subject very much in it’s own right so really comes under several actionable points including TEMPEST / EmSec both passive and active. So I won’t go into it here.

The last of the three is “Information Processing”.

Whilst it is now possible to somewhat process encrypted information without first decrypting it, such that it works on the plain text without making it available. It’s nowhere near “Primetime”.

So to sum up all of this brings you back to plaintext and strong segregation for processing and encryption just about everywhere else.

[1] Importantly though don’t fall into the “one to one trap” that is there is absolutely no reason why the size of the “plaintext alphabet” set should be the same size of the “ciphertext alphabet” set only that the transformation be uniquely invertible.

Peter A. May 26, 2025 3:20 PM

@MikeOh Shark: I run my own email infrastructure since I left the cosy and friendly university server that I had been running myself 😉 Once I have decided to get a better job, I had the choice to open gmail or whatever “free” mail service, or do it myself. I have chosen the latter, for two reasons: configurability and privacy. Gmail seemed then like cheap canned spam (pun intended) consumed at a crowded bar with everyone and a few constables looking. Self-made was more like a nice steak in your own cosy kitchen done to your taste shared with your best friends, but it required some skill and effort. Today, everyone else eats out at the bar not only with constables at the entrance – half the crowd are secret agents.

I still keep this whole stuff up, with increasing effort, for configurability. Privacy is lost – everyone else has their email at G or similar. I can still write (somewhat) private emails to myself & family.

@Clive Robinson: I admire your abstinence. It requires, however, a very very modest lifestyle. For most of us mortals, foregoing email (required for many online activities as a stepping stone), online shopping (a necessity if you just can’t make do with whatever is available within walking or commuting distance) or online banking (mostly required for online shopping) is nearly infeasible. Trivial example from two weeks ago: I have bought my wife a new nice dress – offline, paid with cash. But there were literally no matching shoes or purse. We’ve toured almost all the shops in the vicinity, big or small – nothing. I had to find and order them online… Another example: our kitchen stove broke a little (was still working, but the broken part could lead to further damage). It appears that all spare parts shops I knew of are out of business already… had to order it online. Spare fuse needed for an appliance? Brick and mortar electronics parts shops are all long bankrupt over here, only online retailers remain. And so on, and so forth. A new brave world…

Bauke Jan Douma May 26, 2025 8:01 PM

@Peter A.

I feel the sense of urgency.

Here’s what you will do. Determine coordinates of the nearest highway exit. Get the phone number of Walmart HQ. Call Walmart HQ. Cite said coordinates.
Wait.

You’ll have everything that you need, and with a bit of luck — so will your wife.

Thank you.

MikeOh Shark May 26, 2025 9:38 PM

@Clive, thank you. I will follow the links and try to keep to the proper mindset.

@ Peter A. I see the impossibility of total abstinence in today’s world. In the US more companies are requiring email to save them costs of sending paper copies of SEC required documents or to send 2FA codes at login.

I am fortunate that I have always had an interest in how things work and what the methods used mean to me. I recall the early ’90s when I first noticed single pixel gifs from third party servers, pixels served via ftp on web pages when Netscape had a field in settings to provide an email address for “anonymous” logins, MRUs appearing in programs, GUIDs in the registry when Windows added a registry, and help files moving from compiled help to on the web.

Now, it is necessary to follow changes to standards and know more about deeper levels just to try to be a little harder to follow.

The company I used to work for abandoned it’s own mail servers for gmail. From the outside all looked normal since we used the same company name domain as always. I never used my work email to send a spreadsheet home or a personal email because I didn’t want to give the contact info to Google. People thought I was paranoid.

Most people don’t see or want to think about all the ways information can be used against them. ADP processes payroll for lots of companies and if you took a lower salary at the job after a layoff because you don’t want to move or need to care for an elderly parent, you will be offered 5 cents more per hour at your next job because they buy your salary history from ADP.

All the ways information is being used against people need more visibility but too much is hidden so deep there aren’t enough eyes on the problems.

J. Smith May 27, 2025 12:46 AM

When the first Kindle book reader came out, many years ago, I thought:

“This looks great! I’m going to buy one!”

But before buying one, I happened to read an article that explained that the device keeps track of one’s reading habits, and reports it’s findings back to Amazon.

I thought: “How intrusive!” To me it was the same as if a person was standing over my shoulder, writing down everything I read, how long I spent reading it, which passages I highlighted, etc. and then passing this info along to The Supreme Master.

I never bought a Kindle, or any other e-book reader.

My friends said: “Why do you think ‘the government’ is interested in YOU?”

I said: “Amazon isn’t ‘the government,’ and I don’t think Amazon et al is interested in ME. I think Amazon, and other companies, AND ‘the government’ is literally interested in EVERYONE. They ALL want to know what ALL of us are doing.”

Fast forward to today, and, well—

I have a de-Googled phone, I run Linux mostly, I use a (supposedly) private and secure email service HQed in a (supposedly) “safe” country and insist that my close contacts also use the free version of this service, and insist that anything sensitive be encrypted and attached, have never used “social media,” etc.

As one commenter has said, however: most people won’t even take THESE rudimentary steps, because “convenience.” And yet: they would NEVER allow a person to stand over them with a clipboard and a video camera, recording EVERYTHING they did, constantly, though simultaneously allowing Google, Amazon, Microsoft, Apple, etc to do exactly that.

Clive Robinson May 27, 2025 12:50 AM

@ Shut it Down…, ALL,

With regards,

“World blocks Microsoft Windows”

It’s unlikely to happen.

For the reason something else will happen first and nobody is to big to fail as Bill Gates himself said he could see one day Microsoft would not exist.

Two reasons to consider,

First, Microsoft is nolonger “invested” in Windows. It’s now just seen as a “conversion tool” for turning Microsoft from a technology company to a finance institution. By way of turning Microsoft into a “rent seeking organisation”. It actually started for different reasons back with Win 3.x and the wrong direction taken on networking meaning Microsoft had to play “catch up” thus grabbed the BSD stack. It also got “royally roasted legally over “on the fly hard drive compression” in MS-Dos 6.x, then there was the built in “Internet Explorer as Desktop” litigation. So As the *nix ecosystem not just catches up but looks like it’s “going to eat Microsoft’s lunch” Microsoft has started with the “embrace and extend” trick yet again and it looks like they’ve chosen GNU/Linux at this time. The “windows” aspect will again become “embrace and extend” of other Open Source.

Thus Microsoft fully intend that Open Source will be owned by them rather than developed by them. Thus the dreams of those thousands of developers will get stolen in a worse than “Pyrrhic Victory” as they find their work if not themselves effectively enslaved in the Microsoft “rent seeking ecosystem” they are creating.

Which brings us on to a more general point…

Secondly, Microsoft in turning it’s self from a “technology development organisation” into a “finance institution” is going down the same road as the other Silicon Valley Mega-Corps. They all know that they will get attacked by the US legal system for being a monopoly or cartel or just “dominant player” etc etc. Thus the trick is to know that whilst litigation can be staved off for years relatively inexpensively in comparison to income the odds of winning are not good because “funded by the people for the people” legal entities are in reality after “scalps to nail to the door” not “justice for the people”.

Thus the way to win is either “not to play” or “play to loose with minimal or no loss”. As they can not really achieve the former because they can not stop politically ambitious lawyers putting the cross hairs on them they can instead do the latter.

The way to do that is to realise that all large organisations have parts that do not show “short term shareholder value”. R&D is one such where “the profit is in the title” of “Intellectual Property”(IP). Thus setup the organisation such that it is easy to restructure at whim. When it’s clear what direction legal remediation is likely going to go in simply move the existing title etc away from the target. Then fill the target with what is not showing “the numbers in reality” so when it gets “legally forced sale, it will fail”. Thus will be no threat to the organisation. And as importantly to investors not effect their view of the Mega-Corp they are enchanted by that always makes the numbers.

There is a book “Power Failure”[1] people might consider reading[2] about the first US tech-developer Mega-Corp that turned it’s self into a finance institution. The Corp was the GE conglomerate, and it’s hand grenade like fracturing at the begining of this century has a lot of valuable lessons in it. Not just for business practice but also for some ill advised technical practices such as “Move fast and…” and especially “Technical debt” which works almost the same way as financial engineering where covering long-term obligations with short-term sources of input for repayment is a very dangerous game, that usually ends badly the moment favourable winds change.

The fact is “conglomerates” which is what Microsoft now is –in part out of self protection– are notoriously difficult to run effectively, especially if formed of disparate parts forced into an amalgam of a limited product. Not only because they pull in all sorts of unexpected directions but the interfaces between parts are constantly in flux. Which is why many large organisation managers are viewing AI as a way to as it were “pour oil on the broiling seas” to gain some additional reach and control, thus further “expand for shareholder value”.

But ultimately the question is can the Silicon Valley Mega-Corps like Microsoft be sufficiently “fleet of foot” to stay ahead of “the scalp hunters”?

[1] “Power Failure” by William Cohan 2022, from Penguin Random House,

https://www.penguinrandomhouse.com/books/609226/power-failure-by-william-d-cohan/

[2] As always “research a little before you invest” 😉 Thus read a review for free first,

https://www.gwintrob.com/power-failure-review/

The book is quite hefty at 700 pages and it reads a lot like a timeline of cameos of individuals and almost hero worship of one who is also actually the main crook/villain… However the lessons are in there you just have to catch them as you read by.

Clive Robinson May 27, 2025 7:12 AM

@ Peter A., ALL,

With regards,

“It requires, however, a very very modest lifestyle.”

Something I’ve always preserved, and a viewpoint I acquired from my parents both of whom fought during WWII but knew the frugality of living from times before and how to store food etc for the lean times. One advantage of which is “a lot less unnatural chemicals in your food”. But likewise it’s taught me “value” which is why I learnt to drive but have never purchased a vehicle and thus been subject to all the “rent seeking” that goes directly with it, nor the risk of a “drunk in charge” or similar associated “rent seeking”.

So as with everything in life it has it’s downs and ups.

BUT Also some of which have,

“Important security lessons”

In a general form within them.

Which is why I note your issue,

“Another example: our kitchen stove broke a little (was still working, but the broken part could lead to further damage). It appears that all spare parts shops I knew of are out of business already… “

As I’ve mentioned before my “gas stove” broke nearly a couple of decades or so back and it was the thermocouple in the oven flame that had burned through and failed after a couple of decades of use.

Like you I found the few shops that still existed even back then did not “carry the part” nor for that matter did any online supplier. The message being clearly sent by manufacturers was,

“Throw the stove away and buy a fancy new microprocessor controlled matching separates –with of course– and new kitchen units to put them in.”

So the equivalent of at least a weeks higher end middle class income even if I did all the installation work my self, versus a part that should cost less than a half of beer…

(Oh and don’t forget that homeless rats like warm, cosy, dark and difficult to get to places, just like such oven laden kitchen units give, to put down roots and make a family…)

So I pulled the stove out and decided to see if I could fix it by buying a component level “sub-part” that would “fit” the broken unit.

A quick examination revealed that it was actually a “Don’t stick your head in the oven” part, a design legacy from “town gas days”[1] that ended back in the 1970’s. The thermocouple when hot enough produced a current that pulled in a solenoid valve that pulled out the gas flow restrictor.

A very short while later I had unhooked the solenoid valve and set the valve in the open position and the oven worked fine again…

A classic case of unwarranted “security” adding complexity that when it fails –and it always does– breaks the whole system apparently needlessly. BUT, ensuring a faster down stream inflation linked income for the manufacture and associated agents.

I’ve looked around since on the odd occasion for a replacement unit or component, but I guess after forty years or so they are nolonger made at all, as the issue they were designed to solve nolonger exists[1]. The oven however still works just fine for what it’s needed to do.

The point is from a systems point of view there is the important lesson that,

Over complicated, ill thought out, or unneeded security systems give rise to the failure of the whole system needlessly. And probably when the system is most / critically needed.

(There are people in Texas who can attest to this and several other places)

Oh and as it also “reduces reliability” of the whole system, it also ruins those all important “availability” figures.

A lesson all Security Systems designers should learn.

Oh and a secondary security lesson,

Security should be integral to the whole system and built in from before the design phase, otherwise it becomes easy to bypass.

A padlock on a chain to keep access secure is “faux-security” because it’s a classic example of two failings,

1, Security as an afterthought.
2, Weakest link in the chain.

It goes back a long way, which is why I usually use the “more modern” example of Victorian artificers and their boilers and steam engines. And how their repeated deadly disasters and news paper front page reports forced Governments to legislate and importantly regulate. With the result science got added to the tool box. Such that engineering emerged phoenix like from the ashs, death, and destruction of the artificer made disasters.

I think most can see parallels with the current Social Media and AI industries with the “Move fast and break things” attitude of a luddite. That unfortunately can be found in other areas of the ICT creation industries. It’s already had it’s head lines which in turn has given rise to opinion pieces like this one from the Harvard Business Review,

‘https://hbr.org/2019/01/the-era-of-move-fast-and-break-things-is-over

[1] Also known as “coal gas” it’s carbon monoxide which is a fairly rapidly deadly poison gas also known as “the silent killer” that will “kill you in your sleep”. Hence all the warnings about having detectors in your home or boat etc. It’s made by “cooking organics” or “partial burning” in a similar process to making charcoal and wood gas. It was well known back in the 1960’s and earlier that “coal gas” was a quick and fairly painless way to kill yourself, hence the “don’t put your head in the oven” device. But it’s replacement “natural gas” does not kill as a poison and they add a foul smelling chemical as a warning. To kill you natural gas would have to stop oxygen getting into you, a process also known as “smothering”. which I can tell you from nearly having drowned in a canoeing accident is not at all a painless process. Your body literally fights for life and you can not ordinarily stop it doing so even if heavily asleep it will wake you. As anyone who suffers from sleep apnoea will have been told is why they sometimes “panic wake” scared half to death.

Steve T. June 15, 2025 9:28 PM

I’m glad I still do most of my work on Windows 7.

This ‘Recall’ feature: it seems to me that the snapshots of the desktop as taken by Recall have to be stored somewhere. Like a particular directory of a particular drive. I suppose it’s even possible that it will jump storage locations like some malware used to do. But it seems to me that a program could be written that knows where this storage location is on the computer, and whenever there is something saved in the location, it gets deleted. While it takes a little overhead, it prevents the main thing: it keeps Microsoft from grabbing those screenshots. Or is that too straightforward?

Now, if only ‘industry’ could stop compiling apps for Windows 10 and newer! I think Microsoft is strong-arming industry into doing this.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.