Source: www.schneier.com – Author: Bruce Schneier
TimH • May 23, 2025 11:12 AM
Signal’s next step needs to be to advise a user whether or not any other client on the chat is on Windows with Recall enabled. That will increase security (alert people to the possiblity of unexpected surveillance), and encourage users to disable Recall.
Clive Robinson • May 23, 2025 2:08 PM
Thin edge of nightmare that is client side scanning
Many have noted that they,
“Have no need or want of recall”
Unfortunately that is not true. It is one of those insidious things you unknowingly become reliant on.
Think of it as the silent servant who tidies up and cleans behind you, and most importantly puts things “back in their place”, so you do not have to think about where they are.
Anyone who currently has more than three or four “browser tabs open” are obvious shoe ins so
“Will be seduced by the dark side Recall is.”
Microsoft know this from the earliest user testing of Win 3 and earlier.
In a way Recall will replace the need for people to think and remember. This in turn will on the surface enable them to get more done in less time…
So will change the way they work to just “load pages” then “skim with recall” and treat it as their own “search engine” etc.
And that is why it will become essential for the weak of will and those who do not learn to use a work tool correctly.
Which brings up the flip side…
For as long as mankind has been able to record thoughts on objects like mud paint on cave walls he has used tools.
Proficiency in the use of tools has two advantages,
1, They act not just as force multipliers but enable other force multipliers to be made, so increasing an individuals ability to survive.
2, All tools because they are force multipliers are dangerous to use and can easily cause harm to the user and those around them.
So a person who uses tools has to learn skills to get the benefit not the harm from them.
However since the Victorian era and the cost of developing skills, “inventors” have come up with ways to constrain force multipliers such that the cause less harm and become much easier to use.
In WWII and the post war 1950/60’s was an era when factories went up everywhere and just about anyone who could “walk and talk” could be given well paying jobs. It was also the time modern semiconductors were invented and valves/tubes replaced. Soon countries in the Far east were using those semiconductors to manufacture goods “more desirable” than those based on valves/tubes and by the 1970’s factories in the US and Europe could nolonger compete and started to close. The rest of US and EU factories tended to follow suit and closed.
In a way this did not matter much because in the 1980’s the “knowledge industries” came into being. And for those that could make the switch work was less physically stressful and increasingly better paid.
Some are saying that AI “assisted by client side scanning” will provide factories for the “knowledge industries”. “AI in use” actually started back in the 1980’s with “fuzzy logic” and “expert systems” quite skilled jobs such as train drivers and doctors started to be replaced by control systems and computers, because they had become inexpensive enough.
Likewise those working in factories in the Far East started to be replaced by “robots” that were in effect trained by skilled workers being “observed at work”.
It is this latter point that people need to consider carefully. Because Recall will get used by Microsoft to “train their systems” thus make anyone with a repetitive task be it physical or mental “replaceable”.
I’ve talked in the past about the two basic types of “Make Work” and how something like 20-30% of the workforce falls into either type. So something like 50% of jobs will get replaced by much more basic AI systems than the current LLM and ML systems we see and talk about.
The thing is you will not be able to buy and own any of these worker replacement AI Systems. You will only be able to rent them and thus become subject to what are in effect monopolistic organisations like Microsoft.
Worse with each tiny change, you will have to sign up to new ever more invasive agreements where Microsoft etc can take the skills of your workers and then rent them back to you.
I’ve warned about this with Palantir that aims to kill off human detectives, investigators, and analysts and replace them with their systems. Also they gain access to all the data that they then “repackage” to be used by other organisations at high price.
I for one as a UK Citizen am not pleased that all my confidential medical records are in Palantir’s systems thus available to any and all of their “paying customers” such as the US ICE etc.
Imagine what Microsoft could gain from you via “client side scanning” not just of what you do, but how you do it. Ask yourself which is more valuable to you, the “work content” or how you “process the work” to add real value to it, thus earn an income?
But further consider others with significant interest in “client side scanning”. We know that law enforcement have desires you can not believe about “Client Side Scanning” hooked up to AI systems.
Think about how they have backdoored users web browsers, mobile phones etc and get away with it because they run rings around the intent of the law if not the letter.
Microsoft Recall is going to become a “silent partner” to all “police states” and all states will use Recall to become step by step “police states”…
And Microsoft, Palantir and others see vast fortunes to be made in “renting” these systems and the data and skills they collect back to people to short sighted or stupid to realise just what these systems will do, not just to individuals, organisations and even themselves.
Look on Recall and all “client side scanning” as a form of “gateway drug” that will turn people into addicts that Microsoft etc will more ruthlessly exploit than the worst of “Street Dealers” working school playgrounds etc…
Nik • May 23, 2025 5:27 PM
Relying on Microsoft Windows to block Recall… Isn’t that like relying on the fox to guard the hen house?
I’m just waiting for the inevitable…
@Clive: Geeze, how could you write all that & miss so much? Social Media – Facebook, Twitter, Reddit, etc – have been mining all our private information for a long time! Amazon’s Alexa devices, along with the corresponding cell phone apps, well many folks believe they have been eavesdropping on our conversations. Folks claim they talk about buying a new car and suddenly there’s a ton of car advertisements everywhere they look. And people put these devices everywhere. There’s even been a push to put them in the bedroom, with a camera to digitally try on outfits. Google gave everyone free email, and now they are using that for AI (“Smart Replys”). Folks claim both Microsoft & Apple have been sending identifiers (checksums) on the applications you run back to the mothership, ostensibly for “security” to verify they’re safe. That isn’t the only use. It also lets them track what you’re doing.
Connect the dots already. Microsoft forcing AI on everyone, and Windows Recall, and killing Windows 10 next October when, like, 40% to 70% (depending on your source) of Windows 10 computers don’t have the hardware to upgrade to Windows 11 AND our (U.S.) supply chains & prices are, shall we say, in “a state of extreme flux”… This is Microsoft playing catchup in the spying on consumers sector.
Not the first time Microsoft has fallen behind in tech [cellphones], and they’re still standing. But this time… This time around Linux is actually good enough to compete. With complete privacy, no less. And free apps for everything from Word Processing (LibreOffice) & Graphical Editing (GIMP, Inkscape, ImageMagik, etc) to Games (Sol[solitare], sgt-mines, gnome-tetravex, dreamchess, & much much more PLUS the Steam platform) & Movie watching (VLC, mplayer) & Google Chrome AND so much more. ADD in the middle & lower classes being poorer, and struggling to get by with (reportedly) higher prices & fewer jobs… Well, it’ll be interesting to see how this plays out.
In regard to Windows Recall: Where it really shines is for employers. Recall is ready-made to watch over their employees’ shoulder, literally looking at exactly what each & every employee did all day, every day, every week, every month, every year, all to find something, anything, any day when some specific employee wasn’t 100% effective, like say debugging software, so the employer can use that to justify firing that employee.
As for me: I’m retired. I’m making popcorn, sitting back, and watching the whole show as it unfolds in realtime. It’s a lot more interesting than what passes for TV & Movies these days.
Clive Robinson • May 23, 2025 7:44 PM
@ Nik,
With regards,
“Geeze, how could you write all that & miss so much? Social Media – Facebook, Twitter, Reddit, etc – have been mining all our private information for a long time!”
I did not miss them, they are not really relevant, because they are not new and have been discussed multiple times on earlier threads on this blog.
But also they are the “cheese” to Microsoft’s “chalk”.
If you want to compare Apples with Apples, I was talking about “embedded in the OS” “client side scanning” of the worlds most used OS family. I could have mentioned Apple and Google and their OS’s, but honestly ask yourself,
“How long now before clint side scanning gets built into linux?”
By say “Agent P” who now works for Microsoft and is ideally placed to slip in the base “unavoidability” for Client Side Scanning to be built on.
You can guarantee if Microsoft get Client Side Scanning they way they want it on your computer… the autocrats in Government will have wet dreams over it and force “Client Side Scanning” onto all user OS’s by law using “think of the children” style dog whistles.
Because “Embedded in the OS” Client Side Scanning, can not be easily avoided unlike PII gathering in an app or online service.
The point is also Microsoft has “previous” in “boiling the frog” that is it might allow some user control initially but in a relatively short time, screw it down via updates etc so there is no user choice and no user back out. Which suits them and suits the autocrats in government.
If you are a longterm reader you will know that
“I don’t do”,
1, Apps especially supposedly secure apps like Signal.
2, Social media.
3, Email.
4, External communications with any of my computers.
5, “Air Gapping” but more secure “Energy Gapping”.
There are several other “Don’ts” on my list that I’ve mentioned in the past on this blog, like I don’t use “consumer / commercial” security devices, for two reasons,
1, They are all compromised in some way thus have known security flaws.
2, I build my own devices.
Also I try not to “paint a target on my back” so I don’t use digital communications the way most are forced to do “by custom and convention”.
Sidebar photo of Bruce Schneier by Joe MacInnis.
Original Post URL: https://www.schneier.com/blog/archives/2025/05/signal-blocks-windows-recall.html
Category & Tags: Uncategorized,AI,Microsoft,Signal,Windows – Uncategorized,AI,Microsoft,Signal,Windows
Views: 3
