[fossr]

This is cool. What would be a good way to prevent this type of extraction? We just launched OpenRecall https://github.com/openrecall/openrecall with which we want to offer a fully open source/auditable and privacy/security focused alternative.

[nerdjon]

I have not taken the time to fully read your GitHub, but here is my view.

You making this is inherently different than Microsoft including this by default in all future versions of Windows. If someone downloads your tool they are making the conscious choice to give up some data protection for and admittedly cool feature. It is also a more limited number of people with data stored in a particular way.

Every Windows 11 having it, is painting a target on everyone's back since it would be somewhat easy to assume, if Windows 11 this is probably enabled. It is also not properly educating people on the risks.

Personally I don't have a problem with the tool, or necessarily how it is designed (it could be better, don't get me wrong). But it has to be opt in, properly educate on the risks, and probably shouldn't be built into the OS.

[wiredfool]

Don't collect the data.

[carl_dr]

From your link :

> Your data is stored locally on your device, and you have the option (soon to be implemented) to encrypt it with a password for added security.

Security focused my ass.

[dns_snek]

Encrypting the data with a key that's stored on - or only accessible using a hardware token like a YubiKey would be a good start. That way the data can't be decrypted without explicit user action.

[yifanl]

What privacy/security features make this meaningfully different than Microsoft's offering?