[nicce]

In reality, only way to protect your privacy in this case, is to not to collect that data at all.

Otherwise, you cannot use it like you want to.

Anyone who hacks you computer, is able to access the same data as the end-user.

> Privacy-focused: Your data is stored locally on your device, and you have the option (soon to be implemented) to encrypt it with a password for added security

And password does not matter, since remote attacker can log your keyboard inputs.

[blitzar]

> you have the option (soon to be implemented) to encrypt it

If this is not in the first pass when implementing the idea then its a big no for me. Security should have been part of the original design, not shoehorned in after the event.

[nicce]

Honestly, some sort of 2FA backed short-session private cloud would be better.

But there is still small risk that attacker can access it for short time.

[blitzar]

I am thinking some kind of rotating quantum key encryption that would silo off every interaction into its own secure enclave.

[nicce]

How would you implement the practical search in that case?

[blitzar]

One way encrypted embeddings ¯\_(ツ)_/¯

[dgrin91]

If they have already hacked your computer then its basically the same problem, no? The hackers can install keyloggers, or even OpenRecall and exfiltrate data.

[nicce]

> The hackers can install keyloggers, or even OpenRecall and exfiltrate data.

Keyloggers have access to the potential future data, while Recall provides guaranteed access to historic data.

[prmoustache]

I would say if the user has access to the historic data there is a good chance that any program having similar privileges would have access to it as well.

[faeranne]

Ignoring the problematic details of this specific implementation (Seriously? they didn't make encryption the first thing to implement?), I think the biggest thing to remember is that, while the only sure-fire way to prevent this data from being stolen is to not record it, the likelihood some 2-bit hacker is gonna access this data goes way up when it's easy to expect it to be there.

CoPilot Recall is a massive target because if you break into a system, there would be a good chance that data is there since it was opt-out by default. open-source recall implementations are not only opt-in, but require additional overhead to install, so the likelihood that one would find this data on the drive is such a low target as to be not worth including in an automated scanner.

Remember that surface-area does matter in things like this. If you believe you're a large enough target for some amount of focus (and you might be if your involved in mid-scale open-source projects, like XZ apparently), then it's good to be cautious. If you're not that kind of target, then just remember you only need to be more complex than the average person, and something like this absolutely qualifies as "more complex".