Recall, even if run locally, is a security and privacy nightmare. Imagine all of your activities and data stored on one database. It was discussed many times by security experts.
the same argument applies to browser history, password managers and lots like them. Yes, they make it easier for an attacker to scoop up info (a central place with lots of juicy info), but they also make your life so much better overall.
Most people use them, some heavy privacy/security oriented people don't. Even many of those of us who are conscious about the security/privacy issues, use them because we find their use outweighs the risk.
I can't answer what will happen with a recall type feature, but one has to weigh the value vs risk.
Personally, I'm not sure of the significant value (then again, in being really analytical, I'm now unsure of the significant value of the browser history). How often is one going to dig into recall recorded state.
This same logic applies to browser history, how often does on really look at it? It provides 2 forms of value, 1) showing what you already clicked (i.e. a constant low level value) and 2) being able to find URLs you know you saw, but can't seem to find at the moment (a higher value, but much rarer, similar to recall value). Are these valuable enough?
I'm wondering out loud if the first value (of showing links you already visited) could be solved in a more privacy friendly manner of a 1 way hash of url with salt. Store the hashed URLs instead of a the URL string itself. Even if an attacker vacuums up your "history database", all they get is a bunch of hashes. Even if they get the salt, they would have to hash their entire dictionary of URLs against the salt. (A counter argument is that the set of URLs in the dictionary they would want to hash against to blackmail you, might not be "so big" and hence tractable, so this doesn't gain you much).
I have found this logic fallacy many times. "There is not need to fight for privacy, because that ship has already sailed", "There is no need to fight against recall because big tech already harvest data about you."
Does that mean we should not care about our data, and expose every bit and piece to the system? Should we max out data exposure, or still fight against it?
I prefer to think of it this way: if somebody broke my LUKS-encrypted HDD, probably I'd probably have much bigger problems than my browser history (and the risk of that is too small to consider it seriously).
I view it more as an online attack than an offline attack (so LUKS arguably wouldn't come into play here).
ex: they exploit the browser to get to your userspace, which while they can access / modify your files, they can't elevate it to root to make the exploit more persistent. Therefore, they just vacuum up what they can at that moment (not even analyzing it, that's for later, this is just the collection phase) and move onto someone else.
But yes, I agree with you, if one's more concerned about the possibility of offline attacks, there are other ways to mitigate it / you have bigger problems if those mitigations fail.
So basically you don't keep data an erase every single document you create/receive. You keep your imap email box totally empty as well as the mails locally fetched on your mta. You have an always empty instant messaging app except for the messages pending view. You burn the contracts you signed immediately, you don't keep any photo either on your computer, phone, fridge or an album in a bookshelf. You don't use a password manager because every account created is destroyed immediately after use. You create a new hackernews account for every single message you post.
Are all of those things you said, and do, readily available in one easy to siphon up database? Easily searchable and reportable to nation state entities? Can I or LEOs read your Hacker News posts and comments, and easily determine exactly who you are and that your previously open tabs where porn and anarchy related websites?
No. RECALL is a damn privacy and security nightmare. Don't act like it's saving the world, it's intent is to close the walls in around you.
> Can I or LEOs read your Hacker News posts and comments, and easily determine exactly who you are and that your previously open tabs where porn and anarchy related websites?
Not directly but in combination to other information it could.
The fact is, these kind of recording tools are not meant to publish your information to everyone.
> Don't act like it's saving the world,
I am not acting like that. I have no plan to use RECALL (I don't even use a single windows computer) nor any similar software.
However I find it funny that in any news about RECALL you see so many "privacy nightmare, will someone think of the children" comments while similar open source or proprietary projects for MacOs and Linux, or browser extensions predating RECALL were unanimously praised for their usefulness.
As any tool, you have to balance the risk of a leak in case your systems (or those that host your data) are compromised but it isn't in any way different than any other data you have online or locally on your computer.
You have as much if not much more to lose if your primary email account is compromised and you kept received email in the mailbox.
Most people use them, some heavy privacy/security oriented people don't. Even many of those of us who are conscious about the security/privacy issues, use them because we find their use outweighs the risk.
I can't answer what will happen with a recall type feature, but one has to weigh the value vs risk.
Personally, I'm not sure of the significant value (then again, in being really analytical, I'm now unsure of the significant value of the browser history). How often is one going to dig into recall recorded state.
This same logic applies to browser history, how often does on really look at it? It provides 2 forms of value, 1) showing what you already clicked (i.e. a constant low level value) and 2) being able to find URLs you know you saw, but can't seem to find at the moment (a higher value, but much rarer, similar to recall value). Are these valuable enough?
I'm wondering out loud if the first value (of showing links you already visited) could be solved in a more privacy friendly manner of a 1 way hash of url with salt. Store the hashed URLs instead of a the URL string itself. Even if an attacker vacuums up your "history database", all they get is a bunch of hashes. Even if they get the salt, they would have to hash their entire dictionary of URLs against the salt. (A counter argument is that the set of URLs in the dictionary they would want to hash against to blackmail you, might not be "so big" and hence tractable, so this doesn't gain you much).