[compsciphd]

the same argument applies to browser history, password managers and lots like them. Yes, they make it easier for an attacker to scoop up info (a central place with lots of juicy info), but they also make your life so much better overall.

Most people use them, some heavy privacy/security oriented people don't. Even many of those of us who are conscious about the security/privacy issues, use them because we find their use outweighs the risk.

I can't answer what will happen with a recall type feature, but one has to weigh the value vs risk.

Personally, I'm not sure of the significant value (then again, in being really analytical, I'm now unsure of the significant value of the browser history). How often is one going to dig into recall recorded state.

This same logic applies to browser history, how often does on really look at it? It provides 2 forms of value, 1) showing what you already clicked (i.e. a constant low level value) and 2) being able to find URLs you know you saw, but can't seem to find at the moment (a higher value, but much rarer, similar to recall value). Are these valuable enough?

I'm wondering out loud if the first value (of showing links you already visited) could be solved in a more privacy friendly manner of a 1 way hash of url with salt. Store the hashed URLs instead of a the URL string itself. Even if an attacker vacuums up your "history database", all they get is a bunch of hashes. Even if they get the salt, they would have to hash their entire dictionary of URLs against the salt. (A counter argument is that the set of URLs in the dictionary they would want to hash against to blackmail you, might not be "so big" and hence tractable, so this doesn't gain you much).

[renegat0x0]

I have found this logic fallacy many times. "There is not need to fight for privacy, because that ship has already sailed", "There is no need to fight against recall because big tech already harvest data about you."

Does that mean we should not care about our data, and expose every bit and piece to the system? Should we max out data exposure, or still fight against it?

[compsciphd]

Where did I say that?

1) I said that users care about the benfits provided to them more than the security/privacy they give up and can see that from practical history.

2) I questioned the value of recall and asked is what one gives up worth that value

3) I compared to browser history and even provided a mechanism to get some of the value without giving up privacy.

[username81]

I prefer to think of it this way: if somebody broke my LUKS-encrypted HDD, probably I'd probably have much bigger problems than my browser history (and the risk of that is too small to consider it seriously).

[compsciphd]

I view it more as an online attack than an offline attack (so LUKS arguably wouldn't come into play here).

ex: they exploit the browser to get to your userspace, which while they can access / modify your files, they can't elevate it to root to make the exploit more persistent. Therefore, they just vacuum up what they can at that moment (not even analyzing it, that's for later, this is just the collection phase) and move onto someone else.

But yes, I agree with you, if one's more concerned about the possibility of offline attacks, there are other ways to mitigate it / you have bigger problems if those mitigations fail.