In reality, only way to protect your privacy in this case, is to not to collect that data at all.
Otherwise, you cannot use it like you want to.
Anyone who hacks you computer, is able to access the same data as the end-user.
> Privacy-focused: Your data is stored locally on your device, and you have the option (soon to be implemented) to encrypt it with a password for added security
And password does not matter, since remote attacker can log your keyboard inputs.
> you have the option (soon to be implemented) to encrypt it
If this is not in the first pass when implementing the idea then its a big no for me. Security should have been part of the original design, not shoehorned in after the event.
If they have already hacked your computer then its basically the same problem, no? The hackers can install keyloggers, or even OpenRecall and exfiltrate data.
I would say if the user has access to the historic data there is a good chance that any program having similar privileges would have access to it as well.
Ignoring the problematic details of this specific implementation (Seriously? they didn't make encryption the first thing to implement?), I think the biggest thing to remember is that, while the only sure-fire way to prevent this data from being stolen is to not record it, the likelihood some 2-bit hacker is gonna access this data goes way up when it's easy to expect it to be there.
CoPilot Recall is a massive target because if you break into a system, there would be a good chance that data is there since it was opt-out by default. open-source recall implementations are not only opt-in, but require additional overhead to install, so the likelihood that one would find this data on the drive is such a low target as to be not worth including in an automated scanner.
Remember that surface-area does matter in things like this. If you believe you're a large enough target for some amount of focus (and you might be if your involved in mid-scale open-source projects, like XZ apparently), then it's good to be cautious. If you're not that kind of target, then just remember you only need to be more complex than the average person, and something like this absolutely qualifies as "more complex".
I've seen the author on just about every possible comment thread about Recall saying to check it out, incessantly and shamelessly. Good way to sour some people (like me) sight-unseen. I know HN is more tolerant of self promo than many platforms but I find it exceptionally off putting in this example.
The difference is who controls it. I've run a tool on my machine that recorded every key press because I was researching how to optimize keyboard layouts. If someone else did that, it would be a keylogger and it would be very much not okay. But since I did it intentionally, it was a useful tool - though, granted, short lived because it made me nervous having that data around even in encrypted form. There's something there about tradeoffs and informed consent.
Calling this privacy focused and then shipping a version that doesn't even encrypt the data saying it's coming soon has to be one of the wildest possible ways to launch this lol. Microsoft set the bar low with how they addressed privacy concerns with their version of recall but apparently it was just the start of a limbo contest
I can imagine a lot of developers are living mostly in the terminal and browser. Wouldn't it be much more efficient to integrate on that level instead of taking screenshots?
Otherwise, you cannot use it like you want to.
Anyone who hacks you computer, is able to access the same data as the end-user.
> Privacy-focused: Your data is stored locally on your device, and you have the option (soon to be implemented) to encrypt it with a password for added security
And password does not matter, since remote attacker can log your keyboard inputs.