As far as I know, a long while ago, the Islamic Republic of Iran asked Cisco to develop a filtering solution to stop their citizens from accessing undesirable content. Cisco said no. Then US companies started asking for filters to stop their employees watching porn at work, Cisco invented a centralised domain/packet filtering solution for their routers, and Iran went "can we buy one of those, please?".
My take is that MS did intend the feature purely for utility (and to be fair to them I can think of a lot of scenarios where it is useful). But they did this by not seriously thinking about security at all, and the wider internet has now done that thinking for them.
It reminds me of why SSL version numbers effectively start at 3. Netscape wrote version 1, their internal security team broke it, so they wrote version 2 and I believe shipped it without letting their internal security team do a full review. That got broken quickly too, so they want back and did the job properly (by the standards of the day) and shipped SSL v3, which lasted a while. (It's also been broken now, of course.)
I think Microsoft realised recall needed more work, and is now looking at that more seriously.
I imagine MS did a lot of user studies, and found that the average user could gain a lot from being able to ask the computer questions like "where's the word document for the summer anniversary party that I worked on a couple of weeks ago" or "the photo with the waterfall from our holiday in Greece in 2015 that I sent to Mary recently". Whether Recall in 2024 will be good enough to answer queries like that remains to be seen.
From helping non-technical family members find where they've mislaid files (such as behind another file on the desktop, which can happen if you drag more than one file at a time) I am confident there is a user base for this kind of thing.
We are, after all, in a world where the youth don't seem to understand file systems and folders [1] and rely on the search feature for everything. Recall could, if done properly, be a great user experience for such people.
It was through user studies that we got both the ribbon interface (great for new users apparently, even if less so for experts) and the fact that when you open an office app it suggests a list of documents you worked on most recently. Sharepoint even takes this further in organisations and suggests documents shared by others that "might be relevant to you" based on what you worked on recently (it's not very good).
If I want to be really snarky, I could mention that UNIX had "Recall" back in the days of text-mode only consoles. It was called the `.bash_history` file, and it's genuinely useful.
> We are, after all, in a world where the youth don't seem to understand file systems and folders [1] and rely on the search feature for everything. Recall could, if done properly, be a great user experience for such people.
I think this was done on purpose to disempower the user.
Apps not files. It was a big push back in the 10's most embodied by mobile phone OS's. Instead of designing tools that dumped output to a common site, it all became about passing things around via things like intents.
> the photo with the waterfall from our holiday in Greece in 2015 that I sent to Mary recently
Google Photos' search bar would be able to complete this search, since like 2015. Recall is completely overkill for this, like building a Death Star to swat a fly.
Google Photo is opaque and unreliable and keeps degrading and corrupting your photos, and if I'm not misremembering, had data loss issues in a past.
OneDrive doesn't have those problems, but its search is even more unreliable than that in Google Photos.
In both cases, the companies go out of their way to remove any controls over classification, or even user agency in search. Like, how hard would it be to list all of the categories it knows for users to browse, as well as on the photo page for users to know all the buckets the photos land in? They go out of their way to not do that.
Not that there are any better alternatives. For example, Samsung gallery app is just as bad, despite running locally on your phone, and on top of that, has data loss issues that the company refuses to admit or fix. For some reason, tech companies managed to fuck up something as basic as a photo gallery.
Only if your photos are in Google Photos. And weren't we expressing the concern of sharing our personal data with giant massive tech companies? Google Photos work entirely locally these days?
Which is fine because the browser has a private browsing mode, and the shell has the space trick (for example if a tool requires an SSH key as a command-line argument) as well as various "pinentry" things.
You'd need some API for applications to signal to Recall "the user has requested not to save this", and then every single program with a password input box would have to update to call this.
I think the best unspoken use cases is Recall is basically distributed backup of content. MS will get the idea in their head one day that they can pull dead info from peoples HDs. This is sus capability is MS decides to play info broker. This would be great if there's some system where people can access link rot / vanished content backed up from someone elses computer.
It seems weird that Cisco wouldn't help Iran when they were indispensable in the creation of China's firewall. Do you have more details on the reasoning? Was it due to sanctions or did they genuinely not want to help Iran?
I'm afraid my source for this is a half-remembered conference talk from someone who I believe worked for the TOR foundation. My best guess technically was that they didn't want to invest R&D effort into the form of Deep Packet Inspection that came out as a result, for a project that could get them bad press or hauled before congress.
My take is that MS did intend the feature purely for utility (and to be fair to them I can think of a lot of scenarios where it is useful). But they did this by not seriously thinking about security at all, and the wider internet has now done that thinking for them.
It reminds me of why SSL version numbers effectively start at 3. Netscape wrote version 1, their internal security team broke it, so they wrote version 2 and I believe shipped it without letting their internal security team do a full review. That got broken quickly too, so they want back and did the job properly (by the standards of the day) and shipped SSL v3, which lasted a while. (It's also been broken now, of course.)
I think Microsoft realised recall needed more work, and is now looking at that more seriously.