Microsoft Recall is not an example. Recall is a mountain of design failure.
Hailing Recall as a breakthrough in user interactions and empowerment of “productivity” and “creativity” is more than misplaced. It sells a complete failure to serve us users as a supposed gain for us.
A lot of what I am writing about in this article has been brewing for a while. But to be fair, what set me off was this article in the Medium publication “Mac O’Clock”:
https://medium.com/macoclock/macos-seriously-needs-to-catch-up-with-windows-11-67afc35c590e
I strongly disagree with the idea of the article that the features Microsoft recently announced for Windows 11 are groundbreaking and that these propositions here (highlights mine):
Among the highlights were intelligent AI integrations like Copilot and Recall and real-time live captions and translations. These features are not just gimmicks; they represent a significant leap in how we interact with our computers — well, at least Windows ones.
I mean, even though I am devoted to my MacBook, seeing Windows 11’s advancements made me realize how far behind macOS really is, at least in terms of AI enhancements in features.
While macOS offers a stellar user experience and is way better than Windows 11 in so many aspects that it would take an entire blog post to talk about, it is clear that Microsoft is pushing the envelope with innovative AI features that make everyday tasks more efficient and enjoyable.
are true.
These “innovations” is Microsoft telling us to our faces that our computers have stopped being tools loyal to us in yet another but arguably more fundamental way — that for years upon years, they’ve not rectified a massive pile of design debt. And now instead of working on fixing these mistakes, we’re being given a hype “solution” that isn’t one and comes with a gigantic pile of issues — Microsoft Recall in particular.
Apple is not behind. If they announce a feature like Recall, they’ll be telling us that they have the exact same issue, and the same unwillingness to fix it.
For those reasons I strongly disagree with the idea that Recall is something worth emulating, especially if you are an operating system developer.
Our Computers are supposed to work for us
This should not be a controversial statement. We made and make computers, their hardware and software, to manipulate information for our purposes. The desktop metaphor was crafted in the imitation of the processes familiar to the office workers of the 20th century; with file cabinets, folders and individual files. Programs became “windows” you arranged like you might arrange tools on your desk, but just a little bit more flexible.
Reflecting, this has always been another design promise of computers: “X, but a bit better.” The design of hardware and software is enamoured with replicating the processes and information models of the real world, but wrap them in the convenience of desktop pixels being easier changed than the folders piling up on your office desk.
That’s a good thing, to be clear. The real world is what matters, and software design can’t lose its attachment to these very real places, their methods and worldviews — those exist for a reason.
The Desktop metaphor was never perfect
Not in the sense of the desktop interface itself — but the files and folder metaphor. The desktop metaphor also intertwined itself with the advent of isolated apps that did everything within themselves, often also tapping proprietary data storage formats.
This stands in contrast with an old UNIX philosophy of “preferring composability over extension” — if you want to do something, you hand over the data and instructions to a specific set of executive code that does that specific change, then returns the results to you. In this way for example the text editor Kakoune calls a separate piece of executive code for finding text matches. Why?
Being limited in scope to code editing should not isolate Kakoune from its environment. On the contrary, Kakoune is expected to run on a Unix-like system alongside a lot of text-based tools, and should make it easy to interact with these tools
https://github.com/mawww/kakoune/blob/master/doc/design.asciidoc
The term “data silo” is mostly used in regard to cloud ecosystems these days, especially as they are sold to us private users, but it can just as readily apply to our personal computers. Apps don’t have to interoperate. And the OS itself hasn’t evolved its primitives either.
If we face requirements like
Both my side hustle and main job involve a lot of research, and keeping track of everything can be a real challenge.
Why is that?
I argue, because we only get files, folders and individual apps. We don’t have associative links. We barely have tags (and on Windows, not at all. I’ll come back to this.) We don’t have cooperative app networks. We have known for decades that humans don’t think in neat, hierarchical folders. Hierarchy is a useful aid for organizing some things. But it’s become the quintessential foundation of our OS interactions.
So if we want to organize information for a job, we have to turn to tools that support these abstractions. We take up tools that have their own databases. But that’s just more silos. The links in a markdown file are meaningless to the OS, and a relational database becomes a big blob of cryptic information.
Recall is a consent nightmare
I use the word “consent” over “privacy” here, because fundamentally, what Recall takes away from you is consent.
It’s enabled by default if you have the supportive hardware, because it is “such a great feature”.
It has no inbuilt detection for sensitive context like password managers, bank websites, or health information.
Recall will snap up your private emails, the signal chats with your friends where you have set up time-outs on messages, your telehealth sessions, every single thing that crosses your screen, without question or concerns.
And then it stores all of that in a database that is so barebones decrypted that we already have proof of concept of exfiltration, even from other user accounts.
And because Recall is build into the OS, it can be flipped back on at any time, even if you switch it off.
That this is a complete nightmare of having standard-issue spyware on your device when you’re a victim of domestic violence, stalking, or a child suffering from overbearing, controlling parents, has been pointed out so very many times.
Your emails are not the open internet. Your chat messages are not the open internet. Software cannot and should not and really, must not assume by default that everything is okay to capture, index and contextualize.
I do agree that the idea of having a contextual, associative “dimension” to the causes and connections of our personal data is a powerful thing, and at a first glance, very interesting. And a lot of academic writing has been done about these ideas. A lot of open-source hacking has been done about this. Trees of your link history for web browsers. Tracing and annotating your browser history with notes and link graphs, organizing your bookmarks with annotations in hierarchical indices. A contextual “memex” that lets you frame your work and activities and the resulting data traces in terms like the music you listened to or where you were.
Even Recall is preceded by Rewind.ai.
But because it is such a fundamental idea, there is no excuse for this shoddy engineering that completely failed to anticipate and counter the many, many issues that occur when you install a keylogger executive into the OS.
Respecting message privacy probably requires new APIs to indicate permission and sensitivity. But that would also have been useful for things like screenshots and screen-sharing. (I will come back to this.)
Respecting sensitive content like password managers could certainly profit from an API, but like — CopyQ makes it easy to whitelist or blacklist which data copied from which apps can be preserved. Raycast recognizes and respects password manager apps by default when it comes to its clipboard history feature.
This is not difficult engineering. And yet Microsoft was that willfully lazy.
Recall is a data protection nightmare
Recall is not secure. The database is encrypted when your system is powered down, but that’s about it. As TotalRecall is presently demonstrating with totality, you can get to all the screenshots with a single executive, without admin privileges to start, and even from another user. (see the QnA here.)
Meanwhile the images are neatly full-text and context-indexed, have undergone optical character recognition, and are compressed. They’re fully prepared to be efficiently sent over an internet connection.
There is no whitelist-by-default. There is no offline-by-default. A single setting keeps the engines turned off, and they can be quickly and silently flipped on.
Microsoft has proposed rolling out an officially sanctioned, signature-signed, keylogger system with no concept of discretion or a durable avoidance listing, with little granular control of what information gets captured why and what information doesn’t get captured why, to every private system, and they want to sell it to corporate systems too.
This is a nightmare for all sorts of reasons. GDPR requires companies to tightly control where personal information is stored, how it is accessed, and to destroy that information once the contract has ended and specific legal obligations of data retention have passed. Recall throws this to the wind.
The same goes for other discretionary information. Lawyer’s information. Doctors.
Company secrets are equally under threat.
And nothing will keep lawyers from placing Recall and its like under Discovery, which means your entire digital history is now neatly catalogued, ready to be picked apart in a legal battle you might become involved in.
And thanks to the crap design approach of Recall, you get protection from none of these things.
There are better solutions for organizing information
We would have instant access to all our important documents and web pages, making our Macs even more powerful and user-friendly. Microsoft has really nailed it with Recall, turning the hassle of information retrieval into a seamless and intuitive process. I can’t believe I am saying this, but it is innovations like these that highlight the gap between Windows and macOS and show us Mac users what we have been missing out on.
If finding our relevant documents and information we need is the problem, we have solution patterns for that already. A plethora of softwares, from Obsidian to Capacities to Notion to dozens more every year, let us connect information using links, categorize them using tags, let us build small databases and queries. We can capture our projects and thoughts and connect them up in a web that uses the same associativities and categories as our biological brains.
And then we have those apps that also have task management: Logseq, Amplenote, Tana, the list here goes on as well. And then you have the apps that have outright project management connected to knowledge bases. So connecting projects and tasks to notes and documents is a well-solved problem. And while a lot of these apps are recent: org-mode managed to combine notes and tasks in the 2000s.
Nothing of this is new. The patterns exist.
So if we have these issues for organizing the information that is relevant to us, on our computers — and I agree that this is an issue — why hasn’t the design of operating systems changed over all of these years? Why haven’t softwares become capable of supplying this information in many different circumstances when it is of interest to us? Why can’t I click on a markdown file and get a listing of all the other linked files and linking files without opening up Obsidian?
Compared to these patterns, Recall is superficial. It buries the semantics of our works away from our own expressions in the same of “frictionless convenience”. (An anti-pattern we should mistrust deeply.) If we wanted to automatically record information about file relevance and connections — the operating system certainly has access to this information. We could add APIs, and we could add the access controls that would let us, as users, decide in detail why this information is recorded, and in what form.
Given the massive privacy and security implications, such a design is obviously needed for any production-level system.
But such a system was never designed.
Our information does not work for us anymore
That Recall is supposedly necessary to organize and connect the information we make use of, shows that the information on our computers, that the softwares we use, have stopped working for us. If connecting information is needed for us to work better, we should be able to connect it. Instead we got walls and no conventions. The only thing that Microsoft thinks they can tap into (with disastrous consequences) is the visual interface, because if developers locked that down, they’d sabotage their own high-bandwidth communication channel with us.
Why don’t (most) web browsers give us better tools to organize our access history and motivations? Why are highlights locked away in plugins and PDF files? Why are the links in a markdown file meaningless without special software?
And how come that Recall respects DRM content? Your bank accounts are fine to capture and expose to a serious risk of information stealing, but heavens forbid that you might be able to re-experience even a static snippet of a movie you watched without paying a second dividend. Your personal photographic memory develops holes the moment it impacts a big rights holders bottom line. Tom Scott used to make jokes about this happening to unfortunate uploads.
That is the one thing Recall wants to respect. But nothing else. Another way information is not allowed to work for us.
Our computers do not empower us anymore
This pattern of information silos and lack of granular operating system connectivity, shows to me a fundamental lack of respect for what we need done, why we need it done, and how we do it best.
And to solve it, Microsoft decides to roll out a system without controls, without respect for our consent, privacy or personal integrity. And that is the same lack of respect for us, for giving us no-bullshit tools that empower us, as the very dilettante that allowed all these disconnections to emerge in the first place.
Recall doesn’t give is more control over data. It is not a fix. It’s the continuation of taking control away from us, from not respecting what our data and our personal work represent. It trashes our security and privacy in the name of the kind of “productivity” that is more about the vibes than any actual concrete results.
We need a rethinking. We need software that empowers us again. Recall and its kind are not going to deliver that. Like the rest of the AI hype cycle of the last two years, we are being promised “automagic” solutions that will work worse and represent ourselves worse than we could, if we were given actual tooling to express ourselves — and expose us to significant harms while doing so.
We deserve, and we should, and we must demand better.
It should never be designed like this
Microsoft has just announced that they will be making implementation changes to the way Recall is rolled out. They’ll introduce additional hurdles to first of all enabling the feature, and accessing its data.
That can generally be called a better development, concerning consent and privacy.
But it should never have required this outcry, and I am sceptical we would have seen such changes otherwise. And it doesn’t change the ultimate point — that proposing “solutions” like Recall speaks to a much deeper failure of how good modern OS are for information work.
