Yes. The approach taken with Windows’ security model of “If they get user level permissions, oh well, sorry” is depressing. I know folks scoff at Apple’s seemingly arbitrary approaches to security, but at least Apple seems to get that we’re in a world today where local apps shouldn’t be run in trusted contexts. It’s pretty reasonable to expect modern apps on macOS to be fully sandboxed and not be able to see or touch anything outside it’s container without user interaction. It’s not perfect coverage, because it’s still possible to ship apps without it enabled which is where you get your trojans, but it helps.
And to top it off, UAC bypasses are still very much a thing. Windows keeps riding that line between “this legacy thing shouldn’t be too noisy, so it won’t notify about elevation”, and “we wouldn’t want you to mistakenly install that weird thing you just downloaded”.
But yes, fundamentally my issues with Recall boil down to these things:
1) It creates a central repository of screen captures and annotations generated from those captures using ML models. Very tasty target that persists long enough to be at least as valuable as scraping your browser cache. This may be the new top target for scraping as it rolls out to users.
2) Microsoft’s behavior around Windows of late is user ambivalent at best, and getting quite hostile on average. Expecting good behavior 3-5 years from now is a stretch, IMO. At some point, I wouldn’t be surprised if engineering gets asked to find a way to train the ML on the user data to improve the features because of XYZ reason, creating more concerns in the process.
3) Microsoft talks about security, but then trips over itself trying to explain all the caveats around the type of data this captures which could be problematic (and which makes it an even more tempting target), on top of the general security issues Windows already has baked in.
That said, I think how Edge might be blocking screen captures when using a private tab is by marking the private tab as “DRM’d” somehow (i.e. marking the content as requiring HDCP). I wonder if other browsers can do the same? Maybe apps in general can sabotage the feature?