I'm pretty sure that people were unhappy because it was opt-out at first. Now that bridging is opt-in, I don't think most people have a problem with it and I've seen a number of posts from both sides of the bridge so it seems to be working.
Spotlight7573
Malware won't even need to wait for the user to access something sensitive, they can just go back through the user's Recall history and get the data for immediate exfiltration. No chance for anti-malware software to update and catch it before it does anything truly bad, it will just always be too late if given even a minute.
And of Course, if you stream Netflix, tons of copyright protected material, lol.
Nope, DRM protected content like Netflix is one of the few things it doesn't capture, it's even mentioned in Recall's privacy section. I'll admit that that's likely due to technical reasons with how the video stream is decrypted and decoded on the GPU and is never actually accessible to the user, not necessarily because they wouldn't want to save that as well.
I feel like even if it was open-source, it would still be too big of a target for malware and data exfiltration to ever be justified for most people.
It's always been a possibility that someone could do this but this makes it a default on feature for a lot of users you might interact with and makes them a prime target for malware to steal the sensitive data that wouldn't have existed in most cases before.
To protect against casual theft of a device causing the data to be in the thief's hands in addition to the actual device.
The average person unfortunately is not likely to properly backup their encryption keys so if they forget their password (or don't use one and rely on the default of just TPM), they'll complain about losing their data. Having the key backed up gives them a way to get their data back in non-theft situations.
That's true. I know they did increase the number of filters from the initial amount but they really should just make it effectively infinite.
As long as that extension developer can be trusted to have access to read and modify the data of any site you load and to not sell the extension (and its userbase) for a quick buck (see Hover Zoom+ for an example of how much they're willing to offer, as recently as today).
There are definitely trade-offs between the permissions allowed in V2 versus V3. It really depends on where you think the main threat is (websites and online tracking versus extension developers).
It's basically similar to this example from the health field:
Like givesomefucks said, it's probably not that they were actually after that information specifically, but that it just got caught up in regular website analytics that services put on their sites. You can still infer a lot about a person's health information by just looking at the URLs they visit, so I'd say it is a concern but I'm not sure it should go beyond companies/agencies/organizations needing to know about the risks and a "stop doing this" warning. If analytics services were doing this intentionally and evaluating and using that data explicitly at the direction of some human in their company, then I think it would be a much bigger issue and a much bigger story.
That's a sentiment that quite a few others online feel too:
https://www.techdirt.com/2019/03/13/do-people-want-better-facebook-dead-facebook/
I do get the argument though that if no improvement will ever be good enough for some people, then what incentive do they have to change for the better if it won't make a difference to those people either way?
Another KOReader recommendation here. I typically use it on an eink device but also have it on my phone and it works well.
Looks like for syncing there's a plugin:
https://github.com/koreader/koreader/wiki/Progress-sync