@timeshifter There is an exfiltration risk, but I'm not convinced that doesn't already exist. If you can grab these SQL Lite databases, you can also grab the credential managers from all major web browsers and do something similar.
Malware running as the user on their endpoint has already created the risk. This is why authentication has to be physical token based, and can never be software driven. TPM is one such token, that at least limits credential use to trusted endpoints... but again if the endpoint is the laptop / desktop, malware on that device can get into your online services. BUT that malware has to stay persistent on the endpoint you control, and evade anti-malware over time to stay useful.
As for the value of these features, how many times have you been researching something and closed a window by accident or intent you realize you needed an hour later but can't remember the name of the thing you were looking to search it up again? Recall can just take you to that time, and there the window is... right where you left it.
I don't know about you, but that can really save my bacon in my professional space. But at the same time, I don't want this feature on my personal rig AT ALL.
Copilot itself is already a tremendously effective personal assistant, and I see Recall as a means to objectively improve it in specifically this way, which it's already really good at. The fusion of functionality can make my endpoint a digital version of the best secretary ever, remembering things for me.
Which is a little creepy... because that's my wife's job too. This whole thing is crazy, wonderful, and terrifying.
