Microsoft Overhauls Recall After Security Concerns

The feature is now opt-in

clock • 3 min read
Microsoft Overhauls Recall After Security Concerns

Microsoft is making a U-turn on its AI-powered Recall feature after facing criticism from privacy and security experts.

The feature, initially designed to be enabled by default on certain PCs running Windows 11, will now be opt-in, giving users more control over whether they want their screens constantly monitored and analysed by AI.

Microsoft unveiled the Recall feature at Build 2024 last month, saying it will come exclusively to Copilot+ PCs on 18 June 2024.

Currently in preview, this Windows feature captures screenshots of a user's screen every few seconds and stores them locally. While intended to enable users to easily search and revisit past activities, the feature has raised eyebrows for its extensive data collection practices.

Signal president Meredith Whittaker slammed the feature as a "dangerous honeypot for hackers." Whittaker's concerns stemmed from the potential for hackers to gain access to this vast trove of screenshots, potentially containing sensitive information.

Barry Briggs, an analyst and former CTO of Microsoft's IT unit, also cautioned that Recall will record sensitive interactions or other content that users might not want captured.

Briggs said it was highly likely that "well-funded and well-trained foreign actors" will soon try to break the code to steal users' confidential information.

Cybersecurity researcher Kevin Beaumont claimed to have found significant security flaws in Recall.

In response to the backlash, Microsoft has now revamped Recall with a focus on user control and enhanced security.

Firstly, Recall will now be disabled by default, and users will have to explicitly choose to opt-in during the setup process. That means users will now have more control over whether they want their screen activity constantly monitored and analyzed by AI.

Beyond the opt-in model, Microsoft is adding layers of security. Users will need to prove their presence through Windows Hello biometric authentication before viewing their Recall timeline or conducting searches. This could involve a facial recognition scan or fingerprint verification.

Furthermore, Microsoft is implementing "just-in-time" decryption, ensuring Recall snapshots are only decrypted and accessible when a user authenticates.

"Copilot+ PCs will launch with 'just in time' decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates," Pavan Davuluri, Microsoft's corporate vice president for Windows + Devices, said in a  blog post.

The company emphasized that all processing happens locally on the device and no data is shared with third parties.

Open-Source Alternative To Recall 

While Microsoft's Recall feature is officially limited to devices with powerful next-generation chips, a new open-source app called OpenRecall aims to bring similar functionality to Windows, macOS and Linux users, but with a focus on user privacy.

OpenRecall functions much like Recall, capturing snapshots of the user screen at regular intervals. These snapshots are then processed using Optical Character Recognition (OCR) technology, making the captured text searchable. Users can then sift through their digital history by searching for keywords or manually scrolling through the captured screenshots.

Unlike Recall, which is limited to Microsoft's Copilot+ PCs with powerful processors, OpenRecall is a cross-platform solution. It works on Windows, macOS, and Linux, making it accessible to a much wider user base, regardless of their existing hardware.

Additionally, OpenRecall boasts its open source nature means that the code behind the app is publicly available, allowing people to scrutinise it for potential security flaws.

However, OpenRecall currently lacks encryption for stored data, raising a security red flag. While the developer promises a privacy-focused experience, the lack of this crucial feature means user data might be exposed if someone gains access to their device.

You may also like
Access Point: Weekly News Roundup For IT Executives – June 14, 2024

Column

Access Point is a weekly roundup of major tech news for IT executives on the go. This edition covers June 10-June 14.

clock 06-14-2024 • 1 min read
Microsoft Warns Of Potential Azure Service Tags Misuse

Cloud Computing

Ten specific Azure services are currently identified as susceptible

clock 06-12-2024 • 3 min read
What Apple's RCS Support In iOS 18 Will Mean For Business Communications

Software

"RCS certainly is one of the very important channels to communicate"

clock 06-11-2024 • 4 min read

More on Software

What Apple's RCS Support In iOS 18 Will Mean For Business Communications

What Apple's RCS Support In iOS 18 Will Mean For Business Communications

"RCS certainly is one of the very important channels to communicate"

Samara Lynn
clock 06-11-2024 • 4 min read
Adobe Users Revolt Over Updated Terms Of Use

Adobe Users Revolt Over Updated Terms Of Use

Photoshop and Substance 3D users now required to provide Adobe with unlimited access to their content, and even opt-outs can be overridden.

Penny Horwood
clock 06-06-2024 • 3 min read
 5 Midmarket Alternatives To Broadcom-VMware Licensing Price Hikes 

5 Midmarket Alternatives To Broadcom-VMware Licensing Price Hikes 

A number of midmarket providers are giving VMware customers a route around Broadcom’s new core count subscription price model.

Samara Lynn
clock 06-05-2024 • 9 min read