Cyber security news for all


    Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns

    Microsoft announced on Friday that it will deactivate its heavily criticized AI-powered Recall feature by default, transitioning it to an opt-in basis.

    Recall, currently in beta and scheduled to be released exclusively on Copilot+ PCs on June 18, 2024, operates as an “explorable visual timeline.” It captures screenshots of users’ screens every five seconds, subsequently analyzing them to extract pertinent information.

    Intended to function as an AI-enhanced eidetic memory, the feature faced immediate backlash from the security and privacy community, which lambasted the company for inadequate foresight and insufficient safeguards to prevent malicious exploitation.

    The captured data could include screenshots of documents, emails, or messages containing sensitive information, even those that might have been deleted or shared temporarily through self-destructing formats popular in instant messaging platforms.

    WIRED’s Andy Greenberg labeled Recall as “unrequested, pre-installed spyware embedded in new Windows computers.” Windows Central highlighted Microsoft’s “overly secretive” approach during Recall’s development and its decision against public testing.

    In response to the escalating criticism, Microsoft asserted that users maintain full control over the Recall experience and launched the feature in preview to solicit user feedback.

    Significant modifications to the feature include security updates and a new setup process, allowing users to completely opt-out of periodic screenshot saving.

    The security enhancements necessitate users to enroll in Windows Hello biometric scanning to activate Recall, requiring proof of presence to view the timeline and perform searches.

    Additionally, the search index database will now be encrypted (previously stored in an unencrypted SQLite database), with Recall snapshots only decrypted and accessible upon user authentication.

    “Copilot+ PCs will feature ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS), ensuring Recall snapshots are only decrypted and accessible when the user authenticates,” stated Pavan Davuluri, Microsoft’s corporate vice president for Windows + Devices.

    “This adds an extra layer of protection to Recall data, supplementing other default Windows Security features like SmartScreen and Defender, which leverage advanced AI techniques to thwart malware from accessing data like Recall.”

    Redmond further emphasized that Recall snapshots are stored and processed locally on-device and are not shared with third-party companies or applications. Users also have the ability to pause, filter, and delete saved snapshots at any time.

    For users on managed work devices within enterprise environments, IT administrators have the authority to disable Recall, though they cannot enable it themselves. Microsoft reiterated that the decision is solely at the discretion of the users.

    “You’ll see Recall pinned to the taskbar upon reaching your desktop,” Davuluri said. “A Recall snapshot icon in the system tray will indicate when Windows is saving snapshots.”

    “Public feedback proves effective,” noted security researcher Kevin Beaumont, a vocal critic of Recall’s initial implementation. “While potential pitfalls remain, there are positive aspects here. Microsoft needs to ensure it doesn’t surreptitiously prompt users to enable it in the future.”

    “Overall, the choice to opt-in on home systems will mitigate many security issues. It should never have been enabled by default.”

    Microsoft’s policy shift comes amidst a series of security breaches attributed to Russian and Chinese nation-state actors, prompting the company to prioritize security above all else as part of its Secure Future Initiative (SFI).

    “If you’re faced with the tradeoff between security and another priority, your answer is clear: prioritize security,” Microsoft CEO Satya Nadella conveyed in a memo to employees last month. “This might mean prioritizing security over releasing new features or maintaining support for legacy systems.”

    Recent Articles

    Related Stories