Microsoft has announced Friday that will disable by default its controversial artificial intelligence (AI) based feature called Recall and will make it optional.
Recall: Why Microsoft backtracked on this controversial feature
Recallcurrently in preview and available exclusively on PCs with pre-installed Copilot+ starting from June 18, 2024, it functions as a “Explorable visual timeline” taking screenshots of what appears on users’ screens every five secondswhich are subsequently analyzed and interpreted to reveal relevant information.
But functionality, designed to serve as a sort of photographic memory enabled by AI, immediately met with backlash from the security and privacy communitywhich criticized the company for not thinking enough and implementing adequate security measures that could prevent bad actors from easily gaining a window into victims’ digital lives.
What are the privacy problems that the Recall function of the Redmond house can cause
The recorded information may include screenshots of documents, emails or messages containing sensitive details that they may have been deleted or shared temporarily using disappearing or self-destructing instant messaging formats; something similar happened recently with Apple, where they appeared missing photos and videos from several years ago.
WIRED’s Andy Greenberg has defined Recall as one”pre-installed spyware not required” built into new Windows computers; among other things Windows Central has reported that Microsoft was “excessively secretive” regarding the development of Windows Recall and chose not to test it publicly.
How Microsoft defended itself against the accusations
In an attempt to counter the wave of criticism, Microsoft said that users have complete control over the entire Recall experience and which launched the feature in preview to gather feedback from customers.
Among the substantial changes introduced to the feature are security updates and a new configuration process to enable it, giving users the option to completely opt out of periodically saving screenshots via Recall.
The security changes also require users to sign up for Windows Hello biometric scanning to enable Recall, with proof of attendance needed to view the timeline and perform searches.
In addition to encrypting the search index database (which was previously stored in an unencrypted SQLite database), the tech giant noted that Recall snapshots they will be decrypted and accessible only after user authentication.
“Copilot+ PCs will launch with ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will be decrypted and accessible only when the user authenticates“said Pavan Davuluri, Microsoft corporate vice president for Windows + Devices.
“This adds an extra layer of protection to Recall data on top of other Windows security features enabled by default like SmartScreen and Defender, which use advanced AI techniques to help prevent malware from accessing data like Recall.”
Microsoft also has reiterated that Recall snapshots are stored and processed locally on the device and are not shared with other companies or applications; also said that users can pause, filter and delete what has been saved at any time.
The doubt (legitimate of the user) remains in fact veracity of the statements made by Microsoft.
Microsoft Recall in the enterprise
For users on managed work devices in corporate environments, IT administrators have the control to disable Recall, even if they can’t enable it themselves; Microsoft stressed that the choice is entirely up to users.
“You’ll see Recall added to your taskbar when you reach your desktop“Davuluri said. “You’ll have a Recall snapshots icon in your system tray that alerts you when Windows is saving snapshots.”
“It turns out that talking works“, has said security researcher Kevin Beaumont, who was a vocal critic of the original Recall implementation. “Obviously there will be some critical – potentially important – details, but there are some positive elements here. Microsoft must commit to not trying to trick users into enabling it in the future.”
“I think, overall, having a choice about opt-in in home systems will save a lot of people from security issues in the future. It should never have been enabled by default.”
Microsoft is doing an about-face
Microsoft’s reversal comes amid a series of security debacles the company has faced in recent years from Russian and Chinese state actors, prompting the company to prioritize security above all else as part of its Secure Future Initiative (SFI).
“If you’re faced with the trade-off between safety and another priority, your answer is clear: do safety“Microsoft CEO Satya Nadella said in a memo sent to his employees last month. “In some cases, this will mean prioritizing security over other things we do, such as releasing new features or ongoing support for legacy systems.”
#Recall #Microsoft #takes #step #controversial #feature
