People are calling out the vulnerabilities of this new highlight that Microsoft so loved. The need for more security in this age of A.I. is paramount, and companies like Microsoft need to understand this faster.
Microsoft has recently announced changes to the rollout plan for the Recall preview feature on Copilot+ PCs. Initially set for a broad release on June 18, 2024, Recall will first be available to the Windows Insider Program to gather feedback and refine the feature before a wider release.
The Recall feature is designed to act as a personal “photographic memory” by capturing periodic snapshots of everything on your screen, creating a visual timeline. This allows users to easily revisit content viewed across apps, websites, documents, and more. While this functionality can be incredibly useful, it has raised significant privacy and security concerns. Security researchers have identified potential flaws that could expose personal data to malicious code, prompting Microsoft to delay its broader implementation.
Microsoft delays roll-out of Windows Recall feature after pressure from security community https://t.co/3jC6fLfj79
— Infotech-Bury (@InfotechChannel) June 18, 2024
The concerns center around the possibility of Recall being used as a spy tool if a device falls into the wrong hands. Despite assurances from Microsoft that the data never leaves the user’s computer, critics remain skeptical. Security expert Kevin Beaumont highlighted that Recall stores data in plain text, making it easier for malware to access sensitive information. Although Microsoft has implemented encryption, Beaumont argues that these measures are not sufficient to prevent potential misuse.
In response to these concerns, Microsoft has outlined several updates to enhance the security of Recall:
Recall will be off by default, requiring users to opt in to enable it.
Windows Hello enrollment and proof of presence will be needed to view the timeline and search in Recall.
Additional data protection measures, including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS), will ensure that snapshots are only decrypted and accessible when the user authenticates.
The search index database will be encrypted.
Microsoft delays broad release of Recall AI feature due to security concerns | VentureBeat https://t.co/1WH2M5lCzh
— Dr.Philippe Vynckier, CISSP – Influencer 🇺🇦 (@PVynckier) June 17, 2024
Copilot+ PCs will come with advanced firmware safeguards, the Microsoft Pluton security processor enabled by default, and Windows Hello Enhanced Sign-in Security for more secure biometric sign-ins.
Moreover, users will have control over what Recall captures and saves, with the ability to pause, filter, and delete snapshots at any time. Digital rights-managed or InPrivate browsing content will not be saved, and IT administrators on managed work devices can disable the ability to save snapshots without user consent.
Microsoft’s decision to initially release Recall to the Windows Insider Program reflects its commitment to refining the feature based on real-world feedback. A blog post detailing how to access the preview will be published once it is available, and participation will require a Copilot+ PC due to hardware requirements.
Microsoft delays Recall launch amid privacy concerns https://t.co/PRzPyXNiQK#Tech @Microsoft #Privacy #Security #Recall #Riskmanagement #Compliance @Modevity #Modevity pic.twitter.com/dfdTEoMGF1
— Modevity (@Modevity) June 18, 2024
This cautious approach underscores Microsoft’s dedication to balancing innovation with privacy and security. As AI capabilities continue to evolve, ensuring robust data protection remains a top priority. While Recall has the potential to significantly enhance user experience, it also highlights the ongoing challenges in navigating privacy concerns in the AI era.
Key Points:
i. Initial Delay: Microsoft has delayed the broad rollout of the Recall feature on Copilot+ PCs, opting to release it first to the Windows Insider Program to gather feedback.
ii. Feature Description: Recall is an AI tool designed to capture periodic snapshots of everything on your screen, acting as a personal “photographic memory” to help users revisit past content across apps, websites, and documents.
iii. Privacy Concerns: Security researchers have identified potential flaws in Recall that could expose personal data to malicious code, raising significant privacy concerns.
iv. Enhanced Security Measures: In response, Microsoft has announced updates to enhance Recall’s security, including making it an opt-in feature, requiring Windows Hello authentication, and encrypting the search index database.
v. User Control: Users will have control over what Recall captures, with the ability to pause, filter, and delete snapshots, while IT administrators can disable snapshot saving on managed devices without user consent.
Susan Guglielmo – Reprinted with permission of Whatfinger News
