Due to Privacy Concerns, Microsoft has updated its Controversial AI-Powered Recall Feature
Due to Privacy Concerns, Microsoft has updated its Controversial AI-Powered Recall Feature
Microsoft announced on Friday that it will disable its Recall feature, which is powered by artificial intelligence (AI), by default and make it an opt-in feature.
Recall, which is currently in preview and will be available exclusively on Copilot+ PCs starting June 18, 2024, functions as an “explorable visual timeline” by capturing screenshots of the content on users’ displays every five seconds. These screenshots are subsequently analyzed and parsed to reveal pertinent information.
However, the feature, which was intended to function as a photographic memory powered by AI, was immediately met with a backlash from the security and privacy community. They criticized the company for failing to adequately consider and implement safeguards that could prevent malicious actors from easily accessing a victim’s digital life.
The recorded information may consist of screenshots of documents, emails, or messages that contain confidential details that may have been temporarily deleted or shared using disappearing or self-destructing formats that are widespread on instant messaging platforms.
Andy Greenberg of WIRED referred to Recall as “pre-installed, unrequested spyware that is integrated into new Windows computers.” Windows Central reported that Microsoft was “overly secretive” about Windows Recall during development and chose not to test it publicly.
Microsoft asserted that users have complete control over the entire Recall experience and that the feature was introduced in preview to facilitate the collection of customer feedback in response to the increasing volume of criticism.
Security updates and a new setup process to enable the feature are among the significant changes that have been introduced. This change allows users to completely opt out of intermittently saving screenshots using Recall.
In addition to the security adjustments, users are now required to enroll in Windows Hello biometric scanning to enable Recall. Proof of presence is required to view the timeline and conduct searches.
The tech titan also noted that Recall snapshots will only be decrypted and accessible upon user authentication, in addition to encrypting the search index database (which was previously stored in an unencrypted SQLite database).
PavanDavuluri, Microsoft’s corporate vice president for Windows + Devices, stated that “Copilot+ PCs will launch with ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS).” Consequently, Recall snapshots will only be decrypted and accessible when the user authenticates.
“This gives an additional layer of protection to Recall data in addition to other default enabled Window Security features like SmartScreen and Defender which use advanced AI techniques to help prevent malware from accessing data like Recall.”
Redmond also emphasized that Recall images are stored and processed locally on the device and are not shared with other companies or applications. Additionally, it stated that users have the ability to halt, filter, and delete the information that has been saved at any given time.
IT administrators have the authority to disable Recall for users on managed work devices in enterprise environments, but they are unable to enable it themselves. Microsoft underscored that users are the primary decision-makers.
“You’ll see Recall pinned to the taskbar when you reach your desktop,” Davuluri indicated. “You’ll have a Recall snapshot icon on the system tray letting you know when Windows is saving snapshots.”
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE ARTICLE HERE