Microsoft has announced a change in release plans for the recalled preview feature for Copilot+ PC. Instead of a broad preview release on June 18, 2024 as originally planned, Recall will first be available to the Windows Insider Program in the coming weeks. Microsoft aims to gather feedback from participants to further improve the feature before making it available to all Copilot+ PC users.
Microsoft recently announced the “Recall” feature for Copilot+ PC, an AI tool that can record everything on your screen. Recall is designed to act as a personal “photographic memory”, capturing periodic snapshots of your screen to create a visual timeline. This makes it easy to find and revisit content you've previously viewed in apps, websites, documents, and more.
The ability to instantly load screen information can be very useful, but security researchers have exposed a potential flaw that could expose personal data to malware. Perhaps that's why Microsoft is delaying its implementation for new computers scheduled to ship this week.
Get security alerts and expert tips – sign up for CURT's newsletter here – CYBERGUY Report
The nightmare scenario of a recall as a spy tool
Recall's ability to display past screen content can be very useful, but there are legitimate fears that this feature could become a powerful spy tool and a potential “nightmare” if the device falls into the wrong hands.
Even if you use incognito mode or delete your browsing history, Recall will still have full access to your entire screen history. Microsoft says your data never leaves your computer, but critics aren't entirely convinced.
How to remove personal data from the Internet
Security researchers have exposed a dangerous flaw in Recall.
AI-based systems allow users to take regular snapshots of what they are doing on their screens and retrieve important data they may have forgotten while working. However, security experts who have closely examined Recall's operations have concluded that the system poses a serious security risk.
Recall is built into what Microsoft calls “Copilot+” PCs, the tech giant's vision of how traditional computers will become AI-powered workhorses. At launch, Microsoft explained that Recall will not capture certain private content, such as Netflix videos or incognito browser sessions, but all other content will be viewable. In theory, this broader visibility makes Recall more useful for resurfacing lost work.
BEST Antivirus for PC – CYBERGUY PICKS 2024
best desktop computer 2024
Flaw could expose personal data to malicious code
But security researcher Kevin Beaumont has already discovered: a worrying flaw. In particular, the system stores data in a simple plain text system that can be easily traversed by malware to find any personal data, from sensitive work files to personal communications. He said there are fears that Recall could make it easier for malware and attackers to steal information. Beaumont acknowledged that Microsoft made some “smart decisions” when it came to encryption, but said they ultimately didn't work.
Best Laptops of 2024
Potential exposure of sensitive information
He's withholding full technical details for now to give Microsoft time to fix the loopholes. But the potential for everything from financial data to personal health information to be exposed is clear. Even if you trust Microsoft, there's a chance that malicious actors will find ingenious ways to exploit its treasure trove of tools.
Subscribe to Kurt's YouTube channel for quick video tips on how all your tech gadgets work.
Balancing innovation and data protection
Regardless of whether Microsoft can quickly address Recall's security gaps, the disclosures highlight how new AI capabilities often give rise to new privacy minefields that must be carefully navigated. As AI plays a larger role in our devices, innovative features and robust data protection must go hand in hand. While the debate rages over Recall's potential privacy implications, there are some proactive steps you can take to protect your data and make using the tool more secure.
If you are uncomfortable, please withdraw.
Best of all, Recall is a feature you can select during initial device setup. If you have a reservation, simply decline activation. Your computer will function normally without this “time machine” feature.
Customize what you see in Recall.
If you have enabled recall, utilize the customization options to blacklist any apps, programs or websites you want to exclude from recording and indexing. This allows you to pick and choose what Recall has access to.
Use separate devices for different activities
One low-tech solution is to use dedicated devices for various purposes. Maintain one computer for work, one computer for personal browsing, and one computer for extremely sensitive activities that you want to completely block Recall from monitoring. As Recall evolves, you may need to adjust your settings and adopt new privacy habits, so look for guidance from Microsoft.
Addressing privacy and security concerns
In response to these privacy and security concerns, Microsoft has released several updates to Recall.
- Recall is off by default, so users must choose to enable it in advance.
- Recall requires Windows Hello registration and proof of attendance to view and search your timeline.
- Additional layers of data protection are implemented, including “just-in-time” decryption protected by Windows Hello Enhanced Login Security (ESS), which ensures snapshots can be decrypted and accessed only when the user authenticates.
- The search index database is encrypted.
Microsoft has also strengthened its commitment to security, revealing that all Copilot+ PCs will be Secure Core PCs with advanced firmware protection features, a Microsoft Pluton security processor enabled by default, and Windows Hello enhanced login security for more secure biometric logins.
Privacy Controls and User Choices
Microsoft emphasizes that you have control over what Recall captures and stores.
- Snapshots are stored locally and are not shared with Microsoft or any other company.
- Users can pause, filter, and delete snapshots at any time.
- Digital Rights Management or InPrivate Search content is not stored.
- For managed business devices, IT administrators can disable the snapshot storage feature, but cannot enable it without user consent.
While Recall aims to deliver useful AI-powered experiences, Microsoft recognizes the importance of user trust and choice and has taken the preview as an opportunity to learn from real-world scenarios and improve features based on feedback.
Insider feedback and wider availability
Once the recall preview becomes available in the Windows Insider Program, Microsoft will publish a blog post detailing how to access it. Participation in the recall preview requires a Copilot+ PC due to hardware requirements.
After gathering feedback from the Insider community, Microsoft plans to make the Recall preview available to all Copilot+ PC users, incorporating insights and improvements based on real-world scenarios.
Microsoft's response
We contacted Microsoft and a company representative directed us to the company's website. The following statement is posted there: “We are on a journey to build products and experiences that live up to our company’s mission to help people and organizations achieve more, and while maintaining our customers’ privacy, security, and trust is very important. “We're mindful of what's important and, as always, we'll continue to listen and learn from our customers – consumers, developers and enterprises – to evolve the experience that makes sense to them.”
Kurt’s Key Takeaways
Microsoft's recall AI is currently Preview status, which is undeniably useful, but also undeniably a concern from a privacy perspective. Keeping all that rich data local is a smart idea, but it's probably not a surefire guarantee against potential misuse in the future. As always with new technology, users will decide whether the convenience is worth the potential risks for their situation. For some, a recall may be a dream. For others it can be a nightmare. Nonetheless, this debate shows that there is still work to be done in striking the right balance between innovation and privacy in the age of AI.
How do you balance the benefits of innovative AI features like Recall with the need for personal data protection and privacy? Please let us know by sending a letter to: Cyberguy.com/Contact Us.
Subscribe to the free CyberGuy Report newsletter for more tech tips and security alerts. Cyberguy.com/Newsletter.
Ask Kurt a question or let him know what story you'd like us to cover..
Follow Kurt on his social channels:
Answers to CyberGuy's most frequently asked questions:
Copyright 2024 CyberGuy.com. All rights reserved.