Article 6NCSV Windows Recall to Be Disabled by Default, as Microsoft Announces Major Security Changes after Backlash

Windows Recall to Be Disabled by Default, as Microsoft Announces Major Security Changes after Backlash

by
Krishi Chowdhary
from Techreport on (#6NCSV)
Windows-Recall-snapshot-from-Microsoft-b
  • Microsoft on May 20 announced Copilot+ PCs and a new Windows Recall' feature that will take screenshots of your active screen every few seconds.
  • Windows Recall quickly became highly controversial owing to its privacy hazards. Microsoft has now announced a few changes to address Recall's security concerns.
  • Most notably, users will now have a choice to opt-in to save snapshots using Recall. If you don't intentionally turn it on, it will be off by default.

Windows-Recall-snapshot-from-Microsoft-b

When Microsoft announced the Windows Recall' feature, it left industry experts and everyday PC users in utter disbelief, because of how blind it was to user privacy-a complete privacy nightmare, if you may.

However, it looks like Microsoft has finally awakened to what the market's been saying. After three weeks of silence, Microsoft has released an official blog addressing privacy concerns around Recall and sharing how it has listened to and acted on customer feedback.

By far the biggest change is that Recall will now be an opt-in feature. This means it will be turned off by default and you will have to manually enable it. A handful of other changes to crank up user security were also announced. Keep reading to find out what they are.

What Is Windows Recall?

Let me quickly recall" it for you: Windows Recall is an upcoming feature on Copilot+ Windows PCs. It will take screenshots of your device's entire screen every few seconds and keep a record (approximately three months' worth of screenshots) of your tasks.

Apparently, Recall is supposed to be a personal historian for you. Your screenshots, which will all be stored locally on your device, will be analyzed by AI.

Then, with just a quick AI-powered search, you will be able to go back to a moment in time, such as a conversation with a friend or a colleague, or a particular file, web page, or app you were interacting with and would want to jump into again.

Controversy Surrounding Windows Recall

Windows Recall created a lot of stir about privacy, and rightly so. Let me quickly summarize the major Recall pain points:

It won't perform any content moderation and record everything, including sensitive information such as passwords and financial account numbers.

Anyone with access to your laptop would have the ability to access Recall's stored screengrabs and see what you were up to. It doesn't matter if you were on a browser whose history you deleted-nothing would be private.

While local storage is admittedly privacy-friendly, the snapshots could only be encrypted if you had Windows Pro or a business Windows code. In simple words, Microsoft wanted you to pay for your privacy.

This means if you were using a public, family, or work laptop, or if your laptop got hacked or stolen, your entire world could have turned upside down.

Changes to Recall to Address Security Concerns

Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards." - Microsoft official blog

The biggest step Microsoft has taken to crank up user security with Recall is to make it an opt-in feature. This means that unless you proactively turn it on, Recall will be off on your laptop.

Windows-Recall-will-be-off-by-default-30

It's great news that the off by default" update has come before the feature has been launched. This is because a lot of uninformed users might have continued to use their laptops without realizing that their actions were being recorded.

Secondly, Microsoft has taken several steps to keep Recall's recorded data secure. For starters, the search index database will now be encrypted. The fact that it wasn't previously so is baffling, to say the least.

Next, Windows Hello enrollment will be necessary to enable Recall. With Windows Hello, you will have to authenticate yourself with a password-either a PIN or biometrics (fingerprint or facial recognition).

Lastly, Recall snapshots will only be decrypted and accessible when the user authenticates." This will be made possible via just in time" decryption from Windows Hello Enhanced Sign-in Security (ESS).

The Bottom Line: Should You Use Windows Recall?

Windows Recall is an AI-powered feature that gives you an explorable timeline of your PC's past," allowing you to re-engage with past content. And although Microsoft's efforts to make it safe and private are commendable, Windows Recall continues to be a privacy nightmare.

Think about it: a forceful partner, a subpoena, or a lawsuit could easily lead to people having to cough up their PINs and passwords, opening up their entire digital history to third parties.

Secondly, and this one's a biggie, do we feel comfortable giving a tech giant who's in the midst of an AI race the option to harvest sensitive information? Yes, Microsoft says it can't access Recall snapshots, but is that reassuring enough? Remember, the illegal use of private and copyrighted data to train AI models is one of the biggest modern-day security risks.

All in all, in my humble opinion, Windows Recall comes disabled by default, so we might as well keep it that way.

The post Windows Recall to Be Disabled by Default, as Microsoft Announces Major Security Changes after Backlash appeared first on The Tech Report.

External Content
Source RSS or Atom Feed
Feed Location https://techreport.com/feed/
Feed Title Techreport
Feed Link https://techreport.com/
Reply 0 comments