Windows Recall – a “privacy nightmare”? – Computer world

Windows Recall, a new feature that records a user’s screen at regular intervals, has been described as a “privacy nightmare” due to potential threats to privacy and data security.

Microsoft announced an AI-powered generative tool on Monday; captures “snapshots” of the user’s screen every five seconds to provide a searchable log of historical activities stretching back three months. The feature will be available in preview on new Copilot+ computers. Sales from Microsoft and other vendors will begin in mid-June.

There are measures in place to protect data withdrawn from the market, Microsoft says. Recorded data is stored and processed locally and protected by encryption on the user’s device. Users can exclude any apps and websites they want to keep private. They can also pause the Summon whenever they want.

However, when enabled by default, Recall does not perform “content moderation,” according to Microsoft, which means it does not hide sensitive information such as passwords, financial account numbers, or anything else that might appear on your computer screen.

Microsoft

Recall’s ability to record and store so much sensitive user data quickly drew criticism over data privacy and security risks.

“I believe that a built-in keylogger and screenshot tool that perfectly records everything you do on your computer over a specific period of time is a huge privacy nightmare for users, and not something the average user will actively use,” said Jeff Pollard. Vice President and Chief Analyst at Forrester.

“At first I thought something could go wrong very quickly,” said John Scott, principal security researcher at CultureAI, a security software provider.

The biggest concern is security threats, said Douglas McKee, executive director of threat research at network security firm SonicWall. “With the Microsoft recall announcement, we are once again reminded how advances in artificial intelligence and technology features can provide great convenience at the potential cost of security,” he said in a statement. “While many privacy concerns are being expressed around Microsoft’s deprecation, the real threat is the potential benefits that attackers could gain from this feature.”

McKee said initial access to a device is easier than other elements of an attack, such as elevation of privilege, “however, with Microsoft Recall, initial access is all that is needed to potentially steal sensitive information such as passwords or company trade secrets.”

Attackers who gain access to a computer running Recall will potentially have access to everything the user has done for approximately three months, including passwords, online banking details, confidential messages, medical records and any other sensitive documents.

As a result, Recall may provide an easier way to steal sensitive data than other tactics, such as installing keystroke logging software or screen recording software, which may attract more attention. (According to Microsoft, there is a restore icon on the Windows taskbar to let you know when you need to take screenshots.)

“Why install keylogging software when I can just turn on something that’s built into the system?” Scott said. “It’s a different way of attacking, but it wasn’t around before Microsoft said, ‘We take a screenshot every five seconds,’ and more importantly, a searchable screenshot every five seconds.”

“With this release, Microsoft has taken life off the land to a whole new level,” Pollard said.

Microsoft declined to comment on the security concerns.

In addition to the risk of cyber attack, data privacy issues were also raised. In the UK, the Information Commissioner’s Office – the public body tasked with enforcing data privacy rights – said on Wednesday it had written to Microsoft about the opt-out feature to “understand the safeguards in place to protect user privacy.”

The amount of data recorded and stored on a user’s computer can create issues with data protection compliance. Scott said that one aspect of the EU’s GDPR directive is proportionality. “You’re creating a huge database of personal information, both yours and other people’s (with Recall), and there doesn’t seem to be a clear reason (for doing so),” he said.

In addition to your personal data, Recall may collect and store data about colleagues, customers or other third parties. This may happen, for example, during a video call. “If Recall takes this snapshot every five seconds, have you given me explicit permission to capture your photos with your names? All you need is a unique ID, so there’s a huge problem.

While the data is stored locally, there are questions about whether it could be backed up elsewhere, he said, or even stored on Microsoft’s cloud servers in the future.

Justin Lam, senior research analyst for information security at S&P Global Market Intelligence, said dealing with security and privacy risks is a common practice for companies and should not necessarily preclude the use of tools that benefit users and companies. “Enterprises face challenges in balancing user privacy, productivity, internal risk management, governance and compliance,” he said. “That said, they should also consider what cumulative increases in individual productivity can be achieved with tools like Recall and Copilot.”

Others, however, warned that companies should avoid using the feature altogether.

“While the ability to search usage history can save time and increase production, I believe the risk of using this feature is too great for small businesses,” said SonicWall’s McKee.

“First of all: If you can help it, don’t turn it on,” Forrester’s Pollard said. “I would like to see this eliminated through group policies if available. If the feature is activated at any time, I would also like the telemetry to tell me that it is activated so that I can find out whether the user intended to activate it or if an adversary did so as part of data collection.

According to Microsoft’s admin page, those who don’t want to use Recall can disable it using the “Disable snapshots in Windows” policy; this will also delete any snapshots already saved on your device.

“For enterprise customers, IT administrators can disable automatic snapshot saving via Group Policy or Mobile Device Management policies,” Microsoft announced on its support page.

Recall is in preview, so you can make changes before it becomes generally available.

Lam said Microsoft could improve the feature and reduce security and privacy concerns. He suggested that the Recall function could, for example, “forget” more recorded activities. “Can Recall limit its memories to a shorter time or a limited scope? What it may lose in accuracy, it gains in user trust,” he said.

Artificial intelligence capabilities in Windows may also be improved to the point where it will be possible to classify data recorded by Recall more effectively, he said. Windows Copilot can also provide “forced guidance,” predicting and prompting users when to stop screen recording completely.

For now, it’s hard to know how to use this feature safely, Pollard said. “This feature is a complete risk, and I can’t imagine any security or privacy controls would make me feel comfortable with enabling it on the system I use,” he said.