13.2 C
Casper
Friday, October 11, 2024

Microsoft Updates Controversial AI Recall Feature Over Privacy Concerns

Must read

Blamed for being spyware, Microsoft scraps default activation of its screen-grabbing AI feature “Recall.” Users will now have to opt-in for the controversial memory aid tool.

Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)- powered Recall feature by default and make it an opt-in feature.

Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an “explorable visual timeline” by capturing screenshots of what appears on users’ screens every five seconds, which are subsequently analyzed and parsed to surface relevant information.

But the feature, meant to serve as some sort of AI-enabled photographic memory, was met with instantaneous backlash from the security and privacy community. The community excoriated the company for not having thought through enough and implementing adequate safeguards that could prevent malicious actors from easily gaining a window into a victim’s digital life.

The recorded information could include screenshots of documents, emails, or messages containing sensitive details that may have been deleted or shared temporarily using disappearing or self-destructing formats popular on instant messaging platforms.

WIRED’s Andy Greenberg called Recall an “unrequested, pre-installed spyware built into new Windows computers.” Windows Central reported that Microsoft was “overly secretive” about Windows Recall during development and chose not to test it publicly.

To counter the mounting barrage of criticism, Microsoft said users are in complete control of the entire Recall experience and that it launched the feature in preview to help gather customer feedback.

Among the substantial changes introduced to the feature are security updates and a new setup process to enable it. Users can also choose to entirely opt out of periodically saving screenshots using Recall.

The security changes also require users to enroll for Windows Hello biometric scanning to enable Recall, with proof of presence necessary to view the timeline and perform searches.

Besides encrypting the search index database (previously stored in an unencrypted SQLite database), the tech giant noted that Recall snapshots will only be decrypted and accessible upon user authentication.

“Copilot+ PCs will launch with ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates,” Pavan Davuluri, Microsoft’s corporate vice president for Windows + Devices, said.

“This gives an additional layer of protection to Recall data in addition to other default enabled Window Security features like SmartScreen and Defender, which use advanced AI techniques to help prevent malware from accessing data like Recall.”

Redmond further reiterated that Recall snapshots are stored and processed locally on the device and are not shared with other companies or applications. It also said users can pause, filter, and delete what’s saved anytime.

For users on managed work devices within enterprise environments, IT administrators have the control to disable Recall, although they cannot enable it themselves. Microsoft emphasized that the choice is solely left to the users.

“You’ll see Recall pinned to the taskbar when you reach your desktop,” Davuluri said. “You’ll have a Recall snapshot icon on the system tray letting you know when Windows saves snapshots.”

“Turns out speaking out works,” security researcher Kevin Beaumont, a vocal critic of Recall’s original implementation, said. “There are going to be devils in the details – potentially big ones – but there’s some good elements here. Microsoft needs to commit to not trying to sneak users to enable it in the future.”

“I think overall having a choice around opting in on home systems will save a lot of people security problems further down the line. It never should have been enabled by default.”

Also Read: Sudhakar Ramakrishna on Innovation, Adaptation, and Future Vision

Microsoft’s course reversal comes amid a series of security debacles the company has faced in recent years at the hands of Russian and Chinese nation-state actors. These debacles have prompted the company to prioritize security above all else as part of its Secure Future Initiative (SFI).

“If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security,” Microsoft CEO Satya Nadella said in a memo issued to his employees last month. “In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”

More articles

Latest posts