Microsoft delays Windows Recall, its AI-powered feature designed to capture and analyze screenshots of active windows on a PC, due to privacy and security concerns raised by experts.
The feature, initially set for public preview on June 18th, will now undergo further testing within the Windows Insider Program (WIP) before being made available to Copilot+ PC users.
Why did Microsoft postpone the Recall?
Microsoft delays Windows Recall due to the feature’s potential privacy and security risks. The feature works by taking screenshots of every active window on your PC at regular intervals, and then using an on-device AI model to extract and analyze information from these screenshots. This data is stored in a SQLite database, allowing users to search for past information using natural language.
While Microsoft had assured users that all data processed by Recall would remain on the device and not be sent to the cloud, concerns were raised about the potential for unauthorized access to sensitive information. Security experts pointed out that Bitlocker, the encryption used by Windows Recall, automatically decrypts the drive contents upon user login, making it vulnerable to malware and individuals with physical access to the device.
Concerns raised and subsequent actions
Microsoft delays Windows Recall as a direct response to concerns raised by cybersecurity experts like Kevin Beaumont.
Beaumont demonstrated how existing malware could be modified to steal Windows Recall databases and screenshots, highlighting the feature’s potential for data theft. Microsoft, in response, announced on June 7th that they would make Windows Recall an opt-in feature and encrypt the database until a user authenticates with Windows Hello.
Thank you to all the privacy and security people who stood up on this one, and the home customers who clearly rejected the feature from the outset.
I know there’s a whole bunch of people inside MS who think their customers are stupid, but the reality is: we aren’t.
— Kevin Beaumont (@GossiTheDog) June 14, 2024
This update follows a series of events that have put Microsoft’s security practices under scrutiny. A ProPublica report highlighted how the company prioritized revenue over security, and Microsoft President Brad Smith met with the US Congress to discuss recent security failures.
These incidents, coupled with the privacy concerns surrounding Windows Recall, have led to a loss of trust in Microsoft’s ability to safeguard user data.
So, what now?
Microsoft is indicating a commitment to addressing the privacy and security concerns raised by experts and users with this move.
The company has stated that it will implement additional security measures, although the specifics of these measures remain unclear.
Turns out NPUs weren’t that revolutionary, at least for Windows Recall
The delay will allow Microsoft to gather further feedback from the WIP community and ensure that the feature meets their high standards for quality and security before making it widely available.
The road ahead for Windows Recall remains uncertain. However, by taking the time to thoroughly test and secure the feature, Microsoft can regain the trust of its users and ensure that Windows Recall, when released, is a valuable tool that enhances productivity without compromising privacy or security.
Featured image credit: Microsoft