Microsoft Reconsiders Windows Recall Release Amidst Privacy Concerns

After much hype and the subsequent negative attention due to privacy concerns, Microsoft Recall planned release now experiences some modifications. Instead of a public preview as planned, it will now arrive as Windows Insider Program preview.

Microsoft Changes Recall Release Plans As Experts Raise Privacy Concerns

Through a recent post, Pavan Davuluri (Corporate VP, Windows + Devices) shared an update on the release plans for Windows Recall. As disclosed, the tech giant has reverted its decision to roll out the new feature in the coming days following significant backlash over security problems.

Microsoft first unveiled “Recall” earlier in May 2024 as an AI-powered memorizing tool that helps users literally recall anything at any time. Explaining its features, Microsoft stated that the tool facilitates users when looking up any files or recent activity. It takes screenshots on users’ devices every five seconds, preparing a comprehensive log of almost every user activity. Thus, if a user simply wants to recall a previous activity, asking Recall can help immediately.

While it sounds convenient, the security community raised concerns over the inclusive user logging via Recall. Some researchers even demonstrated how an adversary may exfiltrate all Recall screenshots, breaching the target user’s security.

Although Microsoft explained that the data remains secured via encryption and is stored locally on the device, with the user having full control over the feature’s activity and stored snapshots, it seems it didn’t help much. And finally, Microsoft had to make changes to the Recall release, explaining how it addressed customers’ feedback to strengthen Recall security.

First, Microsoft plans to release Recall as an opt-in feature to Copilot+ PCs, turned off by default. Second, users need to use Windows Hello to enable Recall, alongside providing proof of presence for further search. Lastly, Recall will feature “just in time” decryption that only decrypts stored data (encrypted snapshots) following user authentication. Moreover, encryption will also apply to the search index database.

Regarding the release, Microsoft plans to roll out Recall as a Windows Insider Program preview on June 18, 2024, pledging public availability afterward.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients

1 comment

Elena Thomas June 28, 2024 - 7:17 pm
Microsoft's updated release plans in response to privacy concerns raised by experts highlight ongoing challenges in balancing security and user privacy.

Comments are closed.

Add Comment