Microsoft’s introduction of the Recall feature on its new Copilot+ PCs has sparked significant controversy due to privacy and security concerns.
Recall, a tool designed to enhance user productivity by taking continuous snapshots of the screen, is being heavily criticized on social media, user discussions, blog posts, and YouTube videos for potentially undermining user privacy and increasing security risks.
Recall and how it works
Recall is a feature on Microsoft’s new Copilot+ PCs that takes screenshots of everything displayed on the user’s screen in regular time intervals. These snapshots are stored locally and can be accessed by users to find and revisit past activities across various applications and websites.
The idea is to provide a virtual photographic memory, helping users quickly locate information without remembering exact file locations or browsing histories. Snapshots are taken every five seconds and are organized based on relationships and associations unique to the user’s experiences.
Microsoft emphasizes that Recall’s data processing and storage are entirely local to the device, ensuring that snapshots do not leave the user’s PC. The company claims that users have full control over their data, with options to delete individual snapshots, adjust time ranges, or pause the feature entirely. Users can also filter specific apps and websites from being recorded, so there are options that provide an additional layer of privacy control.
Severe criticism
Despite Microsoft’s assurances, critics argue that Recall poses significant risks. Kevin Beaumont, a cybersecurity researcher, highlights the potential dangers in a write-up on his personal blog. He points out that, while the snapshots are stored locally, they could still be accessed by malicious actors if a device is compromised.
Beaumont draws parallels to the way infostealer malware currently operates, which already targets locally stored data such as browser credentials. He warns that Recall could provide an even richer target with a database of indexed screenshots that include sensitive information like passwords and financial data.
The introduction of such a controversial feature and the resulting backlash from the public have prompted responses from regulatory bodies, too.
The UK’s Information Commissioner’s Office (ICO) stated: “We expect organizations to be transparent with users about how their data is being used and only process personal data to the extent that it is necessary to achieve a specific purpose.”
“Industry must consider data protection from the outset and rigorously assess and mitigate risks to people’s rights and freedoms before bringing products to market. We are making inquiries with Microsoft to understand the safeguards in place to protect user privacy.”
User concerns can be summarized in the following three main points:
- Recall captures all screen content, including sensitive information such as passwords, financial details, and private communications, which could be exposed if the device is compromised.
- If malicious actors gain access to a system, they could retrieve months’ worth of snapshots, providing detailed insight into user activities.
- While Microsoft claims users have control over their data, the complexity of managing these settings and the potential for lapses in capturing unwanted data remain significant concerns.
What to do about Recall
The Recall feature on Microsoft’s Copilot+ PCs is set to be available starting June 18, 2024, so no Windows installations currently have this system active. After that date, people using eligible devices can take the following steps to minimize the intrusiveness of this new system:
- Turn off the snapshot-saving feature entirely through the Windows settings. This can be done by navigating to Settings > Privacy & Security > Recall & Snapshots and adjusting the relevant settings.
- Periodically review and delete snapshots, especially those containing sensitive information.
- Utilize the filtering options to prevent Recall from recording specific apps and websites.
For organizations, it is advisable to configure policies that disable Recall or limit its functionality until comprehensive risk assessments are conducted. IT administrators can use the Turn-off saving snapshots for Windows policy to manage these settings across enterprise devices. More information on how to do that can be found here.
While Microsoft maintains that the new Recall feature aims to enhance user productivity by providing a powerful memory aid, it undoubtedly introduces substantial privacy and security risks. Users and organizations must weigh these risks carefully and take proactive steps to protect their sensitive information, even considering migration to alternative OS options. As regulatory bodies announce investigations into the safeguards, it remains to be seen how Microsoft will address peoples’ rightful concerns and balance innovation with security.