Addressing Concerns: Microsoft Switches Recall to Opt-In Feature
After facing criticism from cybersecurity experts, Microsoft is taking steps to address concerns surrounding its new AI-powered computer history-saving feature, Recall. In a recent update, Microsoft announced that Recall will now be an opt-in feature instead of being enabled by default. This change comes in response to the backlash received by the company.
Recall, one of the AI-powered features introduced by Microsoft for Windows, captures constant screenshots in the background while a user operates their device. These screenshots are then analyzed by Microsoft’s AI, creating a searchable archive of the user’s activity history, including visited websites and typed information.
However, cybersecurity experts raised alarm about Recall, highlighting the potential risks associated with storing sensitive data. Former Microsoft threat analyst, who had firsthand experience with Recall, described it as a “disaster”. It was discovered that Recall saves nearly everything, including text passwords, sensitive financial information, and private browsing history from Google Chrome. Moreover, this data is stored in a database that can be easily accessed by malicious actors who gain control of a user’s device.
To address these concerns, Microsoft has made Recall an opt-in feature. Users will now have to proactively choose to enable the feature, ensuring they are fully aware of the implications. This change will prevent users from unknowingly having their activity history saved in the background without their consent.
In addition to making Recall opt-in, Microsoft is implementing other security measures. To enable Recall, users will need to enroll in Windows Hello, a security feature that requires facial recognition, fingerprint, or PIN authentication. The same authentication will be required to access or search through the Recall history timeline. Microsoft is also adding additional layers of data protection, such as encrypting the search index database and ensuring that Recall snapshots are only decrypted and accessible after user authentication.
Microsoft’s blog post on the Recall security update emphasizes the existing security provisions built into the feature, such as the local storage of screenshots and the presence of a Recall icon on the taskbar. However, these measures may have gone unnoticed by users if Recall had been enabled by default. The new opt-in option aims to make it clear to users that they are consenting to the functionality of Recall.
By making Recall an opt-in feature and implementing additional security measures, Microsoft is addressing the concerns raised by cybersecurity experts. Users will now have greater control over their data and can make an informed decision about whether or not to enable Recall. These changes demonstrate Microsoft’s commitment to enhancing user privacy and data protection.
