Microsoft's new AI tool Recall faces backlash over security threats, labeled 'disastrous'
Just a few weeks ago, Microsoft announced the launch of a controversial new AI feature called "Recall" for its next "Copilot+ PCs", which continuously takes screenshots of user activities and creates a searchable database, allowing users to look up any action performed on their computer, extending beyond just browser history. Despite the company's assurances that the feature was completely secure and private, cybersecurity experts have recently heavily criticized Recall, citing significant security vulnerabilities.
Kevin Beaumont, a former Senior Threat Intelligence Analyst at Microsoft, highlighted that Recall facilitates easy data theft with minimal coding. The feature stores nearly all user activities, including sensitive information like passwords and financial details, and retains deleted data from emails and messaging apps like WhatsApp, or any website you've visited on any browser. The UK's Information Commissioner's Office (ICO) has also initiated an investigation into Recall's security implications.
Recall's organization by application makes it convenient for hackers to locate and steal sensitive data. Although Microsoft initially claimed Recall's history was encrypted, Beaumont pointed out that the data becomes decrypted and accessible once logged in. Originally, Microsoft planned to have Recall enabled by default, raising major privacy concerns.
In response to the backlash, Microsoft has recently opted to make Recall an opt-in feature during Windows 11 installation setup, and to mandate user authentication through Windows Hello. Additional security measures include "just in time" decryption and encryption of the search index database, accessible only upon user authentication. However, it remains to be asked if you guys think these measures are sufficient to entrust your confidence and sensitive information into the hands of Microsoft?
- Operating System
- Paid • Proprietary
Related news
External links
- Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.Kevin Beaumont on Medium
- Kevin Beaumont's Thread on X@GossiTheDog on X
- A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel's backWindows Central
- Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earnedArs Technica
- 'Disaster': Ex-Microsoft security expert torches Windows' new 'Recall' featureMashable
- Microsoft Will Switch Off Recall by Default After Security Backlash WIRED
- Update on the Recall preview feature for Copilot+ PCsWindows Experience Blog • Official source
Comments
I wished Linux wasn't such a hassle at times. Can't play as many games as on PC or use a couple of software products like Adobe. If I could run the same stuff on Linux as on Windows, I would've switched a long time ago.
Remember when OneDrive was not mandatory, and users could trust the data was private? Now you can't even uninstall it without being a power user and knowing the tricks. And they have plenty of access to all your files, and they are scanned over and over by AI apps to make sure you're not doing anything shady. Remember when Edge was not mandatory? Ask the average person if they can remove it. You basically need a custom Windows OS to actually remove it. Remember when .... etc, etc, etc.
Remember when Windows had a backup function? Now you can only use OneDrive to back up Windows. Restore points are not the same.
Remember when Google advertised their Pixel 8 as having all those AI functions, only to find out a lot of it was cloud-based AI?
Remember when your images in Adobe Photoshop were your property? And look at what they're doing now.
Point: Big Tech will violate your privacy whenever it's profitable to them. It's called greed.
We usually get what we pay for.
Windows LTSC ftw.
Linux is great, but not for the average user. Windows and Mac are both inherently more secure systems. You just have to limit a lot of software on stock Windows if you don't want all the telemetry sent. And that means crippling some features like Windows Defender if you want to satisfy that requirement completely.
But even then, you aren't getting anonymity, so you have to consider what you really want in terms of privacy. For anonymity, you will at least need a new instance (like Tails or VM) every time you log in (to circumvent fingerprinting), and static VPS IPs (one for each static identity for banking and the like) to obfuscate your normal usage of shared IPs.
You ever wonder why I’m switching to Mac? That’s why…
(Although Apple isn’t that much better as a company, their OS isn’t as much of a nightmare in terms of forced, useless, and privacy-depriving features to my knowledge)
Now I know that I can just use Linux, but not a single free email client and/or backend can be used to connect my locked-down school email…
Better poison than Windows.
As far as the email issue is concerned, that's not a Linux issue. That's a government and school issue. Forcing students and teachers to fund and rely on billionaire companies rather than using something that is accessible to all.
That's disturbing how people feel almost guilty for not using Linux. Just use whatever you want.
Mac is fine if you don't game, don't want large arrays of custom hardware, don't want easy customization of everything, small fixes for any problem like multi-monitor support (due to a huge array of 3rd party firmwares, softwares, etc), or need most niche industry software.
The feature is not mandatory and if you don't trust MS the telemetry and other data collection can easily be blocked or disabled, e.g. with privacy.sexy. IMO people are getting their knickers in a twist over wrong things, considering all that's happening in the world.
And as for Linux, it's still a buggy mess with mostly crappy software support. No Foobar2000, Aimp, Ableton, Adobe stuff, Total Commander, Jdownloader, and the alternatives are just garbage. It's fine if you're a coder, or using a computer just for browsing the intertnet. For music production or any other sophisticated creative work Linux distros are just a pathway to suffering.
An example of when people are so against something that they spread false information without doing even the slightest bit of research first.
*Linux is WAY less buggy than the last time you checked (if you ever did, because this seems like you are just echoing what someone else has said). *Foobar2000 - Fooyin *Adobe stuff - Can you actually opt-out of Adobe's data collection? No you cannot. If you are someone with an art style, you should not use Adobe stuff! You've spoken like someone who really doesn't know anything about what they are talking about. *Total Commander -
Total Commander... You are literally on a site that shows alternatives... Just wow!
*Jdownloader - Available on Linux https://alternativeto.net/browse/search/?q=jdownloader... Again, just wow!
*Music production - Go to Ableton's alternativeto page and filer by Linux, then apologise to yourself for allowing someone else's feelings toward Linux make you talk all this nonsense.
For an added bonus, since you like proprietary software so much, also filter Ableton's alternatives by "paid".
When I checked Total Commander's Linux alternatives a couple of years ago, all of them didn't have a half of major TC's features, such as quick file filter, or custom colored files depending on various attributes. I never said there's no analogous software, my claim is they're underwhelming, lol... And as for buggyness and research, here's a video of a Linux proponent, using it as his main OS https://youtu.be/tcQRVOMGXrk The guy literally doesn't use any desktop environment, because of bugs and/or how something always gets broken after some updates. And his whole setup is a heavily modified distro, which took him god knows how much time to tweak and set up. If you don't have anything better to do with your life then be my guest, I'd rather use Windows with some blocked functionality, and do something actually useful and productive
TL;DR: Linux YouTubers usually don't know what they are doing; Linux users modify their installation because they can, not because they need to; You proved my point that you really don't know what you are talking about.
Something you don't know about the Linux community: The guys who typically make videos are usually intermediates who really don't know what they are doing or talking about. I see some of them having trouble during installation, not because it's difficult, but because they don't know they need to click a checkbox that is right in front of them. They are only good for spreading the word that Linux exists, and nothing more. At least, this is true for the bigger channels. The smaller channels usually know what they are doing and saying, but it usually just doesn't look as exciting as the big ones make it look. If it wasn't clear, that channel is one of those guys.
As far as modification is concerned, Linux users usually modify their systems heavily not because they need to, but because they can. It is a feature built into Linux that Mac and Windows has many limitations on — think iPhone vs Android. On Windows, you need to install an unofficial hack (rainmeter), and on Mac, I doubt there is any such option. With Linux, you can make your desktop look like anything you want from the start. There's a YT channel — LinuxScoop — that often modifies desktops to look like Mac or Windows, and there is a Linux distro — Zorin OS — with both Mac and Windows desktop layouts built-in with the click of a button.
Lastly, I noticed you only addressed the Total Commander section of my response, and you stated that you checked a couple years ago... Thanks for proving my point. Linux has made strides in the last few years thanks to the increase in usage of Blender and Steam adopting Arch Linux as their base OS for Steam OS and Steam Decks.
If you want to keep funding companies who will eventually and are currently stabbing their users in the back, go ahead.
How microsoft is stabbing their users? I saw some accusations and buzz words thrown around but not much arguments. From what i saw their biggest sin is the advertising ID; other data collected is technical and supposed to be used for improving the OS, and all that can be disabled, even without any hacks and messing with the registry. Or am I supposed to ditch an OS that I'm 95% of the time comfortable using, because of one questionable and not mandatory feature they've come up with? At what point does the stabbing occurs, exactly?
You can run whatever OS you choose. Frankly, nobody cares. You really should stop spouting the same tired old misinformation about Linux, though. It's obvious that you know little to nothing about it. And, if you think M$ has implemented only ONE questionable feature, you're either a shill or don't know much about Windows either.
So in other words, you don't have an argument. You've just assumed a bunch of stuff and looking for opportunities to drama queen about it. And you're the one spouting misinformation, I actually referenced a video of a guy using linux as his main OS for 5 years, to which your response was "these youtubers are usually intermediate jokers" (even though clearly he's more of an advanced side if he's running linux without a DE and writes his own c++ scripts to tweak it).
So, in other words, you're just parroting hearsay from some jackass on Youtube. I have actually been running Linux full time since 2018, so what would I know.....
I could see the writing on the wall when Winturd 10 came out with it's added data collection, intrusive nonsense, and removal of user control. So instead of "upgrading" from 7 to 10, I jumped ship and have been running Linux full time ever since. I didn't trust M$ then, and there's no way in hell I'd trust them now with their current dystopian BS.
I'm on Linux. Uninstalled Windows in 2021. Trust Microsoft? Ha! 🤣
By uninstalled I mean nuked, wiped, cleaned, disinfected, and purged.