When asked about Windows Recall privacy concerns, Microsoft researcher gives non-answer (updated)

midian182

midian182

Posts: 9,857   +125
Staff member
A hot potato: Microsoft's Recall feature is being universally slammed for the privacy implications that come from screenshotting everything you do on a computer. However, at least one person seems to think the concerns are overblown. Unsurprisingly, it's Microsoft Research's chief scientist, who didn't really give an answer when asked about Recall's negative points.

Update: Following some backlash and criticism regarding the security of the new Windows Recall feature in upcoming Copilot+ PCs, Microsoft has revised their stance on how it plans to implement it.

First is that Recall will be opt-in only, meaning it will off by default (Microsoft had planned for the opposite). Windows Hello enrollment will be mandatory for enabling Recall and with that "just in time" decryption of data, ensuring Recall snapshots are only decrypted and accessible upon user authentication. The search index database will also be encrypted for added security – honestly it should have never been any other way.

Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards. With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.

The original story follows below:

Microsoft made a big deal of Recall, one of the main features that will launch with the new Copilot+ PCs. It works by constantly taking screenshots of everything you do on a computer, presenting users with a scrollable timeline of past activity. The idea is that users can easily find something they'd been previously working on/looking at, thanks to the power of AI.

While Microsoft said all Recall data stays local and private on a PC, and users can pause or delete logging, it did admit that it won't hide sensitive data such as passwords or payment details.

Earlier this week, security researcher Kevin Beaumont warned that Recall has security gaps "you can drive a plane through" as the OCR (optical character recognition) data for each snapshot is stored in a plaintext SQLite database file.

Jaime Teevan, chief scientist and technical fellow at Microsoft Research, doesn't seem very concerned about the security implications of Recall. In an interview at an AI conference (via The Reg), Erik Brynjolfsson, director of the Stanford Digital Economy Lab, highlighted the backlash against Recall and the privacy challenges around the feature when it was announced.

Brynjolfsson asked Teevan to talk about the pluses and minuses of Recall and some of the risks it creates. The answer wasn't exactly reassuring.

"Yeah, and so it's a great question, Erik. This has come up throughout the morning as well – the importance of data. And this AI revolution that we're in right now is really changing the way we understand data," Teevan said.

After talking about Microsoft helping businesses manage their data, Teevan said, "And as individuals too, we have important data, the data that we interact with all the time, and there's an opportunity to start thinking about how to do that and to start thinking about what it means to be able to capture and use that. But of course, we are rethinking what data means and how we use it, how we value it, how it gets used."

So, not actually addressing Recall's security issues at all, then. Teevan did reiterate that nothing the feature captures goes into the cloud, but she gave no new information that might assuage users' concerns.

Last month brought news that a Windows enthusiast had managed to get Recall running on a laptop powered by an older Arm-based CPU – I.e., one without an NPU.

Permalink to story:

When asked about Windows Recall privacy concerns, Microsoft researcher gives non-answer (updated)

 
Considering the size and importance of big Tech to our everyday lives, it would certainly seem it's time for some significant Federal Regulations on it's operation, openness, and disclosure of information on demand. Otherwise we will find our freedom's more directly affected by the sheer whims of these companies .....
 
  • Like
Reactions: WestleyTDPR, Theinsanegamer and seeprime
Forensics experts can already harvest huge amount of all kinds of clues from someone's computer or a phone. It would just get a bit easier with recall. They had something like that in black mirror, didnt they? Where your eyes could record every second of your life.
 
Uncle Al said:
Considering the size and importance of big Tech to our everyday lives, it would certainly seem it's time for some significant Federal Regulations on it's operation, openness, and disclosure of information on demand. Otherwise we will find our freedom's more directly affected by the sheer whims of these companies .....
Click to expand...
California already has regulations on data collection. Fed needs to catch up.
 
  • Like
Reactions: Uncle Al and WestleyTDPR
toooooot said:
Forensics experts can already harvest huge amount of all kinds of clues from someone's computer or a phone. It would just get a bit easier with recall. They had something like that in black mirror, didnt they? Where your eyes could record every second of your life.
Click to expand...
I think this is basically what Microsoft is thinking. This kind of data is already easy to collect/is collected by other various apps and trackers on a phone or PC, so why not use that data locally for something useful.

They still need to be more transparent about how it deals with sensitive information like passwords and payment info. One would hope it doesn't save that information at all, or can be configured not to. No one is going to be welcoming to the idea of AI storing their passwords and payment info in a big log file somewhere. Even if it couldn't be accessed remotely, what happens when someone takes their PC to a repair shop? Are they basically handing over a list of all their payment info to a stranger along with it? Thats the kind of thing that would concern the average person.
 
Well, now we know who didn't read Satya Nadella's memo, just their "Chief Scientist".

"If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security. In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems. This is key to advancing both our platform quality and capability such that we can protect the digital estates of our customers and build a safer world for all."
https://www.theverge.com/24148033/satya-nadella-microsoft-security-memo
 
human7 said:
Well, now we know who didn't read Satya Nadella's memo, just their "Chief Scientist".

"If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security. In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems. This is key to advancing both our platform quality and capability such that we can protect the digital estates of our customers and build a safer world for all."
https://www.theverge.com/24148033/satya-nadella-microsoft-security-memo
Click to expand...
they have taken (out) recall's security "very seriously"
how could we let 40 tops npu unused anyway
 
It stores all your activity locally? How big a cut of HDD and SSD makers' profits does Micro$$$$$$$$$$$$oft take?
As for security, remember Hunter Biden's laptop?
 
zamroni111 said:
they have taken (out) recall's security "very seriously"
how could we let 40 tops npu unused anyway
Click to expand...
On a separate note, perhaps us gamers might be able to benefit from NPUs, either for power savings or for increased performance (if the software would work for it, which is not a trivial thing at all).
www.tomshardware.com

PowerColor's new tech uses the NPU to reduce gaming power usage — vendor-provided benchmarks show up to 22.4% lower power consumption

Gamers may have a reason to care about NPUs now.
www.tomshardware.com www.tomshardware.com
 
This awful concept of stealing your 'data' (aka your private life, thoughts and interests) and selling it to anybody who comes with a chequebook, which Google pioneered, has become a poison in modern technology. Microsoft have no intention of leaving all that information un-mined on your hard drive. They will, by slow degrees and subtle policy shifts and changes and accidental loopholes borrow more and more from Recall and monetize it. If you look at the OS in the last 5 years it has become less and less an OS for users and more and more a tool for privacy theft.
 
Quote from article:

"Jaime Teevan, chief scientist and technical fellow at Microsoft Research, doesn't seem very concerned about the security implications of Recall."

That really does say it all.
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Researcher says Microsoft's Windows Recall has security gaps "you can fly a plane through"
Replies
17
Views
137
poshflamingos
poshflamingos
D
OpenRecall is a free and open source alternative to Microsoft's Recall feature
Replies
10
Views
75
James Ryan
J
D
Unofficial app enables Windows Recall on unsupported PCs
Replies
6
Views
75
ZedRM
ZedRM

Latest posts

Back