06-07-2024, 06:05 PM
News Microsoft Makes Windows Recall Opt-in, Encrypted in Response to Privacy Concerns
<p><img width="1024" height="581" src="https://thecyberexpress.com/wp-content/uploads/windows-recall-hello.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Microsoft Makes Windows Recall Opt-in, Encrypted in Response to Privacy Concerns" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/windows-recall-hello.webp 1024w, https://thecyberexpress.com/wp-content/u...0x170.webp 300w, https://thecyberexpress.com/wp-content/u...8x436.webp 768w, https://thecyberexpress.com/wp-content/u...0x340.webp 600w, https://thecyberexpress.com/wp-content/u...50x85.webp 150w, https://thecyberexpress.com/wp-content/u...0x426.webp 750w" sizes="(max-width: 1024px) 100vw, 1024px"></p>Microsoft is making changes to its planned Windows Recall feature in response to growing criticism over the lack of privacy and cybersecurity controls of the AI screen recording feature.
The Recall concerns began with the work of security researcher Kevin Beaumont, <a href="https://thecyberexpress.com/copilot-recall-cybersecurity/">first reported by The Cyber Express</a>, and grew to include <a href="https://thecyberexpress.com/totalrecall-tool-extracts-recall-data/">tools and demonstrations</a> of how easy it would be to hack Recall’s corresponding database of screenshotted user activity.
Recall, planned for Copilot+ PCs starting June 18, would have taken frequent screenshots of user activity with inadequate security controls and would have been turned on by default, raising concerns about the ability of hackers, domestic abusers and other malicious actors to access a trove of personal and financial data with ease.
<h2>Microsoft Announces Windows Recall Opt-in, Authentication, Encryption</h2>
In a <a href="https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/">blog post</a> today, Pavan Davuluri, Microsoft’s Corporate Vice President of Windows + Devices, said the company has heard those concerns.
“Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and <a class="wpil_keyword_link" title="security" href="https://thecyberexpress.com/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="4653">security</a> safeguards,” Davuluri wrote. “With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.”
The first change is to update the set-up experience of Copilot+ PCs “to give people a clearer choice to opt-in to saving snapshots using Recall,” Davuluri wrote. “If you don’t proactively choose to turn it on, it will be off by default.”
He provided a screenshot of what that opt-in screen will look like:
[caption id="attachment_75793" align="alignnone" width="300"]<img class="size-medium wp-image-75793" src="https://thecyberexpress.com/wp-content/uploads/Windows-Recall-Now-Optional-300x190.webp" alt="Windows Recall opt-in screen" width="300" height="190" /> Windows Recall opt-in screen (source: Microsoft)[/caption]
Enrollment in Windows Hello authentication will be required to enable Recall, he said, and “proof of presence is also required to view your timeline and search in Recall.”
Davuluri said Microsoft is also “adding additional layers of <a class="wpil_keyword_link" title="data" href="https://thecyberexpress.com/what-is-data/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="4655">data</a> protection including ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.”
“This gives an additional layer of protection to Recall data in addition to other default enabled Window Security features like SmartScreen and Defender which use advanced AI techniques to help prevent <a class="wpil_keyword_link" title="malware" href="https://thecyberexpress.com/what-is-malware/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="4654">malware</a> from accessing data like Recall,” he added.
<h2>Beaumont Skeptical of Planned Recall Changes</h2>
In a <a href="https://cyberplace.social/@GossiTheDog/112576331591866691">Mastodon post</a>, Beaumont said he’ll be skeptical of Microsoft’s planned changes until he sees the shipped product and can test it out.
“Obviously, I recommend you do not enable Recall, and you tell your family not to enable it too,” Beaumont said. “It’s still labelled Preview, and I’ll believe it is encrypted when I see it. There are obviously serious governance and security failures at Microsoft around how this played out that need to be investigated, and suggests they are not serious about AI safety.”
https://thecyberexpress.com/windows-reca...encrypted/
<p><img width="1024" height="581" src="https://thecyberexpress.com/wp-content/uploads/windows-recall-hello.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Microsoft Makes Windows Recall Opt-in, Encrypted in Response to Privacy Concerns" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/windows-recall-hello.webp 1024w, https://thecyberexpress.com/wp-content/u...0x170.webp 300w, https://thecyberexpress.com/wp-content/u...8x436.webp 768w, https://thecyberexpress.com/wp-content/u...0x340.webp 600w, https://thecyberexpress.com/wp-content/u...50x85.webp 150w, https://thecyberexpress.com/wp-content/u...0x426.webp 750w" sizes="(max-width: 1024px) 100vw, 1024px"></p>Microsoft is making changes to its planned Windows Recall feature in response to growing criticism over the lack of privacy and cybersecurity controls of the AI screen recording feature.
The Recall concerns began with the work of security researcher Kevin Beaumont, <a href="https://thecyberexpress.com/copilot-recall-cybersecurity/">first reported by The Cyber Express</a>, and grew to include <a href="https://thecyberexpress.com/totalrecall-tool-extracts-recall-data/">tools and demonstrations</a> of how easy it would be to hack Recall’s corresponding database of screenshotted user activity.
Recall, planned for Copilot+ PCs starting June 18, would have taken frequent screenshots of user activity with inadequate security controls and would have been turned on by default, raising concerns about the ability of hackers, domestic abusers and other malicious actors to access a trove of personal and financial data with ease.
<h2>Microsoft Announces Windows Recall Opt-in, Authentication, Encryption</h2>
In a <a href="https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/">blog post</a> today, Pavan Davuluri, Microsoft’s Corporate Vice President of Windows + Devices, said the company has heard those concerns.
“Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and <a class="wpil_keyword_link" title="security" href="https://thecyberexpress.com/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="4653">security</a> safeguards,” Davuluri wrote. “With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.”
The first change is to update the set-up experience of Copilot+ PCs “to give people a clearer choice to opt-in to saving snapshots using Recall,” Davuluri wrote. “If you don’t proactively choose to turn it on, it will be off by default.”
He provided a screenshot of what that opt-in screen will look like:
[caption id="attachment_75793" align="alignnone" width="300"]<img class="size-medium wp-image-75793" src="https://thecyberexpress.com/wp-content/uploads/Windows-Recall-Now-Optional-300x190.webp" alt="Windows Recall opt-in screen" width="300" height="190" /> Windows Recall opt-in screen (source: Microsoft)[/caption]
Enrollment in Windows Hello authentication will be required to enable Recall, he said, and “proof of presence is also required to view your timeline and search in Recall.”
Davuluri said Microsoft is also “adding additional layers of <a class="wpil_keyword_link" title="data" href="https://thecyberexpress.com/what-is-data/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="4655">data</a> protection including ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.”
“This gives an additional layer of protection to Recall data in addition to other default enabled Window Security features like SmartScreen and Defender which use advanced AI techniques to help prevent <a class="wpil_keyword_link" title="malware" href="https://thecyberexpress.com/what-is-malware/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="4654">malware</a> from accessing data like Recall,” he added.
<h2>Beaumont Skeptical of Planned Recall Changes</h2>
In a <a href="https://cyberplace.social/@GossiTheDog/112576331591866691">Mastodon post</a>, Beaumont said he’ll be skeptical of Microsoft’s planned changes until he sees the shipped product and can test it out.
“Obviously, I recommend you do not enable Recall, and you tell your family not to enable it too,” Beaumont said. “It’s still labelled Preview, and I’ll believe it is encrypted when I see it. There are obviously serious governance and security failures at Microsoft around how this played out that need to be investigated, and suggests they are not serious about AI safety.”
https://thecyberexpress.com/windows-reca...encrypted/