Microsoft has responded to mounting criticism surrounding its Windows Recall feature by announcing updates to address privacy and cybersecurity concerns. The initial backlash stemmed from the findings of security researcher Kevin Beaumont, detailed in a report by The Cyber Express, which revealed potential vulnerabilities in Recall’s screen recording database.
Scheduled for release on June 18, Recall was set to capture screenshots of user activity without adequate security measures, leaving users vulnerable to exploitation by hackers and malicious actors. The default activation of the feature raised alarms about the risk of unauthorized access to sensitive personal and financial data.
In a recent blog post, Pavan Davuluri, Microsoft’s Corporate Vice President of Windows + Devices, acknowledged the feedback and outlined changes to enhance privacy and security in Recall. The first update involves modifying the setup process for Copilot+ PCs to offer users a clear choice to opt-in to Recall’s snapshot-saving feature. By default, Recall will be disabled unless users actively choose to enable it.
Moreover, users will be required to enroll in Windows Hello authentication to activate Recall, with proof of presence necessary to access the captured data. Microsoft is also implementing additional layers of data protection, including “just in time” decryption secured by Windows Hello Enhanced Sign-in Security and encryption of the search index database. These measures aim to safeguard Recall data and prevent unauthorized access by malware or other threats.
Despite these planned changes, Kevin Beaumont remains skeptical and advises against enabling Recall until the updated version is tested and proven secure. He emphasizes the importance of caution and suggests that Microsoft’s handling of the Recall feature raises concerns about governance and security practices in the realm of AI technology.
Overall, Microsoft’s response to the criticism surrounding Windows Recall demonstrates a commitment to addressing user privacy and security concerns. The company’s proactive approach to enhancing Recall’s features and implementing additional safeguards signifies a step in the right direction towards ensuring the safe and responsible use of AI technology. However, continued scrutiny and testing will be essential to verify the effectiveness of these changes and reassure users of the feature’s reliability and integrity.