Microsoft Recall Feature: Privacy Nightmare or Game Changing AI? My Take on CoPilot+ PCs
What's up S'mores, I'm Shannon Morse! We need to have a chat about Microsoft's latest innovation: Copilot+ PCs, and a new feature called Recall! Over the last month, a lot has happened so let me catch you up.
Microsofts newest partner PCs and laptops are AI-powered game-changers. CoPilot is Microsofts AI assistant, letting you do tasks like text generation, perform common Windows tasks, and summarize information. CoPilot+ PCs have a special button to access CoPilot and are AI-focused machines. These laptops are supposed to integrate AI in a fluid way that makes it natural to use, but of course, this came with a series of privacy concerns, even though these partner laptops and PCs already started shipping in June.
If this video peaks your interest, I have a lot more about online security and privacy you can watch on my channel. Hit the subscribe button so my videos start showing up in your youtube feed, and keep an eye out for updates to this story because it’s definitely not over.
Are you subscribed? If you aren’t already, - it’s free to subscribe and is the easiest way to support my youtube channel!
And if you want access to some awesome perks and bonus content, patreon.com/ShannonMorse is the best way to keep these videos free and available on demand.
Enter Recall. Recall is a feature of CoPilot that takes automatic screenshots of your desktop every few seconds in the background without any explicit prompts or notifications. This feature is designed to tackle the everyday hassle of finding things on your PC. Instead of digging through folders or emails, Recall helps you access information based on relationships and associations, similar to how our brains work. It’s like having a photographic memory for your digital content. While this sounds incredibly convenient, it's important to consider privacy and data security aspects, as your personal information is indexed and stored locally on your device.
Microsoft explained that: “Recall will also enable you to open the snapshot in the original application in which it was created, and, as Recall is refined over time, it will open the actual source document, website or email in a screenshot.”
As soon as Recall was announced, myself as well as many others, had a gut feeling that something was wrong. The idea of an operating system screenshotting our desktop over and over in a way that was continuous and you might forget is happening, let alone the storage of this data could be insecure… Well, I was hesitant. And apparently, rightfully so.
The red flags were obvious. There are concerns about:
Data Security: Hackers or physical theft could expose sensitive information like your bank’s login credentials with the stored data.
Inadvertent Data Capture: Snapshots could unintentionally capture sensitive information, like passwords or private communications, which poses a significant risk.
User Consent and Control: Although users can control and delete these snapshots, there is a concern whether users fully understand the implications of this feature, and if they truly have meaningful control (or sharing consent) over their data.
Microsoft did say that the screenshots are stored locally, protected with Bitlocker and encryption, they aren’t sent to Microsoft for ad targeting, and they’re only available to the person signed in. Users could also prevent screenshots when using certain apps. But it doesn’t cloak anything that your physical eyeballs could see, so it’s kind of like your PC has this Eye of Sauron that has the ability to see almost everything happening in Middle Earth, except Middle Earth is your computer. Yikes.
Because of the concerns, The UK Watchdog called the Information Commissioner’s Office made enquiries with Microsoft to better understand safeguards in place.
But at this point, it was such a concerning topic that - what do ethical hackers do? - of course, they build proof of concept hacks to prove a point!
Researchers have discovered that this feature, meant to make finding files easier, can be exploited by hackers to access your entire PC history. Initially, the only safeguard was that accessing Recall’s data required administrator privileges. But now, security researcher James Forshaw has revealed that even this barrier can be easily bypassed.
Forshaw demonstrated two techniques to access Recall data without needing admin privileges, essentially stripping away its security. One method involves impersonating a Windows program to access restricted data, while the other simply rewrites access control lists, giving hackers full access with user-level privileges.
Cybersecurity strategist Alex Hagenah even built a tool called TotalRecall to show how easy it is for hackers to siphon off user history recorded by Recall. Forshaw’s new technique means hackers don’t even need to escalate privileges, making it even easier to exploit.
This revelation left security experts concerned, describing Recall as a pre-installed spyware ready to be exploited. This happened right before the first CoPilot+ PCs were planned to ship.
So with all the concerns around Recall, Microsoft finally decided to change its approach. Instead of releasing Recall to all Copilot+ owners on June 18, they’re now rolling it out through the Windows Insider program first. This program lets users test early versions of Windows updates and provide feedback.
Pavan Davuluri, Microsoft’s Corporate Vice President for Windows and Devices, explained the shift in a blog post. He said, “We are adjusting the release model for Recall to leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security. This decision is rooted in our commitment to providing a trusted, secure and robust experience for all customers and to seek additional feedback prior to making the feature available to all Copilot+ PC users.”
So, what does this mean for you? Microsoft still plans to release Recall to all Copilot+ users “soon,” but no one knows exactly when that will be.
So here’s my opinion. I’m grateful that we have cybersecurity researchers who get those gut feelings about new tech and immediately go into reverse engineering mode and try to figure out if there’s a way to get access to data, by passing security measures. Because that’s exactly how a malicious actor would gain access - that’s exactly how they would think. I don’t think Recall is necessary, it seems like a convenient way to collect data and search, but in this case, it’s a great example of sacrificing privacy for convenience. There’s a reason why many banking or financial apps on your phone to not allow screenshots by default - paypal is one of those on android - and it’s to protect your data. So if this app is conveniently screenshotting your display but not doing anything to censor sensitive data, then that’s a reason for concern.
I would not be miffed at all if Microsoft just decided to nix the whole Recall idea - I don’t think CoPilot needs it to succeed - and we consumers have gotten pretty good at bookmarking, note taking, or manually screenshotting in order to remember things for later. Even if these options aren’t as intelligent - they certainly work. And they give users full control over what is being saved versus everything.
I can see an accessibility use case for it - recall can help for folks with memory loss issues - but even then, it should be crystal clear how and where this data is saved.
Is Recall something you’d use? Spill some tea below, I’d love to know your opinion on the subject. Bye yall!
References
https://blogs.microsoft.com/blog/2024/05/20/introducing-copilot-pcs/
https://copilot.microsoft.com/
https://www.bbc.com/news/articles/cpwwqp6nx14o
https://www.wired.com/story/microsoft-windows-recall-privilege-escalation/
https://www.tiraniddo.dev/2024/06/working-your-way-around-acl.html
https://www.helpnetsecurity.com/2024/06/05/totalrecall-windows-recall-abuse/
https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/
https://www.pcgamer.com/software/operating-systems/microsoft-chickens-out-of-rolling-out-recall-to-all-copilot-pcs-choosing-instead-to-push-the-all-seeing-ai-tool-out-to-windows-insiders-first/
https://www.xda-developers.com/microsofts-recall-delayed-indefinitely/
