Microsoft’s Windows Recall feature is attracting controversy before even venturing out of preview.
Microsoft said in its FAQs that its snapshotting feature will vacuum up sensitive information: “Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”
Mozilla’s Chief Product Officer Steve Teixeira told The Register: "Mozilla is concerned about Windows Recall. From a browser perspective, some data should be saved, and some shouldn’t.
Jake Moore, Global Cybersecurity Advisor at ESET, noted that while the feature is not on by default, its use “opens up another avenue for criminals to attack.”
Moore warned that “users should be mindful of allowing any content to be analysed by AI algorithms for a better experience.”
Cybersecurity expert Kevin Beaumont was scathing in his assessment of the technology, writing: “In essence, a keylogger is being baked into Windows as a feature.”
AI expert Gary Marcus was blunter: “F^ck that. I don’t want my computer to spy on everything I ever do.”
This is the best summary I could come up with:
The user can then scroll through the archive of snapshots to find what were doing some time back, or query an AI system to recall past screenshots by text.
The Windows 11 feature is supposed to eventually expand to allow users to pull up anything that happened recently on their Copilot+ PC and interact with or use it again, as the system logs all app activity, communications, and so on, as well as by-the-second screenshots, to local storage for search and retrieval.
The IT giant also says that for the relatively small number of users running its Edge browser – with a market share of just under 13 percent, according to Statcounter – InPrivate sessions won’t be snapped, nor will DRM content.
Other Chromium-based browsers can filter out private browsing activity but lose the ability to block sensitive websites (such as financial sites) from Recall.
Microsoft did not engage our cooperation on Recall, but we would have loved for that to be the case, which would have enabled us to partner on giving users true agency over their privacy, regardless of the browser they choose."
Industry must consider data protection from the outset and rigorously assess and mitigate risks to people’s rights and freedoms before bringing products to market.
The original article contains 1,057 words, the summary contains 209 words. Saved 80%. I’m a bot and I’m open source!
So currently only Edge users can filter what gets picked up by Recall by site, and Chromium users get private browsing mode blocked out of the box? In the article, the Mozilla rep they interviewed says that Microsoft didn’t reach out to them or hasn’t made available any documentation on how to get non chromium browsers to pick what gets included in Recall.
Even if this is something thats off by default and is encrypted if you do turn it on, boy would I never want to turn it on.
Ah, it’s not even on by default.
So don’t turn it on.
It completely depends on their implementation. Apple released Local Snapshots for OSX with Time Machine in 2007. Granted, they’re created hourly rather than every few minutes, but there hasn’t been a vulnerability or exploit as a result of the feature.
That’s pretty much a completely different feature though? It creates local backups. It respects passwords and encryption. It doesn’t take periodical screenshots of what you’re doing and reads their content to feed an LLM.
I assumed the Copilot integration was elective. The article states it’s not on by default.
Otherwise it’s the same. Local backups through Time Machine can be accessed a la carte through a screenshot-based GUI, so the screenshots are part of the Local Snapshots stored on your local drive. They’re password protected and decrypted at user login.
Time Machine doesn’t use screenshots, it shows a folder at different states throughout time. The folders and files are fully interactive too. It’s much more akin to how git works.
Recall is done with a local model. It’s not uploaded to the cloud.
We built privacy and security into Recall’s design from the ground up. With Copilot+ PCs, you get powerful AI that runs locally on your device. No internet or cloud connections are required or used to save and analyze snapshots. Your snapshots aren’t sent to Microsoft. Recall AI processing occurs locally, and your snapshots are securely stored on your local device only.
Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11. Recall doesn’t share snapshots with other users that are signed into Windows on the same device. Microsoft can’t access or view the snapshots.
You can delete your snapshots at any time by going to Settings > Privacy & security > Recall & snapshots on your PC. Windows sets a maximum storage size to use for snapshots, which you can change at any time. Once that maximum is reached, the oldest snapshots are deleted automatically.
I just don’t believe them. And even if it works as described, they’ll change the terms quietly to screw you as soon as they need the next quarters line to go up. I’m tired of watching their every move to protect myself.
But Recall is recording screenshots, not data stored on disk. That’s not the same as Apple’s hourly data snapshot which is just a automated backup of what you have already stored. Recall will be recording the videos or images you watch, even when you don’t keep them locally. It will store the things you decided not to save, and every time you have to open your password manager to check a password, or create a new one. It might be limited to your account, but that still means it’s accessible to anyone who can figure out your password or access your unlocked PC behind your back. Or to that virus you accidentally downloaded, if it’s not immediately detected.
Yup, I’m setting up a dual boot when my thumb-drive arrives.
Actually really excited to get back to computing the way it was in 2010. :)
Actually really enjoying OpenSUSE Tumbleweed… first time on a rolling release distro and so far no major complaints.
Probably would have started with Arch (btw) but I felt a little daunted by the install process. In contrast with my ~2010 attempt, all my data is on a separate drive with automatic backups to NAS — so when I upgrade to an NVMe drive I’m going to give it a whirl.
2010 sounds so fantastical, and such a far away time of mystery in the future. We’ll have flying cars, and robot monkey maids, and brain chips that can drive cars, and…it was 14 years ago??? It’s currently 2024? Well that sounds like a depressing year!
