When Microsoft unveiled its new AI-powered feature, Recall, in May 2024, it was met with a mix of excitement and concern. Billed as a revolutionary tool for productivity, Recall promised to log, track, and easily retrieve anything you’ve done on your PC. However, the groundbreaking functionality also raised significant privacy and security alarms among users and experts alike. Fortunately, after receiving feedback and criticism, Microsoft has rolled out a series of much-needed security updates to ensure that Recall is safer and more user-friendly.
Windows Recall (Credit: Microsoft)
What is Recall?
Recall is an advanced AI tool that allows users to search and retrieve any activity they’ve performed on their PC. This includes everything from documents you’ve edited and websites you’ve visited to communications during live meetings. Essentially, Recall transforms your PC into a detailed, searchable timeline of your digital life.
The feature builds on the concept of an earlier, less powerful version known as Timeline, which Microsoft discontinued in 2021. Unlike Timeline, Recall captures a more comprehensive log of user activities, including:
Actions in various apps
Communications in live meetings via Live Captions
Websites visited
Video and audio content transcriptions
Microsoft assured users that the Recall index would remain local and private on-device. Users would have the ability to pause, stop, or delete captured content and exclude specific apps or websites from being logged. Certain content like InPrivate browsing sessions in Microsoft Edge and DRM-protected media would not be recorded.
Initial Privacy Concerns
Despite these assurances, the initial launch of Recall ignited several privacy and security concerns. Cybersecurity experts quickly identified flaws in the system that could potentially expose sensitive user data to malicious entities.
One such expert, Alexander Hagenah, demonstrated how a simple piece of malware could exploit Recall’s unencrypted database to steal user information. Kevin Beaumont, a former Microsoft employee, further highlighted these vulnerabilities in a widely-read blog post. Beaumont revealed that Recall saves data in plaintext within an easily accessible database located in the user’s AppData folder. This database tightly compresses saved user history, making it possible for hackers to exfiltrate months’ worth of data in seconds.
Alexander Hagenah’s research (Credit: Alexander Hagenah)
The overarching issue was that Recall’s database wasn’t adequately protected. If a hacker could trick a user into installing malware, they could effortlessly access the Recall database and steal sensitive information like passwords and financial account numbers.
New Security Updates for Recall
In response to these legitimate concerns, Microsoft has introduced a series of security updates designed to make Recall safer for users.
Biometric Authentication
One of the most significant updates is the implementation of biometric authentication via Windows Hello. Now, users will need to authenticate their identities biometrically whenever they attempt to access Recall. This added layer of security ensures that only authorized users can retrieve data logged by Recall.
Personal Identifiable Information (PII) Protection
To address the issue of sensitive data capture, Microsoft has updated Recall to omit personally identifiable information such as names, addresses, Social Security numbers, and credit card information. Additionally, Recall will no longer capture data from health or financial websites. Users can also turn off a “filter sensitive info” toggle if they wish to customize what types of data are logged.
Local Storage of Screenshots
All screenshots captured by Recall will be stored exclusively on the user’s device. This change ensures that no screenshots will be sent to Microsoft servers or data centers, maintaining the local and private nature of the index.
Enhanced Settings for Data Management
Microsoft has made it easier for users to manage their data within Recall. New settings have been introduced that allow users to purge all their snapshots in one click. Users can also delete screenshots within specific timeframes, such as the past hour or a longer period, with a simple button click. This complements the existing feature that allows users to filter out specific apps or websites at their discretion.
Compatibility and Opt-in Nature
Recall is an opt-in feature available for compatible Windows 11 PCs, including Copilot+ PCs. To use Recall, your device will need a Windows on ARM CPU and meet certain minimum RAM and disk storage requirements. Recall will work with multiple web browsers, including Microsoft Edge, Google Chrome, Firefox, Opera, and other Chromium-based browsers. Importantly, Recall will not track or screenshot any activities performed in private browsing modes.
Conclusion
With these new security updates, Microsoft has taken significant steps to address the privacy and security concerns surrounding Recall. By implementing biometric authentication, protecting personally identifiable information, ensuring local storage of screenshots, and enhancing data management settings, Microsoft aims to make Recall a safer and more reliable tool for users.
For business professionals and casual users alike, these updates provide much-needed peace of mind, enabling them to harness the power of Recall without compromising their privacy. As always, it remains crucial for users to stay informed and vigilant about the security of their digital activities.
Stay tuned for further updates and enhancements as Microsoft continues to refine and improve the Recall feature. For more information on how to get started with Recall and other advanced features, visit Microsoft’s official website.
As your managed service partner, your digital awareness and safety is our priority. GeorgiaMSP is committed to bringing you news and tips on all the latest tech.
Microsoft Recall’s Much-Needed Security Update
When Microsoft unveiled its new AI-powered feature, Recall, in May 2024, it was met with a mix of excitement and concern. Billed as a revolutionary tool for productivity, Recall promised to log, track, and easily retrieve anything you’ve done on your PC. However, the groundbreaking functionality also raised significant privacy and security alarms among users and experts alike. Fortunately, after receiving feedback and criticism, Microsoft has rolled out a series of much-needed security updates to ensure that Recall is safer and more user-friendly.
What is Recall?
Recall is an advanced AI tool that allows users to search and retrieve any activity they’ve performed on their PC. This includes everything from documents you’ve edited and websites you’ve visited to communications during live meetings. Essentially, Recall transforms your PC into a detailed, searchable timeline of your digital life.
The feature builds on the concept of an earlier, less powerful version known as Timeline, which Microsoft discontinued in 2021. Unlike Timeline, Recall captures a more comprehensive log of user activities, including:
Microsoft assured users that the Recall index would remain local and private on-device. Users would have the ability to pause, stop, or delete captured content and exclude specific apps or websites from being logged. Certain content like InPrivate browsing sessions in Microsoft Edge and DRM-protected media would not be recorded.
Initial Privacy Concerns
Despite these assurances, the initial launch of Recall ignited several privacy and security concerns. Cybersecurity experts quickly identified flaws in the system that could potentially expose sensitive user data to malicious entities.
One such expert, Alexander Hagenah, demonstrated how a simple piece of malware could exploit Recall’s unencrypted database to steal user information. Kevin Beaumont, a former Microsoft employee, further highlighted these vulnerabilities in a widely-read blog post. Beaumont revealed that Recall saves data in plaintext within an easily accessible database located in the user’s AppData folder. This database tightly compresses saved user history, making it possible for hackers to exfiltrate months’ worth of data in seconds.
The overarching issue was that Recall’s database wasn’t adequately protected. If a hacker could trick a user into installing malware, they could effortlessly access the Recall database and steal sensitive information like passwords and financial account numbers.
New Security Updates for Recall
In response to these legitimate concerns, Microsoft has introduced a series of security updates designed to make Recall safer for users.
Biometric Authentication
One of the most significant updates is the implementation of biometric authentication via Windows Hello. Now, users will need to authenticate their identities biometrically whenever they attempt to access Recall. This added layer of security ensures that only authorized users can retrieve data logged by Recall.
Personal Identifiable Information (PII) Protection
To address the issue of sensitive data capture, Microsoft has updated Recall to omit personally identifiable information such as names, addresses, Social Security numbers, and credit card information. Additionally, Recall will no longer capture data from health or financial websites. Users can also turn off a “filter sensitive info” toggle if they wish to customize what types of data are logged.
Local Storage of Screenshots
All screenshots captured by Recall will be stored exclusively on the user’s device. This change ensures that no screenshots will be sent to Microsoft servers or data centers, maintaining the local and private nature of the index.
Enhanced Settings for Data Management
Microsoft has made it easier for users to manage their data within Recall. New settings have been introduced that allow users to purge all their snapshots in one click. Users can also delete screenshots within specific timeframes, such as the past hour or a longer period, with a simple button click. This complements the existing feature that allows users to filter out specific apps or websites at their discretion.
Compatibility and Opt-in Nature
Recall is an opt-in feature available for compatible Windows 11 PCs, including Copilot+ PCs. To use Recall, your device will need a Windows on ARM CPU and meet certain minimum RAM and disk storage requirements. Recall will work with multiple web browsers, including Microsoft Edge, Google Chrome, Firefox, Opera, and other Chromium-based browsers. Importantly, Recall will not track or screenshot any activities performed in private browsing modes.
Conclusion
With these new security updates, Microsoft has taken significant steps to address the privacy and security concerns surrounding Recall. By implementing biometric authentication, protecting personally identifiable information, ensuring local storage of screenshots, and enhancing data management settings, Microsoft aims to make Recall a safer and more reliable tool for users.
For business professionals and casual users alike, these updates provide much-needed peace of mind, enabling them to harness the power of Recall without compromising their privacy. As always, it remains crucial for users to stay informed and vigilant about the security of their digital activities.
Stay tuned for further updates and enhancements as Microsoft continues to refine and improve the Recall feature. For more information on how to get started with Recall and other advanced features, visit Microsoft’s official website.
As your managed service partner, your digital awareness and safety is our priority. GeorgiaMSP is committed to bringing you news and tips on all the latest tech.
Archives