What is Microsoft Recall and Why is it Concerning Some Cybersecurity Researchers?
UPDATE (June 14, 2024, 1:42 p.m.): Microsoft announced it will launch the Copilot+ PCs next week without Recall while it tests the tool with the Windows Insider Program, citing privacy and security concerns.
Your internet browsing history can be a wonderful tool to help you find a website you were on earlier that day or even last week.
You can think of Microsoft’s Recall tool as browsing history, but instead of saving just the websites you visited on Chrome, Firefox or Edge, it records everything you do on your computer.
Essentially, you can use AI to search for content you viewed just by saying what you were looking at.
What is Recall?
Announced last month, Microsoft introduced Recall as a feature that takes screenshots of whatever you are doing on your computer and uses AI to analyze the content so you can search for things by describing what’s in the screenshot.
The goal is to help you retrace your steps to find that email, website, document, elusive setting or any other content you previously viewed.
Maybe you were looking at a sales report from an email sent yesterday but can’t find that specific email today. With Recall, you can direct it to find emails from your boss that include sales report numbers.
Recall works by taking a screenshot every five seconds, allowing you to find the content you’ve seen in apps, websites, images and documents. The tool doesn’t record audio or save continuous video.
Microsoft said the feature can be disabled, paused and filtered by application. Additionally, you also can delete your screenshots at any time.
During the announcement, Microsoft noted the storage of the screenshots stays on the device itself. They aren’t saved to the cloud, and Microsoft cannot view or access your saved screenshots.
Screenshots also aren’t shared among accounts on your device. However, if you have a shared company computer where multiple people are using the same account, then anyone could access the screenshots.
It’s important to note this feature will only be available on Copilot+ PCs, so it’s not an update that will be added automatically to your current device.
“Not only are some researchers claiming the content can be accessed remotely, but they are also saying the content is stored in plain text, meaning it is not encrypted and can easily be viewed or accessed.”
Privacy Concerns
Microsoft claims snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11.
However, some cybersecurity researchers already are pushing back on that claim, saying it’s quite easy for low-level attackers to develop tools to access screenshots remotely.
Not only are some researchers claiming the content can be accessed remotely, but they are also saying the content is stored in plain text, meaning it is not encrypted and can easily be viewed or accessed.
From cybernews.com: “According to Kevin Beaumont, a cybersecurity researcher and former senior threat intelligence analyst at Microsoft, Recall-collected information is stored on an SQLite database. Moreover, anyone with administrator-level access, a default setting for most Windows users, can view the data.”
In an update last week, Microsoft announced it will disable Recall by default after backlash from cybersecurity experts. This means users will have to opt-in to use Recall.
Additionally, Microsoft said it is adding “additional layers of data protection,” which means Recall snapshots will only be decrypted and accessible after a user authenticates. Microsoft noted that it also encrypted the search index database.
In the original announcement, Microsoft said Recall does not perform content moderation. This means when you access sensitive material like bank statements or passwords, the tool won’t redact or blur private information.
Recall will not, however, store digital rights management (DRM) material. So, it won’t store screenshots of whatever Netflix show you are watching.
While Recall could help you retrace your steps or help you remember how to configure settings, some privacy issues may cause a lot of users to think twice about enabling the tool.
Recall still is being developed, and changes could be made between now and even after the Copilot+ computers are released June 18, 2024.
West Michigan Managed Service Provider
Are you looking to hire a managed service provider for your company? Contact us here to see how we can help keep your business running smoothly while increasing productivity, security and profitability.
Did you like this blog? You can subscribe to our newsletter to receive a weekly email with our latest blog posts.