Microsoft's AI tool 'Recall' is secretly copying your private messages
What's the story
Microsoft has launched "Recall," an AI tool that constantly takes screenshots of almost everything you do on your computer. The feature is being rolled out exclusively to Copilot+ PCs, a special line of Windows 11 computers designed for AI work. Despite the tech giant's attempts to make Recall safer, concerns remain about it invading your privacy and compromising your data security.
Privacy issues
Recall faced backlash over privacy concerns
Recall was first launched in May last year but was soon pulled back amid massive backlash, mainly over privacy concerns. Security researchers found the screenshots were stored in an unencrypted database, which made them vulnerable to hackers. An investigation by Tom's Hardware also found that Recall often captured sensitive information like credit card numbers and Social Security numbers, despite having a setting to filter such data.
Tool modifications
Microsoft made several changes to Recall but serious concerns remain
In response to privacy concerns, Microsoft made some changes to Recall. For starters, the screenshot database is now encrypted and users have to opt in for their screenshots to be saved, instead of the previous opt-out system. They can even pause Recall anytime. Despite these updates, Ars Technica highlights Recall remains an intrusive tool with potential risks. By capturing and processing all on-screen activity, the feature can record private communications from individuals who are unaware their messages are being stored.
Expert opinion
Security researcher warns about potential risks
Security researcher Kevin Beaumont raised concerns over Recall in a blog post. He wrote, "From a technical perspective, all these kind of things are very impressive. From a privacy perspective, there are landmines everywhere." Beaumont discovered Recall's filter for sensitive information was still unreliable and the encrypted screenshot database was only protected by a simple four-digit PIN. He also noted how efficiently Recall indexed everything it stored, raising further privacy concerns.