Microsoft is delaying the release of its AI-powered Windows Recall feature to test and secure it further before releasing it in a public preview on Copilot+ PCs.
Initially slated for release in a public preview on June 18 with the arrival of the new Copilot+ AI PCs, the company now says they are delaying its release by making it first available for preview with Windows Insiders.
"Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks, " reads an update to a recent Windows Recall blog post.
"Following receiving feedback on Recall from our Windows Insider Community, as we typically do, we plan to make Recall (preview) available for all Copilot+ PCs coming soon."
This update comes on the same day as a scathing report from ProPublica about how Microsoft put revenue above security and Microsoft President Brad Smith's meeting with the US Congress to discuss the company's recent security failures.
The new AI-powered feature takes screenshots of every active window on your PC every couple of seconds. These screenshots are then analyzed by an Azure AI model that runs on the device to pull information from the image and add it to a SQLite database.
The feature allows you to perform human language searches for extracted data, with Windows Recall pulling up the screenshots for the searched terms, making it easy to find historical data.
Since Microsoft announced the feature, privacy advocates and cybersecurity experts have been warning that Windows Recall is a privacy nightmare and would likely be abused to steal users' data.
Microsoft said the feature would be enabled by default on new Copilot+ AI devices and encrypted using Bitlocker, claiming it made it safe from theft.
However, Bitlocker automatically decrypts the contents of a drive when a user logs in, making it accessible to malware and anyone with physical access to a device.
Cybersecurity expert Kevin Beaumont illustrated how existing information-stealing malware could be altered to steal the Windows Recall databases and screenshots for offline analysis and data theft.
Since then Beaumont continued to spearhead an effort to get Microsoft to pull, or at least "recall," the feature to secure it properly before it is launched.
Microsoft caved in and, on June 7, announced that they would be providing additional security by making Windows Recall an opt-in feature and encrypting the database until a user authenticates with Windows Hello when they open the app.
It is unclear what additional security measures Microsoft plans to build into the feature.
However, with how it was initially delivered without adequate testing and consideration of security, it will be a tough uphill battle for Microsoft to regain any trust related to this feature.
Comments
fromFirefoxToVivaldi - 3 weeks ago
The only real usage I see for this feature is checking what employees were doing every 5 seconds.
GT500 - 2 weeks ago
They already have software to do that. My former employer required employees to have it installed and running when working, and it would automatically screenshot the desktop at random intervals (I think at least once every 10 minutes). It also monitored how frequently you moved the mouse or typed on the keyboard, gave you statistics in the form of a percentage of activity during the time you worked, and would clock you out automatically if it didn't think you were working.
It also caused my PC to Blue Screen once every day...
b1k3rdude - 2 weeks ago
Delay you say, Other sites are reporting M$ have stopped the rollout untill further notice..
pnda73 - 2 weeks ago
You understood them wrong.
tech_engineer - 2 weeks ago
First Microsoft must prove it is trustworthy in privacy and security (which they aren't), then they can propose such a feature.
This would need 5+ years ??
Dr. Technical - 2 weeks ago
Just where did Microsoft get the idea that a groundswell of customers wanted to have their screens saved every few seconds?
This sounds like a classic case of implementing a feature just because you can, without considering whether you should or, more importantly, whether anyone really WANTS it!
I have absolutely NO desire to avail myself of this "feature" and would be one of the first to disable it when it shows up on my PC.
Am I the only one who feels that all of these additions to Windows merely creates yet another vector for bad actors to find ways to hack into the OS and cause us all a lot of grief? I just want an operating system that lets me run the application programs I use. I don't want to have the OS bloated up until it is unrecognizable with capabilities that I don't want and won't use. What ever happened to KISS?
b1k3rdude - 2 weeks ago
Kiss, indeed.