When Microsoft named its new Windows Recall feature, the company intended the word to refer to a type of perfect AI-enabled memory for your device. Today, the other involuntary definition of “recall”—a company’s admission that a product is too dangerous or defective to leave on the market in its current form—seems more appropriate.
On Friday, Microsoft announced that it would be making multiple dramatic changes to the rollout of its Recall feature, making it an optional feature on Copilot+-compatible versions of Windows where it was previously enabled by default, and introducing new security measures. designed to better keep data encrypted and require authentication to access stored Recall data.
“We’re updating the setup experience on Copilot+ PCs to give people a clearer option to opt in to saving snapshots using Recall,” reads a statement. blog post by Pavan Davuluri, Microsoft Corporate Vice President, Windows + Devices. “If you don’t choose to activate it proactively, it will be disabled by default.”
The changes come amid a growing avalanche of criticism from the security and privacy community, which has described Recall, which silently stores a screenshot of user activity every 5 seconds as fodder for security analysis. AI, as a gift to hackers: essentially unsolicited, prior. Installed spyware built into new Windows computers.
In early versions of Recall, screenshot data, complete with every user’s banking login, password, and porn site visit, would have been collected indefinitely on the user’s machine by default. And although that highly sensitive information is stored locally on the user’s machine and not uploaded to the cloud, cybersecurity experts have warned that it is all still accessible to any hacker who gains a temporary foothold on the Recall-enabled device. a user, giving them a long-term panoptic view of the victim’s digital life.
“It makes your security very fragile,” as Dave Aitel, former NSA hacker and founder of security firm Immunity, described it more charitably than others to WIRED earlier this week. “Anyone who breaks into your computer for even a second can get your entire history, which is not something people want.”
For Microsoft, the recall reversal comes amid an embarrassing series of cybersecurity incidents and breaches, including a leak of terabytes of customer data and a shocking penetration into government email accounts, facilitated by a series of security flaws by Microsoft, which have become so problematic that they have become a sticking point even in its exceptionally close relationship with the United States government. Joined.
Those scandals have escalated to the point that Microsoft’s Nadella issued a memo last month declaring that Microsoft would make security its first priority in any business decisions. “If you are faced with the dilemma between security and another priority, your answer is clear: make security“, Nadella read note (emphasis theirs). “In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”
By all appearances, Microsoft’s release of Recall, even after today’s announcement, shows the opposite approach, and one that seems more in line with business as usual in Redmond: announce a feature, take a beating for its blatant security failures and then, belatedly, fighting for control. the damage.
This is a developing story. Please check back for more updates.
