One part of Microsoft’s AI push should scare the hell out of anyone interested in their privacy but Microsoft is ignoring that with their upcoming Recall feature.
Recall is one of the upcoming AI features in Windows 11. It’s supposed to help people search through their past actions by snooping on the computer every five seconds. Imagine someone standing behind you, taking a photo over your shoulder 12 times every minute.
Using AI technology Recall can help you find details from the text and images in those screen shots.
In other words, a Recall enabled Windows 11 will have vast collection of images from your computer screen. Images that can include any logins, passwords, credit card or account details visible on the screen. There’s no attempt to automatically blur that kind of really private data.
Microsoft is trying to reassure everyone that Recall is secure. The images are only saved on the computer with the AI based searches also done locally, not via their cloud system.
Alas, experts have already got into the image database (it’s ridiculously easy) and also pointed out that the data is available if the computer has trojan malware. Hackers will be rubbing their hands with glee at the thought of a whole new way to steal money from Windows users.
Microsoft isn’t helping its own case. They’re quoted as saying that a hacker would need to have physical access to the device and login to see the screen shots … which is clearly not true.
Intrusive for little benefit
It’s hard to think of a more intrusive part of Windows in exchange for questionable and somewhat niche benefits.
A lot of what’s in Recall is already available through search options in Explorer for files and browser history. Other info available from Recall are things you might NOT want the system to know.
Debating internally
Despite this new, large and unprecedented way of tracking someone’s online actions, it’s reported that Microsoft is “debating internally” whether to make Recall work automatically on new computers or only run at the users request.
Is a ‘debate’ is even necessary … Recall is obviously something each customer needs to know about from the beginning and make their own informed decision. It’s a sad indictment on Microsoft that there’s even a question about turning Recall on automatically.
Microsoft talks about their commitment to privacy and security – if Recall is turned on by default that commitment is hollow.
Turning Recall off
Even in Microsoft’s long explanation of Recall, there’s one thing missing – how to turn the whole thing OFF. There’s advice on pausing Recall or excluding certain apps from the timed snapshots but no text explaining how to stop it entirely.
That’s because Microsoft, in its usual arrogance, can’t understand why anyone would not want to have their latest toy.
Presumably there’s Registry and Group Policy ways to disable Recall but info on that is also notable by its absence. Organizations might like Recall to monitor their staff but many others will hate it for the intrusion and data leakage risks.
Turn OFF recall is possible from Privacy & security | Recall & snapshots. We found it in a Microsoft supplied image and added the callout for them.