Microsoft has finally addressed concerns raised by customers and researchers regarding automatic screenshots. AI-supported callback function. The company promises that screenshots will be better encrypted and that you’ll need to use your face, fingerprint, or PIN to access the feature. But most importantly, the tech giant tells anyone concerned about their privacy that they can say “no thanks” to Recall when they first set up their device. Copilot+ PC.
Recall is a new tool built into the latest Windows 11 PCs that automatically takes screenshots of what you’re doing on your PC every few seconds. Then, the PC uses an AI model to search those screenshots for words and images. Users can then use the tool to search through their past PC activity and then go back to the web pages and documents they previously visited. Microsoft CEO Satya Nadella said it’s like your PC has a “photographic memory.”
The feature should be enabled by default and users would have to check the settings to see if they could disable it. Now Microsoft is revising its stance. The company’s vice president for Windows and devices, Pavan Davuluri, wrote Thursday that recall would be “opt-in” while users set up their PCs. The setting is disabled by default. In addition, users must also provide the biometric character in the Windows Hello system to access the recall timeline. This means that every time you try to access the feature, you will need to use a fingerprint scanner on your PC, use your camera, or enter a PIN.
After Microsoft unveiled its new PC designation at the Build conference last month, people online immediately expressed concern about the privacy implications. The Mountain View tech giant tried to allay their concerns by claiming that the feature works on the device and Microsoft never sees any of the screenshots. The screenshots are supposed to be stored encrypted on the device and only that user profile should be able to access them.
Things quickly got out of control for Microsoft when the well-known leaker Albacore showed that Recall could work perfectly on a non-Copilot+ PC without the NPU, which Nadella said was inherently built into the program. Less than a week later, security researcher Kevin Beaumont published collapsed as all the OCR plaintext was easily accessible in the Windows AppData folders. Recall not only automatically takes screenshots of passwords, financial information, or other sensitive data that appears on the screen, the files are accessible to anyone with even a little hacking experience.
Although there is still a week until the release, cybersecurity strategist Alex Hagenah shared a free GitHub repository for “TotalRecall,” a tool that allows anyone with access to the Copilot+ PC to extract the screenshots from the internal folders. One of the biggest fears so far has been that a malicious actor could infiltrate a PC with relatively simple malware and recover all the data that Recall has stored for an entire year.
Now Microsoft claims that these screenshots will not be decrypted until users authenticate with Windows Hello enhanced sign-in security. All of these new PCs will ship with this security software by default.
The Copilot+ PCs are still scheduled to launch on June 18, but this means that Microsoft will have to change the software before the new series of computers ships. When asked if the changes have reassured security researchers, Beaumont replied: wrote“Of course the devils are in the details, potentially big ones, but there are some good elements here too.” Still, he added that it was quite annoying that it took “a cartoon porg with ‘portable toilet rentals’ as his Twitter bio… along with other people on social media” to point out the glaring security flaws in Microsoft’s new software feature.