Microsoft is finally relaunching "Recall," its AI-powered feature that records almost everything you do on your computer by constantly taking screenshots in the background.
The tool is rolling out exclusively to Copilot+ PCs, a line of Windows 11 computers built with specific hardware optimized for AI tasks. And if it sounds like a privacy nightmare, your suspicions are not unfounded.
Originally launched last May, Microsoft quickly withdrew Recall after facing widespread backlash, one of the reasons being that security researchers found that Recall's screenshots were stored in an unencrypted database, making it a sitting duck for hackers who'd be able to see potentially anything you'd done on your computer if they broke into it. Since that disastrous debut, the feature has been tested out of the spotlight through Microsoft's Insider program.
Huge risks were still being flagged even as it was being revamped. In December, an investigation by Tom's Hardware found that Recall frequently captured sensitive information in its screenshots, including credit card numbers and Social Security numbers — even though its "filter sensitive information" setting was supposed to prevent that from happening.
For this latest release, Microsoft has tinkered with a few things to make Recall safer. For one, the screenshot database, though easily accessible, is now encrypted. You now have to opt in to having your screenshots saved, when before you had to opt out. You also have the ability to pause Recall on demand.
These are good updates, but they won't change the fact that Recall is an inherently invasive tool. And as Ars Technica notes, it also poses a huge risk not just to the users with Recall on their machines, but to anyone they interact with, whose messages will be screenshotted and processed by the AI — without the person on the other end ever knowing it.
"That would indiscriminately hoover up all kinds of [a user's] sensitive material, including photos, passwords, medical conditions, and encrypted videos and messages," Ars wrote.
This is perhaps its most worrying consequence — how it can turn any PC into a device that surveils others, forcing you to be even more wary about what you send online, even to friends.
"From a technical perspective, all these kind of things are very impressive," warns security researcher Kevin Beaumont in a blog post. "From a privacy perspective, there are landmines everywhere."
In his testing, Beaumont found that Recall's filter for sensitive information was still unreliable. And that encrypted screenshot database? It's only protected by a simple four digit PIN. But the most disturbing find was how good Recall was at indexing everything it stored.
"I sent a private, self deleting message to somebody with a photo of a famous friend which had never been made public," Beaumont wrote. "Recall captured it, and indexed the photo of the person by name in the database. Had the other person receiving had Recall enabled, the image would have been indexed under that person's name, and been exportable later via the screenshot despite it being a self deleting message."
Beaumont's advice is simple, but a sobering indictment of the state of affairs.
"I would recommend that if you're talking to somebody about something sensitive who is using a Windows PC, that in the future you check if they have Recall enabled first."
More on Microsoft: Microsoft's Huge Plans for Mass AI Data Centers Now Rapidly Falling Apart
The post Microsoft's AI Secretly Copying All Your Private Messages appeared first on Futurism.
Visit link:
Microsoft's AI Secretly Copying All Your Private Messages
