The massive boycott forced the company to abandon the controversial concept of "pre-installed spyware."
Microsoft announced that it will not forcibly enable the controversial Recall function based on artificial intelligence for all users. From now on, the new technology will be activated only at the user's request.
The Recall function, currently in pre-testing and intended for Copilot+ PC, takes screenshots of the screen every five seconds, analyzing them to highlight relevant information. The official launch of the feature was originally planned for June 18, 2024.
Conceived as an AI-like photographic memory, the Recall feature drew instant criticism from the security and privacy community. Experts condemned the company for insufficient security measures that could prevent attackers from accessing the digital life of users.
Despite Microsoft's assurances that Recall images are stored and processed locally on the device and are not shared with other companies or apps, the flurry of user indignation has not abated.
The recorded information may include screenshots of documents, emails, or messages containing sensitive data. WIRED journalist Andy Greenberg called Recall an "unsolicited pre-installed spyware" built into new Windows-based computers.
Moreover, ethical hacker Alex Hagenach has previously presented a self-developed TotalRecall tool that demonstrates how easy it is to extract all data from this local database stored without encryption in plain text.
To mitigate criticism, Microsoft said that users will be able to fully control the new feature. In addition, the company has already introduced a number of security changes, as well as a new Recall initial configuration process, which allows users to completely stop periodically creating screenshots.
The security changes also include registering users for Windows Hello biometric scanning, with the need to confirm the presence of the device owner in order to view the timeline and perform searches on it.
In addition, the company still added encryption of the search index database, and also noted that Recall snapshots will be decrypted and available only after the user is authenticated in the system.
Users can pause, filter, and delete saved data at any time. For users on managed work devices in corporate environments, IT administrators can disable Recall, although they can't enable it themselves.
"User protests have proven effective," said security researcher Kevin Beaumont, who criticized the original implementation of Recall. "The possibility of voluntary selection will save many users from security problems in the future. Such functions should never be enabled by default."
Microsoft announced that it will not forcibly enable the controversial Recall function based on artificial intelligence for all users. From now on, the new technology will be activated only at the user's request.
The Recall function, currently in pre-testing and intended for Copilot+ PC, takes screenshots of the screen every five seconds, analyzing them to highlight relevant information. The official launch of the feature was originally planned for June 18, 2024.
Conceived as an AI-like photographic memory, the Recall feature drew instant criticism from the security and privacy community. Experts condemned the company for insufficient security measures that could prevent attackers from accessing the digital life of users.
Despite Microsoft's assurances that Recall images are stored and processed locally on the device and are not shared with other companies or apps, the flurry of user indignation has not abated.
The recorded information may include screenshots of documents, emails, or messages containing sensitive data. WIRED journalist Andy Greenberg called Recall an "unsolicited pre-installed spyware" built into new Windows-based computers.
Moreover, ethical hacker Alex Hagenach has previously presented a self-developed TotalRecall tool that demonstrates how easy it is to extract all data from this local database stored without encryption in plain text.
To mitigate criticism, Microsoft said that users will be able to fully control the new feature. In addition, the company has already introduced a number of security changes, as well as a new Recall initial configuration process, which allows users to completely stop periodically creating screenshots.
The security changes also include registering users for Windows Hello biometric scanning, with the need to confirm the presence of the device owner in order to view the timeline and perform searches on it.
In addition, the company still added encryption of the search index database, and also noted that Recall snapshots will be decrypted and available only after the user is authenticated in the system.
Users can pause, filter, and delete saved data at any time. For users on managed work devices in corporate environments, IT administrators can disable Recall, although they can't enable it themselves.
"User protests have proven effective," said security researcher Kevin Beaumont, who criticized the original implementation of Recall. "The possibility of voluntary selection will save many users from security problems in the future. Such functions should never be enabled by default."
