The Register: Recall that Recall recall? Now Microsoft thinks it can make Windows feature palatable

Source URL: https://www.theregister.com/2024/09/27/microsoft_has_some_thoughts_about/
Source: The Register
Title: Recall that Recall recall? Now Microsoft thinks it can make Windows feature palatable

Feedly Summary: AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more
Microsoft has revised the Recall feature for its Copilot+ PCs and insists that the self-surveillance system is secure.…

AI Summary and Description: Yes

Summary: The text discusses Microsoft’s Recall feature for its Copilot PCs, emphasizing its security and privacy enhancements in response to initial criticisms. It outlines how Recall operates, its security measures, user control options, and the encryption of stored data, making it relevant for professionals in security, privacy, and compliance sectors.

Detailed Description:

The Microsoft Recall feature, which aims to enhance user experience by chronologically recording and allowing retrieval of desktop activities, has been scrutinized for its potential privacy risks. In light of this, Microsoft has reworked the feature, ensuring tighter security protocols and clarifying user control.

Key Points:

– **Functionality**:
– Recall captures snapshots of the user’s desktop and records application activities to provide a comprehensive activity log.
– Users can search data through text queries or visually navigate through a timeline of their desktop activities.

– **Reactions and Criticism**:
– Initially met with backlash as a security risk, likened to a keylogger, raising concerns over privacy and sensitive data exposure, such as banking information.
– Microsoft delayed the rollout to address security concerns after the scrutiny from researchers.

– **Security Measures**:
– **Encryption**: Snapshots are stored in a vector database with encryption, and the access keys are controlled via the device’s Trusted Platform Module (TPM).
– **User Authentication**: Utilizes Windows Hello for biometric authentication linked to the Trusted Platform Module and requires re-authentication after a certain period.
– **Data Locality**: All data is stored locally, without sharing with Microsoft or third parties, reinforcing user privacy.
– **Opt-In Feature**: Users must voluntarily choose to enable Recall, ensuring that they have control over the feature. They can opt out or delete data at any time.

– **Safety Features**:
– **Sensitive Content Filtering**: Active by default to prevent the capture of sensitive information such as passwords and ID numbers.
– **Browser Activity Protection**: Private browsing sessions and certain apps can be designated to avoid being captured by Recall.
– **Granular Control Over Data**: Users can manage data retention times and storage limits, deciding what to keep and when to delete it.

– **Commitment to Security and Privacy**: Microsoft’s current mindset involves maintaining security and privacy while utilizing AI capabilities, in light of the sophisticated threats present today.

This intricate redesign of the Recall feature aims to satisfy security and compliance professionals by prioritizing user control and implementing robust security measures to protect sensitive data while promising enhanced usability through AI.