Microsoft needs to make Windows 11's Recall feature opt-in
As it stands right now, the new Recall AI feature of Windows 11 will be enabled by default when it launches officially later this year. While limited to PCs that sport the Copilot+ PCs label, it will capture the screen of those PCs in five second intervals from the get-go.
The AI will capture almost everything on the screen by default. The only exception is activity in private browsing sessions of several popular browsers. Users may block access to certain apps, but this needs to be done manually.
The captures are stored locally only according to Microsoft. Furthermore, they are protected when the user is not logged in. However, when the user is logged in, the data is accessible by system and administrator accounts.
This makes Recall data the most lucrative target on Windows systems. Here is why:
It captures every activity, except for private browsing activity by default. This may include:
- Financial documents, e.g., assets listed on a bank's website.
- All emails in dedicated email programs, apps or regular browsing sessions.
- All visited websites, except for those in private browsing modes.
- Anything done in Tor Browser.
- All activity on the computer, e.g., watched videos, opened documents, games played, webcam chats, messages, including self-destroying ones, emails, contacts, and more.
- Accounts on the Web and elsewhere.
- VPN activity.
- P2P activity.
The information is highly lucrative for malicious actors. It is also lucrative for others, including law enforcement, customs, foreign agents, employers, or even friends and family.
What Microsoft reveals about Recall during Setup
Currently, Windows 11 informs the user that Recall is enabled on the device. This happens during the out-of-box experience. The page does not include an option to disable Recall.
There is a checkbox to open the settings after setup completes, but it needs to be checked specifically. Many users will likely ignore it as they want to complete setup and start using the computer.
In any event, those who check the box are taken to Settings where they may configure Recall. This includes an option to turn off Recall completely.
While there is a chance that Microsoft will change the experience, for instance by adding an opt-out option during setup, nothing has been confirmed at this point. Even then, it is likely that many users will keep the feature turned on.
Recall needs to be opt-int
Windows users need to be aware of Recall, what it does, and the consequences of running it on the system. While it may be useful to some, it is such an invasive feature that it should be opt-in.
Malware will certainly target Recall data. This data reveals the entire activity of a user of the past three months on the device by default. It allows for intimate views into a user's life.
With that said, it seems unlikely that Microsoft is going to make the one major AI feature that it showcased opt-in. Lack of use would certainly turn it into a feature that is dead on arrival.
What about you? Would you use a feature like Recall on your devices?
There’s an advantage to having worked with every windows operating system since Windows 95,
because it put real meaning into that clichéd saying:
A leopard cannot change its spots.
The so-called ‘Recall’ feature makes it obvious what M$ is up to, once again.
What’s really worrying about it though,
is that the number of windows users recognizing these appalling breaches of privacy has gone down over the years.
Therefore, not paying attention, gets you what you deserve.
yes Recall feature opt-in and ai and all the rest of their crap
Even if Micro$hit makes the “feature’ opt-in, chances are they will still run it in the background without user consent. They, like crapple, have a well documented history of criminal activity since their inception. It is likely they will blame a bug for the “error in collecting the user information without their consent” or they will simply make a version that will still collect all the information without user knowledge. The NSA must be really happy about it – and as usual they will lie like they always do about their info collecting practices.
Hopefully people will switch to an open operating system sooner than later – in particular businesses given that all their information will be copied and sent to MS.
With a little bit of word changes to the title of this article then it could be a spot on winner.
My suggestion: Microsoft needs to make recall Windows 11!
Followed closely by: Microsoft to recall Windows 11!
* Microsoft needs to recall Windows 11! (opinion article)
Followed closely by: Microsoft to recall Windows 11! (fantasy, fact article)
Good news :
Update on the Recall preview feature for Copilot+ PCs
[https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/]
“First, we are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall. If you don’t proactively choose to turn it on, it will be off by default.
Second, Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall.
Third, we are adding additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.”
Just to update you people on this, there is already a tool out on github to scrape what this ‘Recall’ scraper “feature” has captured.
And btw there are also people who have worked out how to run it on regular PC, not just those brand new ‘AI’ arm ones.
My take on that is that MS is too scared of the backlash to roll it out for the non-frontrunners. Frontrunners and new-chasers on the other hand tend to praise whatever is the latest to praise and brag (in obtuse denial of the facts) to justify their own purchase of it.
Keep remembering:
Screenshots – the whole of it* – every few seconds (5s has been mentioned).
Stores the screenshots
Runs OCR on the screenshots
Stores the OCR results in a database.
*: exception being ‘private mode’ of those browsers who have a cooperation agreement with MS to signal to the system that their window should be blanked out on those screenshots while doing ‘private mode browsing’.
Evil protection racket waiting to happen there.
Still waiting for app or/and hacks to force this exclusion signalling permanently for everything, not just browsers. Because who really believes you can keep blocking MS from trying to run and reinstall this when they decide to force it on everyone? There is only a small exception possible because there are lots of big interests that DO NOT WANT this kind of recording going on, like companies, layers, doctors, journalists, ….. pretty much anyone who does anything professional/serious or believe in the right to privacy in their own home, business… and if we are to get ‘constitutional’ “secure in their papers and effects”.
Hard to find honest practical uses that justify such a broad recording and the drawbacks that come with that, without resorting to a requirement to have at least two computers: one where that can be “tolerated”, consequently treated as a compromised public computer that is massively spied on. And another where is it not, where you can actually do stuff.
it is called spyware and microsoft know this but they keep telling the lie
This is obviously just being tested on these devices. The real audience for this is businesses. It will make it very easy to snoop on WFH people. This is the true endgame.
Make it Windows 11 Classic no bloatware with apps just make it addons options if user install or not install this is last 12 years is requesting but stupid employment developers in windows is blind and no hearing.
Windows should be opt-in. (especially for OEMs)
No, actually, it should be illegal.
Garbage black box software written by a convicted monopoly with a predatory history and tons of remote exploits discovered over and over again.
Would you buy from the mob or your corner gangster selling dope, too? Of course not!
Try Linux/BSD.
I completely agree with everything you said. Microsoft you stick shitpilot up Nadela’s ass
for those saying this is only on arm and npu devices, it won’t be long until this feature is retroactively fitted to other devices. GPUs can’t really do what npu and arm devices can do and NVIDIA are already promoting this.
such a huge data mining feature won’t be limited to just npu and Arm devices or whatever the current requirement is, and Microsoft will change it down the road that you can’t disable the feature unless you jump through hoops
It’s mentioned as a “Copilot AI PC” feature only for maketing at first. Users in need of a pricy intelligent magical PC’ll do that jump easily.
Everyone familiar with Windows expect it to be a widespread disease later, just like the regular Copilot W10 update for those letting OOBE spit bloatware around.
The most important thing is still GPEdit (tool that a lot of of people never heard of)
It’ll be just fine until the cloud kills the OS for good.
Copilot= A Goldmine for Hackers, Viruses, scammer,spammers,Ad Trackers, you name it they all want a piece of your PC. I just feel sorry how many none techy victims will fall into bad actors hands…
Part of the problem here is that from what I’ve read elsewhere Microsoft is intending to place the whole Windows 11 OS in the cloud. This means that in order to use it users will be required to login with a Microsoft account after which everything you do on the machine from that point forward will be visible to Microsoft presumably.
As far as the EU is concerned, there’s been an addition to the Digital Markets Act called the AI Act. https://digital-markets-act.ec.europa.eu/high-level-group-digital-markets-act-public-statement-artificial-intelligence-2024-05-22_en
Let’s hope that goes some way to control these insidious applications before they create total havoc.
Translated from :
[https://www.01net.com/actualites/fonction-recall-des-pc-copilot-serieux-doutes-sur-la-securite-des-donnees.html] :
“Cybersecurity researcher (and former Microsoft employee) Kevin Beaumont tested the Recall function, and what he found was chilling. The texts converted by the OCR tool are stored in a SQLite database in the user’s folder. When the user uses his or her PC, the information in this database is decrypted and accessible; in other words, a hacker with access to the computer when the victim is using it would be able to retrieve this information very easily.”
Kevin Beaumont’s article on Medium :
‘Recall: Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible. Photographic memory comes to Windows, and is the biggest security setback in a decade.’
Short url : [https://is.gd/eNgHgy]
Source url :
[https://medium.com/doublepulsar/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e?source=user_profile———1—————————-]
@Anonymous
I know that’s why I put the question mark there.
And I don’t use windows.
I have nothing to hide, so let’s leave the doors unlocked and have a camera inside that everyone can tune into..
well they only need recall now for this, very soon recall will upgrade and start taking snapshots on your mic and webcam (an expanded feature), soon we can hope for exploits to share so we have even less to hide..
It very easily could be that this “feature” is finally going to put M$ out of business. People just need to spread the word about what Recall does and how it aids the police state.
I’m tired of playing chess with Microgarbage, don’t have the time to continually be working on dealing with their continual lack of respect for a person’s privacy.
I will be setting up a computer with Linus on it and eventually, finding ways to do everything on it that I was able to do on a Windows computer.
If you have been unable to remember or recall what you did on your computer for several weeks, consult a doctor.
This is a rather useless and foolish feature. Can they simply install it as an app and call it a day? Make it independent of the operating system. They won’t because its going to be used to train their AI models.
I am sorry but this drama is just ridiculous and dumb when nobody can even use this because only ARM with NPU have access to it, so it’s obvious you have no idea where the settings are and how you can easily turn it off and all the details… probably the OOBE will ask about it anyway.
So, don’t get a ARM device in few weeks and if you do, don’t get one with NPU processor and you are ready to go.
Is this a blog for non-tech grandpas and grandmas? so please… stop the BS.
Also, Microsoft doesn’t have to do anything when the user can easily turn off and on things, again, stop the BS and stop pretending a feature that is already locked in by hardware and version and OS, will somehow affect you, because I know you don’t have a ARM device since they are not even on sale until mid this month.
It’s bad, no one wants this but it’s 1) Modern 2) AI. In 2025 you’ll be laughed at for pressing Ctrl-F.
Microsoft is becoming a complete joke. Thanks for the article! :]
IMO the fact ‘Recall’ is not opt-in together with the fact a user has to dig into the settings to disable it, together with the fact that a wide majority of users considers an OS not a a set&forget but as a take&use (as it is) is relevant of a company’s aim to use the new feature for its own interests rather than for those of the user.
This is the more than ever, ever increasing twosome : tracking and advertisement, tracking for advertisement (and perhaps not only).
They’ve gone nuts, they’ve brought a planet to an easiness of use of digital products to such a level that users aim for no more, whatever their privacy is concerned : they want it now, running fast and furious, without having to intervene.
Should I ever upgrade to Win11+ that I definitely would disable Recall. In fact I’d install then set all I can, of what I’d know by then, helped by dedicated privacy applications, before connecting to the WWW.
In what digital world are we living in ? For anyone dedicated to privacy running a modern Windows OS out of the box is NOT feasible. And think of those, elderly people in particular (kids know but don’t care for most of them) who have no knowledge of the digital arena, of the devices on which they will share more unintentionally than intentionally, the very data of their very private lives. GAFAM should be ashamed, and not only them but them mainly : they strive for money and glory, invent AI for the masses which will bring chaos (whilst order in a scientific department), impose AI assistance within the very OS … I am becoming a hater when I’ve been up to know but a curious guy aware of excess. This is no longer excess, it is becoming a planetary pleasure dome for big corporations.
Regarding the GAFAM companies I have in mind the Stones’ “Get Off of My Cloud”. I guess they need to be helped by kicked out.
Silicon valley does not comprehend the meaning of “opt in”, or “no”, for that matter. Their profits will be more important than your personal space, every time.
Ha ha ha ha no. I just wiped Microsoft windows and installed Linux. I’m sure I won’t be alone in being extremely angry/worried about this development.
And next week you’ll be back on Windows.
I suppose “I just wiped Windows and installed Linux” is this is the universally accepted answer when Microsoft does something wrong?
Who actually WANTS this feature? I think meetings in Redmond are just like the Top Gear Peugeot breakfast meeting.. ‘Ows dis for a plann? We makk turribul OS! In evry wey ‘orribul.
Surely you jest.
Why would M.$ reduce it’s profits by increasing our privacy?
According to Microsoft … “the Recall feature is actually only for newer Copilot+ PCs announced recently. This feature won’t be available for existing retail PCs running on Intel or AMD.”
If your Windows 11 PC has this feature, you can turn on or off saving snapshots at any time by going to Settings > Privacy & security > Recall & snapshots.
My Lenovo Thinkstation P520 has Win 11 Pro installed on it. It does NOT have this feature.
What about you? Would you use a feature like Recall on your devices?
Never! But I am certain many IT Administrators will love the feature in order to enforce workplace policies that prohibit numerous activities–casual surfing and emails, chat, video, irrelevant-to-the workplace-documents, etc.
I worked one place years ago where IT Admins were more like hound dogs, police sniffing dogs; an admin would show up at least once a week to look at my computer to find anything even resembling “misuse.”
@Martin … There is one thing missing here my friend. Please tell users how to turn it off. (EG registry entry, gpedit or setting)
Martin posted some information on his other site:
https://chipp.in/software/windows/how-to-disable-recall-taking-snapshots-of-the-screen-in-windows-11/
Somebody mentioned, “If your Windows 11 PC has this feature, you can turn on or off saving snapshots at any time by going to Settings > Privacy & security > Recall & snapshots.”
Disagree,
Microsoft spends time and money developing feature – just for 90% of people to never see or experience it? Because that’s what making it “opt-in” would do, we all know that.
Microsoft used to hold the opinion that users should learn and discover the OS, they didn’t opt you into everything by default, they spent time writing actual useful help documents, and providing explanations and information, if you wanted something, you could find it, and turn it on, but those days are gone.
What came first, the chicken or the egg? Was it the cynicism of big corps that killed people’s free spirit and willingness to learn, and randomly changing things around every few years to make sure people can’t retain older knowledge and must relearn basics every time.
Or… is it the mainstreaming of computers and the general dumbing down of the average user (everyone now expects the experience to be as easy as iphone, or they can’t do it) which dictated the tone that the OS takes to match the majority of the audience?
Nowadays people are looking for the path of least resistance to get to their favourite social media or ecommerce site, I think most pay very little attention to the operating system itself, and it’s features.
It is a fraction of a fraction of people that tweak settings, worry about privacy – nowadays if something isn’t nagging and doing pop-up boxes in your face, people won’t know it exists. It’s like youtube, if you can’t capture the user’s attention quickly, you may lose them, they may think your product is inferior.
I too have become cynical, end users deserve their fate.
I have nothing to hide?
Wait until the things you think you don’t need to hide become illegal.. and if you think it won’t happen here, look at the insane political persecution going on with the Biden regime. We aren’t very far away from the tyrannical government making normal everyday things ILLEGAL.
You have .. you may just not know it.
Just wait till your political view, sexual orientation, religion, social views, your education, some of the books or movies you own, some of your past statements or whatever you did, said, are or have done becomes illegal in the future. Then you are in big trouble my friend, because such an information store is the first thing an authoritarian regime is going to search remotely for discriminating evidence of whatever, as they really like to know who their potential enemies are.
Things like that have happened in the past (although not in all countries of course, but in too many) and will certainly happen again in the future, it’s just uncertain where exactly this will take place.
Nailed it!
Facebook is already doing this.
^^ This
Always.
People never, ever think it can happen.