Windows Recall: Microsoft's second launch attempt after devastating criticism
When Microsoft announced the AI-feature Windows Recall earlier this year, it was confident that it would receive praise for the feature.
The main idea behind Recall was to give users AI-powered access to past activity on their Windows PCs. Recall would capture a screenshot every five seconds, process the data, and allow users to interact with that data using natural language.
What followed was a wave of criticism. Privacy and security advocates criticized Microsoft for several key aspects:
- Recall would run automatically after the initial setup. In other words, it was opt-out, not opt-in.
- The database and data was not specially secured during runtime.
Microsoft pulled Recall shortly thereafter and promised to to better. The company has now highlighted changes that it made to Recall in a new blog post on the Windows Experience blog.
Recall: the security and privacy changes
Microsoft addresses the criticism in several ways. First, by making Windows Recall and opt-in experience. Microsoft says that users will see an option to turn on Recall during the out-of-box experience.
They may also turn it on at a later point in time. Good news for users who do not want anything to do with Recall: it can be uninstalled, despite Microsoft's previous comment that this won't be possible.
Second, Microsoft is improving security by encrypting Recall's database and running essential Recall processes in an isolated environment.
Malware cannot just copy the data during runtime anymore, thanks to the extra security.
On top of that, Windows Hello is required for certain actions. Microsoft mentions that prompts are shown when users try to make changes to Recall's settings and when they want to access the Recall user interface.
There are also rate-limiting and anti-hammering measures to limit malware attacks.
Windows Recall: Privacy Controls overview
The blog post offers a list of controls that users have over Recall; not all are new though.
Here is the overview:
- Users control the amount of disk space that Recall uses and for how long activity data is kept.
- Options to delete a time range, all data from a specific app or website, or anything that comes up during searches.
- Private browsing data is never saved in Edge, Chrome, Firefox, Opera and other Chromium-based browsers.
- Website activity can be blocked in Edge, Chrome, Firefox, and Opera.
- A system tray icon highlights activity and provides access to Recall.
- Recall supports sensitive content filtering through Microsoft’s Purview information protection product.
Closing Words
The announced changes address two of the major points of criticism: that Recall was opt-out and that the data was not secured properly.
There is still some uncertainty regarding the implementation during setup and thereafter. Still, with Windows Recall being opt-in, there is less of a chance that the feature runs in the background without the user really knowing about it.
What is your take on the announced changes? Is it enough? Would you give Recall a try now, or is it still not something that you are interested in? Feel free to leave a comment down below.
Microsoft, a convicted monopoly [1], has root and you can’t do a damn thing about it.
YOU DON’T OWN YOUR COPY/INSTALLATION OF WINDOWS. They OWN YOU AND YOUR DATA.
When you’re browsing the net, entering in passwords, saving private data to your Windows system, you need to form this image deep in your mind: of Gaylord Gates and Bitchy Ballmer fucking you up the ass and their laughter without end.
You can’t audit the source code for Windows or the updates. You are fucked. This post will probably never be approved.
[1] https://en.wikipedia.org/wiki/United_States_v._Microsoft_Corp.
Hi Martin & everyone
Just found this bit. Hard to say whether I am more surprised at the audacity than shocked that is happening so soon, but anyway.
https://techcrunch.com/2024/10/01/microsoft-copilot-can-now-read-your-screen-think-deeper-and-speak-aloud-to-you/
It sounds a lot like ‘recall’ except without the storage element. So copilot will get polluted with the same “AI” features that sticks its thieving trunk in your stuff.
There are just so many things I would not trust MS, “AI” and the current goldrush AI peddlers with access to. Even if we imagine that they could be trusted with it, as in never passing it on and only using it in my very best interests, I would not trust them to keep it from everyone else.
What’s next? AI “analyzing” your ‘Teams’ meetings? Probably already being worked on, waiting to spring it on the public.
Perhaps the best picture I can pass on was one that was passed on to me.
These days the computer in your life is not just an extension of your “papers and private effects” (re. the constitutions wording against unreasonable searches) is basically an extension of your mind (memory) and your senses (eyes, ears), as we do more and more online and via computers.
And you would not let others have access to or control over that. To read the contents of that at will, to see what you see, hear what you hear, read what you write.
The greed for access is boundless. It is only now in these “end times” that it has become possible to collect, hoard and run automated meaningful tools on it in a industrial scale.
Too many useful idiots out there thinking we will get ST:TNG-like talking to computers and live happily ever after with lots at their command. That will be for the few, not for the masses.
Try more like tech is currently being turned against workers in amazon warehouses, except rolled out everywhere including in your homes. “going Amish” sounds more like the only way out soon and that will not be an option, with land ownership and whatnot getting in the way.
Indentured servitude is coming back bigtime, just like ‘1984’ is getting more feasible every day with less manpower required to do all the monitoring, threatening and ordering about.
Hopefully O&O ShutUp will take care of it regardless of how it’s implemented.
I have zero interest in ever trying the Recall feature or having it installed on my PC’s.
Still do not have a favorable view of this thing.
What has improved that sounds good?
*) It has become opt-in, not opt-out, at least for the time being. The problem is naturally that of trust in this area. There are not, nor can there be, assurances that it stays off (or honours the supposed exclusions). And once it is there, big interests will pile on pressure to have it turned on.
*) Supposedly the “proof of precense” (aka proof of profile owner being logged in) mechanism has been improved/tightened.
*) Nothing stored in plaintext, it will be on-demand decrypted.
Nothing really addresses the big fundamental issues though, even if you have impossibly perfect security and unbelievably strong post-quantum crypto.
This, a few technicalities aside, is basically a camera pointed at your monitor, recording everything* and in addition also using OCR to transcribe as much text and numbers of it as it can, as a sort of subtitling to the stream of screenshots. And most likely with the capacity to send it all “somewhere” outside of your control.
That it does not do more, like for example locally run facial recognition to ID people you video chat with (or pr0n you watch), is more down to practicalities rather than lack willingness to intrude more. Practical things like lack of local compute, cost of storing everything, and re-election (for legislators). All of those things tend to shift, eventually.
(*) everything except a few things like: “”private mode”” browser sessions. Or you pay for the ‘purview’ service, which basically means paying for being allowed to tell them what you want to exclude and having a little bit of control over your windows infested computer..
And that is if you trust them to actually stay out of ‘purview’ exclusions and “private mode” browsing. The opposite is also relevant: they, out in the open, consider it theirs if it is not in either category.
For normal people this means: 100% of everything that at not done in “”private mode”” browsing, because you are not going to be in the ‘purview’-user segment.
So all non-browsing stuff. Plus all the browsing that is not done in “”””private”””” mode.
It is still a an abomination of a concept and many if not all of the why’s have been debated to death elsewhere. This should be considered a dead horse. It requires levels of trust that are simply not compatible with the societies we live in.
Sure, it sounds like a nice thing… until you think about the many ways how this could go bad.
And you have to trust that it stays turned off… and that there is not a ‘quiet on anyway’ mode.
This should not be there at all, to prevent it ever being on! At least when I fire up OBS to make game clips to put on youtube it is on purpose and highly controlled. Not a OS “built-in” that could be on any time, like a longer but slow fps version of nvidia shadowplay.
They don’t learn. They won’t ever learn nothing.
Thanks for the article! :]
Really really disappointed that people lambasted Microsoft over this Recall thing. I was rubbing my hands together with glee at the idea that this functionality was going to be enabled by default for everyone, including doctors and lawyers. This was Microsoft’s original plan until users got angry. But think about how funny Recall would have been to watch from the sanctity of Linux if people had just kept quiet and just let Microsoft do their thing! No bag of chips, popcorn or pretzels would have been big enough.
Never interrupt your Chess opponent while they are making a mistake.
Just wanted to add that it may cause a lot of Government agencies, in friendly countries, to move from Windows. Or Governments will make special deals with Microsoft for a more privacy focused version of Windows. Large Hospitals, Banks and Airports will also try to negotiate for more privacy focused Windows deals that will remove Recall on their computers. But medium to small none-tech companies are clueless mostly because they subcontract tech support, and they are the majority together with mindless consumers.
Do you really believe tech backwards small businesses that owned by 50+ year olds will switch to Linux? No radical changes are going to happen within next 5 years. Most tech-savvy people already switched to Linux or stripped Windows of all tracking.
Only when people start to lean about somebody they know got screwed by Recall, or they get hurt by Recall themselves, change is going to happen. It’s like with fast food places. People were eating there more and more knowing it’s bad for their health, but after price hikes in recent years, people started to skip fast food meals. You have to hurt people financially for them to react.