May 23, 2024 12:30:00

British authorities investigate the safety of Windows' new feature 'Recall' that records all PC operation history and searches history with AI

The AI feature for Windows 11, 'Recall,' announced on May 20, 2024, is said to be able to 'record and search everything you see and do on your PC.' However, the UK's data watchdog,

the Information Commissioner's Office (ICO), has launched an investigation into Recall, citing concerns about privacy protection.

Giving Windows total recall is a privacy minefield • The Register
https://www.theregister.com/2024/05/22/windows_recall/

Recall, an AI feature for Windows 11, is a feature that allows users to search for any actions they have taken on their PC in the past by taking screenshots of the screen every few seconds. Microsoft says, 'Recall will become more sophisticated over time, and in the future, it will take screenshots of the actual source document, website, or email to make it searchable.'

Microsoft announces new AI feature 'Recall' for Windows 11, a powerful AI search function that records everything you see and do on your PC and allows you to search later - GIGAZINE

However, Recall does not perform content moderation, and any passwords or bank account numbers you enter are saved as screenshots. 'There are certain data that browsers should save and certain data that they shouldn't,' said Steve Teixeira, Mozilla's chief product officer. 'Recall saves not only your browser history, but also the data you type into the browser. Microsoft claims that the data is saved in encrypted form, but this saved data is a new attack surface for cybercriminals and raises new privacy concerns on shared computers.'

In addition, Recall will save screenshots even if the web browser's 'privacy mode' is enabled. 'The efforts of browser developers to implement privacy modes to erase users' browsing data are not respected at all. Recall poses a significant privacy risk to organizations that handle personal data,' said Tarquin Wilton-Jones, a developer and privacy expert at the web browser Vivaldi.

On the other hand, Microsoft's standard browser, Microsoft Edge, allows users to specify websites that are not subject to screenshot capture by Recall, and in Microsoft Edge and browsers using Chromium , it is possible to stop screenshots from being saved in privacy mode. Teixeira pointed out, 'Microsoft is playing the gatekeeper in the race to gain an advantage in the browsers used on Windows. Currently, there is no mechanism for third-party browsers that are not based on Chromium, such as Firefox, to protect users' privacy from Recall. If Microsoft had made exceptions to screenshot saving in all browsers, it would have been possible to give users true autonomy over their privacy, regardless of which browser they chose.'

'The use of Recall opens up new avenues for cybercriminals to attack,' said Jake Moore, global cybersecurity adviser at security software company ESET. 'I don't want my computer spying on everything I do,' said AI expert Gary Marcus.

F^ck that. I don't want my computer to spy on everything I ever do.

Sticking with my Mac, thank you. https://t.co/9wTa90fsGg

— Gary Marcus (@GaryMarcus) May 21, 2024

In addition, the ICO contacted Microsoft about the recall on May 22, 2024. An ICO spokesperson said, 'We contacted Microsoft to provide transparency to users about how their stored data is used and to understand the safeguards they have in place to protect user privacy.'

An ICO spokesperson added: 'We expect Microsoft to process personal data only to the extent necessary to achieve a specified purpose. Industries must consider data protection, rigorously assess risks to users' rights and freedoms and implement mitigation measures before bringing their products to market.'

In addition, Microsoft states that 'content is stored locally and screenshots taken are not sent to Microsoft' and 'Recall does not store screenshots of material protected by digital rights management (DRM).'