Microsoft’s Recall feature will now be opt-in and double encrypted after privacy outcry – VentureBeat

admin on June 13, 2024 Leave a Comment

It's time to celebrate the incredible women leading the way in AI! Nominate your inspiring leaders for VentureBeats Women in AI Awards today before June 18. Learn More

Microsoft has announced major changes to its recently unveiled AI-powered Recall feature, part of the new line of Copilot+ PCs, in response to blistering criticism from security researchers about potential privacy risks. The company said it would make the feature opt-in, require biometric authentication to access stored data, and add additional layers of encryption.

Introduced last month, Recall was touted as a groundbreaking capability that would automatically capture screenshots as users worked, enabling them to search their computing history using natural language queries. But security experts quickly raised red flags, warning that the features vast data collection and lack of robust protections created serious privacy and security vulnerabilities.

In a blog post, Pavan Davuluri, Microsofts Corporate Vice President for Windows + Devices, acknowledged the clear signal from critics that the company needed to strengthen safeguards and make it easier for users to choose whether to enable Recall. The changes, which will be implemented before the features public release on June 18, include:

The additional encryption is particularly notable, as it should make it significantly harder for attackers or unauthorized users to access the potentially sensitive data captured by Recall even if they gain access to the database. Stored screenshots will now be double encrypted and only decryptable with the authenticated users biometrics on their enrolled device.

VB Transform 2024 Registration is Open

Join enterprise leaders in San Francisco from July 9 to 11 for our flagship AI event. Connect with peers, explore the opportunities and challenges of Generative AI, and learn how to integrate AI applications into your industry. Register Now

Critics, including notable cybersecurity firms and privacy advocates, argued that the persistent storage and processing of screen captures could become a target for malicious actors. The outcry reached a peak when an investigative report by BBC highlighted vulnerabilities that could potentially be exploited to access sensitive information without adequate user consent.

Responding to the criticism, Microsoft published a blog post on their Windows Experience Blog detailing their decision to make Recall an opt-in feature during its preview phase. Privacy and security are paramount, stated the post, emphasizing that the company is taking steps to reassess the features impact on user privacy.

The decision to make the feature opt-in has been met with mixed reactions. Some industry analysts commend Microsoft for taking swift action in response to user feedback. Turns out speaking out works, said Kevin Beaumont, a cybersecurity researcher in a post on X.com. Microsoft are making significant changes to Recall, including making it specifically opt in, requiring Windows Hello face scanning to activate and use it, and actually trying to encrypt the database they say.

On the other hand, some users express disappointment, having anticipated the convenience promised by Recall. In all seriousness, Ive seen zero positivity about Recall (the Windows feature which takes screenshots every 5 seconds), which leads me to believe no-one thinks this is a good feature, said Dr Owain Kenway in a post on X.com. But is there a secret undercurrent of pro-Recall users embarrassed into silence?

Microsoft has committed to a thorough review and revision of Recalls security measures. According to their press release, the company plans to conduct extensive testing with selected users who opt into the preview post-review to gather more data and refine the features security framework.

This incident underscores the delicate balance tech companies must maintain between innovating with cutting-edge AI technologies and ensuring the privacy and security of their users. It also highlights the growing role of public and expert scrutiny in shaping the development and deployment of new technologies in the digital age. As Microsoft navigates these challenges, the tech community and its users will undoubtedly keep a close watch on how Recall evolves and how it might set precedents for future AI integrations in consumer technology.

VB Daily

Stay in the know! Get the latest news in your inbox daily

By subscribing, you agree to VentureBeat's Terms of Service.

Thanks for subscribing. Check out more VB newsletters here.

An error occured.

View post:
Microsoft's Recall feature will now be opt-in and double encrypted after privacy outcry - VentureBeat

Related Posts
Posted in Encryption

Comments are closed.