Tech companies are no strangers to being cloth-eared and completely misreading the room. After Apple’s piano-crushing ad fiasco during the launch of the new iPad Pro M4, it’s been Microsoft’s turn to get mauled by security researchers and media.
The reason for that is a feature that takes advantage of new neural processing unit (NPU) hardware accelerators that arrived with a slew of powerful and energy-efficient Copilot+ laptops that were launched recently. It’s called Windows Recall. On systems that have chips with NPUs, it takes screenshots every five seconds.
This is on Windows 11 only, and once again, NPUs are required. The screenshots are stored on your computer in a structured query language database - SQLite - with the NPU, that is designed to speed artificial intelligence tasks, quickly performing optical character and image recognition on them to extract the information for searches.
Microsoft's chief executive called Recall “a photographic memory” of your computer’s desktop, to help you find things more easily on your machine by retracing your steps easily.
That all sounds somewhat interesting and potentially useful under some specific scenarios. However, Microsoft and Windows are firmly on security researchers’ radars and they had a field day when Recall was announced. It boggles the mind that the IT giant’s top leadership didn’t imagine the public relations disaster they walked into, eyes wide open.
With some minor exceptions like the private web browsing mode in Microsoft’s Edge, Recall would screenshot everything it saw on your computer. To be fair, Microsoft was straight up about that and you can see why Recall would need to do so to deliver on what it promised. It includes sensitive information of all sorts though, like when you do Internet banking, emails, browsing, you name it.
While users are starting to have second thoughts about AI used to generate text and images, the technology is very good at pattern matching. It can work rather well for image, audio and video recognition, for which Apple has used NPUs in their devices for a few years now. Recall would no doubt do a great job of that, creating a fast, efficient database of information that wouldn't normally be captured in some cases.
Do users want to play Recall Roulette then? No, and particularly not after security researchers drove a horse and carriage through Microsoft’s claims that the sensitive information would never leave users’ computers, and that it was perfectly safe there.
Said researchers discovered that the information in the SQLite database wasn’t encrypted, and quickly developed the TotalRecall data extraction tool to demonstrate the risk. It doesn’t take much imagination to figure out that Recall will become a prime target for infostealer malware because there it is, lots of sensitive user data all stored in plain text.
Well-known security researcher (and former Microsoft employee) Kevin Beaumont was early to do a double-take on Windows Recall. Like many others, Beaumont was wondering why Microsoft would take such a risk, particularly when the company is still not fully trusted by users after decades of security issues that company founder Bill Gates said had to be addressed. It appears to be less of an operating system enhancement, and more of a nice-to-have feature with a less than solid business case.
|
Word eventually reached the Microsoft ivory tower, and the company has now tweaked Recall to assuage users that it is safe, has Windows Hello biometrics, and won’t be turned on by default.
Unfortunately, communicating a complex fix in great detail after the world has ripped into the issue is a fool’s errand for Microsoft. People will remember that Recall’s very dodgy from a security point of view, and that’s it. The best thing the company could’ve done was to yank the handbrake and do a full one-eighty on Recall, pulling it completely, but that didn't happen.
The other thing Recall has done is to taint the new Arm-architecture PCs that on paper look great and competitive with Apple. Microsoft's computer manufacturer partners must be face-palming en masse at the moment.
It's safe to say that we will continue to see different AI implementations being baked into operating systems over the next bit of time. Unfortunately for Microsoft, the three trillion dollar plus company has now become the poster boy on how not to do it.
Update Microsoft has recalled Recall now.
Today, we are communicating an additional update on the Recall (preview) feature for Copilot+ PCs. Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks. Following receiving feedback on Recall from our Windows Insider Community, as we typically do, we plan to make Recall (preview) available for all Copilot+ PCs coming soon.
We are adjusting the release model for Recall to leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security. This decision is rooted in our commitment to providing a trusted, secure and robust experience for all customers and to seek additional feedback prior to making the feature available to all Copilot+ PC users. Additionally, as we shared in our May 3 blog, security is our top priority at Microsoft, in line with our Secure Future Initiative (SFI). This is reflected in additional security protections we are providing for Recall content, including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates. The development of Copilot+ PCs, Recall and Windows will continue to be guided by SFI.
When Recall (preview) becomes available in the Windows Insider Program, we will publish a blog post with details on how to get the preview. To try Recall (preview) WIP customers will need a Copilot+ PC due to our hardware requirements. We look forward to hearing Windows Insider feedback.
6 Comments
It seems like such a hilariously bad idea, and I just can't understand what problem they think Recall was going to solve. Is it for people who can't remember where they saved documents? Maybe if the Windows Explorer search function wasn't hot garbage, this wouldn't be a problem.
Personally I think AI is only useful in certain areas like security and facial recognition. With so many people now putting in security cameras in their houses it could really assist the police and cut down significantly on crime like car break ins and attempted thefts. AI could monitor the streets and car registrations. Getting pretty sick of the uptick on crime as per the number of local Facebook posts.
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.