Microsoft Bows to Public Pressure, Disables Controversial Windows Recall by Default – Shield Smart

Microsoft has bowed to public pressure to turn off its controversial Windows Recall feature by default on Copilot+ PCs.

The feature, widely panned as a security and privacy riskwas turned on by default and required users to go through checkboxes to opt-out of the software that uses AI to create a searchable digital memory of everything ever done on a Windows computer.

Just this week, security researchers documented several ways malware could be designed to steal Windows Recall data and Google Project Zero researcher James Forshaw provided evidence that Windows Recall data is poorly protected on Windows.

As the criticism spread to mainstream media, the software maker reversed course, announcing Friday it would change the set-up experience of Copilot+ PCs to give Windows users “a clearer choice to opt-in to saving snapshots using Recall.”

“If you don’t proactively choose to turn it on, it will be off by default,” the company said in a note published Friday.

Redmond’s software engineers will now require Windows Hello enrollment to enable the Recall feature and “proof of presence” will be required to view and search through screenshots saved in Recall.

The company said it will also add additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates.

“In addition, we encrypted the search index database,” the company added.

Advertisement. Scroll to continue reading.

Even as it rolled back the on-by-default setup configuration, Microsoft is pushing ahead with marketing the controversial feature, arguing that fine-grained user controls are available to allow users to personally customize how the tool works.

Microsoft insists there is a major security barrier because the screenshots are stored locally on Copilot+ PCs with powerful AI tooling that works on the device itself.

“No internet or cloud connections are used to store and process snapshots. Recall’s AI processing happens exclusively on your device, and your snapshots are kept safely on your local device only. Your snapshots are yours and they are not used to train the AI on Copilot+ PCs,” the company stressed.

Related: Researchers Show How Malware Could Steal Windows Recall Data

Related: Microsoft’s Windows Recall: Cutting-Edge Search Tech or Creepy Overreach?

Related: Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report

Related: Microsoft’s Security Chickens Have Come Home to Roost

Related:Microsoft Hires New CISO in Major Security Shakeup

#Microsoft #Bows #Public #Pressure #Disables #Controversial #Windows #Recall #Default

Leave a Comment