Microsoft’s introduction of the Recall feature on its new Copilot+ PCs has sparked significant controversy due to privacy and security concerns.
Recall, a tool designed to enhance user productivity by taking continuous snapshots of the screen, is being heavily criticized on social media, user discussions, blog posts, and YouTube videos for potentially undermining user privacy and increasing security risks.
Recall and how it works
Recall is a feature on Microsoft’s new Copilot+ PCs that takes screenshots of everything displayed on the user’s screen in regular time intervals. These snapshots are stored locally and can be accessed by users to find and revisit past activities across various applications and websites.
The idea is to provide a virtual photographic memory, helping users quickly locate information without remembering exact file locations or browsing histories. Snapshots are taken every five seconds and are organized based on relationships and associations unique to the user’s experiences.
Microsoft emphasizes that Recall’s data processing and storage are entirely local to the device, ensuring that snapshots do not leave the user’s PC. The company claims that users have full control over their data, with options to delete individual snapshots, adjust time ranges, or pause the feature entirely. Users can also filter specific apps and websites from being recorded, so there are options that provide an additional layer of privacy control.
Severe criticism
Despite Microsoft’s assurances, critics argue that Recall poses significant risks. Kevin Beaumont, a cybersecurity researcher, highlights the potential dangers in a write-up on his personal blog. He points out that, while the snapshots are stored locally, they could still be accessed by malicious actors if a device is compromised.
Beaumont draws parallels to the way infostealer malware currently operates, which already targets locally stored data such as browser credentials. He warns that Recall could provide an even richer target with a database of indexed screenshots that include sensitive information like passwords and financial data.
The introduction of such a controversial feature and the resulting backlash from the public have prompted responses from regulatory bodies, too.
The UK’s Information Commissioner’s Office (ICO) stated: “We expect organizations to be transparent with users about how their data is being used and only process personal data to the extent that it is necessary to achieve a specific purpose.”
“Industry must consider data protection from the outset and rigorously assess and mitigate risks to people’s rights and freedoms before bringing products to market. We are making inquiries with Microsoft to understand the safeguards in place to protect user privacy.”
User concerns can be summarized in the following three main points:
- Recall captures all screen content, including sensitive information such as passwords, financial details, and private communications, which could be exposed if the device is compromised.
- If malicious actors gain access to a system, they could retrieve months’ worth of snapshots, providing detailed insight into user activities.
- While Microsoft claims users have control over their data, the complexity of managing these settings and the potential for lapses in capturing unwanted data remain significant concerns.
What to do about Recall
The Recall feature on Microsoft’s Copilot+ PCs is set to be available starting June 18, 2024, so no Windows installations currently have this system active. After that date, people using eligible devices can take the following steps to minimize the intrusiveness of this new system:
- Turn off the snapshot-saving feature entirely through the Windows settings. This can be done by navigating to Settings > Privacy & Security > Recall & Snapshots and adjusting the relevant settings.
- Periodically review and delete snapshots, especially those containing sensitive information.
- Utilize the filtering options to prevent Recall from recording specific apps and websites.
For organizations, it is advisable to configure policies that disable Recall or limit its functionality until comprehensive risk assessments are conducted. IT administrators can use the Turn-off saving snapshots for Windows policy to manage these settings across enterprise devices. More information on how to do that can be found here.
While Microsoft maintains that the new Recall feature aims to enhance user productivity by providing a powerful memory aid, it undoubtedly introduces substantial privacy and security risks. Users and organizations must weigh these risks carefully and take proactive steps to protect their sensitive information, even considering migration to alternative OS options. As regulatory bodies announce investigations into the safeguards, it remains to be seen how Microsoft will address peoples’ rightful concerns and balance innovation with security.
BITR
[https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers]
Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Andrew Harris Says
Early in his career, he helped lead the Defense Department’s efforts to protect individual devices.
Since December 2020, when the SolarWinds attack was made public, Microsoft’s stock has soared 106%, largely on the runaway success of Azure and artificial intelligence products like ChatGPT, where the company is the largest investor.
At Microsoft, Harris was assigned to a secretive unit known as the “Ghostbusters” (as in: “Who you gonna call?”), which responded to hacks of the company’s most sensitive customers, especially the federal government. As a member of this team, Harris first investigated the puzzling attack on the tech company and remained obsessed with it, even after switching roles inside Microsoft.
Eventually, he confirmed the weakness within Active Directory Federation Services, or AD FS, a product that allowed users to sign on a single time to access nearly everything they needed.
“Azure was the Wild West, just this constant race for features and functionality,” said Nate Warfield, who worked in the MSRC for four years beginning in 2016. “You will get a promotion because you released the next new shiny thing in Azure. You are not going to get a promotion because you fixed a bunch of security bugs.”
Morowczynski told Harris that his approach could also undermine the company’s chances of getting one of the largest government computing contracts in U.S. history, which would be formally announced the next year. Internally, Nadella had made clear that Microsoft needed a piece of this multibillion-dollar deal with the Pentagon if it wanted to have a future in selling cloud services, Harris and other former employees said.
That’s the worst, when a companies hierarchy deems profits over security by the fact in this piece. That in what Morowczynski first promised to Harris in 2017. The company only began offering it in 2022. Many years later and after a major national defense breach.
BITR
Harris said he pleaded with the MS company for several years to address the flaw in the product, a ProPublica investigation has found. But at every turn, Microsoft dismissed his warnings, telling him they would work on a long-term alternative — leaving cloud services around the globe vulnerable to attack in the meantime.
ProPublica’s investigation adds new details and pivotal context about that MS culture, offering an unsettling look into how the world’s largest software provider handles the security of its own ubiquitous products.
DiCola, Harris’ then-supervisor, told ProPublica the race to dominate the market for new and high-growth areas like the cloud drove the decisions of Microsoft’s product teams. “That is always like, ‘Do whatever it frickin’ takes to win because you have to win.’ Because if you don’t win, it’s much harder to win it back in the future.
Two researchers from the cybersecurity company Mandiant delivered a presentation demonstrating how hackers could infiltrate AD FS to gain access to organizations’ cloud accounts and applications.
Mandiant said it notified Microsoft before the presentation, making it the second time in roughly 16 months that an outside firm had flagged the SAML issue to the MS company.
In March 2021, Wales told a Senate panel that hackers were able to “gain broad access to data stores that they wanted, largely in Microsoft Office 365 Cloud … and it was all because they compromised those systems that manage trust and identity on networks.”
Microsoft itself was also breached.
Microsoft advised customers of Microsoft 365 to disable seamless SSO in AD FS and similar products — the solution that Harris proposed three years earlier.
BIRT
1st everybody’s post being under this one are fair thoughts from those perspectives you’ve expressed. 2nd everybody’s mind is an island having needs and wants from their experiences of life, gaining insight, trust and wisdom that supports your own unique perspective.
Some facts of Linux that is good to know:
Linux was originally developed for personal computers based on the Intel x86 architecture, but has since been ported to more platforms than any other operating system. Because of the dominance of Linux-based Android on smartphones, Linux, including Android, has the largest installed base of all general-purpose operating systems as of May 2022. Linux is, as of March 2024, used by around 4 percent of desktop computers, the Chromebook, which runs the Linux kernel-based ChromeOS, dominates the US K–12 education market and represents nearly 20 percent of sub-$300 notebook sales in the US. Linux is the leading operating system on servers (over 96.4% of the top one million web servers’ operating systems are Linux), leads other big iron systems such as mainframe computers, and is used on all of the world’s 500 fastest supercomputers (as of November 2017, having gradually displaced all competitors).
Linux also runs on embedded systems, i.e., devices whose operating system is typically built into the firmware and is highly tailored to the system. This includes routers, automation controls, smart home devices, video game consoles, televisions (Samsung and LG Smart TVs), automobiles (Tesla, Audi, Mercedes-Benz, Hyundai, and Toyota), and spacecraft (Falcon 9 rocket, Dragon crew capsule, and the Perseverance rover).
Linux is one of the most prominent examples of free and open-source software collaboration. The source code may be used, modified, and distributed commercially or non-commercially by anyone under the terms of its respective licenses, such as the GNU General Public License (GPL).
[https://en.m.wikipedia.org/wiki/Linux]
As a windows, android, and smartTV user I’m using linux waymore than I imagined.
Agent 051782
Microsoft is the worst thing that happened to the computer industry. They cornered the market with a hilariously unreliable operating system, charge the crap out of you for their other “services”, and spy on you like nobodys business. I wish Linux was more utilized in the consumer, educational, and business marketplaces.
User
The biggest problem is the lobby. Microsoft pays large sums of money to senators in the USA in order to continue using their system. Windows is build to spy on us and not to respect our privacy. Trackers, Cortana, Recall…
BITR
The ethics and morals involved with legally lobbying or influence peddling are controversial. Lobbying can, at times, be spoken of with contempt, when the implication is that people with inordinate socioeconomic power are corrupting the law in order to serve their own interests.
When people who have a duty to act on behalf of others, such as elected officials with a duty to serve their constituents’ interests or more broadly the public good, can benefit by shaping the law to serve the interests of some private parties, a conflict of interest exists.
Many critiques of lobbying point to the potential for conflicts of interest to lead to agent misdirection or the intentional failure of an agent with a duty to serve an employer, client, or constituent to perform those duties.
The failure of government officials to serve the public interest as a consequence of lobbying by special interests who provide benefits to the official is an example of agent misdirection. That is why lobbying is seen as one of the causes of a democratic deficit.
Term limits could help, oversight is badly needed, oath takers need to be punished and more harshly than an average citizen.
Federal officials are subject to the federal bribery, graft, and conflict-of-interest crimes contained in Title 18, Chapter 11 of the United States Code, 18 U.S.C. §§ 201–227, which do not apply to state and local officials. Most notably, § 201(b) prohibits the receipt of bribes, and § 201(c) prohibits the receipt of unlawful gratuities, by federal public officials. Lesser used statutes include conspiracy to defraud the United States (enacted 1867) and the Foreign Corrupt Practices Act (FCPA) (enacted 1977).
[https://en.m.wikipedia.org/wiki/List_of_United_States_federal_officials_convicted_of_corruption_offenses]
ChatGee
I don’t know about the rest of you. But Copilot is incredibly inaccurate and limited. It’s exceptionally woke and cuts you off frequently especially when you mention errors. Worst of all there’s no machine learning. It fails to take direction, is lazy, and obtains a lot of info from ads. It won’t admit it lies but on a occasion it did say, “yes, I lied”. Every other response seems to contain the phrase “it is important to” and similar variants. It provides unnecessary and unsolicited commentary including preaching and repetitive content. It’s terrible.
Christopher
Those all-knowing super talented techy people should start a public campaign to educate us wherever we are on the globe on Linux and its variations as well as mobile OS options. There should be free public courses, a kind of global mobilization which would hit the balance big time in favor of open source products .
Where are they ? Nowhere!
You change stuff when you walk the talk
Woz
Isn’t it just delightful how the Linux evangelists champion their precious OS? It seems it’s the same few who keep promoting this OS any chance they can, even to their grandparents or others who can’t upgrade their Windows or are tired of Microsoft.
Linux cheerleaders seem to have a special aversion to anything that’s too straightforward or doesn’t involve a hefty amount of effort. It’s the thrill of the conquest, to be different than to conform to the status quo.
And would you look at that, one of the Linux flavors recently rolled out a groundbreaking feature: the ability to monitor file copying times! It’s almost as if they’ve just discovered something that Windows users have been enjoying since the days of Windows 3.0!
Umm. But I digress. If anything, frustrated PC users will switch to Apple despite how much more expensive it is. But Linux? No bloody way. I’ve seen PC users who were gullible and fed this nonsense only to give up in frustration and return to Windows or buy a Mac.
User2
You sound salty. Most people who use computers only use a browser for shopping and social media.
Linux offers you privacy and customisation to do what you want, yes there’s a learning curve but it depends on how far you want to take it. You can have a simple distro.
User
Not really, you can use a distro like for example Zorin OS. https://zorin.com/os/ which is pretty similar to Windows. You can set up and use many apps with no previous knowledge.
User
Well Woz, I am not a Linux evangelist, I simply share my experience after using Windows many years and moving to Linux 10 years ago. Every single person is free to use any other system if he or she is happy. However, it is an evidence that Windows and Apple are not private oriented companies and in many PC or laptops, require more RAM and graphic resources.
On the other hand, I do not agree with compability issues unless you use Debian, as with distros like Zorin or Ubuntu you can set up and use almost the same apps as in Windows or Apple.
User
The best solution is moving to a Linux distro. Your system will be faster, more secure and with great privacy.
User1
Made the change to Linux last night.
Co-pilot can also be disabled in Group Policy settings if you have more than one account active on your system.
William Bates
Lol. The best solution is to have Linux enthusiasts live on their own section of Antarctica. These folks aren’t wired like the vast majority of people on this planet.
BITR
Wired = a vast majority of people? by your misnomer.
When in fact, Linux is the leading operating system on servers (over 96.4% of the top one million web servers’ operating systems are Linux), and linux leads other big iron systems such as mainframe computers, and is used on all of the world’s 500 fastest supercomputers (as of November 2017, having gradually displaced all competitors).
So, if Wired were to mean, surfing the web by any OS/Platform and personal device, Linux is the foundational leading operating system on 96.4% of the top one million web servers who’s operating systems are Linux.
Facts please, so misnomers flee!
Come in out of the cold sir…