The Windows “Recall” feature, which is set to be enabled by default on upcoming Copilot+ PCs, has sparked concerns among security and privacy advocates. The feature captures frequent screenshots of a user’s activity and stores them in a local database tied to the user account. This has raised alarm bells as it presents a potential security and privacy nightmare.
One of the main concerns raised by security experts is the potential exposure of personal and sensitive data through the Recall feature. The screenshots captured by the feature may contain sensitive information such as passwords or financial account numbers, which could be stored on the user’s device. If someone gains access to the user’s password or if a court orders the data to be turned over, the amount of exposed data could be significantly greater with Recall than without it. Hackers, malware, and infostealers could also potentially access a vast amount of data through this feature.
Microsoft has attempted to address these concerns by stating that the processing and storage of data are done only on the local device and are encrypted. However, security and privacy advocates question the security of storing data on the local device. They argue that if someone gains access to the user’s password, the Recall screenshots could be easily stolen and accessed. The screenshots are stored in a SQLite database, which can be accessed programmatically by the user. This raises further concerns about potential data breaches and unauthorized access to sensitive information.
Another issue raised by security researcher Kevin Beaumont is the storage of sensitive data even after it has been deleted by users. The Recall feature seems to save screenshots of sensitive data, even if the user deletes it or uses disappearing messages on platforms like WhatsApp or Signal. This raises questions about how Microsoft handles user data and whether it truly respects user privacy.
The concerns raised by Beaumont and other security experts have led to widespread outrage and disbelief. Leslie Carhart, Director of Incident Response at Dragos, supports Beaumont’s findings and states that the outrage is warranted. The fact that a security feature meant to protect users could potentially expose their sensitive information has led to a loss of trust in Microsoft’s commitment to privacy and security.
In conclusion, the Recall feature planned for Windows has raised significant concerns among security and privacy advocates. The potential exposure of personal and sensitive data, the questionable security of local storage, and the retention of deleted data have all contributed to the perception of Recall as a security and privacy nightmare. Microsoft must address these concerns and ensure that user privacy and data security are prioritized in the development of their software and features. Failure to do so could result in a significant loss of trust from users and potential legal and regulatory repercussions.
Source link