Microsoft Delays Recall Launch, Seeking Community Feedback First

The primary function of Microsoft's Recall feature for Copilot+ PCs is to act as an AI-enabled timeline that allows users to perform intuitive searches through their files, internet history, and more1. It utilizes Windows Copilot Runtime to help users find anything they've seen on their PC, using a semantic index with a timeline to understand content and context in time6. This feature is designed to make it easier for users to review and return to previously used apps and content, functioning like a "time machine" for Windows PCs.

The Recall feature in Windows 11 on Copilot+ PCs has raised several privacy concerns among security researchers. The feature takes snapshots of a user's activity on their PC, which can then be analyzed by generative AI to answer questions phrased in natural language. While Microsoft has reassured customers that this data will only be stored locally, security researchers have pointed out potential vulnerabilities.

1. Data Exfiltration: Attackers do not need physical access to a Copilot+ laptop to exfiltrate Recall data. This means that sensitive information, including passwords and financial account numbers, could potentially be accessed by malicious actors.

2. Lack of Content Moderation: Recall does not perform content moderation, so it won't hide information like passwords or financial account numbers in its screenshots. This could make it easier for attackers to access sensitive data.

3. Privacy Settings: The feature was initially planned to be enabled by default, which raised concerns among privacy advocates. Microsoft has since made Recall an opt-in feature, meaning users have to actively choose to enable it.

4. Data Storage: The fact that Recall stores data in a database in plain text has been criticized. If a hacker gains access to the user's machine, they could potentially gain access to the entire history stored by the function.

5. Security Measures: While Microsoft has implemented some security measures, such as requiring Windows Hello authentication to access Recall data, researchers have pointed out potential vulnerabilities in these measures. For example, if a hacker gains access to a user's PIN, they could potentially access the Recall data.

6. Potential for Misuse: Some researchers have suggested that Recall could be a "disaster" for cybersecurity, as it could potentially automate the scraping of everything a user has looked at, making it easier for hackers to steal information.