Microsoft Research chief scientist has no issue with Windows Recall
What tool has been developed by security researcher Alex Hagenah to interact with Recall's data storage, and what does it do?
Security researcher Alex Hagenah has developed a tool called Total Recall to interact with Recall's data storage. Total Recall can extract and display data from the unencrypted SQLite database used by Recall to store snapshots of user activity. This tool demonstrates the vulnerability of the data stored by the Recall feature and raises concerns about its privacy implications.
How does Jaime Teevan, chief scientist at Microsoft Research, respond to the privacy issues linked to the Windows Recall feature?
Jaime Teevan, chief scientist and technical fellow at Microsoft Research, responded to the privacy issues linked to the Windows Recall feature by brushing aside concerns. She mentioned that the importance of data has come up throughout the morning and that Microsoft generally helps large enterprises manage their data. Teevan also stated that as individuals, they have important data, and there's an opportunity to start thinking about how to capture and use that data. However, she acknowledged that they are rethinking what data means and how they use it, how they value it, and how it gets used.
What specific privacy concerns have been raised regarding the Windows Recall feature that captures and logs user activities?
The Windows Recall feature has raised several privacy concerns due to its ability to capture and log user activities. The feature takes screenshots every few seconds and stores them in an SQLite database, making it possible for an attacker to access the database and view the screenshots, potentially revealing sensitive information. Additionally, the feature does not perform content moderation, meaning it may capture passwords or financial account numbers displayed on the screen.
Furthermore, the Recall feature is set to be enabled by default on Copilot+ PCs, which has raised concerns about users' control over their data. Although Microsoft claims that the data is stored locally and not shared with other users on the same device, privacy advocates are worried about the potential for malware to steal the Recall database or for individuals with physical access to the device to snoop through the stored snapshots. The UK's Information Commissioner's Office has also expressed concerns and is making inquiries with Microsoft about the safeguards in place to protect user privacy.