Microsoft makes controversial Windows Recall AI feature an opt-in experience on Copilot+ PCs, as 'mere' 171 lines of code bypass its layers of security

Kevin Okemwa

8 June 2024 at 10:15 am·3-min read

What you need to know

Windows Recall continues to stir controversy as a Python script is able to bypass its security.
Microsoft Research's chief scientist technical fellow Jaime Teevan broadly discussed the controversial AI feature during an interview and stated protecting the user's data is a foundational aspect for the company.
The tech giant has now rolled out extra measures to maintain the users privacy and security while interacting with the feature, including making Windows Hello a mandatory requirement for enabling the feature and making it an opt-in experience on Copilot+ Pcs.

At Microsoft's special Windows and Surface event, the company announced a handful of next-gen AI features shipping to Windows 11 as part of the 24H2 release, including Windows Recall, Live Captions, and more. While most of these features aren't groundbreaking, Windows Recall has seemingly turned controversial with concern centered on its security and privacy aspects.

Windows Recall is an AI-powered feature that acts like your PC's photographic memory and captures snapshots of everything you see and do. Microsoft CEO Satya Nadella explained the experience runs on-device NPU (neural processing unit) and doesn't rely on the cloud for any of its functionalities. This is important for privacy, security, and performance.

However, the flagship AI features won't be available to everyone due to its stringent Copilot+ PC requirements, including an NPU with 40+ TOPS, 16GB RAM, 256GB storage, and 8 logical processors. Microsoft also promises that the feature is 100% privacy-focused and won't use the data Recall accesses to train its AI models. Additionally, Windows Recall is an opt-in experience, which you easily disable if you've already enabled it.

And while the feature's availability remains fairly limited, users have gone up in arms and raised concerns over its privacy. However, it doesn't seem like a big issue for Microsoft Research's Chief Scientist and technical fellow Jaime Teevan (via The Register).

While touching base with the Director of the Stanford Digital Economy Lab Erik Brynjolfsson, Teevan broadly discussed the controversy around Windows Recall. Brynjolfsson started the discussion by asking about the pros and cons of the features. The chief scientist indicated that it's important to realize that the AI revolution is redefining how we understand data.

"Microsoft generally helps large enterprises manage their data, create data, share data, and that data is really something that makes the business of work different in the context of generative AI. And as individuals too, we have important data, the data that we interact with all the time, and there's an opportunity to start thinking about how to do that and to start thinking about what it means to be able to capture and use that. But of course we are rethinking what data means and how we use it, how we value it, how it gets used."

More recently, the AI feature has been referred to as a PR disaster, a privacy nightmare, and a hacker's paradise...the list goes on. However, Teevan says protecting the user's data is a foundational aspect that Microsoft prioritizes. This is predominantly the main reason Microsoft shipped Windows Recall as a local functionality, completely blocking cloud integration. With your data being stored locally, there are no security or privacy risks. What's more, the data is protected by Microsoft Account credentials.

More security and privacy concerns abound?

But as we speak, many open-source Windows Recall clones are already in the wild, Including OpenRecall. Alex Hagenah, a security researcher also released a tool dubbed Total Recall which can extract and show data from Recall's unencrypted SQLite database (via Android Authority).

Strangely enough, the tool uses 171 lines of code to strip Windows Recall's security and privacy measures. Consequently, the tool can scheme through the controversial AI feature's database, ultimately gaining access to private and sensitive credentials like passwords. According to the author, the data is tored in plain text while the device is in use, making it easier for attackers to grab information easily.

Interestingly, Microsoft just issued a statement with new measures addressing some of the privacy and security concerns riddling Windows Recall. As we edge closer to its general availability in Copilot+ PCs, Microsoft is now making Windows Hello enrollment a mandatory requirement to enable Windows Recall. This will act as an extra layer of security on top of the whole experience running locally on your PC.

With this new development, do you trust Microsoft with a feature like Windows Recall?

South China Morning Post
Huawei and Wuhan Xinxin to develop high-bandwidth memory chips amid US restrictions
Huawei Technologies has teamed up with Chinese foundry Wuhan Xinxin Semiconductor Manufacturing Co to develop high-bandwidth memory (HBM) chips, according to sources, as these devices have become an indispensable component in the computing infrastructure used for artificial intelligence (AI) projects. This initiative also involves mainland integrated circuit (IC) packaging firms Jiangsu Changjiang Electronics Tech and Tongfu Microelectronics, which are tasked to provide the so-called Chip on Waf
Evening Standard
iOS 18: the biggest new Apple iPhone features you need to know
From AI-generated emojis to an overhauled Siri, these are the best perks coming to Apple devices later this year
The Telegraph
Microsoft’s obsession with AI could be its downfall
Twenty years ago as internet music piracy raged, I received a very unusual email from a primary school pupil in Kentucky.
PC Gamer
Internet speed record of 420,000,000 Mbps achieved using standard optic fibre cabling, fast enough to download Baldur's Gate 3 in less than four milliseconds
A gaming PC with the fastest CPU, DDR5 RAM, and Gen5 SSD would be a massive bottleneck though, so there's no chance you could use this at home.
The Independent
New Apple AirPods could have a camera, reports claim
Earphones could work with Vision Pro headset, rumours suggest
TechRadar
How to clean your AirPods case
If your AirPods case keeps getting dirty, there are some simple ways to clean it up. Here's a look at the best methods.
TechCrunch
Apple reportedly working to bring AI to the Vision Pro
Apple’s AI plans go beyond the previously announced Apple Intelligence launches on the iPhone, iPad and Mac. According to Bloomberg’s Mark Gurman, the company is also working to bring these features to its Vision Pro headsets. It’s not the most surprising move — if Apple Intelligence (a whole suite of features including an improved Siri, proofreading tools and custom emojis) is key to Apple’s future, why wouldn’t it be available on all the latest Apple gadgets?
Yahoo Finance Video
Your car is your worst asset for privacy. Here's why.
Two out of every three cars sold feature embedded connectivity, according to Counterpoint Research. Mozilla *Privacy Not Included lead Jen Caltrider joins Wealth! to discuss the state of privacy in modern cars. "Every car that people buy these days is bad for privacy. There are no good options for new cars for privacy," Caltrider explains. She points to Tesla (TSLA), Nissan, and Kia's privacy policies as particularly striking, as they seek to collect very personal data. "When you think about privacy, we're going to have to give up data in our connected world. It's just how it works. And what you want to see is a product that only collects the data it needs to give you the service. So for a car, you want it to collect only the data it needs to get you from point A to point B safely and then use it only for that," she says. However, most cars today collect much more data to sell to advertisers, data brokers, and insurance companies. Modern cars are equipped with microphones, cameras, and sensors that all collect information to make inferences about users. Caltrider adds that while this technology is way ahead, the privacy solutions "are way behind." For more expert insight and the latest market action, click here to watch this full episode of Wealth! This post was written by Melanie Riehl
HuffPost
Reporter Reveals 'Real Anger' From Biden White House Aides After Debate
They were "shocked" and felt "they had not been told the truth," said Axios' Alex Thompson.
Evening Standard
'Misstiano Penaldo': John Terry brands BBC 'a disgrace' for dig at crying Cristiano Ronaldo over penalty miss
BBC coverage of the Euro 2024 did not go down well with the former Chelsea captain
Bloomberg
China’s AI startups head to Singapore in a bid for global growth
When Wu Cunsong and Chen Binghui founded their artificial intelligence startup two years ago in Hangzhou, China, they quickly ran into obstacles, including dearth of venture capital.
INSIDER
Malaysia's $100 billion ghost town is good for at least one thing: filming documentaries and shows like Netflix's 'The Mole'
Embattled Forest City is a backdrop for a handful of reality shows and documentaries.
The Independent
Bodycam footage released after 13-year-old boy shot and killed by police in New York
Body camera footage released by the department shows officers tackling the boy to the ground before firing a gun
BuzzFeed
17 Kids Of Sex Workers Confessed What Their Lives Were Reallyyyy Like, And It's A Lot To Handle
A lot goes on behind closed doors.
INSIDER
A millennial couple moved to Bali 2 years ago. Making friends was one of the hardest parts.
There's a common refrain that things in Bali are cheap — and that's not necessarily true, they said.
Associated Press
Trump says he can end the Russia-Ukraine war in one day. Russia's UN ambassador says he can't
Donald Trump has said repeatedly he could settle the war between Russia and Ukraine in one day if he’s elected president again. Russia’s United Nations ambassador says he can’t. When asked to respond to the claim from the presumptive Republican nominee, Vassily Nebenzia told reporters Monday that "the Ukrainian crisis cannot be solved in one day.”
People
'Very Sweet Young Lady' Is Killed on Her 21st Birthday, Suspect in Custody
Joselyn Toaquiza was reported missing on Wednesday, June 19, the day after she turned 21, before police learned she'd been killed the day before
Bloomberg
Russian goods find their way to Singapore as war fatigue sets in
Heavily discounted Russian-made goods, from hair products to chocolate, are finding their way onto Singapore’s virtual supermarket shelves.
Evening Standard
England have already been dealt huge selection blow for Switzerland quarter-final clash at Euro 2024
Gareth Southgate will be forced into Three Lions reshuffle for last-eight showdown in Dusseldorf
HuffPost
Harvard Law Professor Delivers Chilling Prediction After Trump Immunity Ruling
Laurence Tribe explained what the Supreme Court decision means in "practical purposes" and it's "devastating."

What you need to know

More security and privacy concerns abound?

Latest stories