Windows AI Feature that Screenshots Everything: A Security ‘Disaster’
June 3rd, 2024My commentary from from last month sums it up:
This looks like a built-in retroactive surveillance feature that law enforcement and intelligence agencies will love.
The article indicates that the “Recall” feature is activated by default, but also that it can apparently be turned off.
Via: The Verge:
Microsoft is about to launch a new AI-powered Recall feature that screenshots everything you do on your PC. Recall is part of the new Copilot Plus PCs that are debuting on June 18th, but experts who have tested the feature are already warning that Recall could be a “disaster” for cybersecurity.
Recall is designed to use local AI models to screenshot everything you see or do on your computer and then give you the ability to search and retrieve anything in seconds. There’s even an explorable timeline you can scroll through. Everything in Recall is designed to remain local and private on-device, so no data is used to train Microsoft’s AI models.
Despite Microsoft’s promises of a secure and encrypted Recall experience, cybersecurity expert Kevin Beaumont has found that the AI-powered feature has some potential security flaws. Beaumont, who briefly worked at Microsoft in 2020, has been testing out Recall over the past week and discovered that the feature stores data in a database in plain text. That could make it trivial for an attacker to use malware to extract the database and its contents.