Last week Microsoft announced a new feature that is a major security sinkhole called Recall. It is a miserable mess, and makes Windows more vulnerable to attack. Sadly, it will be operating by default unless you get out your secret decoder ring and lock it up behind some group policies.
Why is Recall so bad? It combines the features of a keylogger and an infostealer and puts them inside the Windows OS. It automatically takes frequent screenshots of what you are doing, and stores them on your hard drive. This data is stored in a searchable database, so you can rewind what you are doing to a specific point in time. This includes all your passwords, if they are displayed on screen. Kevin Beaumont wrote that Recall fundamentally undermines your security and introduces immense new risks.
It didn’t take long after the announcement at Build, Microsoft’s annual developer conference, for the UK ICO, its privacy agency, to open an inquiry. Yes, hackers would need to gain access to your device and figure out the encryption of the data, but these aren’t big hills to climb. “Something could go wrong very quickly,” said one security researcher.
Eva Galperin, director of cybersecurity with the Electronic Frontier Foundation, said Recall will “be a gift for domestic abusers,” given that a partner would have physical PC access and perhaps login details too. She said the database of screenshots would be a tempting target for hackers.
Microsoft will start selling its own line of AI-enabled laptops later this summer that will include Recall. Sometimes total recall goes awry, as fans of the original Arnold movie (or Philip Dick short story) might remember. It’s too bad that this is one journey from sci fi to reality that we could do without. Here is how to disable it.
Microsoft Recall is definitely dog’s vomit, served sub rosa to computer owners. What were they thinking at the company on which we depend for security? It has failed us miserably again.
I’ve been reading about Microsoft’s new back door… er…attack surface ….masquerading as an improvement. Aside from scaring the bejesus out of anyone with a brain, it’s also unnecessary. Anything you want to save can be more safely saved other ways. You can even save browsing history (not saying that’s a great idea). I’m still using Windows 10 and I hope when I’m forced to get a new machine and am stuck with Windows 11, I can decline this “feature” – I’ve read that when you set up a new machine you can turn it off. Sure hope so. BTW, your colophon keeps getting funnier. I’m glad that you won’t be hearing from Scarlett Johansson’s lawyers.
Looks like you can’t turn it off, at least not until we get several betas down the road.