日本語
한국어
Tiếng Việt
简体中文
Security and privacy concerns are once again swirling around Recall, the AI-powered feature slated for Windows 11. This tool automatically captures screenshots every three seconds, raising alarms about potential security vulnerabilities and privacy violations.
Recall’s Revival: A Cause for Concern?
Originally unveiled in May 2024, Recall faced immediate criticism due to its potential to become a goldmine for malicious actors. After facing significant backlash, Microsoft temporarily suspended the feature. However, it’s now being reintroduced, initially to Windows Insiders with access to the Build 26100.3902 preview version, with plans for a wider rollout.
Microsoft highlights Recall’s benefits:
Recall (preview)* saves you time by offering an entirely new way to search for things you’ve seen or done on your PC securely. With the AI capabilities of Copilot+ PCs, it’s now possible to quickly find and get back to any app, website, image, or document just by describing its content.
To address privacy concerns, Microsoft emphasizes the opt-in nature of the feature and the ability to pause snapshot saving. Windows Hello authentication is also required for accessing snapshots.
Privacy Minefield: Why the Concern Persists
Despite these concessions, significant concerns remain. One critical issue is that even if a user chooses not to enable Recall, their data could still be captured if other users they interact with have the feature active. This means sensitive information, like photos, passwords, or medical details, could be stored on other people’s devices without consent.
As Privacy Guides writer Em pointed out:
This feature will unfortunately extract your information from whatever secure software you might have used and store it on this person’s computer in a possibly less secure way.
Beyond individual privacy, the existence of a comprehensive, searchable database of a user’s activity raises serious security risks. This trove of data would be a prime target for subpoenas and could be exploited by threat actors who gain access to a device. Instead of meticulously searching for sensitive information, they could simply mine the Recall database.
Enshittification Continues?
Critics argue that Recall exemplifies “enshittification,” the addition of unwanted AI and other features that offer minimal user benefit while potentially compromising security and privacy. Whether Microsoft’s adjustments will be enough to quell the renewed wave of criticism remains to be seen.
Source: Ars Technica