Thursday, November 14, 2024

Giving Windows total recall is a privacy minefield

Must read

Microsoft’s Windows Recall feature is attracting controversy before even venturing out of preview.

Like so many of Microsoft’s AI-infused products, Windows Recall will remain in preview while Microsoft refines it based on user feedback – or simply gives up and pretends it never happened.

The principle is simple. As noted earlier, Windows takes a snapshot of a user’s active screen every few seconds and dumps it to disk. The user can then scroll through the archive of snapshots to find what were doing some time back, or query an AI system to recall past screenshots by text.

The Windows 11 feature is supposed to eventually expand to allow users to pull up anything that happened recently on their Copilot+ PC and interact with or use it again, as the system logs all app activity, communications, and so on, as well as by-the-second screenshots, to local storage for search and retrieval.

Microsoft, which was just scolded by the US government for lax security, said: “Recall will also enable you to open the snapshot in the original application in which it was created, and, as Recall is refined over time, it will open the actual source document, website, or email in a screenshot. This functionality will be improved during Recall’s preview phase.”

Improvements will certainly be needed, particularly in how the function deals with privacy.

Taking aside the fact that BitLocker will only come into play on Windows 11 Pro or Enterprise devices – everyone else must make do with “data encryption” – Windows Recall has the potential to be a privacy nightmare.

According to Microsoft, all the processing takes place on a customer’s device, and the snapshots stay there. The IT giant also says that for the relatively small number of users running its Edge browser – with a market share of just under 13 percent, according to Statcounter – InPrivate sessions won’t be snapped, nor will DRM content.

It will not hide information such as passwords or financial account numbers. That data may be in snapshots stored on your device

Microsoft said in its FAQs that its snapshotting feature will vacuum up sensitive information: “Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”

But that’s OK – a user can opt to filter out sites, right? Only if you’re using Edge. In the deeper documentation for the service, Microsoft said: “To filter out a website from a snapshot, you must be using Microsoft Edge.”

“Recall won’t save any content from your private browsing activity when you’re using Microsoft Edge or a Chromium-based browser.”

So, at least it’s more than Edge when it comes to respecting private tabs. Tarquin Wilton-Jones, a developer and privacy expert at Vivaldi, a Chromium-based browser vendor, earlier expressed hope that the automatic respecting of the InPrivate mode – or Incognito mode for Chrome – would apply outside of Edge.

“It almost certainly will not respect any browser’s attempts to clear browsing data, where the browser could historically have been in any screenshots,” he added.

Recall stores not just browser history, but also data that users type into the browser with only very coarse control over what gets stored

“It also cannot respect GDPR requests to delete personal data exposed in an application when the source data is deleted by a data controller, and for this reason, it is clearly a massive privacy risk for any organization that handles private data. Who knows what other private data, or sensitive information, it might store in a freely accessible format?”

Mozilla’s Chief Product Officer Steve Teixeira told The Register: “Mozilla is concerned about Windows Recall. From a browser perspective, some data should be saved, and some shouldn’t. Recall stores not just browser history, but also data that users type into the browser with only very coarse control over what gets stored. While the data is stored in encrypted format, this stored data represents a new vector of attack for cybercriminals and a new privacy worry for shared computers.

“Microsoft is also once again playing gatekeeper and picking which browsers get to win and lose on Windows – favoring, of course, Microsoft Edge. Microsoft’s Edge allows users to block specific websites and private browsing activity from being seen by Recall. Other Chromium-based browsers can filter out private browsing activity but lose the ability to block sensitive websites (such as financial sites) from Recall.

“Right now, there’s no documentation on how a non-Chromium based, third-party browser, such as Firefox, can protect user privacy from Recall. Microsoft did not engage our cooperation on Recall, but we would have loved for that to be the case, which would have enabled us to partner on giving users true agency over their privacy, regardless of the browser they choose.”

Jake Moore, Global Cybersecurity Advisor at ESET, noted that while the feature is not on by default, its use “opens up another avenue for criminals to attack.”

In essence, a keylogger is being baked into Windows as a feature

Moore warned that “users should be mindful of allowing any content to be analysed by AI algorithms for a better experience.”

Cybersecurity expert Kevin Beaumont was scathing in his assessment of the technology, writing: “In essence, a keylogger is being baked into Windows as a feature.”

AI expert Gary Marcus was blunter: “F^ck that. I don’t want my computer to spy on everything I ever do.”

Probe incoming

To add to Microsoft’s woes, a spokesperson for the UK’s Information Commissioner’s Office said today: “We expect organisations to be transparent with users about how their data is being used and only process personal data to the extent that it is necessary to achieve a specific purpose. Industry must consider data protection from the outset and rigorously assess and mitigate risks to people’s rights and freedoms before bringing products to market.

“We are making enquiries with Microsoft to understand the safeguards in place to protect user privacy.”

At present, Windows Recall feels like it was put together with insufficient thought.

Microsoft has said that “Recall is a key part of what makes Copilot+ PCs special.”

However, as Microsoft has pointed out, it remains in preview. Enterprises are unlikely to go anywhere near it until the privacy and security questions it raises have been answered. The GDPR aspect alone makes it a non-starter for all but the most determined of organizations.

Microsoft’s customers and Windows enthusiasts alike have been clamoring for something in the operating system to make all the AI hype worthwhile. But, in its current form, Windows Recall is not it. ®

Latest article