Windows Recall Resurfaces: Is It Worth the Update?
Got the Deets on Windows Recall, Post-Comeback 💾🔎
After a rocky debut, Microsoft's AI-powered feature, Windows Recall, has made a return, boasting enhanced security and privacy measures. Here's a lowdown on its latest iteration, but remember, concerns about potential data snooping still linger.
If you're unfamiliar with Windows Recall, it essentially acts as a digital memory for your computer, routinely taking screenshots of your activities. It could be your knight in shining armor if you're trying to retrace lost documents or messages, but with everything saved on your system, privacy alarms start ringing.
I had a sneak peek at an early version of Windows Recall towards the end of last year, and it proved useful for those who were ready to tackle the security and privacy issues. Back then, some key features were still under construction, like options to filter snapshots by app.
Now, to get your hands on Recall, you need a Copilot+ PC with the much-needed AI processing muscle. Simply find the Recall app on your Start menu on compatible Windows devices running the latest version. Initially, it won't be activated; Microsoft has made it opt-in following a wave of criticism when it was first unveiled.
Microsoft has addressed some of the criticisms. The data collected by Recall is now more securely encrypted, and Windows Hello authentication is mandatory for accessing it. Additionally, sensitive information such as passwords, credit card numbers, and official identification are filtered out. However, it remains unclear how reliable this filtering will be.
So, are these changes enough to restore trust in Windows Recall? While any unauthorized access is now much more difficult, there are still questions about the level of protection provided, not just for your own computer but for any devices your communication touches.
Security researcher Kevin Beaumont has delved into the latest version of Recall and found some worrying loopholes. For instance, if someone gains access to your PC with your computer PIN (either by guessing or trickery), they'll have immediate access to all your Windows activity since Recall was activated.
Another issue Beaumont discovered was that the sensitive data filtering is inconsistent. It's a risky gamble if you're the only one viewing information, but that's difficult to guarantee. Additionally, if someone you know enables Recall and is syncing your photos and chats to their device, that data is screenshotted and tagged on their device (think Signal for Windows, for instance). The downside? You have no control over who might gain access to your data.
Insisting on biometric authentication every time Recall is accessed could be an easy fix here, making it more challenging for someone else to get at your data whether it's on your PC or another user's device. It still feels unsettling that your emails, photos, or chats might wind up in someone else's Recall library.
More effective filtering tools would undoubtedly help. While Windows Recall already allows you to exempt specific sites and apps from being captured, the system is cumbersome, and more automatic censorship would be welcome. In the meantime, enabling Recall isn't just about making a personal decision; you'll also need to keep tabs on friends and family to see what they're up to too.
- Microsoft has recently addressed concerns about potential data snooping with Windows Recall by implementing stronger encryption and mandating Windows Hello authentication for access.
- Security researcher Kevin Beaumont found that unauthorized access to a PC could still allow access to all Windows activity since Recall was activated.
- Another concern is the inconsistency in the sensitive data filtering of Windows Recall, making it a risky gamble for those who are the only ones viewing the information.
- If someone enables Recall and syncs photos and chats to their device, the data is screenshotted and tagged, potentially giving others access to sensitive information without the user's control.