Microsoft has stirred up privacy concerns in the tech industry after announcing its latest AI feature that will continually record users’ devices, including sensitive information.
On Monday 20 May, Microsoft announced its latest AI-enabled feature ‘Recall’ for Copilot+ PCs at its Build conference in Seattle.
The feature, being exclusively rolled out to Copilot+ PCs, will capture encrypted screenshots locally on the device to enable users to search back through their activities.
One aspect of the new feature that has been a particular cause for concern in the tech community is that sensitive information including passwords, financial information, or private keys will not be hidden in the snapshots.
All of the data captured by Recall will be stored on the device’s local hard disk and encrypted, and Microsoft has said Recall screenshots will not be shared between users or with itself for advertising purposes.
In an interview with Business Insider, Satya Nadella, CEO at Microsoft, explained because the Recall feature takes place locally on the edge, user information will remain safe and only available on that device.
But this does not dispel worries around the information cyber criminals may be able to access if they are able to compromise Copilot+ PCs.
The announcement has drawn widespread criticism by those in the security and data protection community, including Kevin Beaumont, director of emerging threats at the Arcadia Group.
In a blog post discussing the announcement, Beaumont described the move as essentially integrating an infostealer into the base Windows operating system (OS).
“Microsoft are inventing a new security nightmare using Copilot, which will undoubtedly lead to increased fraud for consumers and other woes for businesses.”
Concerns over Recall have already reached fever pitch, with the UK’s Information Commissioner’s Office (ICO) considering a probe into the feature.
A spokesperson for the data watchdog told ITPro it had serious concerns about the new feature and confirmed it has contacted the tech giant over potential data protection risks.
“We expect organizations to be transparent with users about how their data is being used and only process personal data to the extent that it is necessary to achieve a specific purpose,” the spokesperson said.
“Industry must consider data protection from the outset and rigorously assess and mitigate risks to peoples' rights and freedoms before bringing products to market.
“We are making enquiries with Microsoft to understand the safeguards in place to protect user privacy.”
New Microsoft Recall feature is a cyber criminal's dream
Recall will use local AI models and onboard Copilot+ devices to process all of the captured data and make it searchable, even for images.
The search functionality will be semantic rather than keyword-based, which means it will return results based on the meaning of the query, rather than simply matching search terms with similar words that have appeared on your screen previously.
Microsoft said Recall will not be turned on by default, and users can limit which snapshots the feature will collect by specifying the applications or websites in which their activity should not be recorded.
It added content with digital rights management (DRM) will not be stored, nor will any activity conducted in Microsoft Edge’s InPrivate browsing sessions.
RELATED WHITEPAPER
Jake Moore, global cyber security advisor at enterprise security firm ESET, told ITPro the feature will give hackers new opportunities to target Windows users.
“Enabling a feature which has the ability to capture screen data not only offers even more data to the company behind the software but also opens up another avenue for criminals to attack,” Moore said.
“Whilst this feature is not on by default, users should be mindful of allowing any content to be analyzed by AI algorithms for a better experience.
“Although it may produce better results, there is a balance that must be kept regarding functionality versus privacy and so users must remain aware of the potential risks should any sensitive data ever become compromised.”
Ultimately, Moore argued that the feature appears to create more problems than it solves, offering hackers a golden ticket for stealing sensitive information.
“Creating and storing more private data seems unnecessary when cyber criminals continually look for any given vulnerability to exploit.”
-
UK to host largest European GPU cluster under £11 billion Nvidia investment plansNews Nvidia says the UK will host Europe’s largest GPU cluster, totaling 120,000 Blackwell GPUs by the end of 2026, in a major boost for the country’s sovereign compute capacity.
-
Jensen Huang says AI will make us busier – so what’s the point?Opinion So much for efficiency gains and focusing on the more “rewarding” aspects of your job
-
UK government programmers trialed AI coding assistants from Microsoft, GitHub, and Google – here's what they foundNews Developers participating in a trial of AI coding tools from Google, Microsoft, and GitHub reported big time savings, with 58% saying they now couldn't work without them.
-
Salesforce says ‘Microsoft’s anticompetitive tying of Teams' harmed business in triumphant response to EU concessions agreementNews Microsoft has agreed to make versions of its Office solutions suite available without Teams – and at a reduced price
-
US Senator calls for Microsoft FTC probe over ‘gross cybersecurity negligence’ – Ron Wyden claims the tech giant has provided ‘dangerous, insecure software’ to the US governmentNews Ron Wyden, a Democratic senator from Oregon, has written to the chair of the FTC calling for an investigation into Microsoft's cyber practices.
-
Microsoft touts new Copilot features in Excel, but says you shouldn’t use them if you want accurate resultsNews Microsoft has warned against using new AI features in Excel for “tasks with legal, regulatory, or compliance implications” – so when can you use it?
-
A senior Microsoft exec says future Windows versions will offer more interactive, ‘multimodal’ experiencesNews With speculation over a Windows 12 reveal mounting, a senior company figure claims the new operating system will mark a step change for users
-
Microsoft says AI is finally having a 'meaningful impact' on developer productivity – and 80% 'would be sad if they could no longer use it'News Researchers at Microsoft wanted to demystify how AI is being used by software developers – their findings show the benefits are finally becoming clear.
-
Microsoft’s botched August updates wiped SSDs, now it’s breaking PC resets and recoveries on WindowsNews An out-of-band patch has been issued by Microsoft to fix a flaw introduced by its August update
-
A Windows 11 update bug is breaking SSDs – here’s what you can do to prevent itNews Users first began reporting the Windows 11 update bug last week
