Windows Recall sounds like a privacy nightmare. This is why I’m worried
When I first heard about Recall, I immediately buried my face in my hands. I never thought Microsoft would create such a high-profile target, let alone market it as one function.
If you haven’t read about it yet, Recall is an AI feature coming to Windows 11 Copilot+ PCs. It’s designed to let you go back in time on your computer by “taking images of your active screen every few seconds” and analyzing them with AI, according to Frequently asked questions about Microsoft recalls. If anyone other than you gains access to that Recall data, it could be disastrous.
Satya Nadella says Windows PCs will have a photographic memory feature called Recall that will remember and understand everything you do on your computer by constantly taking screenshots pic.twitter.com/Gubi4DGHcsMay 20, 2024
This may sound familiar, and that’s because it’s remarkably similar to the failed and suspended Timeline feature in Windows 10. Unlike Timeline, however, Recall doesn’t just restore a version of your desktop files, it uses AI to take you back to them . moment, and even open relevant apps.
What’s the problem with Windows Recall?
On the surface this is sounds like a cool feature, but that paranoid privacy purist in the back of my mind buries his face in a pillow and screams. Imagine if almost everything you did in the past three months was recorded for anyone with access to your computer to see. Well, if you use Recall, you don’t have to imagine that.
That may seem like an overreaction, but let me explain: Recall takes screenshots every few seconds and saves them to your device. When you add encryption to the mix, you’re going to see a huge amount of bloated visual data almost everything that you have done on your computer during that period.
As Microsoft explains: “The default allocation for Recall on a 256 GB device is 25 GB, which can store approximately 3 months’ worth of snapshots. You can increase the storage allocation for Recall in your PC settings. Old snapshots will be deleted once you use the allocated storage space so that new ones can be stored.”
This is worse than keylogging! Recall doesn’t just record what you type, it records everything you do, with photo evidence, every three seconds.
I say almost all because Microsoft claims that “Recall also does not take snapshots of certain types of content, including InPrivate web browsing sessions in Microsoft Edge. It treats material protected with Digital Rights Management (DRM) the same way; just like other Windows apps like the Snipping Tool, Recall does not store DRM content.” That’s reassuring at first glance, but it’s still far too vague for anyone to really have confidence in.
Does this only work on Microsoft Edge, or does it also integrate with Chrome and Firefox? If it only works with Edge, that feels like a blatant privacy protection since you’re not using Microsoft’s unpopular web browser.
But that’s just the tip of the iceberg. Microsoft openly admits that Recall will take screenshots of your passwords and private data:
“Please note that Recall does not perform content moderation. It does not hide information such as passwords or financial account numbers. That data may be in snapshots stored on your device, especially when sites do not follow standard internet protocols, such as hiding password entries.”
So what you could have here is something that stores your passwords, your information, your account information, etc., and is visible to everyone on your profile. Having only one profile for your device means that anyone with access to that PC can see your Recall data.
Perhaps the worst part about this is that it is enabled by default as soon as you activate your device. Microsoft states:
“On Copilot+ PCs powered by a Snapdragon® which snapshots Recall collects and stores on your device.”
I think this is a bad idea. The decision should be made by the individual, not by Windows. If it is active immediately, it just means that uninformed people may not be able to take action on it. To me, it’s a lot like cookie tracking: it can be just as invasive. All of this makes me wonder if there might be a catch consent under GDPR.
Does Microsoft Make Recall Safe?
In Microsoft’s defense, I would like it to be announced that there is a attempt to make it safe. I don’t think it was a very good one, but there was an attempt.
Microsoft states that “Recall snapshots are kept on Copilot+ PCs themselves, on the local hard drive, and are protected using data encryption on your device and (if you have Windows 11 Pro or an enterprise Windows 11 SKU) BitLocker.” From the wording here, it seems like your snapshots will only be encrypted if you have Windows Pro or a Windows business code.
The omission of Windows Home users is atrocious. If this is In this case, ordinary people are vulnerable if their devices are compromised. People shouldn’t have to pay a premium and upgrade to protect their privacy on an operating system that takes a snapshot of their screen every few seconds.
The big question, however, is: what kind of encryption is used? I’ve been working with VPN (virtual private network) encryption for a while, and just because something is “encrypted” doesn’t mean it’s secure. Encryption is even under threat due to developments in quantum computing, and even the best VPN services must come up with quantum-secure encryption methods. We have already seen that BitLocker can be cracked.
Another note in Microsoft’s favor is that the data is stored locally and encrypted, rather than being uploaded to a cloud server that Microsoft has access to.
“Recall screenshots are associated only with a specific user profile, and Recall does not share them with other users, make them available for Microsoft to view, or use them for targeted advertising.”
This means that Microsoft will not be peeking behind the scenes for the time being. But that doesn’t guarantee it will stay that way forever. If Microsoft can find a way to monetize this tool legally, I think they will try it. For now, the pressure seems to be on convincing people to upgrade their operating systems.
If you’re one of those households that has different profiles for each person on the family PC, you can get a little bit of privacy back.
“Screenshots are only available to the person whose profile was used to sign in to the device. If two people share a device with different profiles, they cannot access each other’s screenshots. If they use the same profile to sign in to the device , then they share a screenshot history. Otherwise, screenshots will not be available to other users or accessible by other applications or services.
The problem is that this is only useful if you protect your profile with a password and if someone sets parental controls on your profile, could be give them a back door.
What are the security risks with Recall?
You’re probably thinking “so what?” Let me give you a few scenarios where this could be a problem:
- You are using a public computer: Suppose you shop or bank online on a library computer. You didn’t know Recall was running, and now the person using the computer after you just went to the Recall archive to get all your banking information, your address, and your passwords. It’s like handing your house keys to a burglar before telling him you’re going on vacation for a week.
- You use a work laptop: We’ve all used a company computer for personal reasons, whether it’s checking social media during your lunch break, or just running errands because you don’t have your own laptop. Now your boss, your IT team and… everyone with access to your device, you can walk through and see how you’re using it every three seconds their equipment. They can use this to track your work output and see how productive you are, they can even read private messages you send to people.
- You use a family PC: if you use the home computer and you don’t have a password protected profile, anyone can walk in and access your recall history. If you did something unpalatable it will become clear even if you delete that search history.
- You are hacked or your laptop is stolen: This one is pretty obvious, but if someone manages to hack your device, the encryption won’t matter. Likewise, if someone just steals your laptop and you don’t have a secure password to lock it, a criminal (cyber or otherwise) can use Recall to pull the whole world out from under your feet.
There are so many problems that can arise if someone has access to your Recall data. Using a password manager would become irrelevant if someone could see you typing your master password, your private messages will be anything but, and there’s no point in deleting your search history because Microsoft keeps the receipts!
How to protect your privacy with Windows Recall
There are a few ways you can protect your privacy from Windows Recall, but the obvious and most effective way is to disable it completely. As the saying goes, “An ounce of prevention is worth a pound of cure.” It’s better not to have this stuff stored on your device in the first place.
However, if you want to use Recall, you need to do the following:
- Create an individual profile on your PC: this will prevent people from having shared access to your Recall data, as long as you follow my next tip.
- Protect your profile with a password: not just your device, but also your profile. Don’t use a weak password, be serious. Use three memorable words with numbers and symbols, and no, don’t set your password as “3-Memorable-wordD5!”
- Encrypt your Recall data: You may need to upgrade your operating system or pay for BitLocker, but encryption is non-negotiable. If someone manages to figure out your password, you don’t want them to have immediate, uncontrolled access to what you’ve done over the past three months.
- No access to sensitive data while Recall is enabled: if you’re going to type personal passwords or watch NSFW content, just disable it. This will obviously be annoying and time-consuming, but it’s much better than the alternative of taking a screenshot of everything.
In short: Recall makes my skin crawl
Look, I’ve been a privacy advocate and researcher for years. I don’t like the idea of anything tracking what we do. But this…this is something different. The risk associated with Recall, the sheer devastation it can cause if your device is hacked, the idea of Microsoft locking privacy behind what I can only describe as a paywall. It makes me sick.
There are so many opportunities for this feature to be abused. Safety cannot be underestimated. Privacy can’t be screwed down. Take screenshots of my device from the moment I wake up my device not be a default option. Give the user control over their privacy and put the decision in their hands.
All of this just pushes me into the privacy-loving flippers of Linux.