'Windows Recall' Preview Remains Hackable As Google Develops Similar Feature 20
Windows Recall was "delayed" over concerns that storing unencrypted recordings of users' activity was a security risk.
But now Slashdot reader storagedude writes: The latest version of Microsoft's planned Windows Recall feature still contains data privacy and security vulnerabilities, according to a report by the Cyber Express.
Security researcher Kevin Beaumont — whose work started the backlash that resulted in Recall getting delayed last month — said the most recent preview version is still hackable by Alex Hagenah's "TotalRecall" method "with the smallest of tweaks."
The Windows screen recording feature could as yet be refined to fix security concerns, but some have spotted it recently in some versions of the Windows 11 24H2 release preview that will be officially released in the fall.
Cyber Express (the blog of threat intelligence vendor Cyble Inc) got this official response: Asked for comment on Beaumont's findings, a Microsoft spokesperson said the company "has not officially released Recall," and referred to the updated blog post that announced the delay, which said: "Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks."
"Beyond that, Microsoft has nothing more to share," the spokesperson added.
Also this week, the blog Android Authority wrote that Google is planning to introduce its own "Google AI" features to Pixel 9 smartphones. They include the ability to enhance screenshots, an "Add Me" tool for group photos — and also "a feature resembling Microsoft's controversial Recall" dubbed "Pixel Screenshots." Google's take on the feature is different and more privacy-focused: instead of automatically capturing everything you're doing, it will only work on screenshots you take yourself. When you do that, the app will add a bit of extra metadata to it, like app names, web links, etc. After that, it will be processed by a local AI, presumably the new multimodal version of Gemini Nano, which will let you search for specific screenshots just by their contents, as well as ask a bot questions about them.
My take on the feature is that it's definitely a better implementation of the idea than what Microsoft created.. [B]oth of the apps ultimately serve a similar purpose and Google's implementation doesn't easily leak sensitive information...
It's worth mentioning Motorola is also working on its own version of Recall — not much is known at the moment, but it seems it will be similar to Google's implementation, with no automatic saving of everything on the screen.
The Verge describes the Pixel 9's Google AI as "like Microsoft Recall but a little less creepy."
But now Slashdot reader storagedude writes: The latest version of Microsoft's planned Windows Recall feature still contains data privacy and security vulnerabilities, according to a report by the Cyber Express.
Security researcher Kevin Beaumont — whose work started the backlash that resulted in Recall getting delayed last month — said the most recent preview version is still hackable by Alex Hagenah's "TotalRecall" method "with the smallest of tweaks."
The Windows screen recording feature could as yet be refined to fix security concerns, but some have spotted it recently in some versions of the Windows 11 24H2 release preview that will be officially released in the fall.
Cyber Express (the blog of threat intelligence vendor Cyble Inc) got this official response: Asked for comment on Beaumont's findings, a Microsoft spokesperson said the company "has not officially released Recall," and referred to the updated blog post that announced the delay, which said: "Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks."
"Beyond that, Microsoft has nothing more to share," the spokesperson added.
Also this week, the blog Android Authority wrote that Google is planning to introduce its own "Google AI" features to Pixel 9 smartphones. They include the ability to enhance screenshots, an "Add Me" tool for group photos — and also "a feature resembling Microsoft's controversial Recall" dubbed "Pixel Screenshots." Google's take on the feature is different and more privacy-focused: instead of automatically capturing everything you're doing, it will only work on screenshots you take yourself. When you do that, the app will add a bit of extra metadata to it, like app names, web links, etc. After that, it will be processed by a local AI, presumably the new multimodal version of Gemini Nano, which will let you search for specific screenshots just by their contents, as well as ask a bot questions about them.
My take on the feature is that it's definitely a better implementation of the idea than what Microsoft created.. [B]oth of the apps ultimately serve a similar purpose and Google's implementation doesn't easily leak sensitive information...
It's worth mentioning Motorola is also working on its own version of Recall — not much is known at the moment, but it seems it will be similar to Google's implementation, with no automatic saving of everything on the screen.
The Verge describes the Pixel 9's Google AI as "like Microsoft Recall but a little less creepy."
Recall will be deployed this year (Score:2)
Probably without fixing the security.
Our attention span has been brought to a vegetative state. The companies know all they have to do is weather the first uproar and then nobody will care.
Remember when banks and government entities DEMANDED all their data remain inside the given country? Yeah, nobody cares anymore.
Inside of ten years, we will have cloud hosted Recall that cannot be deactivated by group policy everywhere, even for hospitals, government entities etc. Military might hold out some more, I gues
Re: (Score:3)
Our attention span has been brought to a vegetative state. The companies know all they have to do is weather the first uproar and then nobody will care.
Well, people who surrender because it's convenient for them sure don't help. Turns out Americans are worse than the French....
Remember when banks and government entities DEMANDED all their data remain inside the given country?
The EU still does.
Inside of ten years, we will have cloud hosted Recall that cannot be deactivated by group policy everywhere, even for hospitals, government entities etc. Military might hold out some more, I guess.
I imagine that will only be in the US, where the government is a wet noodle, and anyone who tries to add starch is instantly branded a terrorist / liberal / etc. for daring to question their masters. The rest of the world will be fine.
Nobody will care.
Wrong. I will. As will others. The world, and even the US, isn't as apathetic as you'd like to make them out to be.
Re: (Score:2)
I care. I guess I just will have to find out how to cleanse this corruption for the one gaming and one teaching machine I keep on Windows. (The teaching machine is because I found that too many beamers crash when Linux talkts to them due to defective firmware.)
Re: (Score:2)
"The companies know all they have to do is weather the first uproar and then nobody will care."
This is now true of any entity that gets bad press for something stupid or obnoxious that they have done.
Is this OpenAI again? Same thing on macOS just now (Score:2)
Re: Is this OpenAI again? Same thing on macOS just (Score:2)
*IS* a security vulnerability (Score:4, Informative)
"Windows Recall feature still IS A data privacy and security vulnerability"
FTFY
Re: (Score:2)
s/Recall feature//
Re: (Score:3)
Also the bit about Google is pure clickbait and should never have been included.
They aren't developing a "Windows Recall-like" feature. They are just using some AI image recognition to add some metadata to screenshots that the user makes themselves, a very useful feature.
If that makes people wet their pants then get this - open source apps do it too! Joplin adds metadata to images by OCRing them, for example.
Huh? (Score:2)
Storing "unencrypted" recordings of users' activity isn't the issue. It was that it stored recordings. Period. Encryption keys are obtainable a variety of ways.
Re: (Score:2)
Indeed. As long as the user has access, any halfway capable attacker has access as well. This whole "feature" is an exceptionally bad idea and cannot be fixed.
Re: (Score:2)
If you want this spying "feature" to go away, you have to convince Microsoft to abandon AI tech. BTW, the same applies to Google and Apple and Meta. All AIs need context, all AIs need to spy on you to do t
Frantic recoup of the hundreds of billions used fo (Score:2)
Creating so-called value by implementing so-called AI in products for supposedly demented consumers is one tragicomic peak of our time.
Re: (Score:2)
Yep. Another great step towards idiocracy.
Google seems to have the right idea (Score:2)
Google's idea about this seems helpful. It isn't doing its thing all the time, instead it only works on the stuff you'd be interested in it working on - the thing which AI should be doing in the first place - without the infinite stupidity of it working on everything.
TotalRecall is the biggest copout there is (Score:1)
Let's all get freaked out by a bug that requires a user to install software with administrative privileges! Clearly Recall is the problem here, and if we get rid of that hackers won't ever be able to do anything bad to us if they have administrator privileges on our machine /s.
This freakout over Recall is actually quite damaging to getting actual security improvements because it sidesteps the entire issue of your PC already being 0wned by someone else.
Now please everyone look over there at that Recall thing
Dangerous Spying (Score:2)
https://youtu.be/dvl_fetQff8?s... [youtu.be]