Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Cellphones AI Google Microsoft Windows

'Windows Recall' Preview Remains Hackable As Google Develops Similar Feature 20

Windows Recall was "delayed" over concerns that storing unencrypted recordings of users' activity was a security risk.

But now Slashdot reader storagedude writes: The latest version of Microsoft's planned Windows Recall feature still contains data privacy and security vulnerabilities, according to a report by the Cyber Express.

Security researcher Kevin Beaumont — whose work started the backlash that resulted in Recall getting delayed last month — said the most recent preview version is still hackable by Alex Hagenah's "TotalRecall" method "with the smallest of tweaks."

The Windows screen recording feature could as yet be refined to fix security concerns, but some have spotted it recently in some versions of the Windows 11 24H2 release preview that will be officially released in the fall.

Cyber Express (the blog of threat intelligence vendor Cyble Inc) got this official response: Asked for comment on Beaumont's findings, a Microsoft spokesperson said the company "has not officially released Recall," and referred to the updated blog post that announced the delay, which said: "Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks."

"Beyond that, Microsoft has nothing more to share," the spokesperson added.

Also this week, the blog Android Authority wrote that Google is planning to introduce its own "Google AI" features to Pixel 9 smartphones. They include the ability to enhance screenshots, an "Add Me" tool for group photos — and also "a feature resembling Microsoft's controversial Recall" dubbed "Pixel Screenshots." Google's take on the feature is different and more privacy-focused: instead of automatically capturing everything you're doing, it will only work on screenshots you take yourself. When you do that, the app will add a bit of extra metadata to it, like app names, web links, etc. After that, it will be processed by a local AI, presumably the new multimodal version of Gemini Nano, which will let you search for specific screenshots just by their contents, as well as ask a bot questions about them.

My take on the feature is that it's definitely a better implementation of the idea than what Microsoft created.. [B]oth of the apps ultimately serve a similar purpose and Google's implementation doesn't easily leak sensitive information...

It's worth mentioning Motorola is also working on its own version of Recall — not much is known at the moment, but it seems it will be similar to Google's implementation, with no automatic saving of everything on the screen.

The Verge describes the Pixel 9's Google AI as "like Microsoft Recall but a little less creepy."
This discussion has been archived. No new comments can be posted.

'Windows Recall' Preview Remains Hackable As Google Develops Similar Feature

Comments Filter:
  • Probably without fixing the security.

    Our attention span has been brought to a vegetative state. The companies know all they have to do is weather the first uproar and then nobody will care.

    Remember when banks and government entities DEMANDED all their data remain inside the given country? Yeah, nobody cares anymore.

    Inside of ten years, we will have cloud hosted Recall that cannot be deactivated by group policy everywhere, even for hospitals, government entities etc. Military might hold out some more, I gues

    • Our attention span has been brought to a vegetative state. The companies know all they have to do is weather the first uproar and then nobody will care.

      Well, people who surrender because it's convenient for them sure don't help. Turns out Americans are worse than the French....

      Remember when banks and government entities DEMANDED all their data remain inside the given country?

      The EU still does.

      Inside of ten years, we will have cloud hosted Recall that cannot be deactivated by group policy everywhere, even for hospitals, government entities etc. Military might hold out some more, I guess.

      I imagine that will only be in the US, where the government is a wet noodle, and anyone who tries to add starch is instantly branded a terrorist / liberal / etc. for daring to question their masters. The rest of the world will be fine.

      Nobody will care.

      Wrong. I will. As will others. The world, and even the US, isn't as apathetic as you'd like to make them out to be.

    • by gweihir ( 88907 )

      I care. I guess I just will have to find out how to cleanse this corruption for the one gaming and one teaching machine I keep on Windows. (The teaching machine is because I found that too many beamers crash when Linux talkts to them due to defective firmware.)

    • by gtall ( 79522 )

      "The companies know all they have to do is weather the first uproar and then nobody will care."

      This is now true of any entity that gets bad press for something stupid or obnoxious that they have done.

  • Is it the OpenAI partnership with MS that has produced this thing? Because if so, it sounds remarkably similar to the unencrypted storage in their ChatGPT Mac app [theverge.com] as well. Makes me nervous for any OpenAI/Apple partnership.
    • Tell me do you individually encrypt (not relying on full disk encryption) each your office files? How about your photos? Text files? Browser history? If no then why is everyone freaking out about the CHATGPT Mac app? Those other things will likely have way more sensitive info that your chat history with an AI.
  • by pixelpusher220 ( 529617 ) on Saturday July 06, 2024 @05:09PM (#64605785)

    "Windows Recall feature still IS A data privacy and security vulnerability"

    FTFY

    • s/Recall feature//

    • by AmiMoJo ( 196126 )

      Also the bit about Google is pure clickbait and should never have been included.

      They aren't developing a "Windows Recall-like" feature. They are just using some AI image recognition to add some metadata to screenshots that the user makes themselves, a very useful feature.

      If that makes people wet their pants then get this - open source apps do it too! Joplin adds metadata to images by OCRing them, for example.

  • Storing "unencrypted" recordings of users' activity isn't the issue. It was that it stored recordings. Period. Encryption keys are obtainable a variety of ways.

    • by gweihir ( 88907 )

      Indeed. As long as the user has access, any halfway capable attacker has access as well. This whole "feature" is an exceptionally bad idea and cannot be fixed.

      • I'm sorry this "feature" will not go away no matter how much anyone complains. The reason is simple: Microsoft has bet the farm on AI, and any AI model needs to have some context, so it can give you personalized answers when you ask it something. Context == historical snapshots of what you did on the PC.

        If you want this spying "feature" to go away, you have to convince Microsoft to abandon AI tech. BTW, the same applies to Google and Apple and Meta. All AIs need context, all AIs need to spy on you to do t

  • Creating so-called value by implementing so-called AI in products for supposedly demented consumers is one tragicomic peak of our time.

  • Google's idea about this seems helpful. It isn't doing its thing all the time, instead it only works on the stuff you'd be interested in it working on - the thing which AI should be doing in the first place - without the infinite stupidity of it working on everything.

  • Let's all get freaked out by a bug that requires a user to install software with administrative privileges! Clearly Recall is the problem here, and if we get rid of that hackers won't ever be able to do anything bad to us if they have administrator privileges on our machine /s.

    This freakout over Recall is actually quite damaging to getting actual security improvements because it sidesteps the entire issue of your PC already being 0wned by someone else.

    Now please everyone look over there at that Recall thing

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...