Last month, Microsoft introduced the recall search feature for Windows 11 PCs at its Surface event. The feature uses artificial intelligence (AI) to record user activity, including apps used, websites visited, documents viewed, live meeting transcripts, and more.
The feature was met with mixed reactions. In a series of posts on X (formerly Twitter), security expert Kevin Beaumont claims to have automated a program that successfully provided text data about everything a user viewed on their computer.
It claims that Recall is “information theft” and that Microsoft will “intentionally set cybersecurity back a decade and put customers at risk by empowering low-level criminals.”
Windows Recall takes a screenshot every second
“Screenshots are taken every few seconds. These are automatically recognized by the Azure AI technology running on your device and saved in a SQLite database in the user’s folder,” Beaumont explains in a detailed blog post. “This database file contains a record of everything you have ever viewed on your computer in plain text.”
“I feel that unless Microsoft senior management actually *does* something about the Recall review, the U.S. government and others should recognize that they did not take the CSRB report seriously at all,” he writes.
Disappearing messages shared via WhatsApp, Signal are logged A security expert claims to have tested the Recall feature on messaging apps like WhatsApp, Signal and Teams. “Someone is texting you with disappearing messages? They’re recorded anyway. Write a disappearing message? This is recorded. Delete message? It’s recorded.” states.
How Summon AI works
In a demonstration last month at Surface, a Microsoft representative showed how Recall could find a specific blue dress that a user had previously viewed on Pinterest using voice search. The tool can also locate the exact PowerPoint slide and display a quote from the Teams meeting based on context clues provided by the user.
Microsoft says all data capture and processing occurs locally on the device to protect user privacy. The data will not be used to train Microsoft’s artificial intelligence models. Users can pause or delete data capture and exclude sensitive apps and websites. At least 256 GB of memory is required and 50 GB of free space is required to utilize Recall.
The feature was met with mixed reactions. In a series of posts on X (formerly Twitter), security expert Kevin Beaumont claims to have automated a program that successfully provided text data about everything a user viewed on their computer.
It claims that Recall is “information theft” and that Microsoft will “intentionally set cybersecurity back a decade and put customers at risk by empowering low-level criminals.”
Windows Recall takes a screenshot every second
“Screenshots are taken every few seconds. These are automatically recognized by the Azure AI technology running on your device and saved in a SQLite database in the user’s folder,” Beaumont explains in a detailed blog post. “This database file contains a record of everything you have ever viewed on your computer in plain text.”
“I feel that unless Microsoft senior management actually *does* something about the Recall review, the U.S. government and others should recognize that they did not take the CSRB report seriously at all,” he writes.
Disappearing messages shared via WhatsApp, Signal are logged A security expert claims to have tested the Recall feature on messaging apps like WhatsApp, Signal and Teams. “Someone is texting you with disappearing messages? They’re recorded anyway. Write a disappearing message? This is recorded. Delete message? It’s recorded.” states.
How Summon AI works
In a demonstration last month at Surface, a Microsoft representative showed how Recall could find a specific blue dress that a user had previously viewed on Pinterest using voice search. The tool can also locate the exact PowerPoint slide and display a quote from the Teams meeting based on context clues provided by the user.
Microsoft says all data capture and processing occurs locally on the device to protect user privacy. The data will not be used to train Microsoft’s artificial intelligence models. Users can pause or delete data capture and exclude sensitive apps and websites. At least 256 GB of memory is required and 50 GB of free space is required to utilize Recall.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25305092/DSC06815_processed_2.jpg)
