Since this blog is about China and the Chinese Communist Party, the headline notes the cyber danger coming from that direction. But the vulnerability that Microsoft plans to stitch into its operating system would be a hackers’ paradise for threat actors coming from any direction foreign or domestic. The mind is boggled by the possibilities.
Everything you’ve done
“New Windows AI feature records everything you’ve done on your PC,” Ars Technica’s Benj Edwards reports (May 20, 2024). “Recall uses AI features ‘to take images of your active screen every few seconds.’ ”
At a Build conference event…Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited for research. Despite encryption and local storage, the new feature raises privacy concerns for certain Windows users….
At first glance, the Recall feature seems like it may set the stage for potential gross violations of user privacy. Despite reassurances from Microsoft, that impression persists for second and third glances as well. For example, someone with access to your Windows account could potentially use Recall to see everything you’ve been doing recently on your PC, which might extend beyond the embarrassing implications of pornography viewing and actually threaten the lives of journalists or perceived enemies of the state.
Despite the privacy concerns, Microsoft says that the Recall index remains local and private on-device, encrypted in a way that is linked to a particular user’s account. “Recall screenshots are only linked to a specific user profile and Recall does not share them with other users, make them available for Microsoft to view, or use them for targeting advertisements. Screenshots are only available to the person whose profile was used to sign in to the device,” Microsoft says.
Judging by comments on the article, 452 when I last checked, the “certain Windows users” who have privacy concerns include most Ars Technica readers. A few say that the feature might be okay if it could be turned off unequivocally and if it were immune to hacking, big ifs, but most are appalled.
“Politician-friendly translation: Microsoft Recall will make it easier for activists and your political rivals to break into your account and easily expose your extramarital affairs,” says reader Lexus Lunar Lorry. “Do you really want to live in a world where this is possible?”
“I cannot think of a feature I want less from Microsoft,” says wjta. “Really looking forward to this ‘accidentally’ turning itself on with every update.”
The end of privacy?
“Sure, you can disable it on your machine,” says SinclairZX81. “But since it’s taking screen grabs, you have to ensure that everyone else with whom you communicate has it disabled as well. End-to-end encryption will be meaningless because it’s taking screen grabs at the end points.”
“The giant security hack of MS by foreign state actors…is just one of the reasons to run away from this,” says rcduke. “I don’t understand who in their right mind would think local recordings of your computer built into the code by Microsoft is even remotely a good idea.”
In 2021, Microsoft was the victim of “a massive hack of Microsoft Exchange email server software”; the American government “asserted that criminal hackers associated with the Chinese government [had] carried out ransomware and other illicit cyber operations.”
But rcduke is apparently alluding to a more recent affair, when state-backed Chinese hackers “foiled Microsoft’s cloud-based security in hacking the email accounts of officials at multiple U.S. agencies that deal with China” in 2023.
In April 2024, a report on the latter intrusion by the Cyber Safety Review Board described “shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach…. It concluded that ‘Microsoft’s security culture was inadequate and requires an overhaul.’ ” Microsoft is not alone.
A YouTube video posted by Brodie Robertson on June 4, 2024 argues that “Microsoft Recall Is Worse Than We Thought.” At biggest risk will be non-tech-savvy computer users. What’s the proportion of those?
