Subscribe to our newsletter and stay informed

Check out our list of top companies

Check out our carefully compiled lists of the most relevant and impactful companies within their fields.

Check out our list of top unicorns

Read and learn about the biggest companies that various countries have produced, how they made it, and what the future looks like for them.

Microsoft AI Feature Defaults Off After Backlash

Microsoft's cutting-edge AI feature, designed to capture screenshots on upcoming PCs, is making waves
June 9, 2024

Microsoft is taking significant steps to enhance user privacy and security following concerns about a new AI feature designed for its upcoming PCs. The Recall feature, which captures screenshots and enables activity searching, will now be off by default after security researchers highlighted potential vulnerabilities.

During a recent press briefing, Microsoft showcased the capabilities of its forthcoming Copilot+ PCs, equipped with advanced AI computing power. However, it wasn't long before industry experts raised red flags about Recall's security implications. The feature, which logs previous actions on PCs, could potentially be exploited by attackers to access sensitive user information.

Microsoft has responded by making significant changes. "If you don’t proactively choose to turn it on, it will be off by default," wrote Pavan Davuluri, Microsoft’s head of Windows and Surface devices, in a blog post.

The company has been navigating the challenging terrain of integrating generative AI tools into its products while maintaining robust security standards. The pressure has intensified recently, especially after a U.S. government review board criticized Microsoft's handling of a breach by Chinese hackers into U.S. government officials’ email accounts.

Recall differs from other AI features like the Copilot chatbot, which relies on cloud servers for computations. Instead, Recall keeps data on the user’s computer, eliminating the need for internet-based supplemental computing power.

The concerns around Recall were not unfounded. Security practitioners quickly developed a tool called Total Recall to demonstrate the data vulnerability. They found that Recall stored data locally in an unencrypted SQLite database, with screenshots saved in a folder on the PC. This raised alarms about the potential for hackers to extract usernames and passwords from these screenshots.

In response, Microsoft announced additional security measures for Recall, which include requiring users to manually activate the feature. The company will also encrypt the search index database. "Windows Hello enrollment is required to enable Recall," Davuluri added. This means users will need to authenticate their identity through a PIN, facial recognition, or fingerprint.

Kevin Beaumont, a former Microsoft cybersecurity analyst who initially criticized Recall's default activation, praised the decision to require user opt-in. "I think overall having a choice around opting in on home systems will save a lot of people security problems further down the line," he said in a post.

With the introduction of these enhanced security protocols, Microsoft aims to reassure users that their privacy remains a top priority as the company continues to innovate with AI-driven features. The balance between cutting-edge technology and robust security is delicate, but Microsoft is committed to ensuring its users are protected as they embrace the future of AI computing.

More about: 

Last related articles

chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram