Microsoft makes controversial Windows Recall AI feature an opt-in experience on Copilot+ PCs, as 'mere' 171 lines of code bypass its layers of security

 Windows Recall.
Windows Recall.

What you need to know

  • Windows Recall continues to stir controversy as a Python script is able to bypass its security.

  • Microsoft Research's chief scientist technical fellow Jaime Teevan broadly discussed the controversial AI feature during an interview and stated protecting the user's data is a foundational aspect for the company.

  • The tech giant has now rolled out extra measures to maintain the users privacy and security while interacting with the feature, including making Windows Hello a mandatory requirement for enabling the feature and making it an opt-in experience on Copilot+ Pcs.

At Microsoft's special Windows and Surface event, the company announced a handful of next-gen AI features shipping to Windows 11 as part of the 24H2 release, including Windows Recall, Live Captions, and more. While most of these features aren't groundbreaking, Windows Recall has seemingly turned controversial with concern centered on its security and privacy aspects.

Windows Recall is an AI-powered feature that acts like your PC's photographic memory and captures snapshots of everything you see and do. Microsoft CEO Satya Nadella explained the experience runs on-device NPU (neural processing unit) and doesn't rely on the cloud for any of its functionalities. This is important for privacy, security, and performance.

However, the flagship AI features won't be available to everyone due to its stringent Copilot+ PC requirements, including an NPU with 40+ TOPS, 16GB RAM, 256GB storage, and 8 logical processors. Microsoft also promises that the feature is 100% privacy-focused and won't use the data Recall accesses to train its AI models. Additionally, Windows Recall is an opt-in experience, which you easily disable if you've already enabled it.

And while the feature's availability remains fairly limited, users have gone up in arms and raised concerns over its privacy. However, it doesn't seem like a big issue for Microsoft Research's Chief Scientist and technical fellow Jaime Teevan (via The Register).

While touching base with the Director of the Stanford Digital Economy Lab Erik Brynjolfsson, Teevan broadly discussed the controversy around Windows Recall. Brynjolfsson started the discussion by asking about the pros and cons of the features. The chief scientist indicated that it's important to realize that the AI revolution is redefining how we understand data.

"Microsoft generally helps large enterprises manage their data, create data, share data, and that data is really something that makes the business of work different in the context of generative AI. And as individuals too, we have important data, the data that we interact with all the time, and there's an opportunity to start thinking about how to do that and to start thinking about what it means to be able to capture and use that. But of course we are rethinking what data means and how we use it, how we value it, how it gets used."

More recently, the AI feature has been referred to as a PR disaster, a privacy nightmare, and a hacker's paradise...the list goes on. However, Teevan says protecting the user's data is a foundational aspect that Microsoft prioritizes. This is predominantly the main reason Microsoft shipped Windows Recall as a local functionality, completely blocking cloud integration. With your data being stored locally, there are no security or privacy risks. What's more, the data is protected by Microsoft Account credentials.

More security and privacy concerns abound?

Windows Recall icon
Windows Recall icon

But as we speak, many open-source Windows Recall clones are already in the wild, Including OpenRecall. Alex Hagenah, a security researcher also released a tool dubbed Total Recall which can extract and show data from Recall's unencrypted SQLite database (via Android Authority).

READ MORE: Everything you need to know about Windows Recall

Strangely enough, the tool uses 171 lines of code to strip Windows Recall's security and privacy measures. Consequently, the tool can scheme through the controversial AI feature's database, ultimately gaining access to private and sensitive credentials like passwords. According to the author, the data is tored in plain text while the device is in use, making it easier for attackers to grab information easily.

Interestingly, Microsoft just issued a statement with new measures addressing some of the privacy and security concerns riddling Windows Recall. As we edge closer to its general availability in Copilot+ PCs, Microsoft is now making Windows Hello enrollment a mandatory requirement to enable Windows Recall. This will act as an extra layer of security on top of the whole experience running locally on your PC.

With this new development, do you trust Microsoft with a feature like Windows Recall?