Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Microsoft IT

Microsoft Postpones Windows Recall After Major Backlash (windowscentral.com) 96

In an unprecedented move, Microsoft has announced that its big Copilot+ PC initiative that was unveiled last month will launch without its headlining "Windows Recall" AI feature next week on June 18. From a report: The feature, which captures snapshots of your screen every few seconds, was revealed to store sensitive user data in an unencrypted state, raising serious concerns among security researchers and experts.

Last week, Microsoft addressed these concerns by announcing that it would make changes to Windows Recall to ensure the feature handles data securely on device. At that time, the company insisted that Windows Recall would launch alongside Copilot+ PCs on June 18, with an update being made available at launch to address the concerns with Windows Recall. Now, Microsoft is saying Windows Recall will launch at a later date, beyond the general availability of Copilot+ PCs. This means these new devices will be missing their headlining AI feature at launch, as Windows Recall is now delayed indefinitely. The company says Windows Recall will be added in a future Windows update, but has not given a timeframe for when this will be.
Further reading:
'Microsoft Has Lost Trust With Its Users and Windows Recall is the Straw That Broke the Camel's Back'
Windows 11's New Recall Feature Has Been Cracked To Run On Unsupported Hardware
Is the New 'Recall' Feature in Windows a Security and Privacy Nightmare?
Mozilla Says It's Concerned About Windows Recall.
This discussion has been archived. No new comments can be posted.

Microsoft Postpones Windows Recall After Major Backlash

Comments Filter:
  • For now! (Score:5, Insightful)

    by oldgraybeard ( 2939809 ) on Thursday June 13, 2024 @10:21PM (#64548083)
    Then they will "oops" turn it on by default when no one is looking. Remember! They are Microsoft!
    • Copilot + Recall both being local equals free training data and everything Microsoft wants will be sent to their command and control servers!
      Also loved this admission "The company says Windows Recall will be added in a future Windows update, but has not given a timeframe"
    • Interesting conspiracy theory. What do you hope Microsoft will get by silently enabling this feature? I mean what do you hope Microsoft will get beyond millions of people already running unverified code that is publicly acknowledge to send all manner of your personal data to Microsoft already?

      • Re:For now! (Score:5, Insightful)

        by Luckyo ( 1726890 ) on Friday June 14, 2024 @04:45AM (#64548427)

        Conspiracy theory in scientific terms, not layman terms. As in "thing we have best evidence for so far". Reasoning:

        1. Microsoft announced it will add it in an update next time.
        2. Windows updates are now largely obfuscated, unlike back in windows 7 days, when each update came as standalone installer with detailed description. Today you get mostly bundles that get very general descriptions with no details.
        3. They are conspiring to add this shit in whether you like it or not, because they want your personal data as training data.
        4. Microsoft's a history of adding spyware quietly, and only announcing it once massive brouhaha by someone who discovers it. See: how always on keylogger was added to windows 10.

        If you have something that has better evidence and reasoning for, go for it. I'm curious.

        • by unrtst ( 777550 )

          Exactly! You could even eliminate a few of those bullet points...
          1. Microsoft announced it will add it in a future Windows update, but has not given a timeframe.
          2. Non-pro versions of Windows can't disable updates, so they'll get it whether users want it or not at an undisclosed time.

          We don't have to wonder what MS will get by silently enabling Windows Recall. They already announced they were doing it on June 18th, and this is just postponing that until some yet-to-be-decided/announced date. We don't need m

      • Interesting conspiracy theory. What do you hope Microsoft will get by silently enabling this feature?

        The satisfaction of a days evil done in an evil day.
        Kernels of truth to build deceptive graphs for the next several earnings reports.
        AI + Everyone is using it. _,-/^

    • by gweihir ( 88907 )

      Indeed. Although that could get _very_ expensive if they do it in the EU.

  • by rsilvergun ( 571051 ) on Thursday June 13, 2024 @10:27PM (#64548089)
    they were just testing the waters to see what sort of nastiness they could get away with, pushing the envelope as far as it can go.
  • Reason: some "state actor" hacker could bypass the security Microsoft claims for Copilot+ and start reading all the information of recent activity of the person's desktop or laptop computer running Windows 11 with Copilot+ installed.

  • Sounds to me like a CEO needs to inflate his golden parachute and get the hell out.

    • Re:CEO (Score:4, Insightful)

      by sg_oneill ( 159032 ) on Thursday June 13, 2024 @11:21PM (#64548151)

      Nadella aint going nowhere. That dude is one of the most savy CEOs in modern history. Tim Smith might be permanently in Steve Jobs shadow, even from beyond the grave, but Gates had nothing on Nadella's business smarts.

      This was a cock up, but Microsoft have had far worse, and lived to tell the tale.

      • Er, not Tim smith.... what am I gibbering about?.I mean to say Tim Cook. Tim Smith was the Cardiacs lead singer lol. I need to increase my cafine intake.

        • Apple. The name is Tim Apple.

          2019: "Weâ(TM)re going to be opening up the labor forces because we have to. We have so many companies coming in,â Trump says. âoePeople like Tim â" youâ(TM)re expanding all over and doing things that I really wanted you to do right from the beginning. I used to say, âTim, you gotta start doing it here,â(TM) and you really have youâ(TM)ve really put a big investment in our country. We appreciate it very much, Tim Apple."

          (Not that I'm not s

        • Well, you just reminded me I need to listen to the Cardiacs more, at least. Thanks!

      • by Kokuyo ( 549451 )

        Yeah, well, Gates had some moral fiber, even though it wasn't very pronounced.

        Nadella is just a despotic thief.

        • Hmm. I think he did become somewhat moral later in his life (and his post MS work is straight up praiseworthy), but that period in the 90s, woooooff.... Dude was a straight up pirate. Unfortunately for MS he was a pirate that poisoned MS's reputation amongst the all important tech geek cohort thats always going to have at least SOME sway over tech purchasing. Nadella, is just as vicious as 90s era Gates, but does so whilst managing to win back a lot of the people Gates had driven away.

    • by Luckyo ( 1726890 )

      He's a CEO that made Microsoft the most valuable company in the world.

      Why on earth would he leave?

  • Maybe they'd been planning this for a while, and the reason Win11 requires TPM was because they were planning to try to protect this data from, essentially, being extracted by a program with user or root privileges with some DRM-like techniques enabled by TPM. Or maybe I'm just trying to make sense out of two coincidentally-related nonsense decisions.

    • by ArmoredDragon ( 3450605 ) on Thursday June 13, 2024 @11:56PM (#64548185)

      Cheese will you guys ever stop with the TPM conspiracy theories? TPM would make for the worst DRM tool on the planet. It's far more analogous to a yubikey, which would make for a similarly terrible DRM tool and for basically the same reason.

      The spec is completely open, I've personally written software that uses it as a means of authentication and endpoint security. The single most useful part of it is I can issue it an attestation certificate with my own signing keys and be absolutely certain that the computer is running exactly the software I want it to run with a guarantee that the kernel hasn't been compromised.

      And by the way, for this purpose it's equally useful for Linux as it is Windows. TPM does not and is simply not capable of boot code authentication. The closest thing to that it can be used for is reporting the boot state after you've already booted based on hash values stored in the PCRs, then using the attestation key so provide assurance that these values haven't been tampered with.

      So why do I say it's a terrible DRM tool? Well, DRM requires shared secrets. TPM can seal shared secrets, or maybe RSA decrypt them, but either way that requires sending them back over TTL lines when they're inevitably needed, which are sent in the clear and is easily sniffed. TPM simply isn't designed to keep secrets from you, the device owner, and anybody who tries to use it for that will be sorely disappointed at how quickly it's broken.

      In theory it could be used to give a remote party assurance that you didn't hack your own kernel, but this is incredibly impractical. There are literally millions of different firmware hashes you'd need to keep track of, and new ones are introduced constantly. Besides, if you hacked your own firmware in just the right way, you can drop whatever values you want into the PCRs, and your attestation quotes will be perfectly valid no matter how much hacking you do. It's hard as hell to do to somebody else's computer without them noticing, but if it's your own computer, the sky's the limit.

      • TPM simply isn't designed to keep secrets from you, the device owner, and anybody who tries to use it for that will be sorely disappointed at how quickly it's broken.

        TPM simply isn't designed to keep secrets from you, the device owner, and anybody who tries to use it for that will be sorely disappointed at how quickly it's broken.

        Look at those two quotes, side by side, and then look at the average person.

        You are being dishonest here bro. I personally know about 3 people, including myself, who can do what you describe. I know thousands that don't even understand the words you have used.

        With many BIOS/EFI not allowing you to set your own keys within the device, you are entirely at the mercy of whomever has planted keys in your device. Typically, this will be a Microsoft key.

        • Fuck me, the two quotes are:

          TPM simply isn't designed to keep secrets from you, the device owner, and anybody who tries to use it for that will be sorely disappointed at how quickly it's broken.

          TPM can seal shared secrets, or maybe RSA decrypt them, but either way that requires sending them back over TTL lines when they're inevitably needed, which are sent in the clear and is easily sniffed.

          • With many BIOS/EFI not allowing you to set your own keys within the device, you are entirely at the mercy of whomever has planted keys in your device. Typically, this will be a Microsoft key.

            Oh boy... First of all, BIOS and UEFI are not interchangeable, so don't use them interchangeably. The BIOS specification doesn't even include anything related to secure boot. It's rare to find a device that even has anything resembling secure boot, and where they do, it's usually proprietary and added as an option ROM. UEFI doesn't even use option ROM, rather it uses modules that are more akin to drivers.

            Second, the boot signing keys are NOT stored in the TPM, they're stored in an NVRAM database that the UE

          • The way my employer tells it they say TPM is good to make it harder to steal data by physically cloneing hard drives (bitlocker/windows). If it just boots no further input at a minium an attacker needs to know how to sniff the lpc data at boot or attack the login to pop up a shell and ask for the keys. Possible. But if someone is serious about protection and you are a business person or have state secrets, and are doing it right then tpm wont unlock without further secrets, so the machine wont decrypt a boo
        • by _merlin ( 160982 )

          UEFI and Trusted Boot keys have nothing to do with the TPM. You're conflating two completely different things.

      • TPM is used to provide platform integrity used on some levels of PlayReady DRM.
        The thing tripping you up is that all this sounds fucking stupid but DRM is always fucking stupid.
        Being stupid matters not at all to the MS sales ghouls selling lies or the lawyers writing up contracts to license content catalogs.

        Like trust me on this last bit, shit gets CRAZY like you need a 3rd party datastore with FDE and individual asset protection for the mezzanine copy of [Direct to video 3rd installment of 80s action bloc

        • TPM is used to provide platform integrity used on some levels of PlayReady DRM.

          I'm curious which PCRs they're even looking at. If I had to guess it would be the same as what bitlocker uses, which IIRC is just PCR 7. They might also look at the OS defined PCRs, but it would be more practical to rely only on 7, because 7 tells you which boot keys were used and whether verified boot is enabled, and so long as they trust their own bootloader then it can validate the rest.

          But picture this: When your UEFI loads the boot EFI module, it can always report to the boot log that it used a differe

    • The purpose of TPM is to make you die. To make you die and go to hell!

    • You're giving Microsoft too much credit.

    • by gweihir ( 88907 )

      You can extract it, ergo malware can extract it. Unless you never, ever log-in again and have a really good password.

  • by awwshit ( 6214476 ) on Thursday June 13, 2024 @10:54PM (#64548115)

    Microsoft is just testing the waters, Microsoft is about to double-down and include Microsoft Dystopia in the Windows 11 24H2 update. Microsoft Dystopia is a lot like Recall but all of your personal history is stored in OneDrive in Microsoft's cloud. That way if you change computers you just login to your Microsoft account and all of your history is there. Since your data is stored in their cloud, Microsoft will be obligated to scan your history for CSAM and malware and whatnot.

  • I have an idea (Score:4, Insightful)

    by CEC-P ( 10248912 ) on Thursday June 13, 2024 @11:02PM (#64548123)
    Recall their clueless CEO. He was 100% behind this.
  • by SuperKendall ( 25149 ) on Thursday June 13, 2024 @11:16PM (#64548139)

    The feature, which captures snapshots of your screen every few seconds, was revealed to store sensitive user data in an unencrypted state,

    That was a huge problem, no mistake.

    But let's say they encrypt that data properly - who is going to want or trust this snapshot feature to begin with? There is no case where I want every single thing I am doing captured constantly, I am dealing with secure client stuff sometimes, banking stuff other times, I don't want anything on my screen recorded ever unless I turn on screen recording.

    The whole feature simply needs to be dropped, it's crazy to me this made it to the stage where it was developed into a final product!

    • by 93 Escort Wagon ( 326346 ) on Thursday June 13, 2024 @11:26PM (#64548159)

      who is going to want or trust this snapshot feature to begin with?

      You're not being completely fair. I understand the NSA, as well as several foreign governmental organizations, were very, VERY excited about this feature!

    • who is going to want

      Kind of me

      or trust this snapshot feature to begin with

      Definitely not me.

      Which is the bind. As a feature doing what it's advertised to do, being that it can let you search your history with vague human terms to find something you barely remember, it sounds like exactly what I need. I stumble across lots of things in a day that I don't commit to memory because I don't have any use for them. Then someone mentions something and I think "didn't I see something related to that?" but a few minutes in my browser history and I draw a blank and have to move on

    • Not Windows.

      • You are not the product in the Microsoft world. You and everything about you are just consumables to be burned up by Microsoft to drive their profits!
    • by HiThere ( 15173 )

      Hell, I don't have ANY "sensitive data" on my computer except a few passwords to things like Slashdot, and I STILL don't want it. It would be a horrendous consumer of disk space or bandwidth. (Also, I don't really like being spied on.)

      • It would be a horrendous consumer of disk space or bandwidth.

        I wondered in particular about this aspect, I struggle with disk space on laptops at the best of times. Even if it were only OCRing the screen at any given moment and didn't store screen thumbnails, it seems like over the course of a year to be a significant amount of data being built up. If they roll off data too early it eliminates benefits of the feature.

        But mostly like you, I don't like the system spying, which is the only description that r

      • by gweihir ( 88907 )

        (Also, I don't really like being spied on.)

        Hahahaha, you are sooo yesterday! I am too. Guess we are fossiles by now. In fascist America nobody even wants to have secrets!

    • by gweihir ( 88907 )

      Well, that is you. And I see it the same way. No matter how encrypted, if I can access it, attackers can do so too. Worst-case, they just wait until I am logged in. But the average person will not even understand what is going on.

      • No matter how encrypted, if I can access it, attackers can do so too.

        Yeah I don't think I said anything about that in my first post but I was also just mulling that over later... that is so much data across the spectrum that is lost if a single layer of encryption is bypassed by whatever means. Way too risky to house so much private stuff in a single store.

        the average person will not even understand what is going on.

        Although I generally agree it does seem like in this case the severity of the thing got th

        • by gweihir ( 88907 )

          the average person will not even understand what is going on.

          Although I generally agree it does seem like in this case the severity of the thing got through even to the non technical, judging by the harsh reaction and backlash from all quarters. That's kind of heartwarming.

          Agreed. Maybe more people start to realize that Microsoft is not their friend.

  • Microsoft had already indicated they were going to make it something you had to explicitly enable (and presumably there would have been something in group policy for corporate IT departments, schools etc to allow them to lock it out across all the machines) so what's the problem if people explicitly want to turn it on and live with whatever it might mean (potential privacy violations etc)?

    • by The Cat ( 19816 ) on Thursday June 13, 2024 @11:35PM (#64548165)

      In no particular order:

      1. Attorney-client privilege
      2. Doctor-patient privilege
      3. Priest-penitent privilege
      4. Sarbanes-Oxley
      5. The Securities and Exchange Act of 1934
      6. Spousal privilege
      7. Corporate and private trade secrets
      8. The United States Copyright Act of 1976
      9. The Digital Millennium Copyright Act.
      10. United States Code Title 35
      11. Non-Disclosure Agreements

      That's for openers.

      • As if any of those reasons would stop Microsoft. They can get away with giving mere lip service to the US government, which they operate under. Absolutely none of those reason listed will affect Microsoft. Microsoft is as close to "above the law" as you can get without being an actual government agency.

      • Saving to the C drive violates attorney-client privilege? Law offices can't do backups? This is so dumb.

    • It strikes me as a useless feature.

      Or, are you suggesting to me that human short term memory has been reduced so substantially that they need the digital equivalent of the kind of cueing used for people with severe cognitative deficits, just to do ROUTINE tasks?

      Personally, I prefer to KEEP my working memory abilities, by actually using them.

      If I need notes, I'll take notes.

      I dont need OEM supplied spyware, and certainly not for this.

      The maxim about not ascribing to malice what can adequately be ascribed to

      • I have a good memory. Good-ish. I can remember lots of things with great clarity but sometimes the thing I need to remember is not the thing I actually committed to memory. For instance, I get lots of emails where I've been added late to an ongoing chain. I read from the top until I figure out what I'm personally being asked to provide, get to work, then dismiss it. In the process of doing that I've likely half processed all sorts of random snippets that at the time held no relevance so I discarded them, bu
      • I hate this feature but in a vacuum it's quite useful.
        I can certainly imagine a workflow where I hit the AI button and type some vague bits about what I was doing 6 weeks ago and get something useful back

        But this means my computer has to have a fairly detailed record of what I'm doing at all times which of course is a no go.

    • Microsoft had already indicated they were going to make it something you had to explicitly enable

      The problem is that for Microsoft, the term "explicitly enable" means that it gets turned on anyway after every semiannual Windows update. They probably figure if you hit the "Skip" button when the stupid "Let's Finish Setting Up Your PC!" screen appears, then it means you agree to submit to their every desire.

      • by Voyager529 ( 1363959 ) <voyager529@@@yahoo...com> on Friday June 14, 2024 @09:40AM (#64548911)

        The problem is that for Microsoft, the term "explicitly enable" means that it gets turned on anyway after every semiannual Windows update.

        Exactly this. Windows 10 keeps resetting PDF viewers and browser preferences to Edge, keeps adding new 'recommended apps' to Start Menus, makes it extremely difficult to make a local user account for purchased hardware, keeps angling to upload Desktop and Documents folders to OneDrive, and installed both W10 and W11 without the truly informed consent of most users...to say nothing about the 'privacy settings' that all default to the iteration that uploads the most data by default.

        With *that* track record, that has taken place in front of everyone, Microsoft's new feature is one where screenshots are being taken at intervals "and we pinky promise we're not collecting that data despite our ToS saying that you can't sue us if we do", it's amazing that there was a group of people who thought Recall was going to be a SELLING POINT.

  • Better security for the snapsnots. Good!

    Now the only ones with access are MS and whoever MS sells the info to for advertising purposes, and any government interested in things the AI has decided it has seen sketchy stuff.

  • by WaffleMonster ( 969671 ) on Friday June 14, 2024 @02:29AM (#64548309)

    Who in their right mind would be upset over Microsoft finally recalling Windows?

  • That way people can choose to use it or not, knowing the risks.

    • by dyfet ( 154716 ) on Friday June 14, 2024 @05:59AM (#64548499) Homepage

      The problem is not how well they may protect these snapshots or whether they are enabled by default. That they would exist at all makes every divorce lawyer and prosecutor salivate, let alone the woodies to be found at government security agencies. Even corporations may love this, mandating it is enabled to far better spy on workers, right up until being hit by discovery ;). The true legal liabilities are really staggering.

      • Considering that MS said the snapshots would be encrypted and local but released the first version without encryption that gave everyone pause whether MS would keep any promises made including it being disabled by default.
    • Malware will probably just silently turn this on and then, (say) once a week, upload everything you did to some server controlled by the criminals. After about a month of this, the criminals could start 1) blackmailing you, 2) do identity theft, 3) commit fraud...

      And you say: "Nothing to worry about, because this feature is off by default?!?!" What an incredibly naive attitude this is. Microsoft and security is an oxymoron. After finally adding this misfeature to Windows, it'll probably be secured by very w

    • The kinds of doddering idiots who would most use and appreciate this feature aren't likely to figure out how to enable it.
      I knew a friend's uncle who had bonzai buddy. I started telling him what you might expect and my friends said yeah yeah yeah we've been over this but it remembers all his friends addresses and (whatever i don't remember, stuff)

      My face was a perfect 8^O

  • Recall (Score:4, Funny)

    by cowdung ( 702933 ) on Friday June 14, 2024 @02:48AM (#64548337)

    MS issued a "recall" on it's Window Recall feature thereby recalling the controversial technology. Why did they recall the recall feature? I don't recall.

  • ...an endgame here of getting users to generate data useful for some kind of AI training? Perhaps for some futuristic predictive interface, or more sinister^H^H^H^H^H^H^H^H ambitiously, automation of computer-based human labor. That would explain their persistence.
  • Peeps be like âoeprivacy!â and âoesecurity!â. Iâ(TM)m like âoecpuâ, âoememoryâ, âoestorageâ, âoebattery!â.
  • At first, I thought they were issuing a recall for the latest version...

  • Microsoft has announced that its big Copilot+ PC initiative that was unveiled last month will launch without its headlining "Windows Recall" AI feature readily visible next week on June 18. It will still be included as a hidden "critical security" update and will be switched on silently. This feature can be turned off with a simple 317-click process requiring you to edit your registry. Super simple!

    Fixed that and added the "quiet" parts out loud.

  • see title

  • by Schoenlepel ( 1751646 ) on Friday June 14, 2024 @12:22PM (#64549381)

    Here's how this is going to get shoved down your throat:

    1) They install this feature; off by default, of course.
    2) Microsoft installs an update to a particular application (Explorer, for example) which just happens to include this interesting new feature... however, it requires recall to be turned on.
    3) More and more convenient features, which just happen to require recall to be turned on pop up all throughout the various Windows applications which are installed by default.
    4) All of a sudden you can't disable recall anymore, as this has become "too deeply integrated" in Windows. Everything just depends on this.
    5) The AI starts giving "convenient" suggestions when you turn on your computer, or automatically opens certain applications for you on boot or gives "suggestions" at certain times. These "suggestions" show up as a pop-up notification, which all you need to do is click to get it to do what it wanted to do.
    6) When updates happen, at the same time you upload your database, just so Microsoft can better tune your experience with Windows and other software supporting recall.
    7) Later this database is used to look for "malware" and "criminal activity", of course all for your own good.

    All these "features" start off by opt-in, but eventually are a requirement just to be able to boot Windows. On the surface they're bound to be attractive, and the sheepl will lap them up without any problem, but can you see the dystopian doors this opens?

    Of course all of this won't happen overnight, but rather as time progresses. Microsoft is first going to make sure you are used to a particular feature being on at all times, before moving on to the next step. Think I'm a tin-foil hat? Just look at how things went with telemetry. When first introduced (with XP), there was an outcry. Microsoft just said "sorry", now with 11 Windows collects basically everything about you by default. Most of this can be disabled, but not everything... and "not everything" is more then you may think.

  • The Recall feature once created will be used eventually to use your actions to train an AI that will replace you with what you do on your computer.

    ~Free OS = Spyware

    I have already made the same post three times before and I keep saying that Microsoft gives its operating system away for free because they use it as a massive sniffing device to collect as much personal data to be used as a huge training set for their AI and they have signed business agreements with Open AI who we know for sure scraped the inte

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.

Working...