Tuesday, May 21, 2024

Windows Recall sounds like a privacy nightmare – here's why I'm worried

When I first heard about Recall, I immediately buried my face in my hands. I never thought I'd see such a glaring target be created by Microsoft, never mind it being marketed as a feature.

If you haven't read about it yet, Recall is an AI feature coming to Windows 11 Copilot+ PCs. It's designed to let you go back in time on your computer by "taking images of your active screen every few seconds" and analyzing them with AI, according to Microsoft's Recall FAQs. If anyone other than you gets access to that Recall data, it could be disastrous.

See more

This might sound familiar, and that's because it's remarkably similar to the failed and shelved Timeline feature back on Windows 10. However, unlike Timeline, Recall doesn't just restore a version of your desktop files, it uses AI to take you back to that moment, even opening relevant apps.

What's the problem with Windows Recall?

On the surface, this sounds like a cool feature, but that paranoid privacy purist in the back of my mind is burying his face in a pillow and screaming. Imagine if almost everything you had done for the past three months was recorded for anyone with access to your computer to see. Well, if you use Recall, you won't have to imagine.

That might seem like an overreaction, but let me explain: Recall is taking screenshots every few seconds and storing them on your device. Adding encryption into the mix, that's an enormous amount of bloaty visual data that will show almost everything you've been doing on your computer during that period.

As Microsoft explains, "The default allocation for Recall on a device with 256 GB will be 25 GB, which can store approximately 3 months of snapshots. You can increase the storage allocation for Recall in your PC Settings. Old snapshots will be deleted once you use your allocated storage, allowing new ones to be stored."

This is worse than keylogging! Recall isn't just recording what you type, it's recording everything you're doing, with photo evidence, every three seconds.

This is worse than keylogging!

I say almost everything because Microsoft claims "Recall also does not take snapshots of certain kinds of content, including InPrivate web browsing sessions in Microsoft Edge. It treats material protected with digital rights management (DRM) similarly; like other Windows apps such as the Snipping Tool, Recall will not store DRM content." That's reassuring on the surface, but it's still far too vague for anyone to actually have any faith in it. 

Will this only work on Microsoft Edge, or will it integrate with Chrome and Firefox too? If it only works with Edge, that feels like an egregious walling off of privacy for not using Microsoft's unpopular web browser.

But that's just the tip of the iceberg. Microsoft openly admits that Recall will be taking screenshots of your passwords and private data:

"Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry."

So, what you could have here is something that stores your passwords, your information, your account details, etc, and that is visible to anyone on your profile. If you only have one profile for your device, that means everyone with access to that PC will be able to see your Recall data.

Arguably, the worst part about this is that it will be on by default once you activate your device. Microsoft states: 

On by default

"On Copilot+ PCs powered by a Snapdragon® X Series processor, you will see the Recall taskbar icon after you first activate your device. You can use that icon to open Recall’s settings and make choices about what snapshots Recall collects and stores on your device."

I think this is a bad idea. The decision should be made by the individual, and not by Windows. Having it immediately active just means that uninformed people may not be able to act upon this. In my eyes, it's akin to cookie tracking – it can be just as invasive. All of this makes me wonder whether it may hit a snag with consent under GDPR.

Is Microsoft making Recall secure?

In defense of Microsoft, I'd like it to be known that there was an attempt to make it secure. I don't think it was a very good one, but there was an attempt.

Microsoft states that "Recall snapshots are kept on Copilot+ PCs themselves, on the local hard disk, and are protected using data encryption on your device and (if you have Windows 11 Pro or an enterprise Windows 11 SKU) BitLocker." From the wording here, that looks like your snapshots will only be encrypted if you have Windows Pro or a business Windows code. 

The omission of Windows Home users is horrifying. If this is the case, it leaves everyday people vulnerable if their devices are compromised. People shouldn't have to pay a premium and upgrade to protect their privacy on an operating system that's snapshotting their screen every few seconds.

People shouldn't have to pay a premium and upgrade to protect their privacy

The big question, though, is what kind of encryption is being used? I've been working with virtual private network (VPN) encryption for a while now, and just because something is "encrypted" doesn't mean it's safe. In fact, with developments in quantum computing, encryption is under threat, and even the best VPN services are having to come up with quantum-secure encryption methods. We've already seen that BitLocker can be cracked.

Another note in Microsoft's favor is that the data is stored locally and encrypted, rather than it being uploaded to a cloud server for Microsoft to access.

"Recall screenshots are only linked to a specific user profile and Recall does not share them with other users, make them available for Microsoft to view, or use them for targeting advertisements."

This means that, for now, Microsoft isn't peeking behind the curtain. But that doesn't guarantee that'll be the case forever. If Microsoft can legally find a way to make money out of this tool, my guess is that they'll try. For now, the push seems to be to persuade people to upgrade their OS.

If you're one of those households that has different profiles for each person on the family PC, you can claw back a little bit of privacy. 

"Screenshots are only available to the person whose profile was used to sign in to the device. If two people share a device with different profiles they will not be able to access each other’s screenshots. If they use the same profile to sign-in to the device then they will share a screenshot history. Otherwise, Recall screenshots are not available to other users or accessed by other applications or services."

The problem is, that's only helpful if you password-protect your profile, and if someone sets parental controls on your profile, that could give them a backdoor.

What are the security risks with Recall?

You're probably thinking "so what?" So let me give you a few scenarios where this could be a problem: 

  • You're using a public computer: let's say you do some online shopping or banking on a library computer. You didn't realize Recall was active, and now the person using the computer after you has just gone into the Recall archive to pull up all of your bank details, your address, and your passwords. It's like handing your house keys over to a burglar before telling them you're going on holiday for the week.
  • You're using a work laptop: we've all used a company computer for personal reasons, be it looking at social media on your lunch break, or simply running some errands because you don't have your own laptop. Now your boss, your IT team, and anyone with access to your device, can go through and see every three seconds of how you're using their equipment. They could use this to track your work output and see how productive you are, they could even read private messages you send to people.
  • You're using a family PC: if you've been using the household computer, and you don't have a password-protected profile, anyone could walk in and open up your Recall history. If you've been doing anything unsavory it's about to be obvious, even if you deleted that search history.
  • You get hacked or your laptop gets stolen: this one's pretty obvious, but if someone manages to hack into your device, the encryption won't matter. Similarly, if someone just steals your laptop and you don't have a secure password locking it, then a criminal (cyber or otherwise) can use Recall to pull the whole world out from under your feet.

There are so many problems that can arise just from someone accessing your Recall data. Using a password manager would become irrelevant if someone can see you typing in your master password, your private messages will be anything but, and there's no point in deleting your search history because Microsoft is keeping the receipts!

How to protect your privacy with Windows Recall

There are a few ways you can protect your privacy from Windows Recall, but the obvious, and most effective one will be to disable it outright. As the saying goes "an ounce of prevention is worth a pound of cure." You're better off not having this stuff stored on your device in the first place.

If, however, you want to use Recall, you're going to need to do the following:

  • Make an individual profile on your PC: this will prevent people from having shared access to your Recall data as long as you follow my next tip.
  • Password-protect your profile: not just your device, but your profile, too. Don't use a weak password, be serious. Use three memorable words with numbers and symbols, and no, don't set your password as "3-Memorable-worD5!"
  • Encrypt your Recall data: you may have to upgrade your OS or pay for BitLocker, but encryption is a non-negotiable. If someone gets past your password, you don't want them to have immediate, unchecked access to what you've been doing for the past three months.
  • Don't access sensitive data while Recall is on: if you're going to type in personal passwords or look at NSFW content, just turn it off. This is obviously going to be annoying and time-consuming, but it's far better than the alternative of having it all screenshotted.

Bottom line: Recall makes my skin crawl

Look, I've been a privacy advocate and researcher for years. I don't like the idea of anything tracking what we do. But this... this is something else. The risk that comes with Recall, the sheer devastation it could cause if your device gets hacked, the idea that Microsoft may be walling off privacy behind what I can only describe as a paywall. It sickens me.

There is so much opportunity for misuse with this feature. Security cannot be understated. Privacy cannot be bolted on. Taking screenshots of my device from the second I activate my device should not be a default option. Put the user in control of their privacy, and put the decision in their hands.

All of this just pushes me into the privacy-loving flippers of Linux.

You might also like



from TechRadar - All the latest technology news https://ift.tt/Hckn5wB

No comments:

Post a Comment

This devious new malware is going after macOS users with a whole barrel of tricks

Security researchers from Group-IB discover unique new piece of malware It abuses extended attributes for macOS files to deploy the payl...