Microsoft is again delaying the rollout of its AI-powered Windows Recall feature after announcing in August that it will be available for Insiders with Copilot+ PCs in October.
This comes after the company was forced to drop its plans to release the feature in public preview on June 19, when the new Copilot+ AI PCs were launched.
As first reported by The Verge, Microsoft said Recall was postponed for further testing due to significant customer pushback asking for more robust default data privacy and security protections.
"We are committed to delivering a secure and trusted experience with Recall. We recently shared updates to the security and privacy architecture for Recall in a Windows Blog post," Windows senior product manager Brandon LeBlanc told BleepingComputer in a statement today.
"To ensure we deliver on these important updates, we're taking additional time to refine the experience before previewing it with Windows Insiders. Originally planned for October, Recall will now be available for preview with Windows Insiders on Copilot+ PCs by December."
As Microsoft explained when it unveiled Recall in May, the AI-powered feature is designed to take screenshots of active windows every few seconds, analyze them on-device using an AI model and a Neural Processing Unit (NPU), and store collected data in an SQLite database.
Windows 11 users can later search this information using natural language to prompt Recall to retrieve relevant screenshots.
Privacy nightmare
Since Microsoft announced Recall, customers, privacy advocates, and cybersecurity experts have warned that Windows Recall will be a privacy and security nightmare since threat actors would most likely abuse it to steal users' data.
In response to the negative feedback, Redmond said users will have to opt-in to enable Recall on their computers and that they'll have to confirm they're in front of their PC via Windows Hello to be able to use it.
David Weston, Microsoft's vice president for Enterprise and OS Security, also said that Recall can be removed, automatically filters sensitive content, and allows users to exclude specific apps, websites, or in-private browsing sessions,
Weston added that Recall will include malware protection features such as anti-hammering and rate-limiting measures.
Comments
doncoyote - 2 weeks ago
"Recall will automagically filter sensitive content."
There lies the credibility problem Microsoft will not address.
Orange Blossom - 2 weeks ago
What positive purpose would Recall actually have? I cannot think of a single one.
Mahhn - 1 week ago
data collection for marketing, criminal investigation/monitoring 24/7 of your activity, ohh and as MS says, "so you can see a screen shot of what you were doing months ago". This is a back door to spy on all windows PCs without hiding it. 5 years ago it would have been Imposible to process all that data. Today, AI does if for them. Not unlike when the NSA had RSA put a back door in their VPN software - now it's everyone's PCs.
h_b_s - 2 weeks ago
I can think of plenty of useful tools something like Recall could have if it were properly built. But there-in lies the rub. Microsoft is not a credible or reliable company to develop, deploy, and administer something of the likes of Recall. There's no current OS on the planet outside of perhaps a couple of special purpose EAL6 OSes that could safely host such a loaded gun.
Throwdown - 1 week ago
This will be exploited and abused by bad actors in ways we are not even thinking of yet.
Here is a response from GPT:
Recall’s natural language processing could make it easier for attackers to gather detailed insights about your habits, preferences, or frequent contacts by analyzing correlated data over time. This could lead to more effective phishing attacks, social engineering, or identity theft.
Recall’s timeline allows users to return to specific points in their digital history. If a malicious insider had access, they could manipulate or leverage this historical data against you, such as using old screenshots to create disinformation or blackmail.
Features like Recall expand the amount of data stored on a system, potentially increasing the attack surface and making devices more attractive targets for attackers looking to steal aggregated data.