Microsoft AI scientist responds to privacy issues with Windows 11 Recall


Windows 11 Recall AI privacy concernsWindows 11 Recall AI privacy concerns

Speaking at Stanford Institute for Human-Centered Artificial Intelligence, Microsoft’s chief research scientist Jaime Teevan defended the privacy of Windows 11 Recall, stating that the AI feature operates locally with no data stored in the cloud. She also responded to the news about the privacy and safety concerns of the Windows Recall.

Recall is a new feature that ships with Snapdragon X-powered PCs. It records everything to make your past activities ‘searchable’. For instance, if you were working on a project and had a discussion with a friend but couldn’t remember the details or where it took place, you can utilize Microsoft’s built-in AI to recall that moment.

Windows Latest tested the feature at the Build 2024 developed conference, where we noticed that Recall takes screenshots of your screen every five seconds. While Microsoft allows you to backlist apps and websites from Recall recording, the company has warned Recall can capture your passwords and sensitive information.

Recall snapshots
You can pause Recall directly from the taskbar | Image Courtesy: WindowsLatest.com

According to Microsoft’s support documentation, that’s because the AI extracts the texts from the images and does not perform content moderation.

The real problem with Recall privacy is that it captures everything and creates a database, which is stored locally and can be accessed with little effort.

Recall AI Windows 11Recall AI Windows 11
You can delete snapshots, limit recording, and disable the feature from Settings | Image Courtesy: WindowsLatest.com

According to Kevin Beaumont, who formerly worked at Microsoft, Windows 11 uses Azure AI, running natively on the device, to automatically extract OCR data from every screenshot.

The OCR data, which could include your passwords, is reportedly stored in an SQLite database inside the user folder, which requires certain permissions to access.

“This database file has a record of everything you’ve ever viewed on your PC in plain text,” writes Beaumont, who allegedly modified Windows 11 installation to force enable Recall on an officially unsupported device.

At the moment, it’s unclear if Recall integration is more secure on a device with a Snapdragon X processor and Pluton chip.

Microsoft says Recall is secure because it stores everything locally

At the Stanford Institute for Human-Centered Artificial Intelligence conference, Microsoft’s AI scientist Jaime Teevan responded to privacy concerns around Recall in Windows 11.

During the discussion, Erik Brynjolfsson, an American academic, author and inventor, noted that there has been a recent backlash due to privacy concerns. Does Recall collect your data? Is it local and private? Erik raised several questions, and Microsoft defended the AI integration with a simple justification: everything is stored locally.

Microsoft research scientist Jaime responded, “Yeah, so that’s a great question, Erik, it is, and this has come up throughout the morning as well, the importance, the importance of data and this AI revolution that we’re in right now is really changing the way we understand data.”

When Erik asked again, “Is it stored locally? Suppose I activate Recall, I don’t know if I can, but when you have something like that available, I would be worried about all my personal files going up into the Cloud and Microsoft or whatever. Do you have it kept encrypted or how is it–?”

Jaime assured, “Yeah, this is a foundational thing that we, as a company, care a lot about, is actually the protection of data. So, Recall is a feature that captures information, it’s a local Windows functionality, nothing goes into the Cloud, everything is stored locally.”

Erik replied, “Okay,” to which Jaime confirmed again, “Yeah.”

While Microsoft’s statements do not address our concerns, they do confirm that Recall is completely local.

Security researchers have asked several questions, including what measures Microsoft will take to prevent unauthorized access to the Recall database by other users on the same device.

We also don’t know how the system protects sensitive information, such as financial data, from being stored and accessed.

I personally like the idea of Recall, but privacy and security are equally important. Do you believe Microsoft is doing enough to defend Recall? Let us know in the comments below.



Source link

Previous articleApple highlights developer resources ahead of WWDC
Next articleBitcoin set for new all-time high next week but Ethereum holds it back