Microsoft to re-launch ‘privacy nightmare’ AI screenshot tool
When it initially announced the tool at its developer conference in May, Microsoft said it used AI “to make it possible to access virtually anything you have ever seen on your PC”, and likened it to having photographic memory.
It said Recall could search through a users’ past activity, including their files, photos, emails and browsing history.
It was designed to help people find things they had looked at or worked on previously by searching through desktop screenshots taken every few seconds.
But critics quickly raised concerns, given the quantity of sensitive data the system would harvest, with one expert labelling it a potential “privacy nightmare.”
Recall was never made publicly available.
A version of the tool was set to be rolled out with CoPilot+ computers – which Microsoft billed as the fastest, most intelligent Windows PCs ever built – when they launched in June, after Microsoft told users it had made changes to make it more secure.
But its launch was delayed further and has now been pushed back to the autumn. The company has also announced extra security measures for it.
“Recall is an opt-in experience. Snapshots and any associated information are always encrypted,” said Pavan Davuluri, Microsoft’s corporate vice president of Windows and devices.
He added that “Windows offers tools to help you control your privacy and customise what gets saved for you to find later”.
However a technical blog about it states that “diagnostic data” from the tool may be shared with the firm depending on individual privacy settings.
The firm added that screenshots can only be accessed with a biometric login, and sensitive information such as credit card details will not be snapped by default.
Recall is only available on the CoPilot+ range of bespoke laptops featuring powerful inbuilt AI chips.
Professor Alan Woodward, a cybersecurity expert at Surrey University, said the new measures were a significant improvement.
“Before any functionality like Recall is deployed the security and privacy aspects will need to be comprehensively tested,” he said.
However he added he would not be rushing to use it.
“Personally I would not opt-in until this has been tested in the wild for some time.”