444
Microsoft will try the data-scraping Windows Recall feature again in October | Initial Recall preview was lambasted for obvious privacy and security failures (arstechnica.com)
submitted 2 months ago by ForgottenFlux@lemmy.world to c/technology@lemmy.world
71 comments fedilink hide all child comments

Microsoft will begin sending a revised version of its controversial Recall feature to Windows Insider PCs beginning in October, according to an update published today to the company's original blog post about the Recall controversy. The company didn't elaborate further on specific changes it's making to Recall beyond what it already announced in June.

For those unfamiliar, Recall is a Windows service that runs in the background on compatible PCs, continuously taking screenshots of user activity, scanning those screenshots with optical character recognition (OCR), and saving the OCR text and the screenshots to a giant searchable database on your PC. The goal, according to Microsoft, is to help users retrace their steps and dig up information about things they had used their PCs to find or do in the past.

The problem was that other users on the same PC, or attackers with physical or remote access to your PC, could easily access, view, and export those screenshots and the OCR database since none of the information was encrypted at rest or protected in any substantive way.

Among the changes Microsoft has said it will make: The database will be encrypted at rest and will require authentication (and periodic reauthentication) with Windows Hello before users will be allowed to access it. The feature will also be off by default, whereas the original plan was to turn it on by default and make users go into Settings to turn it off.

you are viewing a single comment's thread
view the rest of the comments
[-] dumbass@leminal.space 2 points 2 months ago* (last edited 2 months ago)

I'll start by saying my username is quite true, but, they're gonna have to send the data back to microsoft, so couldn't someone block the ports they use?

[-] emax_gomax@lemmy.world 11 points 2 months ago

Ports? Hah, they'll send it straight through https if they want. To the base Microsoft domain so you can't block without basically disconnecting your install. Objectively that's what any security conscious user should do.

[-] dumbass@leminal.space 4 points 2 months ago

fair enough, just thought I'd ask smarter people.

[-] nexussapphire@lemm.ee 4 points 2 months ago

Besides it might spoil the relationship with your local NSA agent.

[-] JustARaccoon@lemmy.world 2 points 2 months ago

No they won't (or at least they shouldn't), it's meant to be local

this post was submitted on 23 Aug 2024
444 points (98.5% liked)

Technology

59070 readers
3472 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world