Critics have compared Recall to spyware or stalkerware, and Hagenah has urged Microsoft to make changes before the tool's full launch. The UK’s data protection regulator has asked Microsoft for more details about Recall and its privacy implications. Microsoft has not yet responded to these concerns.
Key takeaways:
- Microsoft's new Windows AI tool, Recall, which takes screenshots of user activity every five seconds, has been criticized by security experts for storing the data in an unencrypted database, making it vulnerable to attacks.
- A cybersecurity strategist and ethical hacker, Alex Hagenah, has created a demo tool called TotalRecall that can extract and display everything Recall records on a laptop, demonstrating the potential risks.
- Recall's data includes screenshots of desktop activity, messages sent on encrypted messaging apps, websites visited, and all text displayed on the PC, which could be a gold mine for hackers or domestic abusers.
- Despite the criticisms, Microsoft maintains that Recall does not send the captured information to its servers and users have the option to disable saving screenshots, pause the system, filter applications where screenshots are taken, and delete what is gathered at any time.