News Windows build 2024 and Ai Recall - Security Risk

[PR3MIUM]

Windows build 2024 and Ai Recall - Security Risk:

With the new Windows version 24H2 Build 26100.712 in the Release Preview Channel.
Rust for the kernel, WiFi 7 support and Windows Recall were introduced, the last of which poses a massive security risk.

Windows Recall takes pictures every few seconds.

Recall uses Copilot+ PC advanced processing capabilities to take images of your active screen every few seconds. The snapshots are encrypted and saved on your PC’s hard drive. You can use Recall to locate the content you have viewed on your PC using search or on a timeline bar that allows you to scroll through your snapshots. Once you find the snapshot that you were looking for in Recall, it will be analyzed and offer you options to interact with the content.
Recall will also enable you to open the snapshot in the original application in which it was created, and, as Recall is refined over time, it will open the actual source document, website, or email in a screenshot. This functionality will be improved during Recall’s preview phase.

Microsoft said in its FAQs that its snapshotting feature will vacuum up sensitive information: "Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry."

But that's OK – a user can opt to filter out sites, right? Only if you're using Edge. In the deeper documentation for the service, Microsoft said: "To filter out a website from a snapshot, you must be using Microsoft Edge."

"Recall won't save any content from your private browsing activity when you're using Microsoft Edge or a Chromium-based browser."

So, at least it's more than Edge when it comes to respecting private tabs. Tarquin Wilton-Jones, a developer and privacy expert at Vivaldi, a Chromium-based browser vendor, earlier expressed hope that the automatic respecting of the InPrivate mode – or Incognito mode for Chrome – would apply outside of Edge.

"It almost certainly will not respect any browser's attempts to clear browsing data, where the browser could historically have been in any screenshots," he added.

"It also cannot respect GDPR requests to delete personal data exposed in an application when the source data is deleted by a data controller, and for this reason, it is clearly a massive privacy risk for any organization that handles private data. Who knows what other private data, or sensitive information, it might store in a freely accessible format?"

Mozilla's Chief Product Officer Steve Teixeira told The Register: "Mozilla is concerned about Windows Recall. From a browser perspective, some data should be saved, and some shouldn't. Recall stores not just browser history, but also data that users type into the browser with only very coarse control over what gets stored. While the data is stored in encrypted format, this stored data represents a new vector of attack for cybercriminals and a new privacy worry for shared computers.

Source:

Qualcomm takes the lead in Microsoft's AI PC push

Plus: Windows set for ML-powered always-watching-you Recall feature

www.theregister.com

Giving Windows total recall is a privacy minefield

It's only a preview, and maybe it should stay there ... forever

www.theregister.com

Microsofts Sicherheitsrisiko Recall, OpenAI und weitere KI-Informationssplitter – Teil 2

Mit dem zum 20. Mai 2024 vorgestellten "Copilot+PC" Konzept macht Microsoft zwar das nächste große Fass (Hardware mit AI-Support und Copilot) auf. Aber ich bin mich nicht so sicher, ob der Schuss nicht nach hinten los geht. Sicherheitsforscher laufen Sturm gegen die "Recall"-Funktion, die...

www.borncity.com