If you want to know where tech companies are with AI safety, know Microsoft Recall won’t record screenshots of DRM’d movies..
..but will record screenshots of your financial records and WhatsApp messages, as corporate interests were prioritised over user safety.
And it’s enabled by default.
Copilot+ Recall feature pop quiz:
You deal with a sensitive matter on my Windows PC. E.g. an email you delete. Does Copilot Recall still store the deleted email?
Answer: yes. There's no feature to delete screenshots of things you delete while using your PC. You would have to remember to go and purge screenshots that Recall makes every few seconds.
If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.
It comes up a lot as people are rightly confused, but if you wonder what problem Microsoft are trying to solve with Recall:
It isn't them being evil, it's business leaders who are middle aged and can't remember what they're doing driving decision making about which problems to solve.
A huge amount of business leaders are dudes who have no idea what the fuck is happening. This leads to the Recall feature.
Microsoft exists in and is driven by that bubble.
Some screenshots of Recall's SQLite database here: https://mastodon.social/@detective/112513529733646088
Just to clarify, I can access it without SYSTEM too. Microsoft are about to set cybersecurity back a decade by empowering cyber criminals via poor AI safety. Feature ships in a few weeks.
The latest Risky Business episode on Recall is good, but one small correction - it doesn’t need SYSTEM rights.
Here’s a video of two MSFT employees gaining access to the Recall database folder - with SQLite database right there. Watch their hacking skills. (You don’t need to go this length as an attacker, either). Cc @riskybusiness
I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC.
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.
My look at the feature, FAQs from the community etc
I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of your PC constantly, and makes it into an…
this is the out of box experience for Windows 11's new Recall feature on Copilot+ PCs. It's enabled by default during setup and you can't disable it directly here. There is an option to tick "open Settings after setup completes so I can manage my Recall preferences" instead.
HT @tomwarren
You allow BYOD so people can pick up webmail and such. It’s okay, because when they leave you revoke their access, and your MDM removes all business data from the machine ✅
What the employee does: opens Recall, searches their email, files etc and pastes the data elsewhere.
Nothing is removed from Recall, as it is a photographic memory of everything the former employee did.
Security and privacy researchers - You can now install Copilot+ Recall on any ARM hardware (doesn’t need an NPU) or in Azure VMs.
Guide from @detective
The devices launch THIS MONTH to customers so I suggest people look at this.
Recent DHS published report handed to the US President which said it had "identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management"
Microsoft: let’s use AI to screenshot everything users do every 5 seconds, OCR the screenshots, make it searchable and store it in AppData!
If anybody is wondering if you can enable Recall on a machine remotely without Copilot+ hardware support - yep.
I’ve also found a way to disable the tray icon.
I went and looked at YouTube for Recall to get out of the echo chamber and I can only find one positive video. Even the people at the event are slating it, including people with media provided Copilot+ PCs.
There’s some content creators who’ve realised it records their credit cards, so they’re making videos of their cards going walkies.
It’s going to be interesting to see how Microsoft get out of this one. They may have contractual commitments to ship Recall with external parties.
I thought they were risking crashing the Copilot brand with this one, but I was wrong looking at the videos and comments on them - I think they’re crashing the Windows consumer brand.
The reaction to photographic memory of what people do at home has - you’ll be surprised to know - not been seen as a reason to buy a device, but a reason why not to.
Microsoft has been declining to comment on criticism of Recall for a week - but they have apparently told a journalist off the record at Future that changes will be made before Copilot+ devices drop in the coming days.
This may include an attempt to invalidate researcher criticism, we’ll see.
WIRED has a piece about Total Recall, a now released tool which dumps keypresses, text and screenshots (they’re JPEGs) from Microsoft Recall
https://www.wired.com/story/total-recall-windows-recall-ai/
Total Recall software by @xaitax https://github.com/xaitax/TotalRecall
Example search for ‘password’:
🪟 Captured Windows: 133
📸 Images Taken: 36
🔍 Search results for 'password': 22
📄 Summary of the extraction is available in the file:
C:\Users\alex\Downloads\TotalRecall\2024-06-04-13-49_Recall_Extraction\TotalRecall.txt
I hadn’t been aware until today of the external reaction to Recall. Holy shit. Tim Apple must be pleased.
Everything from media coverage to YouTube to TikTok is largely negative. All the comments are negative.
These videos have tens of millions of views and hundreds of thousands of comments.
I knew it would be bad but.. it’s worse. I’ve spent hours looking at the sentiment and.. well, they probably would have got better coverage from launching an NFT of pregnant Clippy.
A key element of Recall is Microsoft say only you can access your Recall, it is per user.
ArsTechnica enabled Recall on Windows 11 box and tested the claim. By logging in as another user they could access the database and screenshots.
If you want to know how Microsoft have got themselves into this giant mess with Recall, here’s what the documentation says between the lines:
you, the customer, are a simpleton who doesn’t want to be an AI genius yet. Have a caveman mode.
Recall and Copilot+ is also coming to ASUS systems, including AMD, in a deal with Microsoft.
ASUS Announces Complete Portfolio of AI-Powered Copilot+ PCs https://www.asus.com/us/news/pnm9tg6qccql6ern/
Nvidia announced they are bringing Copilot+ and Recall to PCs, in a deal with Microsoft: https://www.theverge.com/2024/6/2/24169568/microsoft-copilot-plus-gaming-pc-nvidia-amd
Three Copilot+ Recall questions that keep coming up.
Q. Can you alter the Recall history?
A. Yes. You can change the OCR database and change the screenshots as the logged in user or as software running as the local user. There is no audit log of changes.
Q. Are they snapshots, as Microsoft says, or screenshots?
A. They are just screenshots, jpegs.
Q. What is to stop apps on your machine accessing your Recall covertly?
A. Nothing. There is no audit log of access.
@MalwareJake Recall is a melting pot of everything wrong with modern Windows: Per-user app and settings MSIX app setting virtualization Intune MDM per-user policies WinRT generated proxy code Enabled by default, opt-out If you hate it, it's in there, I tell you
If anybody is wondering what Microsoft's reaction to any of the Copilot+ Recall concerns are, they're continuing to decline comment to every media outlet.
I've seen comments MS staff have been given for enterprise customers, which are nonsense handwaving.
Product ships live on devices from Dell, Lenovo etc this month. https://x.com/zacbowden/status/1798221879741931847
Damn, I really thought the Recall database security would at least be, you know, secure. Turns out Microsoft did pretty much what I blogged about for WindowsApps, except you need to find a specific WIN://SYSAPPID instead. So to bypass the security just get the token for the AIXHost.exe process, then impersonate that and you can access the database, no admin required. Or, as the files are owned by the user, just grant yourself access using icacls etc :D
This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots. - xaitax/TotalRecall
You can now remotely dump Recall data and screenshots over the internet from Linux etc. Changes in flight for parsing data too.
Gets all users Recall folders and dumps them, then renames screenshots to include .jpg (unnecessary but helpful). I cherry-picked the download_folder functionality from #320 and then improved it du...
Turns out speaking out works.
Microsoft are making significant changes to Recall, including making it specifically opt in, requiring Windows Hello face scanning to activate and use it, and actually encrypting the database.
There are obviously going to be devils in the details - potentially big ones.
Microsoft needs to commit to not trying to sneak users to enable it in the future, and it needs turning off by default in Group Policy and Intune for enterprise orgs.
https://www.theverge.com/2024/6/7/24173499/microsoft-windows-recall-response-security-concerns
Obviously, I recommend you do not enable Recall, and you tell your family not to enable it too.
It’s still labelled Preview, and I’ll believe it is encrypted when I see it.
There are obviously serious governance and security failures at Microsoft around how this played out that need to be investigated, and suggests they are not serious about AI safety.
I should be transparent btw that I took Satya and Charlie’s commitment to security at face value too - I even published a blog on it backing that up - and I have concerns (it isn’t just me).
They’re now going to have to win trust back about winning trust back.
I know somebody at a retailer in Europe that is selling Copilot+ PCs. They’ve had fewer than a thousand preorders through to customers.
In relative terms, for them it’s about as successful as Suicide Squad Kill The Justice League.
A reminder that a few weeks ago at RSA, Microsoft signed CISA's Secure By Design pledge... and then shipped an enabled by design keylogger that OCRs your screen constantly into AppData.
Edit: I should say that's less a reflection on Microsoft and more a reflection on CISA's Secure By Design pledge.. it's a good idea, but the scope is extremely limited.
I think MS are a way off extracting themselves from Recall situation they've got themselves into.
This is just one YouTube comments section on a video since the not-enabled-by-default change - 500k views - but there's loads more, similar on TikTok.
I imagine it's going to continue through week and into next week when the laptops ship.
I have heard rumblings MS are discussing trying to take action against me over the whole thing, which a) good luck and b) would be pouring petrol on the flames.
Some backstory - it's being reported Microsoft developed Recall in secret to try to avoid scrutiny. https://www.windowscentral.com/software-apps/windows-11/microsoft-has-lost-trust-with-its-users-windows-recall-is-the-last-straw
I'm hearing that various MSFT people are furious about how this played out over the past few weeks, which IMHO represents a serious lack of introspection.
Microsoft have paused the rollout of Windows 11 24H2 in preview channel, it was the version containing Recall. Microsoft have not explained why.
https://x.com/brandonleblanc/status/1799478915582542199
I don't know if it was publicly known but it was possible to use Recall on more hardware via Mach2, before this was pulled.
I have an image where when viewed on a Copilot+ Recall PC, a Windows process crashes as it tries to process the screenshot.
New email signature?
Microsoft’s President Brad Smith appears before US House Committee on Homeland Security tomorrow.
His testimony: https://homeland.house.gov/wp-content/uploads/2024/06/2024-06-13-HRG-Testimony-Smith.pdf
In this bit he talks about Recall (not named), where he pats himself and Microsoft on the back for “a feature change” and job well done.
Given it has been a complete cybersecurity and privacy car crash - and as of today the changes (plural) they’re referring to haven’t even been implemented - it seems like Microsoft fails to grasp customer needs: safety.
One other thing - Microsoft's written testimony to the US House says, quoting, bolded by MS:
"Before I say anything else, I think it’s especially important for me to say that Microsoft accepts responsibility for each and every one of the issues cited in the CSRB’s report. Without equivocation or hesitation. And without any sense of defensiveness."
Counterpoint: they publicly disputed the report in the media. https://www.theverge.com/2024/4/25/24139914/microsoft-cyber-security-incidents-trust-report
I should say that if Brad is asked about Recall tomorrow, the answers may raise some.. uh... eyebrows here.
I don't know what MS SLT have been told, but expect fun when the feature drops on consumer laptops in a few days.
As I mentioned in my blog, there is some more security hardening there on Copilot+ PCs (this was before MS put out their blog)... but it's still easily bypassable.
Microsoft’s Recall puts the Biden administration’s cyber credibility on the line
https://cyberscoop.com/microsoft-recall-secure-by-design/
Interesting article. All through this, CISA and the DHS have declined to comment.
The Verge reports today that "Windows engineers are scrambling to get additional changes tested and ready for the release of Copilot+ PCs next week."
It also says "Recall was developed in secret at Microsoft, and it wasn’t even tested publicly with Windows Insiders."
I've also been told Microsoft security and privacy staff weren't provided Recall, as the feature wasn't made available broadly internally either.
https://www.theverge.com/2024/6/13/24177703/microsoft-xbox-game-showcase-windows-recall
@GossiTheDog More and more the whole recall and copilot+ seems like a rushed product. In the classic Microsoft way they try to be the first but also ends up being half baked.
Something something Miyamoto quote.
@GossiTheDog This is a bullshit title. If anything, it puts Microsoft's credibility on the line.
(In my eyes, Biden's administration has no credibility whatsoever to begin with, but that's a completely different issue; not related to Recall.)
The article mentions Biden ten times:
- once in the title
- eight times describing various ways in which the Biden administration is focusing on security, working to improve computing security, and "deserve immense credit" for their public focus on cybersecurity.
- and one, at the end, criticising their "relative silence" on Microsoft Recall -- relative to other corporate "flawed strategies and harmful practices" that they did call out.
...
I think that the MS Recall issues have been moving rapidly, and have triggered a huge public outcry. And so there's probably no need for the federal government to hastily "add more fuel to the fire." A measured response over time, possibly with appropriate legislation in Congress, would be wise.
And it's not like there aren't pressing international issues to attend to.
@GossiTheDog “and how did you come to make the decision to release the feature?”
“I.. uh.. can’t recall”
😎
csimiamatheme.wav
@gigantos @morten_skaaning @GossiTheDog
What about the data you view of other people (thinking in the context of BYOD or just businesses that don’t disable it)
@gigantos @morten_skaaning @GossiTheDog
the never sent to the cloud thing is funny to me
it reminds me of this joke riddle
“i have two coins that add up to 26 cents, one of them is not a quarter; what two coins do i have?”
sure, the app that takes the picture doesn’t upload it to the cloud, but i’m not sure i believe you don’t have any cloud based backup solutions in your portfolio of “technically the other one is a quarter” terms of service sauce.
@morten_skaaning @GossiTheDog
How would GPDR play with training an llm?
I can't be the only one wondering if microsoft is just trying to build the biggest training dataset.
Captive audience, change a few words in the EULA in a year or two implying you agree to helping build this thing.
I'll be honest though, I have limited knowledge on how llm ai works. Totally possible my tinfoil hats to tight.
@GossiTheDog @evacide @wdormann
I wonder what the Beeb's take on this & if their investigative reporters have this feature turned on? 🤔
Also asking here:
@GossiTheDog @evacide @wdormann lol.
Your tinfoil hat might be a bit too tight.
@GossiTheDog That article isn't even good propaganda, I give it a C-.
But yeah, I suspect that this was kept secret from their policy and legal teams as well, because I'm going to assume that the people working on those teams are competent.
I also really, really, really want to know the gender makeup of the supersekrit skunkworks team that tested this. I mean, I feel confident in my hypothesis, but best to await confirmatory evidence.
It's wasn't just you calling attention to the whole Recall Debacle.
I was castigated by one person actually investing for "tin-foil hat conspiracies".
If anything I was underselling the actual privacy and security issues.
I still wonder if the Recall data is destined for a local LLM "assistant" to satisfy the craving for yet more AI bollocks.
" Multiple Security persons talks about Security of a Trillion Dollar plus market share company and warns of dangers of product features "
This is normal. Pointing out the weaponization of the products insecurities _is_ one thing Security people do. Push back on this from their users being informed of the dangers is a normal thing.
What's notable is the Legal Community seeing the threat landscape on this feature raising alarms also to their clients and thinking about _how_ the opposing counsel would use this ' feature that's on by default until users pushed back ' against them and their client.
Good work Gossi!! 💯🙋♂️
You didn't expect them to actually follow through with the pledge though, did you?
That's just for PR! Line must go up! -Microsoft CEO
In all fairness, a vulnerability is usually unintended behavior in a specific piece of software. This was intentional, so there's no vulnerability here.
I never thought I'd see the day where "It's not a bug, it's a feature" was translated into the infosec realm, but Microsoft found a way.
Kevin Beaumont
Takoyaki
Tryst 🏴 
Asta [AMP]
Danny Palmer
VessOnSecurity
Jeff Grigg
Cali
Fritz Adalis
ferricoxide
Alesandro Ortiz 🇵🇷🏳️🌈
Andres Jalinton
Morten Hilker-Skaaning
gigantos
Collin Kreklow
the harbinger of eternal sept
Pwent
Volodymyr
artful modder
Dr Lee A. Christie
lizard appreciator
Ritchie
Xavier Knol 
eddy
The Penguin of Evil
meriksson
@infosec_jcp 🐈🃏 done differently
El Jefe "
" 
cesarb
Rajel Aran, Nostalgia Hunter
Alun Jones
Noah Cook
arclight
`Da Elf
Norbert Kowallik
Juliet Merida, Dum Tran Elf 🏳️⚧️
Simon Zerafa
alphy
Mathaetaes
Aaron 🍞🏳️🌈 
skglas