[ad_1]
Microsoft has just announced major improvements to the security and privacy of its feature Windows Recall, a technology exclusive to Copilot+ PCs based on AI that automatically collects screenshots of everything that happens on the user’s PC.
This tool was widely criticized after its original debut in June, when cybersecurity experts warned of a serious flaw in this software: data was stored without encryption, which exposed users to the risk of both hackers and malware access sensitive information such as passwords, credit cards and other personal information.
Ransomware: what it is, how it infects and how to protect yourself
rudder stroke
Faced with this pressure, Microsoft made the decision to delay the release of Recall to focus on improving its security. Now the company seeks to calm fears with a new update and some readjustments that affect data protection.
Windows Recall security improvements are now based on five key aspects:
- Full data encryption and active authentication: All information collected by Recall, including screenshots, is stored in a secure enclave where the data is isolated from the rest of the system and can only be accessed using an encryption key that is released through Windows Authentication Hello, which can be through facial recognition, fingerprint or PIN.
- Automatic filtering of sensitive information: An important change is that Recall now automatically leaks information such as passwords, credit card numbers, and national identification data, so that even if an attacker managed to temporarily access the data, the data would be useless. This filtering is done locally and without the data being sent to the cloud (otherwise we would not have made much progress).
- Additional anti-malware protections: Additional measures have also been taken to protect Recall from malware attacks, such as brute force protection mechanisms, limiting access attempts, and “anti-hammering” controls that make it difficult to use repetitive attack techniques. Additionally, a temporary memory elimination system has been implemented, reducing the time during which data could be vulnerable.
- Optionality and total uninstallation: Another fundamental change is that Windows Recall is completely optional. It is no longer activated by default and only starts if the user allows it during the initial configuration of the device. Even if it is activated, users can completely uninstall it from their system at any time, removing all associated data and components.
- Privacy, also, from the employer: On the other hand, Microsoft promises that Recall will not be used to monitor the work of employees in enterprise environments: since all information is encrypted and can only be accessed by the individual authenticated user.
Microsoft has stated that public testing of Windows Recall will begin in October with Windows Insider program users who have Copilot+ PCs.
But…
Despite these improvements, widespread concern remains among privacy advocates: It is still a tool with the capacity to capture and store almost everything that happens on a PC, and that function is inherently dangerous in the eyes of many users.
Despite Microsoft’s assurances that data is not sent to the cloud or accessible by third parties, some critics point out that the very existence of this tool poses a potential risk, especially if it were to be misused by malicious actors or exploits. not discovered in the system.
Image | Microsoft
In Genbeta | Mass AI video surveillance during the Paris Olympics, a privacy nightmare according to activists
[ad_2]
Source link