Jeremy Dallman’s Post

Microsoft recently launched a new feature called "Recall" for Windows 11 and Copilot+ PCs, aimed at enhancing system recovery by taking continuous snapshots of user activity. This innovative tool is designed to let users restore their computers to any previous state, offering a powerful way to undo changes and recover lost data. However, this feature comes with its share of controversies and privacy concerns. Initially met with significant backlash from security experts and users, Microsoft has decided to make the Recall feature opt-in rather than enabling it by default. The concerns center around the potential for sensitive information to be captured in snapshots, which could be vulnerable to hackers if the device is compromised. Key updates to address these concerns include: - Opt-in Activation: Users must proactively enable Recall during the setup of Copilot+ PCs. - Enhanced Security Measures: Proof of presence and just-in-time decryption are required to access snapshots, ensuring that data is only decrypted when the user authenticates. - Local Data Storage: All snapshots are stored locally, not in the cloud, to enhance security. Microsoft’s efforts to balance innovation with user privacy and security highlight the complexities of integrating AI-powered features into everyday tools. What are your thoughts on this new feature? Is the ability to restore your computer to a previous state worth the potential privacy risks, or do the security concerns outweigh the benefits? Let's discuss! #Microsoft #RecallFeature #TechInnovation #Privacy #Security #Windows11

Microsoft's Recall recall Microsoft heard a clear signal that they need to improve privacy and security safeguards: Action plan according to Microsoft: First, we are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall. If you don’t proactively choose to turn it on, it will be off by default. Second, Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall. Third, we are adding additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database. #microsoft #copilot #copilotplus #windows #recall #privacy #security #ai

📰Microsoft provided an update on feedback received Recall. TLDR below. #DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Privacy #Infosec #Microsoft #Recall https://lnkd.in/eJJJw4tS - First, we are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall. If you don’t proactively choose to turn it on, it will be off by default. - Second, Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall. - Third, we are adding additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database. https://lnkd.in/epbhQa_j

#Recall #Microsoft Interesting how a company with their market and power tries to sell a new feature as safe and useful while most #cybersecurity experts mock them for it. What do you think. I think it is not safe at all even with an encrypted DB, but too late to stop. Perhaps this will be Microsoft's Watergate, as the company is under fire for its casual approach to the security of customer environments as well. https://lnkd.in/e6K2Xatc

We're making some updates to the Recall feature of Copilot+ PCs to give you even greater control and security. 1) First, we are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall. If you don’t proactively choose to turn it on, it will be off by default. 2) Second, Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall. 3) Third, we are adding additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database. Take a read here with the full article: https://lnkd.in/gFQGstrB

🚨 Microsoft Delays Windows Recall Due to Security Concerns Microsoft has postponed the launch of the AI-powered Windows Recall feature, originally set for June 18, 2024, to conduct further testing and security enhancements. Top 4 takeaways: 📷 Windows Recall captures screenshots every few seconds, analyzed by Azure AI to extract data into a SQLite database, enabling human language searches for historical data. 🔏 Privacy advocates and cyber security experts have criticized Windows Recall for potential data theft risks, prompting Microsoft to make it an opt-in feature secured with Windows Hello. 📄 This update came the same day after a ProPublica report criticized Microsoft for prioritizing revenue over security, coinciding with a congressional meeting about the company’s security lapses. 📅 Recall will now shift to the Windows Insider Program (WIP) in the coming weeks and become a preview feature. #cybersecurity #news #microsoft #windows #recall #kraven #KravenSecurity #adamgoss #cti #threatintelligence

#AzureDaily Discover the evolution of #MicrosoftSurface UEFI, offering enhanced boot security & device management for a more secure and streamlined user experience. Learn about new features, including SecureBoot, Device Guard, and more! 💻🔒 #AzureCloud #SurfaceSecurity

Update on the Recall preview feature for Copilot+ PCs #microsoft #microsoftadvocate #security #cybersecurity #msftadvocate #recall #copilotplus #copilot+ https://lnkd.in/dB7JyxJd

🚒 This is sort of historical moment or one of those rare occasions where a tech Giant like Microsoft decided to postpone the launch of a new feature on the basis of improving security and more testing of the feature. 🤯 🤔 Yes, it is not a total victory for the cybersecurity community. Nonetheless, this mark an inflection point where the community can make their voice heard and have an impact on the decision of these giants. 🤔 Yes, MS played its cards well as they will not stop this feature, but they know the world is watching them to see if their claims of a renew security mindset is real. This a warning call that it is NOT ok to have the “release products first” mentality just to keep their hefty revenue and stakeholders happy. ⏩ They promised new security features and additional layers of data protection including “just in time” decryption via Windows Hello Enhanced Sign-in Security (ESS). Theoretically this means that Recall snapshots will only be decrypted and accessible when the user authenticates. This would be great if we trust that the Hello ESS comes free of vulnerabilities (I would not bet on this ever) ⏩ Also customers will need to get additional MS tools to better protect the data like Window SmartScreen and Defender. #cybersecurity #security #dataprivacy

In line with Microsoft’s SFI principles, before the preview release of Recall to customers, we are taking steps to increase data protection. Copilot+ PCs will launch with “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates. This gives an additional layer of protection to Recall data in addition to other default enabled Window Security features like SmartScreen and Defender which use advanced AI techniques to help prevent malware from accessing data like Recall. Copilot + Recall will leverage Pluton! You may have heard of Pluton if you ever looked at Azure Sphere (https://lnkd.in/e9yiFNRs) ``` Microsoft Pluton security processor will be enabled by default on all Copilot+ PCs. Pluton is a chip-to-cloud security technology – designed by Microsoft and built by silicon partners – with Zero Trust principles at the core. This helps protect credentials, identities, personal data and encryption keys, making them significantly harder to remove from the device, even if a user is tricked into installing malware or an attacker has physical possession of the PC. ``` https://lnkd.in/edqPewx2