Fresh Thoughts #142: Recalling an Uncomfortable History
- Newsletter
There was a time when buying a laptop meant uninstalling all of the bloatware that came preinstalled.
Apps you didn't ask for...
Didn't need...
They were only there because the laptop vendor had received a payment for it to be preinstalled.
Buying a new laptop often meant deleting everything and starting with a new, fresh operating system.
...anything to get rid of the digital detritus.
Then, if you were security conscious, you started turning off services within the operating system that you didn't need.
Back in the day, we called it hardening.
Now it has a fancy TLA - Attack Surface Reduction (ASR).
Same thing... just two extra words.
In a private briefing I attended in the 2000s, Microsoft notoriously said, "We will prioritise getting granny online over security."
Thankfully, that approach has largely changed, and we are in a better place.
That is until the current debacle over Microsoft Recall.
Microsoft Recall
In May 2024, Satya Nadella - Microsoft CEO - sat down with the Wall Street Journal and explained Microsoft's dream to introduce a photographic memory of everything you do on your PC: "and now we have it. So, it's called Recall."
Recall takes a snapshot of your desktop every 5 seconds.
It uses a generative AI model to process all the data and make it searchable - even 'understanding' the contents of photos.
Within weeks, researchers were able to extract all of the data stored by Recall and any account on the laptop could access the underlying photographic memory.
Security commentators raised concerns that a new form of ransomware or malware could capture "patterns of life" information to make social engineering attacks even more realistic.
This pressure prompted Microsoft to publish a blog suggesting Recall would be an 'opt-in' feature.
"To give people a clearer choice to opt-in to saving snapshots using Recall. If you don't proactively choose to turn it on, it will be off by default."
So everything turned out well...
Microsoft listened to customer concerns, and all is well...
Erm... not quite.
In a classic example of doublespeak, Microsoft appears to have made the Recall opt-in mandatory to use its new features.
Specifically, if you want to use the latest version of File Explorer - to access your files - Recall must be installed.
Installing the latest release of Windows 11 (Version 24H2) opts into Recall, activates the feature, and then appears to hide the feature from the Privacy & Security controls.
Final Thoughts
This is a worrisome development as it undermines Microsoft's positive progress in building trust in its security and privacy approach.
However, the problem is new - less than 30 days old - and so the situation may change.
In the interim, to test if you have Recall enabled on your PC, you need to run the following command as an Administrator:
Dism /Online /Get-Featureinfo /Featurename:Recall
And to disable it, use:
Dism /Online /Disable-Feature /Featurename:Recall
A second alternative approach can be found in this excellent video demonstration.
October 29, 20242 Minutes Read
