Microsoft will begin sending a revised version of its controversial Recall feature to Windows Insider PCs beginning in October, according to an update published today to the company’s original blog post about the Recall controversy. The company didn’t elaborate further on specific changes it’s making to Recall beyond what it already announced in June.

For those unfamiliar, Recall is a Windows service that runs in the background on compatible PCs, continuously taking screenshots of user activity, scanning those screenshots with optical character recognition (OCR), and saving the OCR text and the screenshots to a giant searchable database on your PC. The goal, according to Microsoft, is to help users retrace their steps and dig up information about things they had used their PCs to find or do in the past.

The problem was that other users on the same PC, or attackers with physical or remote access to your PC, could easily access, view, and export those screenshots and the OCR database since none of the information was encrypted at rest or protected in any substantive way.

Among the changes Microsoft has said it will make: The database will be encrypted at rest and will require authentication (and periodic reauthentication) with Windows Hello before users will be allowed to access it. The feature will also be off by default, whereas the original plan was to turn it on by default and make users go into Settings to turn it off.

  • peopleproblems@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    ·
    4 months ago

    So do they like plan to do something with the massive amount of hospitals using Windows?

    Like it seems to me that scraping PHI might be a bad idea

    • beefbot@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      17
      ·
      4 months ago

      Yes. They plan that all the HIPAA lawsuits they’ll fight off will cost less than all the money they’ll make from selling everyone’s private data