Does Microsoft Security Prioritize Over All Other Features? The Impact of Microsoft’s Recall Security Principles on the Product and Service Lifetime of the Internet
“As we always do, we will continue to listen to and learn from our customers, including consumers, developers and enterprises, to evolve our experiences in ways that are meaningful to them,” says Davuluri “We will continue to build these new capabilities and experiences for our customers by prioritizing privacy, safety and security first. Customers continue to share their feedback with us and we are grateful for that.
After today’s announcement, Microsoft’s roll out of Recall appeared more in line with its usual style, and one that came as a shock to many; announcing a feature, then rushing to control it, and getting hammered for security failures.
In the response, Davuluri references Microsoft’s SFI principles and says the company is taking steps to improve recall security. But it appears to be largely down to security researchers flagging these issues rather than Microsoft’s own security principles because surely these issues should have been flagged internally far before this launch.
Microsoft CEO Satya Nadella even called on employees to make security Microsoft’s “top priority” recently, even if that means prioritizing it over new features. If you face this tradeoff between security and other priorities, your answer is clear: Do security, said Nadella in a memo obtained by The Verge. In other cases, this will mean making security a priority over everything else we do, such as releasing new features or providing ongoing support for legacy systems.
Hire isn’t a Good Idea: How Windows Hello Makes Your Privacy Very Fragile and How it Can Be Unrequested
Microsoft will require Windows Hello to enable recall, so that you can either use your face, fingerprints, or a PIN. “In addition, proof of presence is also required to view your timeline and search in Recall,” says Davuluri, so someone won’t be able to start searching through your timeline without authenticating first.
The changes come amidst a mounting barrage of criticism from the security and privacy community, which has described Recall—which silently stores a screenshot of the user’s activity every 5 seconds as fodder for AI analysis—as a gift to hackers: essentially unrequested, pre-installed spyware built into new Windows computers.
It makes your security very fragile according to Dave Aitel, a formerNSA hacker and founder of security firm Immunity. “Anyone who penetrates your computer for even a second can get your whole history. Which is not something people want.”
