Microsoft announces that the AI feature that captures screenshots on new PCs will be disabled by default following public outcry.

• Security researchers warned that Microsoft's Recall feature for Copilot+ AI PCs could put user data at risk of being accessed by hackers.
• Microsoft said Friday that the feature will be off by default.
• The software company also announced security protections.

The AI feature on new PCs that captures screenshots and allows users to search their activity will be disabled by default after security researchers discovered that attackers could access the underlying data.

During a press briefing last month, Microsoft showcased the Recall feature as one of the main capabilities of the forthcoming Copilot+ PCs, which are equipped with AI computing power onboard.

Microsoft's head of Windows and Surface devices, Pavan Davuluri, stated in a blog post on Friday that if you don't actively switch it on, it will remain off by default.

Microsoft is currently grappling with the challenge of reconciling competing interests as it integrates new AI technology into its products and strives to remain competitive. Despite the fast-paced changes in the market, user privacy and security remain under intense scrutiny. A recent review board in the U.S. has criticized Microsoft's handling of the breach of U.S. government officials' email accounts by China.

Microsoft has integrated the Copilot conversational chatbot into Windows, similar to OpenAI's ChatGPT. Both chatbots use cloud servers to perform computations and send back responses to PCs. However, unlike ChatGPT, Copilot stores user data locally and doesn't require additional internet-based computing power.

Microsoft's CEO, Satya Nadella, instructed employees to prioritize security and implemented modifications to the company's security protocols in response to a report from the U.S. government.

Experts questioned the potential for hackers to retrieve users' information after Microsoft announced Recall, a tool that can search through a log of previous actions on PCs.

Security practitioners released software called Total Recall that displays data Recall collects.

Recall stores all data locally in an unencrypted SQLite database, and screenshots are saved in a folder on your PC. However, there is a concern that attackers may develop tools to search for usernames and passwords within Recall screenshots.

Microsoft is enhancing Recall's security features by encrypting the search index database and mandating manual activation of Copilot+ PCs on June 18.

"To enable Recall, both Windows Hello enrollment and proof of presence are necessary."

Users can verify their identity with Windows Hello by inputting a PIN, displaying their face to the PC camera, or using a fingerprint.

"According to Kevin Beaumont, a former Microsoft cybersecurity analyst, enabling home systems by default in the original implementation of Recall was a mistake. He believes that giving people the option to opt-in on home systems will prevent security problems in the future."

Tech investor reveals his biggest concern regarding AI product vendors.