Microsoft's upcoming Recall feature in Windows 11 has generated a wave of controversy this week following early testing that revealed huge security holes. The initial version of Recall saves screenshots and a large plaintext database tracking everything that users do on their PCs, and in the current version of the feature, it's trivially easy to steal and view that database and all of those screenshots for any user on a given PC, even if you don't have administrator access. Recall also does little to nothing to redact sensitive information from its screenshots or that database.

Microsoft has announced that it's making some substantial changes to Recall ahead of its release on the first wave of Copilot+ PCs later this month.

"Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards," wrote Microsoft Windows and Devices Corporate Vice President Pavan Davuluri in a blog post. "With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18."

First and most significantly, the company says that Recall will be opt-in by default, so users will need to decide to turn it on. It may seem like a small change, but many users never touch the defaults on their PCs, and for Recall to be grabbing all of that data by default definitely puts more users at risk of having their data stolen unawares.

The company also says it's adding additional protections to Recall to make the data harder to access. You'll need to enable Windows Hello to use Recall, and you'll need to authenticate via Windows Hello (whether it's a face-scanning camera, fingerprint sensor, or PIN) each time you want to open the Recall app to view your data.

Both the screenshots and the SQLite database used for Recall searches are being encrypted and will require Windows Hello authentication to be decrypted. Microsoft described Recall data as "encrypted" before, but there was no specific encryption used for any of the screenshots or the database beyond the Bitlocker full-disk encryption that is turned on by default for most PCs when they sign into a Microsoft account.

That last change should address the biggest problem with Recall: that any user signed in to a PC (or any malware that was able to gain access to the filesystem) could easily view and copy another user's Recall screenshots and database on the same PC. The text database's size is measured in kilobytes rather than megabytes or gigabytes, so it wouldn't take much time to swipe if someone managed to access your system.

... [Read More]

Instagram is testing ‘unskippable ads’ according to reports from some users, a feature it is calling an ‘ad break’.

Screenshots shared on X, formerly Twitter, show a countdown timer on the feed, after which a video ad post appears. Users cannot scroll past the post until the video has played in full.

Clicking on the info button reveals the following message: ‘You’re seeing an ad break.

‘Ad breaks are a new way of seeing ads on Instagram. Sometimes you may need to view an ad before you can keep browsing.’

Unsurprisingly, people are not happy about this move to push even more advertising.

On X, one user, Allie, wrote: ‘Oh my god, Instagram has added “ad breaks” where they won’t let you scroll past an ad until you wait three seconds.

‘I guess they’ll be my “get off Instagram” notifications.’

Another, Pamela Morales, said: ‘The unskippable ad breaks on Instagram are making me want to scream!’

A Meta spokesperson said: ‘We’re always testing formats that can drive value for advertisers. As we test and learn, we will provide updates should this test result in any formal product changes.’

Metro

Ticketmaster is the victim of a cyber attack, its parent company, Live Nation, confirmed. The information stolen allegedly includes personal information from 560 million individuals, including names, numbers, addresses, and partial payment details. Hacking group ShinyHunters has demanded $500,000 in ransom money to prevent the data's sale and confirmed it held the 1.3TB of stolen data to Hackread.

In a filing with the US Securities and Exchange Commission, Live Nation stated it had "identified unauthorized activity" on May 20 and subsequently started investigating it. On May 27, "a criminal threat actor offered what it alleged to be Company user data for sale via the dark web."

Live Nation claims to be working to lower the risks posed to its customers and its own business. "As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations," the company added. "We continue to evaluate the risks and our remediation efforts are ongoing."

Ticketmaster has faced previous breaches, including a bot attack during Taylor Swift ticket sales. The company also has a history as a hacker, illegally — and repeatedly — accessing the computer system of its rival, Songkick. Ticketmaster paid a $10 million criminal fine rather than face prosecution. However, the company's former head of Artist Services, Zeeshan Zaidi, pled guilty to conspiring to commit computer intrusions and wire fraud due to his role in the scheme.

Engadget

Spotify announced on Monday it is increasing the cost of its premium subscription plans in the U.S., marking the Swedish music-streaming company’s second price hike in a year.

U.S. Spotify users will be notified about the new change to their subscription over the next month.

For users in the U.S., an “Individual” plan will cost $11.99. A “Duo” plan will cost $16.99, and a “Family” plan will cost $19.99. The “Student” plan will still cost $5.99.

Spotify said it is raising prices so the company can “continue to invest in and innovate on our product features,” according to a blog post.

In July 2023, Spotify increased the price of its Individual offering to $10.99. It also increased the prices of its Duo plan, Family plan and Student offering to $14.99, $16.99 and $5.99, respectively. The company said the market landscape has “continued to evolve” since Spotify launched, according to a release at the time.

Spotify competitor AppleMusic increased the cost of its subscription in late 2022. An individual subscription starts at $10.99 a month, according to Apple’s website.

CNBC

Sony's PlayStation VR2 headset and controllers may soon be compatible with PCs via a new adapter, if a Sony filing with a South Korean regulator is any indication.

Earlier this week, a PC adapter for the PS VR2 was certified with the Korean National Radio Research Agency, which examines, tests, and certifies tech products. The adapter now has a certification number, which suggests a public release could be on the horizon. The PC adapter for the VR2 would mark the first time Sony has enabled full PC support for its VR devices.

The PS VR 2 is currently only compatible with the PlayStation 5 console. It's not fully compatible with PCs and won't connect to a PS4 console. Sony's original PS VR headset will work with either the PS4 or the PS5, thanks to a different adapter it made for the 2016-era headset that connects it to the newer console.

If a PS VR 2 adapter comes to market, it could also mean that PC players might be able to access PS VR 2 games, though it's also possible PC users might be limited to a smaller library. Sony hasn't publicly confirmed or commented on the existence of this PC adapter yet, but it said it was testing "the ability for PS VR2 players to access additional games on PC" earlier this year. Sony also previously said it plans to roll out PC support sometime this year.

It's possible that Sony is opening up compatibility to better compete with its VR rivals like Meta, whose Meta Quest 3 and Meta Quest 2 headsets have long been able to connect to PCs to access PC VR apps and games. Sony's PS VR2 was first released back in February 2023.

PCMag

One of several AI features designed run on new high-powered Copilot+ PCs, Recall is like giving users a ‘photographic memory,’ says Microsoft.

Microsoft is bringing a new AI-powered search function to Windows 11 that lets users find and retrieve information across any app they’ve accessed.

The new feature, Windows Recall, essentially records all user actions on a PC, taking snapshots of the screen at 5 second intervals. This allows Recall to generate a searchable timeline of everything they’ve interacted with, whether that’s an application, website, document, image, or anything else. It could mean searching for anything from references to a work-related topic across different documents, or a conversation with a friend on a chat app, whether on a desktop app or via a web browser.

“We set out to solve one of the most frustrating problems we encounter daily — finding something we know we have seen before on our PC,” Yusuf Mehdi, Microsoft’s executive vice president and consumer chief marketing officer, said Monday in a blog post. “Today, we must remember what file folder it was stored in, what website it was on, or scroll through hundreds of emails trying to find it.

“Now with Recall, you can access virtually what you have seen or done on your PC in a way that feels like having photographic memory.”

“If Recall works as well as planned, it will be a major productivity booster and probably one of the most useful productivity tools we’ve seen in years,” said Jack Gold, principal analyst with business consultancy J. Gold Associates.

“Being able to instantly find data you know you have ,but have no idea where you put it, or instantly recall that website that was so useful — but you can’t remember what it was — will be a game changer.”

Computerworld