Microsoft has recently unveiled significant updates to its controversial Windows Recall feature, addressing privacy and security concerns while enhancing its functionality. Originally announced in May 2024, Recall is designed to create an “explorable timeline” of a user’s PC activity, taking snapshots every 5 seconds to enable easy searching of past interactions[1][2].
Opt-In by Default
In response to initial backlash, Microsoft has made Recall an opt-in feature. Users of Copilot+ PCs will now have to explicitly choose to enable Recall during setup, ensuring that no snapshots are taken or saved without user consent[4]. This change gives users greater control over their data and privacy.
Enhanced Security Measures
Microsoft has implemented a robust security architecture to protect user data:
VBS Enclave Protection: Recall now utilizes a Virtualization-based Security Enclave (VBS Enclave) to process and store snapshots. This “locked box” approach creates an isolation boundary that prevents unauthorized access, even from users with administrative privileges[3].
Biometric Authentication: Windows Hello is required to enable and access Recall data. This biometric authentication serves as the “key” to the VBS Enclave, adding an extra layer of security[3].
Encryption: All snapshots and associated data are encrypted using the Trusted Platform Module (TPM) and tied to the user’s Windows Hello Enhanced Sign-in Security identity[5].
Privacy Controls
Microsoft has introduced several privacy-focused features:
- Content filtering to prevent capturing sensitive information like credit card details
- User controls to delete snapshots individually or in bulk
- Options to set retention periods for Recall content
- Exclusion of private browsing sessions from Recall[3]
Rigorous Testing
To ensure Recall’s security, Microsoft has conducted:
- Months of penetration testing by their Offensive Research and Security Engineering team
- Third-party security audits
- A Responsible AI Impact Assessment[3]
Availability
While an exact release date hasn’t been announced, Microsoft plans to make Recall available to Windows Insider members in October 2024[2]. This phased approach allows for further testing and refinement before a wider rollout.
The Road Ahead
As AI becomes more integrated into Windows, Microsoft is focusing on edge computing with Copilot+ PCs. This approach offers benefits like lower latency, improved battery life, and offline AI capabilities[5]. However, it also presents unique security challenges that Microsoft is actively addressing with Recall’s design.
By implementing these security measures and privacy controls, Microsoft aims to rebuild trust in Recall and demonstrate its commitment to user privacy. As the feature rolls out to Windows Insiders, it will be interesting to see how users respond and whether Recall can overcome its initial controversies to become a valuable tool for Windows users.
Citations:
[1] https://www.cnet.com/tech/services-and-software/after-heavy-criticism-of-windows-recall-microsoft-changes-tack-on-the-ai-tool/
[2] https://www.computerworld.com/article/3542616/microsoft-details-windows-recall-security-and-privacy-features.html
[3] https://www.tomshardware.com/software/windows/microsoft-describes-recalls-new-security-features-says-the-feature-is-opt-in
[4] https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/
[5] https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/
[6] https://learn.microsoft.com/nl-nl/windows/ai/apis/recall
[7] https://forums.stardock.com/528083/windows-11-24h2-controversial-new-recall-feature
[8] https://support.microsoft.com/en-us/windows/privacy-and-control-over-your-recall-experience-d404f672-7647-41e5-886c-a3c59680af15
