Microsoft to Disable Windows Recall By Default Amid Security Concerns

Published: Jun 10, 2024

Copilot PC hero approved

SHARE ARTICLE

Key Takeaways:

  • Microsoft will disable the AI-powered Recall feature by default on new Copilot+ PCs.
  • Recall snapshots will now be encrypted and accessible only through Windows Hello authentication.
  • IT administrators will be able to disable the snapshot-saving feature but cannot enable it on behalf of users.

Microsoft has committed to making changes to Recall before its launch on new Copilot+ PCs later this month, opting to disable the AI-powered Copilot feature by default for all Windows users. This decision follows privacy and security concerns raised by researchers regarding the potential misuse of the controversial Recall feature.

Last month, Microsoft announced the Recall feature for the new Copilot+ Windows PCs. This feature takes a snapshot of each user’s action on the screen every few seconds. It stores these images locally and analyzes them with an AI model to enhance search results. Microsoft assured that user data would not be used to train these models.

However, security researchers pointed out that Recall could be exploited to access and steal a user’s entire PC usage history. The data was stored in an easily accessible, non-encrypted SQLite database, potentially exposing sensitive information.

Microsoft overhauls Recall functionality

In response to these concerns, Microsoft will now disable Recall by default on Copilot+ PCs, and users must activate it during the out-of-box experience. Moreover, the company will require enrollment in Windows Hello in order to use Recall. Users will also need to authenticate each time they open the Recall app to view their timeline.

“Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards. With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18,” explained Pavan Davuluri, CVP for Windows and Devices.

Microsoft to Disable Recall By Default on Copilot+ PCs Amid Security Concerns
Updated set-up experience

Lastly, Microsoft is boosting Recall’s security with “just in time” decryption. This means that Recall snapshots will be encrypted and require Windows Hello authentication to be decrypted. Microsoft is also encrypting the search index database to protect sensitive information. It would prevent users from accessing another user’s Recall snapshots stored on the same PC.

How the Recall feature ensures privacy protection on Copilot+ PCs?

Microsoft emphasized that all Recall data is stored and processed locally, with snapshots never shared with Microsoft or other entities. Users will be able to track when Recall is saving snapshots via taskbar and system tray icons, and they will have the ability to pause, filter, or delete snapshots at any time. Additionally, IT administrators can choose to disable the snapshot-saving feature on Copilot+ PCs, but cannot enable it for end users within their organizations.

Microsoft also noted that the Recall feature will be available only on the first wave of Copilot+ PCs. These new PCs will come with enhanced security features like Microsoft Pluton security chips and Windows Hello Enhanced Sign-in Security (ESS).

SHARE ARTICLE