Published: Sep 27, 2024
Key Takeaways:
Microsoft announced today that it will start testing the controversial Recall feature with Windows Insiders in October. The company also detailed some substantial changes it’s making to Recall to address data security and privacy concerns ahead of its public release.
Recall is a Windows feature that automatically captures screenshots of user activity, scans them using optical character recognition (OCR), and stores both the images and text on the PC. It’s designed to help users quickly locate images, websites, documents, and other content.
Microsoft had originally planned to introduce Recall as one of the flagship AI features of its first wave of Copilot+ PCs that launched back in June. However, cybersecurity experts raised concerns that users and attackers with remote or physical access could easily view or steal the stored screenshots and data. As a result, Microsoft delayed the rollout indefinitely to rework the feature before releasing it for testing with Windows Insiders.
To address privacy concerns, Microsoft has made key changes to how the controversial Recall feature operates on Copilot+ PCs. The company says that Recall will now be disabled by default, and users must manually enable it during the setup experience. Moreover, this feature can now be removed completly from a system through the “optional features” in Windows Settings. Users will also have the option to delete screenshots in bulk, based on specific time frames, apps, or websites.
Additionally, Microsoft will store all Recall data stored locally, including the screenshots and associated information in the vector database. The Recall feature will require users to enable advanced security features such as BitLocker Encryption (Windows 11 Pro), Device Encryption (Windows 11 Home), Virtualization-Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI).
Microsoft highlighted that the new version of Recall works within a Virtualization-based Security Enclave (VBS enclave) to isolate and secure data in memory from the rest of the system. It should help to protect Recall data from malware and malicious applications. Microsoft is also adding other malware protection capabilities, including rate-limiting and anti-hammering measures.
“Using Zero Trust principles, code in these enclaves can use cryptographic attestation protocols to safeguard that the environment is secure before performing sensitive operations, such as snapshot processing. This area acts like a locked box that can only be accessed after permission is granted by the user through Windows Hello. VBS Enclaves offer an isolation boundary from both kernel and administrative users,” said David Weston, Vice President Enterprise and OS Security at Microsoft.
Microsoft will also require Windows Hello to use Recall, allowing users to authenticate with their face, fingerprint, or personal identification numbers (PIN). Microsoft is also adding additional layers to security to protect sensitive information such as passwords and credit card details.
Last but not least, Microsoft has confirmed that Recall won’t be installed by default on Windows 11 Enterprise. Instead, it will be an optional feature that enterprise customers must install manually. Additionally, all Recall data is fully encrypted, and organizations will not be able to track employees’ activities.
Microsoft will start rolling out the Recall feature to Windows Insiders with Qualcomm-powered Copilot+ PCs in October, with plans to extend it to Intel and AMD-powered devices in November. However, the company has not yet announced when Recall will be generally available for all eligible Copilot+ PCs.