Microsoft backtracks on new Recall feature — enhancing Recall's security and making it an opt-in decision

News
By
published

Lock it down, the public said of Recall, and Microsoft listened.

Microsoft branding for Copilot+ PC
(Image credit: Microsoft)

In response to customer and regulatory officials’ concerns, Microsoft has changed how its Recall snapshot feature will work. The change comes ahead of the June 18 debut of the new Copilot+ PCs, making the Recall feature opt-in and enhancing the security protocols protecting the data.

When Microsoft introduced the suite of AI features that made Copilot+ laptops unique, early testers quickly learned that the Recall feature was enabled by default. Recall takes periodic snapshots of your desktop every few seconds.

Using AI and image recognition, Recall allows you to search for almost anything you’ve done on your PC. For example, you could ask, “What did Grandma say?” it would locate the last instant message thread or email chain with your grandmother.

The feature immediately drew criticism as testers discovered how easy it was for others to access the snapshot index. U.K. regulators dubbed the Recall feature a potential security risk, calling it a “privacy nightmare.”

Analysis of the feature by Tom’s Hardware editor-in-chief Avram Pilch pointed out the risks to privacy posed by Recall. Recall could capture images containing information like passwords, social security numbers, banking information, and more. If someone gained local access to the Copilot+ laptop, the original security measures announced might not have been sufficient to protect that information.

In a recent blog update, Microsoft has reversed course on specific characteristics of the Recall feature. Users now have to deliberately enable Recall for it to work, leaving it turned off by default. Furthermore, activating Recall requires enrollment in Windows Hello, a facial recognition feature. Viewing or searching your Recall timeline will require proof of presence.

Windows Recall onboarding process now requires users to opt-in to the feature (Image credit: Microsoft)

Microsoft has also enriched the security of the Recall data. Using additional layers of protection, including “just in time” decryption protected by Windows Hello Enhanced Sign-In Security (SES), Recall snapshots will only be decrypted after you authenticate yourself.

In addition to Recall snapshots not being shared with other users or administrators, accessing the index and images requires the account owner’s authorization. Furthermore, Microsoft explained that users can pause Recall and filter applications and websites from being captured in the snapshots. They can also turn off the feature entirely if they wish to do so after opting in to Recall.

Windows Hello requiring facial recognition to access Recall snaphots.

Windows Hello requiring facial recognition to access Recall snaphots. (Image credit: Microsoft)

Microsoft reiterated the security approach built into Copilot+ PCs to alleviate security and privacy concerns. These are Secured-core PCs, which utilize advanced firmware safeguards to protect your data.

The Microsoft Pluton security processor, a chip-to-cloud security technology, is also enabled by default on all Copilot+ PCs. This technology leverages Zero Trust principles to lessen the likelihood of credentials, identities, personal data, and encryption keys being disabled or removed.

Assuming testers and researchers don’t identify more chinks in the privacy and security armor of Windows 11’s new Recall feature, the latest announcement should make Recall safer to use. Time will tell, but Microsoft’s new direction for the feature is undoubtedly a step in the right direction.

Jeff Butts
Jeff Butts
Contributing Writer

Jeff Butts has been covering tech news for more than a decade, and his IT experience predates the internet. Yes, he remembers when 9600 baud was “fast.” He especially enjoys covering DIY and Maker topics, along with anything on the bleeding edge of technology.

34 Comments Comment from the forums
  • Colif
    not surprised... wonder how much beta testing they did on that.

    Glad it only works on co pilot+ devices. I won't have to worry about it until it ever transitions to desktop.
    Reply
  • abufrejoval
    Now they just need to make that standard behavior on each and every of these new features, they keep thinking up.

    Enabling updates is a permission to do maintenance, not to take over the house and rebuild it to their fancy.
    Reply
  • PEnns
    "For example, you could ask, “What did Grandma say?” it would locate the last instant message thread or email chain with your grandmother."
    I am certain grandma would say: "Don't trust anyone with you data. Especially Microsoft, but also Google!!
    Reply
  • Alvar "Miles" Udell
    Time will tell, but Microsoft’s new direction for the feature is undoubtedly a step in the right direction.

    Amazing how they listened to criticism about Recall but have so far ignored all the other legitimate criticisms of Windows 11 which are keeping, or preventing in the case of the artificial TPM 2.0 requirement, people from using it. People aren't going to suddenly jump to 11 from 10 now that Recall is opt-in, nor as long as Microsoft continues to spend time and resources on niche features and finding ways to sneak (so far disableable, but for how long?) ads into it.
    Reply
  • Geef
    The Recall AI needs a 'Grandparent' option. It detects if your relative is talking to a person located in India and disables viewing of screenshots immediately.

    Data about above: The FBI has reported that US citizens have lost more than $10 billion to call centers from India running scams in the last 11 months of 2022.
    Reply
  • pixelpusher220
    Cue Windows Update KB 90046666666666666 'accidentally' turning it on

    Or hey a hacker that doesn't even have to do much, just flip the on switch and literally let MS do the snooping for them.

    That it *exists* to be turned on is a systemic vulnerability in Windows security, that 90% of people can't get away from.
    Reply
  • FoxtrotMichael-1
    This feature is just so stupid. Who is asking for this trash?!
    Reply
  • MacZ24
    They need to call it 'Stasi'.

    I don't think there is a legitimate use case for this kind of totalitarian 'feature'.

    Except maybe for employers who feel the need to track their WFH employees.

    Activated or not, there is a malware engine in this OS. It may or may not be activated at any point in time by 'someone' and you will have no clue about it.

    It relies on 'trust us : we are the good guys', when history points to the exact opposite.
    Reply
  • USAFRet
    FoxtrotMichael-1 said:
    This feature is just so stupid. Who is asking for this trash?!
    I know one or two people who will embrace this "1,000 %"

    One dude at work is pissed that I disallow any "AI" solutions in our code.
    Reply
  • mhmarefat
    FoxtrotMichael-1 said:
    This feature is just so stupid. Who is asking for this trash?!
    When was the last time Microsoft (and the likes of it) asked for peoples' opinion about any of their decisions? Are they asking for your opinion when they collect any information they want from your PC and give that to anyone they want?
    No, they have a "experimental approach" to people. They implement something new, if the masses "made some noise", they'll find a way to implement it non the less but in a more subtle way.

    You may not believe it, but it is Microsoft (and the likes of it) not you, who knows what's best for you. (/s BTW)
    Reply