Microsoft backtracks on new Recall feature — enhancing Recall's security and making it an opt-in decision

In response to customer and regulatory officials’ concerns, Microsoft has changed how its Recall snapshot feature will work. The change comes ahead of the June 18 debut of the new Copilot+ PCs, making the Recall feature opt-in and enhancing the security protocols protecting the data.

When Microsoft introduced the suite of AI features that made Copilot+ laptops unique, early testers quickly learned that the Recall feature was enabled by default. Recall takes periodic snapshots of your desktop every few seconds.

Using AI and image recognition, Recall allows you to search for almost anything you’ve done on your PC. For example, you could ask, “What did Grandma say?” it would locate the last instant message thread or email chain with your grandmother.

The feature immediately drew criticism as testers discovered how easy it was for others to access the snapshot index. U.K. regulators dubbed the Recall feature a potential security risk, calling it a “privacy nightmare.”

Analysis of the feature by Tom’s Hardware editor-in-chief Avram Pilch pointed out the risks to privacy posed by Recall. Recall could capture images containing information like passwords, social security numbers, banking information, and more. If someone gained local access to the Copilot+ laptop, the original security measures announced might not have been sufficient to protect that information.

In a recent blog update, Microsoft has reversed course on specific characteristics of the Recall feature. Users now have to deliberately enable Recall for it to work, leaving it turned off by default. Furthermore, activating Recall requires enrollment in Windows Hello, a facial recognition feature. Viewing or searching your Recall timeline will require proof of presence.

Microsoft has also enriched the security of the Recall data. Using additional layers of protection, including “just in time” decryption protected by Windows Hello Enhanced Sign-In Security (SES), Recall snapshots will only be decrypted after you authenticate yourself.

In addition to Recall snapshots not being shared with other users or administrators, accessing the index and images requires the account owner’s authorization. Furthermore, Microsoft explained that users can pause Recall and filter applications and websites from being captured in the snapshots. They can also turn off the feature entirely if they wish to do so after opting in to Recall.

Microsoft reiterated the security approach built into Copilot+ PCs to alleviate security and privacy concerns. These are Secured-core PCs, which utilize advanced firmware safeguards to protect your data.

The Microsoft Pluton security processor, a chip-to-cloud security technology, is also enabled by default on all Copilot+ PCs. This technology leverages Zero Trust principles to lessen the likelihood of credentials, identities, personal data, and encryption keys being disabled or removed.

Assuming testers and researchers don’t identify more chinks in the privacy and security armor of Windows 11’s new Recall feature, the latest announcement should make Recall safer to use. Time will tell, but Microsoft’s new direction for the feature is undoubtedly a step in the right direction.