Following massive customer pushback after it announced the new AI-powered Recall for Copilot+ PCs last month, Microsoft says it will update the feature to be more secure and require customers to opt in to enable it.
To further improve the feature's privacy and security, the company will also require users to prove that they're in front of the computer via Windows Hello to enable and use Recall.
"We are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall. If you don't proactively choose to turn it on, it will be off by default," said Windows & Devices Corporate Vice President Pavan Davuluri.
"Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall."
Davuluri said the search index database will also get an additional layer of decryption protection by Windows Hello Enhanced Sign-in Security (ESS), which will only allow the users to access the encrypted data after authenticating.
Microsoft initially claimed that the Windows Recall databases were secure because they were encrypted by Bitlocker and only decrypted when the user logged in to Windows 11. However, if malware was running on the computer, it could access the database fully because it runs after a user logs in and the data is decrypted.
After this change goes live, the Windows Recall data will remain encrypted until a user authenticates with Windows Hello when they open the app. This adds an additional layer of security to the database.
"Recall data protection includes 'just in time' decryption protected by Windows Hello Enhanced Sign-in Security so Recall snapshots will only be decrypted and accessible when the user authenticates," Microsoft told BleepingComputer.
"In addition, we encrypted the search index database. Windows Hello ESS biometrics need to be enrolled before Recall will start collecting data AND need to be enrolled to launch Recall."
These privacy and security updates will be shipped to customers with Copilot+ PCs when Recall (preview) ships on June 18.
The company has yet to share if the future will also be turned off by default in corporate environments, which was a big issue raised by enterprise customers after the initial announcement.
Windows Recall is a feature designed to help you access past information on your computer by using a simple search function.
It works by taking screenshots of your active window every few seconds and recording your Windows activities for up to three months by default.
These screenshots are then analyzed by an on-device Neural Processing Unit (NPU) and an AI model to extract data. The extracted data is saved in a semantic index, allowing Windows users to browse their screenshot history or search using natural language queries.
With Recall's "virtual and completely private photographic memory" (as Davuluri described today), users can find historic information loaded in apps, websites, images, and documents.
Currently, this feature is only available on Copilot+ PCs running Snapdragon X ARM processors, but Microsoft is working to make it compatible with Intel and AMD CPUs.
Today's announcement aligns with Microsoft's recent pledge to prioritize security above all else after regular users and cybersecurity experts tagged the Recall's initial iteration as a privacy nightmare.
"If you're faced with the tradeoff between security and another priority, your answer is clear: Do security. In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems," Microsoft's CEO Satya Nadella said in an email to Microsoft employees.
"This is key to advancing both our platform quality and capability such that we can protect the digital estates of our customers and build a safer world for all."
Comments
TermX - 5 months ago
In other words they will put it in... with Vaseline...
Throwdown - 5 months ago
Slowly but surely.
Papiriki - 5 months ago
Con vaselina entra, con arena chilla. Speaking of which, hopefully Windows Hello doesn’t have a back door.
DyingCrow - 5 months ago
That "AI" M$ is using to churn out updates and fixes so quickly for a bunch of stuff should be making the decisions, instead of the cabbage sitting on that chair right now.
Shplad - 5 months ago
Not to worry. I'm sure a future update will accidentally enable the Recall feature again. And unless you notice it, it will stay on until you do.
b1k3rdude - 5 months ago
Still not interested.
h_b_s - 5 months ago
"The company has yet to share if the future will also be turned off by default in corporate environments, which was a big issue raised by enterprise customers after the initial announcement."
I think you're going to find that corporations are going to turn it on with all of their fleet systems if they find a way to utilize the history database internally, and only turn it off if they can't leverage it as another form of worker surveillance. This is a gift from the universe for the surveillance state whether the snooper is corporate employers, governments, or data brokers. The only way MS will stop this is to use an encrypted history database inaccessible to *any* user into a functional HSM storage similar to the way encryption keys are stored in write-only enclaves. Bitlocker isn't secure enough for this task.
Sgtkeebler - 5 months ago
You are really behind on workplace surveillance. Companies don’t need Microsoft Ai to spy on their employees because there is far better software out there that many employees don’t even know is running on their computers.
cyberwolfe - 5 months ago
"For the memory of a lifetime...Rekall, Rekall, Rekall."
DIMMReaper_ - 5 months ago
Going to nuke this off every effing machine we end up getting. What a stupid feature, I don't care if they say they are "securing" it with Windows Hello. Sounds like a slick way for M$ to scrape data and money. I'm just waiting to need a license to use multiple monitors, USB ports, and who knows what else.
Sgtkeebler - 5 months ago
I just uninstall Copilot
DrkKnight - 5 months ago
I really don't give a rats furry @ss how they sugar coat it , just like with Edge there is ALWAYS that chance that an update down the road will turn it on without your knowledge. I don't care if you can opt in or not, as long as it is on your system it poses a security risk. The average home user does not use bio-metrics on their pc and besides who wants their face scanned or have to use their fingerprint every time they need to use the damn thing? I really do not see what the big problem is about making it a separate download , let people have the choice of whether they want it or not ..... but if they did that they will probably find out what a waste of time it was developing it .... much like Windows 11 itself.
Neurone - 5 months ago
Let's say I don't use recall, but I send a mail to colleague who does, containing confidential information.
Will their machine OCR it and store it? ready to be consumed by Microsoft's data crawling or random malware shenanigans?
I foresee some hot, tasty lawsuits a'comin...