Microsoft says it is making its new Recall feature in Windows 11, which takes a screenshot of everything you do on your PC, an opt-in feature and addresses several security concerns. The software giant first unveiled the Recall feature last month as part of its upcoming Copilot Plus PCs, but since then privacy advocates and security experts have warned that without changes, Recall could be a “disaster” for cybersecurity.
Fortunately, Microsoft has listened to the complaints and is making some changes before the Copilot Plus PCs launch on June 18. Microsoft originally planned to enable Recall by default, but the company now says it will offer the option to disable the controversial AI-powered feature during the installation process of new Copilot Plus PCs. “If you don’t proactively choose to enable it, it will be disabled by default,” says Windows chief Pavan Davuluri.
Microsoft also requires Windows Hello to enable Recall, so you can authenticate with your face, fingerprint, or with a PIN. “In addition, viewing your timeline and searching in Recall also requires proof of attendance,” says Davuluri, so that someone cannot search your timeline without first authenticating.
This authentication also applies to the data protection surrounding the snapshots that Recall takes. “We are adding additional layers of data protection, including ‘just in time’ decryption, protected by Windows Hello Enhanced Sign-in Security (ESS), so that Recall snapshots are only decrypted and accessible when the user authenticates,” explains Davuluri out. “In addition, we have encrypted the search index database.”
Recall uses local AI models to take a screenshot of virtually everything you see or do on your computer, then gives you the power to search and retrieve anything in seconds. An explorable timeline makes it easy to browse through these snapshots and look back at what you did on your PC that particular day. Everything in Recall is designed to stay local and private on the device, so no data is used to train Microsoft’s AI models.
Microsoft’s changes to the way the database is stored and accessed come after cybersecurity expert Kevin Beaumont discovered that Microsoft’s AI-powered feature currently stores plain text data in a database. That could have made it easy for malware authors to create tools that extract the database and its contents. Several tools have emerged in recent days that promise to exfiltrate Recall data.
TotalRecall extracts the Recall database so you can easily view what text was saved and what screenshots Microsoft’s function generated. NetExec looks to be getting its own Recall module soon that can access and dump Recall folders so you can easily view the screenshots. These tools are all possible because there is currently no full encryption or protection on the Recall database.
Microsoft developed the Recall feature as part of the new Secure Future Initiative (SFI) that the company introduced to overhaul software security after major Azure cloud attacks. Microsoft has had a rough few years of cybersecurity incidents, and the SFI should focus on security above all else.
In fact, Microsoft CEO Satya Nadella recently called on employees to make security Microsoft’s “top priority,” even if that means prioritizing them over new features. “When faced with the trade-off between security and another priority, your answer is clear: Practice security,” Nadella (emphasis his) said in an internal memo obtained by The edge. “In some cases, this means prioritizing security over other things we do, such as releasing new features or providing ongoing support for legacy systems.”
Davuluri referenced Microsoft’s SFI Principles in today’s response, noting that the company is taking action to improve Recall security. But it appears to be largely due to security researchers flagging these issues, rather than Microsoft’s own security principles, as these issues should have been noticed internally long before this launch anyway.
Microsoft would also like to emphasize that Recall will only be available on new Copilot Plus PCs that are designed to be secure PCs with advanced firmware protections and the company’s Pluton security processor designed to protect against theft of personal data from a PC.
“As we always do, we will continue to listen and learn from our customers, including consumers, developers and enterprises, to evolve our experiences in ways that are meaningful to them,” Davuluri said. experiences for our customers by prioritizing privacy, safety and security. We remain grateful for the vibrant community of customers who continue to share their feedback with us.”