Microsoft said that it has heard community feedback and its privacy and security concerns about the new Recall feature, which stores screenshots of all user activity in a single timeline.
In a new blog post from Pavan Davuluri, corporate vice president of Windows + Devices, we discuss several changes Microsoft is making as part of its Secure Future Initiative (SFI) policy to improve security and privacy.
First of all, the first time Recall is launched, the feature will be disabled by default, and users will receive a notification in which they can turn it on or leave it completely off.
The company further notes that in order to access the Recall feed, users will need to verify their identity via Windows Hello. To view the timeline and search in Recall, you will also need to verify your presence.
Additional layers of data protection are also being added, including "just-in-time" decryption protected by Windows Hello Enhanced Sign-in Security (ESS), which means that screenshots will be decrypted and made available only after the user has authenticated. In addition, the search index database was also encrypted.
Microsoft also reminds users of the previous security measures that this feature has: screenshots are stored locally on the computer, they are not sent to the company or third parties, users will receive notifications when Recall takes a screenshot, screenshots of browsing with digital rights management or InPrivate are not stored, and users can always filter and delete screenshots that have already been saved.