Microsoft is responding to the criticism of the new Recall feature by making changes and allowing its complete removal from PCs, The Verge reports. The company announced an artificial intelligence feature that would constantly monitor user activity on the computer and take screenshots back in May 2024.
Recall was originally supposed to debut on Copilot Plus PCs in June 2024, but users didn’t like the idea of their PC spying on them around the clock and storing pictures. So Microsoft has postponed the full launch of the feature for refinement.
“I’m actually really excited about how nerdy we got on the security architecture,” says David Weston, vice president of enterprise and OS security at Microsoft.“I’m excited because I think the security community is going to get how much we’ve pushed [into Recall].”
One of the first big changes is that Recall will now be disabled by default and users will need to consciously enable the feature to start working.
Another point of criticism was that Recall’s database (screenshots of user activity) was not encrypted, and malware could access the entire user’s activity history. Everything about Recall, including the screenshot database, is now fully encrypted.
Encryption in Recall is now tied to the Trusted Platform Module (TPM) that Microsoft requires for Windows 11, so the keys are stored in the TPM and the only way to gain access is through Windows Hello authentication. The only time Recall data is passed to the user interface is when the user wants to use the feature and authenticates with their face, fingerprint, or PIN.
“We’ve moved all of the screenshot processing, all of the sensitive processes into a virtualization-based security enclave, so we actually put it all in a virtual machine,” explains Weston. That means there’s a UI app layer that has no access to raw screenshots or the Recall database, but when a Windows user wants to interact with Recall and search, it will generate the Windows Hello prompt, query the virtual machine, and return the data into the app’s memory. Once the user closes the Recall app, what’s in memory is destroyed.”
Recall will also now only run on Copilot Plus computers, which will prevent users from downloading it to Windows computers as they had before its planned June debut. Recall will check for BitLocker, enabled virtualization-based protection, boot and system protection, and kernel DMA protection on Copilot Plus PCs.
In addition, in the settings of the function, it is now possible to add exceptions in which the program will not record user activity. You can add both individual programs and specific websites to these exceptions.
Microsoft plans to preview the Recall feature within the Windows Insider program on Copilot Plus PCs in October this year.
Loading comments …