The condemnation of Microsoft’s Recall feature for Copilot+ AI PCs was swift and damning. While it’s meant to let you find anything you’ve ever done on your PC, it also involves taking constant screenshots of your PC, and critics noticed that information wasn’t being stored securely. Microsoft ended up delaying its rollout for Windows Insider beta testers, and in June it announced more stringent security measures: It’s making Recall opt-in by default; it will require Windows Hello biometric authentication; and it will encrypt the screenshot database.
Today, ahead of the impending launch of the next major Windows 11 launch in November, Microsoft offered up more details about Recall’s security and privacy measures. The company says Recall’s snapshots and related data will be protected by VBS Enclaves, which it describes as a “software-based trusted execution environment (TEE) inside a host application.” Users will have to actively turn Recall on during Windows setup, and they can also remove the feature entirely. Microsoft also reiterated that encryption will be a major part of the entire Recall experience, and it will be using Windows Hello to interact with every aspect of the feature, including changing settings.
“Recall also protects against malware through rate-limiting and anti-hammering measures,” David Weston, Microsoft’s VP of OS and enterprise security, wrote in a blog post today. “Recall currently supports PIN as a fallback method only after Recall is configured, and this is to avoid data loss if a secure sensor is damaged.”
When it comes to privacy controls, Weston reiterates that “you are always in control.” By default, Recall won’t save private browsing data across supported browsers like Edge, Chrome and Firefox. The feature will also have sensitive content filtering on by default to keep things like passwords and credit card numbers from being stored.
Microsoft says Recall has also been reviewed by an unnamed third-party vendor, who performed a penetration test and security design overview. The Microsoft Offensive Research and Security Engineering team (MORSE) has also been testing the feature for months.
Given the near instant backlash, it’s not too surprising to see Microsoft being extra cautious with Recall’s eventual rollout. The real question is how the the company didn’t foresee the initial criticisms, which included the Recall database being easily accessible from other local accounts. Thanks to the use of encryption and additional security, that should no longer be an issue, but it makes me wonder what else Microsoft missed early on.
This article contains affiliate links; if you click such a link and make a purchase, we may earn a commission.
Trending Products
HP 27h Full HD Monitor – Diagonal – IPS Panel & 75Hz Refresh Rate – Smooth Screen – 3-Sided Micro-Edge Bezel – 100mm Height/Tilt Adjust – Built-in Dual Speakers – for Hybrid Workers,Black
CORSAIR iCUE 4000X RGB Tempered Glass Mid-Tower ATX PC Case – 3X SP120 RGB Elite Followers – iCUE Lighting Node CORE Controller – Excessive Airflow – Black
Lenovo Newest Everyday 15 FHD Laptop ⢠Windows 11 Pro ⢠32GB RAM ⢠1TB Storage ⢠Intel Multitasking Processor ⢠Ethernet RJ-45 ⢠Home and Business Essential ⢠Slim and Stylish Design
Zalman P10 Micro ATX Case, MATX PC Case with 120mm ARGB Fan Pre-Put in, Panoramic View Tempered Glass Entrance & Aspect Panel, USB Sort C and USB 3.0, White
NETGEAR Nighthawk WiFi 6 Router (RAX43) – Security Features, 5-Stream Dual-Band Gigabit Router, AX4200 Wireless Speed (Up to 4.2 Gbps), Covers up to 2,500 sq.ft. and 25 Devices
