Microsoft has restructured the artificial intelligence-supported Recall feature, which was planned to be available last June but was postponed due to security concerns. When it was first introduced, this feature, which creates screenshots by recording almost every action the user makes on their computer, faced privacy concerns from users. In particular, storing data in an unencrypted database increased the risk that malware could access this information. Following these reactions, Microsoft completely renewed Recall’s security architecture and developed a new structure that will better protect users’ privacy.
With the updates, Recall can now be activated upon users’ request. This feature, which was originally planned to be left on by default, has been changed in accordance with Microsoft’s security policies. Users are now expected to activate this feature manually. In addition, there is also an option to completely uninstall Recall. In this way, users will be able to completely cleanse their systems of both the feature and the AI models.
New security measures developed for Recall
One of the most important security improvements made with Recall is that data is now stored in an encrypted database. The fact that the data was unencrypted in the first version attracted the attention of cyber security experts. With the new update, all data will be kept in an encrypted environment and can only be accessed by authorized users. To strengthen this security layer, Microsoft uses the Windows Hello biometric verification system, requiring users to authenticate with facial recognition, fingerprint or PIN.
In addition, the encryption keys of the data will be kept on the Trusted Platform Module (TPM). This structure ensures that user data can only be accessed through biometric verification, especially thanks to the TPM security module made mandatory in Windows 11. The purpose of this architecture is to prevent malware from accessing the database and seizing user information in the background.
Microsoft also uses virtualization-based security (VBS) technology to further secure Recall data handling. With this method, sensitive data such as screenshots are processed in a virtual security environment and are only available during user-authenticated sessions. When the session is logged off, all data is deleted from the system memory.
Microsoft did not limit Recall’s security architecture only to internal security teams. The company sought to identify potential vulnerabilities of the feature by requesting independent reviews and penetration tests from external security firms. With additional improvements made as a result of these tests, Recall’s security level has been significantly increased.
More control and customization for users
In addition to security measures, the renewed Recall also offers users more control and customization options. Now users will be able to prevent screenshots of certain applications or websites from being included in the Recall database. In addition, special options have been developed for filtering sensitive data. For example, financial data or health-related information can be set to no longer be recorded.
Additionally, users will have the opportunity to delete data from a specific time period or all content from a specific application or website. These options were developed to respond to users’ need to protect their privacy and gain more control over the system.
In an important step for security, Recall has been configured to run only on Copilot Plus PCs. This means BitLocker and virtualization-based security features are mandatory, providing users with additional layers of security. Additionally, Recall was prevented from being sideloaded on other devices. Thus, Microsoft aims to ensure that the feature works in a secure environment and can only be used on devices that meet the necessary security conditions.
Microsoft’s security updates and restructuring efforts on Recall aim to increase users’ privacy and data security. Recall will begin its first tests with the Windows Insider program in October and will be available for general use after extensive testing on Copilot Plus PCs. Microsoft plans to further develop the feature during this time by taking user feedback.