Microsoft is making the new Recall feature, which it developed for Windows 11 and records everything users do on their computers with a screenshot, an optional feature due to privacy concerns. This change comes after many security experts and privacy advocates voiced concerns.
The Recall feature was first introduced as part of Microsoft's upcoming Copilot Plus PCs. However, warnings have been made that if the feature is turned on by default, it may cause serious security problems. Taking these concerns into account, Microsoft announced that Recall will be offered as an optional feature on Copilot Plus PCs that will be released on June 18. “Unless you proactively choose to enable this feature, it will be off by default,” Windows head Pavan Davuluri said. said.
To enable the Recall feature, authentication with Windows Hello will be required, meaning verification using facial recognition, fingerprint or PIN will be mandatory. Additionally, authentication will be required to access and search the Recall timeline, preventing unauthorized persons from searching the timeline. These additional layers of security will also apply to protecting the snapshots Recall creates. “We are adding 'on-the-fly' decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates,” Davuluri said. he added. He also noted that the search index database is also encrypted.
Windows 11 Recall feature and privacy concerns
Recall uses local artificial intelligence models to take screenshots of almost everything you see or do on your computer, providing the ability to search and retrieve these images in seconds. He noted that everything in Recall is designed to stay locally and exclusively on the device, meaning the data won't be used to train Microsoft's AI models.
The changes to how Recall's database is stored and accessed come after cybersecurity expert Kevin Beaumont discovered that Microsoft's AI-powered feature was storing data in a database in plaintext. This could make it easier for malware authors to create tools to extract the database and its contents. Various tools have emerged recently that promise to export Recall data. TotalRecall extracts the Recall database, allowing you to easily see what text is stored and the screenshots Microsoft's feature produces. NetExec has developed a Recall module that will allow you to access Recall folders and view screenshots. All of these tools were possible due to the lack of full encryption or protection of the Recall database.
Microsoft developed the Recall feature as part of its new Secure Future Initiative (SFI), created to rebuild software security after Azure cloud attacks. The company has experienced many cybersecurity incidents over the past few years, and SFI aims to keep security above all else. Microsoft CEO Satya Nadella told his employees that they should make security their “top priority” and said, “When you have to make a choice between security and another priority, your answer is clear: Choose security.” said.
Citing Microsoft's SFI principles, Davuluri stated that the company has taken action to improve Recall security. However, it seems that these issues were mostly noticed by security researchers because of the contributions of these researchers rather than Microsoft's own security policies.
Recall will only be available on new Copilot Plus PCs, and these PCs are designed with advanced firmware security measures and the Pluton security processor to protect against personal data theft. “As always, we will continue to learn from and listen to feedback from our customers, developers and businesses,” Davuluri said. said. “We will continue to develop these new capabilities and experiences for our customers, keeping privacy, security and safety at the forefront. We are grateful to our customers who shared their feedback with us.”