Microsoft will greatly secure and improve Recall in response to criticism

In response of criticism towards Recall, Microsoft officially commented the situation and is already preparing drastic changes. Its SQLite database and snapshots will now be encrypted, and additional Windows Hello biometric authentication will be required to access the feature, among other changes.

Experts believe that in its current implementation, Recall is a cybersecurity disaster, since all collected data is stored in a database in plain text. Microsoft has heard customer feedback and is already working to improve security and protect sensitive data in Recall. Before June 18, the Redmond software giant will make several changes, with a preview version of updated Recall to become available to all users of Copilot+ devices.

Improvements coming to Recall

• Microsoft will update the Windows OOBE/initial setup on Copilot+ devices so that users can decide whether they want to have Recall enabled on their device.
   
• Enabling Recall now requires Windows Hello technology. Windows Hello confirmation is required to access the timeline and search in Recall.
• Additional levels of protection are being introduced. In particular, data will be decrypted only when necessary thanks to Windows Hello Enhanced Sign-in Security (ESS). Simply put, the data in Recall will be decrypted and accessible only after the user is authorized.
• The search database is now encrypted.

Safety

In accordance with the principles of the Secure Future Initiative (SFI), Microsoft is taking steps to strengthen the protection of user data in the Recall feature. The data will be protected by Windows Hello Enhanced Sign-in Security (ESS), which means data will only be decrypted when necessary after user authorization.

Perhaps decryption will be performed on demand, and not everytime you sign in to your user account. I.e. it will be done when you open Recall after confirming your identity using Windows Hello. It is likely that after authorization has been completed, the system will not prompt for confirmation for several minutes upon repeated calls to Recall. When the time expires, the data will be encrypted again.

Data is also protected using Windows Security features such as SmartScreen and Defender, which are enabled by default. They use advanced AI-powered security techniques to prevent malware from accessing Recall data.

The best way to protect information on a PC is to protect the entire computer. That's why Copilot+ devices are designed to be secure by default. Basic technologies used to protect information:

• All Copilot+ devices are Secured-core PCs. This improves the security of both enterprise and consumer devices. Secured-core PCs offer advanced device firmware protection and Dynamic Root of Trust Measurement (DRTM) technology.
• The Microsoft Pluton security chip is enabled in all Copilot+ devices. This technology was developed by Microsoft and implemented by all processor manufacturers. It is based on the Zero Trust principle. The technology allows you to protect account, identification and personal data, as well as encryption keys, significantly complicating the process of obtaining this information, even if the user is tricked into installing malware or an attacker physically takes possession of the PC.
• All Copilot+ computers support Windows Hello Enhanced Sign-in Security (ESS), which offers secure sign-in with biometrics and eliminates the need for a password.

Protecting Confidential Information

And some information about how the Recall feature actually works and why it provides a high level of privacy.

• Snapshots are stored locally on your device. AI tasks run locally on Copilot+ computers. The Internet or cloud is not used to store and process screenshots. Recall processes information using the built-in neural processor (NPU). All pictures taken are also stored locally. Microsoft does not use this information to train the AI.
• Snapshots are not shared. Recall does not send screenshots taken to Microsoft. They are also not shared with other companies or applications. Recall does not provide access to pictures to other users registered in the system. Encrypting data for each user ensures that even administrators cannot view other users' screenshots.
• You will know when Recall takes snapshots. A Recall icon will appear on the taskbar in the system tray, which will indicate when the function saves and processes screenshots.
• DRM content and private browser windows are not saved. Recall will not take screenshots of DRM content and private windows in supported web browsers.
• You can pause, filter and delete saved data at any time. You control what will be saved in Recall. You can disable the feature, temporarily stop saving screenshots, block snapshots of certain applications or websites, and delete snapshots that have already been saved.
• Giving choice to businesses and customers. IT administrators can disable the Recall feature through policies. However, the IT administrator will not be able to enable the creation of snapshots on your behalf or force enable Recall. The decision to enable the feature remains with the user.

The official announcement is here.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: