Windows Recall will be opt-in and the data more secure, Microsoft says
The insistent public complaints and proof-of-concept tools have have borne fruit: Microsoft has realized that the security of its recently previewed Windows Recall feature leaves much to be desired, and has announced important changes.
About Windows Recall
A few weeks ago, Microsoft presented Copilot+ PCs, a new line of computers powered by Windows 11 and delivering some specific new features.
Windows Recall, a feature that allows the OS to take screenshots of the computer’s screen every few seconds, has captured the focus of negative public attention almost immediately, as security professionals tested it and very vocally pointed out its potential security pitfalls:
- The user databases holding potentially sensitive information extracted from screenshots were not encrypted, could be easily exfiltrated by malware, and could be accessed by all users on the same device
- The feature was on by default, meaning consumers and enterprises have to disable it if they don’t want to use it
The Windows Recall changes announced by Microsoft
“Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards. With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18,” Pavan Davuluri, Microsoft’s corporate VP of Windows + Devices, shared on Friday.
First and foremost, the feature is now optional. “If you don’t proactively choose to turn it on, it will be off by default.”
Secondly, the search index database – which holds the content from the screenshots – will also encrypted.
Access to that database, viewing of one’s timeline and the ability to search in Recall will be possible only if the user authenticates via Windows Hello Enhanced Sign-in Security (i.e., by using their biometrics or a PIN). Only when they authenticate successfully, the encrypted data is decrypted so it can be viewed.
Davuluri reiterated that users will be able to tell when Recall is saving snapshots, and will able to control what’s saved. “You can disable saving snapshots, pause them temporarily, filter applications and websites from being in snapshots, and delete your snapshots at any time,” he explained.
Also, Recall won’t save any content from private browsing activity performed with Microsoft Edge, Firefox, Opera, Google Chrome, or other Chromium-based browsers.
Finally, IT administrators will be able to disable Recall on employees’ managed work devices, but can’t switch the feature on.
Is it enough?
The changes are welcome, to be sure, but the question remains: how could a company that has recently announced it would be making security the top priority make such a serious misstep?
“There are obviously serious governance and security failures at Microsoft around how this played out that need to be investigated, and suggests they are not serious about AI safety,” security researcher Kevin Beaumont noted.
He also pointed out that the effectiveness of the changes will have to be verified.
“Microsoft needs to commit to not trying to sneak users to enable [Recall] in the future, and it needs turning off by default in Group Policy and Intune for enterprise orgs,” he concluded.