top of page

Microsoft’s Enhanced Windows Recall Feature Focuses on Security and Privacy

28/9/24

By:

Bharti B. Hariyani

Redesigned AI-powered Recall feature emphasizes user control, encryption, and enhanced security for Copilot Plus PCs.

Redesigned AI-powered Recall feature emphasizes user control, encryption, and enhanced security for Copilot Plus PCs.

Microsoft has unveiled a revamped version of its controversial Recall feature, placing a greater emphasis on security and privacy after concerns were raised about its potential misuse. Recall, an AI-powered tool designed to create screenshots of nearly everything a user sees or does on a Windows computer, will now be opt-in and can be fully uninstalled if users choose not to use it.

The Recall Controversy and Microsoft’s Response

Initially scheduled for release in June 2024 alongside Copilot Plus PCs, Recall faced significant backlash when security researchers discovered that the screenshots it captured were stored in an unencrypted database, leaving the data vulnerable to exploitation by malware. Users were also uncomfortable with the idea of a tool that passively created a detailed history of their activity.

In response, Microsoft went back to the drawing board, reworking Recall’s architecture to ensure opt-in functionality and allowing users to uninstall it entirely. “There is no more on-by-default experience at all—you have to opt into this,” explains David Weston, Microsoft's VP of enterprise and OS security. For users concerned about privacy, this is a welcome change, as they can now decide whether to use Recall or remove it completely from their system.


Enhanced Security Measures for Recall

The new version of Recall comes with robust security enhancements, including full encryption of all sensitive data and integration with Windows Hello for user authentication. The tool now requires users to verify their identity using a fingerprint, facial recognition, or PIN before any data is processed or accessed.

Recall’s data, including the screenshots, is stored in a Trusted Platform Module (TPM), ensuring that encryption keys are safeguarded and accessible only after user authentication through Windows Hello. This prevents malware from accessing Recall’s data, which is crucial, given the sensitive nature of the content Recall processes.

Weston elaborates: “To turn it on to begin with, you actually have to be present as a user,” indicating that proof of presence through Windows Hello is mandatory for activating and using Recall.


Virtualization-Based Security (VBS) Architecture

Microsoft has also moved all screenshot processing into a virtualization-based security (VBS) enclave, meaning all the sensitive data is handled within a virtual machine isolated from the rest of the system. The main UI app of Recall no longer has access to raw screenshots or the Recall database directly, adding an extra layer of security. When users want to interact with Recall, a Windows Hello prompt appears, and the data is retrieved from the VBS enclave. Once the Recall session is closed, any remaining data in memory is immediately destroyed.

This VBS-based design protects the data from even the most sophisticated attacks, such as those requiring a malicious kernel driver, according to Weston.

Uninstallation and Additional Controls

One of the most significant changes is the ability to uninstall Recall completely. If users choose to uninstall the tool, all associated data, including the AI models powering Recall, will be removed from the system. This option first appeared as a bug earlier in the month, but Microsoft has confirmed it is now a deliberate feature.

Additionally, users will have greater control over Recall’s operation through settings that allow them to:

  • Filter out specific apps from Recall's database.

  • Block a custom list of websites from being captured.

  • Delete content from a specific time range, app, or website.

  • Use sensitive content filtering to exclude passwords, financial data, and health information from being stored.

These added controls address concerns that Recall could inadvertently store sensitive information.

Securing Recall for the Future

Microsoft has taken several steps to ensure that Recall is thoroughly tested before its wider release. The company engaged its internal Microsoft Offensive Research Security Engineering (MORSE) team to conduct months of penetration testing and security reviews on Recall. A third-party security vendor also performed an independent review of Recall’s security design, ensuring that the updated feature meets stringent standards.

In addition to the improvements made to Recall, Microsoft has indicated that this new security architecture could become a blueprint for securing Windows apps in the future. “It’s not just about Recall,” says Weston. “In my opinion, we now have one of the strongest platforms for doing sensitive data processing on the edge, and you can imagine there are lots of other things we can do with that.”


Limited Availability for Copilot Plus PCs

While Recall won’t be available for all Windows machines, it will be restricted to Copilot Plus PCs, ensuring that users cannot sideload the feature onto other Windows systems. Recall will verify that the PC meets specific security requirements, including having BitLocker, virtualization-based security, and other protections enabled before it can be installed.

What’s Next for Recall?

Microsoft plans to launch a preview of Recall to Windows Insiders using Copilot Plus PCs in October 2024, allowing the Windows community to test the feature before its full release.

With these updates, Microsoft hopes to balance the utility of Recall with the necessary privacy and security protections that users demand. Recall now operates in a more secure environment, with users in control of how and when they use it.

Key Takeaways:

  • Microsoft’s Recall feature is now opt-in and can be uninstalled entirely by users.

  • The Recall database and screenshots are fully encrypted and protected using Windows Hello and TPM.

  • All sensitive data is processed within a virtualization-based security enclave, providing enhanced protection against malware.

  • Users can filter out apps, block specific websites, and delete stored data from Recall’s settings.

  • Recall will only be available on Copilot Plus PCs and will begin previewing with Windows Insiders in October 2024.


Stay tuned to Kushal Bharat Tech News for more updates on Microsoft, Windows, and the latest in AI-driven technology.


Follow Kushal Bharat Tech News for in-depth articles on software innovations, tech trends, and cybersecurity insights.





All images used in the articles published by Kushal Bharat Tech News are the property of Verge. We use these images under proper authorization and with full respect to the original copyright holders. Unauthorized use or reproduction of these images is strictly prohibited. For any inquiries or permissions related to the images, please contact Verge directly.

Latest News

9/12/24

Redmi Buds 6: A Comprehensive Look at Xiaomi's Latest TWS Earbuds

Affordable earbuds with ANC, spatial audio, and impressive battery life

9/12/24

Xiaomi Sound Outdoor Speaker: A New Powerhouse for Music Enthusiasts

Affordable Bluetooth speaker with 30W output, long battery life, and premium features.

9/12/24

Twos: A Smart To-Do List App with Just the Right AI Touch

Simplifying task management with actionable AI suggestions.

bottom of page