Windows Recall: Microsoft just announced 3 things it did to make it more secure
Windows Recall was the talk of the town when it was announced alongside the launch of the Surface Laptop 7 and Surface Pro 11 PCs in June.
Many poked fun at it, including myself, calling it a Black Mirror-esque feature.
The AI-powered Windows tool records your activity by taking screenshots every few seconds, which is reminiscent of the “Entire History of You” episode from the dystopian Netflix series.
With Recall, you can retrace your digital footsteps with a timeline scrubber — or you can use natural-language search to find something specific. For example, if you were shopping for a orange couch, but forgot to bookmark it, you can search “orange couch,” and theoretically, Recall will find it.
Recall may be advantageous for forgetful users who want to retrieve a past moment, but some security experts called it “privacy nightmare.”
Why? Because it captures everything, from innocuous moments like shopping and browsing, to more sensitive situations like logging in your password for an online bank.
As a result, Microsoft delayed the release of Recall to October. And on Friday, Sept. 27, the Redmond-based tech giant revealed its plans to make Recall safer and more secure for users.
Windows Recall: 3 things Microsoft did to make it more secure
Recall is still in preview. This means only Windows Insiders can get access to Recall in October. But even in its testing phase, Microsoft has outlined what it has done to make the new AI-powered feature safer for users.
1. Recall is an opt-in experience
Recall, only available on Copilot+ PCs like the aforementioned Surface Laptop 7 and Surface Pro 11, will not be toggled on by default.
Before you even start using a Copilot+ PC, you’ll get a prompt that asks you whether you’d like to opt into Recall.
2. You can delete Recall entirely
If declining isn’t enough for you, you can remove Recall from your Copilot+ PC, so you won’t have it on your system whatsoever.
(Previously, it was reported that Microsoft had no plans to offer an uninstall option for Recall.)
3. Recall data is encrypted
Microsoft claims that any data that is saved via Recall is encrypted.
“The encryption keys are protected via the TPM, tied to a user’s Windows Hello Enhanced-Sign-in Security identity, and can only be used by operations within a secure environment called a Virtualization-based security Enclave (VBS Enclave),” said David Weston, Microsoft’s VP of Enterprise and OS Security.
If this sounds like gibberish to you, allow me to explain. Recall’s encrypted data is protected in three ways. Firstly, your PC’s security chip, also known as the TPM, plays a role in securely managing Recall data. So even if a hacker breaks into your computer, the TPM ensures only authorized users can access it.
Secondly, Recall data can only be accessed via Windows Hello, which lets authorized users (you) keep things secure with biometric authentication like facial recognition and fingerprint scanning.
Thirdly, the “VBS Enclave” is technical jargon for an isolated environment within a PC, separate from the main operating system, that safeguards sensitive data, which Recall will use to securely process snapshots.
Microsoft stressed that it does not share your snapshots, and any other associated Recall data, with third parties. It also does not share Recall data with other users on the same PC.
Plus, you can customize how you want Recall to follow your footsteps. For example, you can filter out certain apps and websites.
“You are always in control, and you can delete snapshots, pause, or turn them off at any time. Any future options for the user to share data will require fully informed explicit action by the user,” Weston said.