Microsoft shares new security and privacy measures after criticism of Recall feature.
The Windows Recall feature for Copilot+ PCs got a hard time lately. While this initially seemed like a handy feature, critics quickly shared their reservations. With the Recall feature, Microsoft keeps screenshots of everything you do on your PC. This you could then easily retrieve with the help of AI. Handy if you need to retrieve something, but where is everything stored?
The criticism led Microsoft to recall the Recall feature. Meanwhile, Microsoft took its time tinkering with Recall’s privacy and security measures. The company now reveals in a blog post how it has improved security.
Privacy and security measures
Following the storm of criticism of Microsoft’s Recall feature, the company is announcing new security and privacy measures for the Recall feature. A blog post outlines the measures that define Recall’s privacy and security.
First, Microsoft emphasizes that the user is always in control. When installing Recall, users are given a clear option to choose whether they want Recall to save screenshots or not. Moreover, users can also uninstall Recall completely through the optional feature settings in Windows.
read also
Windows makes Recall feature safer after storm of criticism
If a user does choose to use this feature, Microsoft assures that sensitive data in Recall will always be encrypted. “The encryption keys are protected via the Trusted Platform Module (TPM), linked to a user’s Windows Hello Enhanced Sign-in Security identity, and can only be used by operations within a secure environment called a Virtualization-based Security Enclave (VBS Enclave),” said David Weston, vice president of Enterprise and OS Security at Microsoft.
Furthermore, the Recall services, which operate on screenshots and associated data, reside in a secure VBS enclave. This means that the only information that leaves the VBS enclave is what the user requests when actively using Recall.
Caution
Among other things, Microsoft says Recall was reviewed by a third-party vendor, which conducted a penetration test and a security design review. Because of the large storm of criticism of Recall, Microsoft is trying to roll out the new rollout with extra caution. Why these measures were not taken from the beginning is not yet clear.