Microsoft Forges Ahead with Controversial Recall Feature, Now Optional

Despite the controversy surrounding it, Microsoft persists with its Recall feature for Windows, now offering users the choice to opt in rather than implementing it by default. Additionally, the tech giant pledges to enhance the security of stored data.

Recall, announced on May 20 as a feature for upcoming Copilot+ Windows PCs, captures screen snapshots periodically. These images are then stored locally and analyzed by an AI model utilizing OCR to extract text, aiming to enhance searchability and accessibility of past work.

The overarching objective of Recall is to comprehensively log user activities on Windows PCs, encompassing conversations, app usage, and screenshots, presenting an archive for users to revisit past activities and relevant files. However, concerns have been raised by security testers regarding the safety of recorded information, with tools developed to extract potentially sensitive data from the stored snapshots, which are currently stored as easily accessible non-encrypted SQLite databases.

After enduring three weeks of criticism, Microsoft has opted to make adjustments.

“Even before making Recall available to customers, we have received clear feedback that we need to make it easier for people to choose to enable Recall on their Copilot+ PC and enhance privacy and security measures,” stated Pavan Davuluri, corporate VP of Windows and Devices, in a blog post.

Consequently, Recall will now be offered as an opt-in service during the setup process for Copilot+ PCs rather than being enabled by default. Microsoft will also mandate enrollment in Windows Hello to enable Recall, alongside proof of presence when accessing the timeline or conducting searches within the app.

Furthermore, Microsoft plans to implement “additional layers of data protection, including ‘just-in-time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS), ensuring that Recall snapshots are decrypted and accessible only when the user authenticates. Additionally, the search index database will be encrypted.”

Davuluri emphasized Microsoft’s commitment to building products and experiences that uphold its mission to empower people and organizations while prioritizing customer privacy, security, and trust.

Beaumont, in response to Microsoft’s announcement, advised against enabling Recall in a Mastodon post, suggesting users refrain from doing so and encourage their families to follow suit.

Back To Top