Microsoft’s next generation AI powered Copilot+ PCs will soon be available but one controversial Windows feature has already undergone a drastic overhaul. RECALL is – as Microsoft says – ‘a new way to instantly find something you’ve previously seen on your PC’ using on device AI.
Every few seconds Recall takes a snapshot of what appears on your screen. These images are analysed locally by AI so you are not sending anything to the cloud. Recall can then offer you a timeline of your computer use through a visual interface. It really is like having a ‘photographic memory’ of all the apps, websites, images and documents that you’ve interacted with on your PC.
Obviously this would be a treasure trove for cyber criminals if they could access it. Security experts are worried it could be abused once a user logs into their device. Once the drive is decrypted, the history recorded by Recall is potentially accessible by a bad actor.
As I mentioned in the Sky News Weekend Edition segment above, Offensive Cybersecurity Advocate, Alexander Hagenah, an ethical hacker, created TotalRecall to encourage Microsoft to make changes. And thankfully Microsoft did make changes.
“Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards,” said Corporate Vice President Windows + Devices Pavan Davuluri.
“With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.”
So, not only has Microsoft made Recall opt-in only, users will also need to take more security steps to activate and actively use the feature once logged into Windows 11.
RECALL SECURITY CHANGES
- If you don’t proactively choose to turn it on, it will be off by default.
- Windows Hello enrolment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall.
- Additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.
MORE SECURITY NOTES ON RECALL
- Snapshots are stored locally. Copilot+ PCs have new NPUs (Neural Processing Unit) and this allows on device AI processing. No internet or cloud connections are used to store and process snapshots. Microsoft says your snapshots are yours and they are not used to train the AI on Copilot+ PCs.
- Snapshots are not shared. Recall does not send your snapshots to Microsoft. Snapshots are not shared with any other companies or applications. Recall doesn’t share snapshots with other users who are signed into the same device, and per-user encryption ensures even administrators cannot view other users’ snapshots.
- You will know when Recall is saving snapshots. You’ll see Recall pinned to the taskbar when you reach your desktop. You’ll have a Recall snapshot icon on the system tray letting you know when Windows is saving snapshots.
- Digital rights managed or InPrivate browsing snapshots are not saved. Recall does not save snapshots of digital rights managed content or InPrivate browsing in supported web browsers.
- You can pause, filter and delete what’s saved at any time. You can disable saving snapshots, pause them temporarily, filter applications and websites from being in snapshots, and delete your snapshots at any time.
- Enterprise and customer choice. For customers using managed work devices, your IT administrator is provided the control to disable the ability to save snapshots. Your IT administrator CANNOT enable saving snapshots on your behalf.
Microsoft also posted on its blog:
“In our early internal testing, we have seen different people use Recall in the way that works best for them. Some love the way it makes remembering what they’ve seen across the web so much easier to find than reviewing their browser history. Others like the way it allows them to better review an online course or find a PowerPoint. And people are taking advantage of the controls to exclude apps they don’t want captured in snapshots, from communication apps or Teams calls, or to delete some or all their snapshots. This is why we built Recall with fine-grained controls to allow each person to customise the experience to their comfort level, ensuring your information is protected and that you are in control of when, what and how it is captured.”
I’m attending the Australian launch of CoPilot+ PCs at Microsoft, so if there are any more changes, I’ll report back to you.