Photo: Microsoft.
In a blog post, Microsoft has revealed how it plans to address the concerns the public had over its AI powered Recall function, that screenshotted everything you saw or did on your PC. Originally meant for a launch in June together with Copilot+ PCs, Microsoft pulled the feature when privacy concerns were raised.
Since that brouhaha, Microsoft has been working on its security and privacy so that “the user always in control”. These include:
Photo: Microsoft. (Click to view a larger version)
- Making Recall an opt-in experience. During the set-up experience for Copilot+ PCs, users are given a clear option whether to opt-in to saving snapshots using Recall. If a user doesn’t proactively choose to turn it on, it will be off, and snapshots will not be taken or saved. Users can also remove Recall entirely by using the optional features settings in Windows.
- Snapshots and any associated information in the vector database are always encrypted. The encryption keys are protected via the Trusted Platform Module (TPM), tied to a user’s Windows Hello Enhanced Sign-in Security identity, and can only be used by operations within a secure environment called a Virtualisation-based Security Enclave (VBS Enclave). This means that other users cannot access these keys and thus cannot decrypt this information.
- Within Recall, the services that operate on screenshots and associated data or perform decryption operations reside within a secure VBS Enclave. The only information that leaves the VBS Enclave is what is requested by the user when actively using Recall.
- Recall leverages Windows Hello Enhanced Sign-in Security to authorise Recall-related operations. This includes actions like changing Recall settings and run-time authorisation of access to the Recall user interface (UI). Recall also protects against malware through rate-limiting and anti-hammering measures. Recall currently supports PIN as a fallback method only after Recall is configured, and this is to avoid data loss if a secure sensor is damaged.
Photo: Microsoft.
Users can also customise what Recall saves. For example:
- In-private browsing in supported browsers is never saved.
- Users can filter out specific apps or websites viewed in supported browsers.
- Users can control how long Recall content is retained and how much disk space is allocated to snapshots.
- Sensitive content filtering is on by default and helps reduce passwords, national ID numbers and credit card numbers from being stored in Recall. Recall leverages the libraries that power Microsoft’s Purview information protection product, which is deployed in enterprises globally.
- Find something you didn’t mean to save? You can delete a time range, all content from an app or website or anything and everything found in Recall search.
- An icon in the system tray will help you know when snapshots are being saved and makes it easy to quickly pause saving snapshots.
- With the Recall controls a user can store as much or as little as they would like and remain in control. Note: Like any Windows feature, some diagnostic data may be provided based on the user’s privacy settings.
Recall will only work on Copilot+ PCs that also meet the Secured-core standard and have BitLocker, virtualisation-based security, Measured Boot, System Guard Secure Launch, and Kernel DMA protection installed.
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.