Microsoft has provided a detailed overview of the privacy and security framework surrounding its controversial Recall feature. Designed to simplify the process of searching for old files and previous sessions on a PC, Recall stores automatic screenshots within the software.
According to Microsoft, this tool will be disabled by default in the operating system. It will require Windows Hello for each session and will only function with Windows 11 active encryption to enhance security. Users will also have the option to uninstall Recall, a move that deviates from the company’s earlier stance.
David Weston, Microsoft’s Vice President of Operating Systems Security, emphasized that Recall is founded on four key privacy principles:
- User Control: Recall will be disabled by default in Windows 11, allowing users to decide whether to enable it on their system.
- Data Encryption and Security: All screenshots and data collected by Recall are encrypted and safeguarded by the Trusted Platform Module (TPM). Access to this data is linked to the Windows Hello authentication system, which supports biometric identification, facial recognition, or a personalized PIN.
- Isolation of Sensitive Data: Services relying on captured data are kept within a secure environment known as the Virtualization-based Security (VBS) Enclave. This structure ensures that only information specifically requested by the user can exit this secure environment.
- Intentional Usage: Recall utilizes Windows Hello technology to authorize any actions within the app. It also implements security measures against malware, including rate limiting and anti-hammering tools to enhance protection.
Recall also brings additional privacy features, such as choosing which websites or apps can be captured, how long screenshots are stored, and the maximum amount of disk space that images can occupy. The app does not save usage information in the browser’s incognito window.
What is Recall?
Recall is a specialized tool designed for Microsoft Copilot+ PCs optimized for enhanced generative AI capabilities. This software captures various user activities, including the websites visited and applications used, allowing users to retrieve information from past sessions through natural language queries.
However, the announcement of Recall sparked concerns regarding privacy and security, particularly because it automatically takes screenshots in the background. Initially, the feature was set to be enabled by default in Windows, but Microsoft reversed this decision following community backlash.
The company has delayed the launch and implemented additional security measures to address these concerns. A new test version for compatible devices will be released in October.
