Under fire for a week, Microsoft has just announced several major changes to strengthen the security of the new Recall function in Windows 11.
This is certainly not the arrival with fanfare that Microsoft had imagined for the release of the very first Copilot+ PCs. Last month, the company revealed a whole new generation of personal computers which was to mark a turning point in the history of Windows, with the integration of a slew of artificial intelligence tools at the very heart of the system. Among these revolutionary new functions, one in particular was to serve as spearhead: Recall. A mix between a search history and an omniscient assistant, the function aims to record everything done on the computer, to allow the user to come back to it later, by asking questions in natural language.
The ultimate productivity tool for some and dystopian nightmare for others, Recall has generated a lot of attention and debate since its presentation, but also significant controversy. Several experts, observers and media have notably warned of numerous security gaps and flaws affecting Recall, and potentially exposing users’ personal data to the four winds. Very bad press, which Microsoft would have done without as the release of the first Copilot+ PCs approaches, scheduled for June 18.
So much so that the company had to publish a long blog post, in which it announced that it was making several radical changes to the Recall function, less than two weeks before its official deployment, in order to put out the fire and bring concrete responses to identified security problems. Latest development to date, this note was updated yesterday, Thursday June 13, 2024, and now indicates that Recall will ultimately not be deployed to the general public upon the arrival of Copilot+ PCs, but will initially be reserved for members of the Windows Insiders program, in beta form.
Windows 11 Recall: three major changes for AI super history
In a very polite formulation, typical of crisis communication, Microsoft therefore announces that it has “heard a clear signal” from its users and is making significant changes which “will come into effect before the delivery of Recall (Preview) to customers June 18. Three major changes are presented, all of which aim to improve security, privacy and ultimately user confidence in the Recall function.
First of all, Recall will not ultimately be activated by default on Copilot+ PCs, but will have to be activated manually. This was a strong concern about the feature, leading to fears that many users would leave it enabled by default without really understanding the implications and associated risks. From now on, when a Copilot+ PC is first started and during the Windows 11 configuration phase, a page dedicated to Recall will be presented to the user, explaining how it works and allowing them to opt for its activation or not.
Next, the use of biometric identification via Windows Hello will be necessary to activate Recall and begin continuous recording of activity. Microsoft also says that a user’s “proof of presence” will be required to search and view Recall history. We therefore imagine that biometric authentication, by facial recognition or fingerprint, will be necessary each time the function is activated and consulted.
Finally, Recall’s screenshot indexing database, a sort of summary of activity history, will be fully encrypted, which was surprisingly not the case until now and constituted a security vulnerability major point highlighted by various observers. The Recall index database and snapshots will now be decrypted only when needed, in a method described as “just in time” by Microsoft, leveraging the Windows Hello Enhanced Sign-in Security mechanism ( ESS).
All these changes, announced somewhat in a hurry as the launch of Recall approaches, aim to strengthen the security of the function and restore the confidence of Windows users, which Microsoft seems to need. In the rest of its blog post, the company discusses at length the various layers of security integrated into Copilot+ PCs, such as securing the kernel or Microsoft Pluton, a security system integrated into the hardware components of the computer.
The firm also insists strongly on the fact that Recall was designed with the aim of protecting the privacy of users. Microsoft reminds that the screenshots taken by Recall are saved and analyzed directly on the device and are never sent over the Internet, that the user will be permanently informed of the recording by a non-deactivatable icon in the taskbar , and that it will always be possible to “pause, filter and delete everything that is recorded”.
While these reminders and last-minute changes are welcome, they appear not to have been enough to reassure users and sufficiently secure Recall before its release. As indicated in the introduction, Microsoft announced the postponement of the deployment of Recall to the general public. The function will therefore not be available on the first Copilot+ PCs marketed from June 18, 2024, but will be distributed as a test version to members of the Windows Insiders program.
And as for the arrival of Recall for all users, Microsoft is unfortunately particularly vague: “Recall will now move from a widely available preview experience for Copilot+ PCs on June 18, 2024 to a preview experience available first in the Windows Insider Program (WIP) […] We plan to make Recall (preview) available for all Copilot+ PCs soon ». A radical about-face and certainly disappointing for some, but undoubtedly preferable to the early publication of a poorly secured and potentially dangerous tool.
