The biggest updates coming to Microsoft’s controversial Recall feature


Microsoft is planning to relaunch the Recall feature in November.

Recall, a feature that was initially supposed to take screenshots of all a user's activities to answer queries, will become much more privacy-friendly.

After listening to the feedback of its Windows Insider Community, Microsoft is soon planning to relaunch Recall, which was “dubbed a privacy nightmare” by some security researchers and postponed.

ADVERTISEMENT

According to BBC, the feature should be launched this November on Microsoft’s new CoPilot+ computers.

Microsoft itself also shared details about how this refreshed tool will work. Let’s check out the most important changes Microsoft is making to Recall.

Opt-in instead of default

Initially, Microsoft planned to make Recall the default feature on all AI-capable Windows machines. However, it has now decided to make the feature opt-in instead of default.

“If a user doesn’t proactively choose to turn it on, it will be off, and snapshots will not be taken or saved,” the company said in a blog post.

In addition, it will allow users to remove the Recall feature from their devices.

Previously, when a user spotted the ability to uninstall the Recall feature, the company said that it was just a bug.

However, now it says that users will be able to remove the feature from their devices by using the optional features settings in Windows.

Virtualization-based Security Enclave

ADVERTISEMENT

All of the sensitive data in the Recall will be encrypted, and to access it, users will be required to log in using Windows Hello. This will allow users to connect to their devices using biometrics or PIN, ensuring that only the user can access the data.

“The encryption keys are protected via the Trusted Platform Module (TPM) and can only be used by operations within a secure environment called a Virtualization-based Security Enclave (VBS Enclave). This means that other users cannot access these keys and thus cannot decrypt this information,” Microsoft said in a blog post.

According to the company, VBS Enclaves use the same hypervisor as Azure to segment the computer’s memory into a special protected area where information can be processed.

Code in these enclaves can use cryptographic attestation protocols to safeguard that the environment is secure before performing sensitive operations, such as snapshot processing.

The only information that leaves the VBS Enclave is what is requested by the user when actively using Recall.

recall-security-architecture-in-article
Image by Microsoft

Additional privacy tools

There will be several additional tools to ensure users' privacy.

These will include the ability to filter certain apps or websites viewed in supported browsers, control how long Recall content is retained and how much disk space is allocated for screenshots, and delete a time range or all content from an app or website.

In addition, sensitive content filtering will be enabled by default, helping to prevent passwords, national ID numbers, and credit card numbers from being stored in Recall.

ADVERTISEMENT