Microsoft says it’s making its new Recall feature in Windows 11 that screenshots everything you do on your PC an opt-in feature and addressing various security concerns, The Verge reported.
The software giant first unveiled the Recall feature as part of its upcoming Copilot Plus PCs last month, but since then, privacy advocates and security experts have been warning that Recall could be a “disaster” for cybersecurity without changes.
Thankfully, Microsoft has listened to the complaints and is making a number of changes before Copilot Plus PCs launch on June 18th. Microsoft had originally planned to turn on Recall by default, but the company now says it will offer the ability to disable the controversial AI-powered feature during the setup process of new Copilot Plus PCs.
“If you don’t proactively choose to turn it on, it will be off by default” says Windows chief Pavan Davuluri.
According to The Verge, Microsoft’s changes to the way the database is stored and accessed come after cybersecurity expert Kevin Beaumont discovered that Microsoft’s AI-powered feature currently stores data in a database in plain text. That could have made it easy for malware authors to create tools that extract the database and its contents. Several tools have appeared in recent days, promising to exfiltrate Recall data.
Microsoft posted an “Update on the Recall preview feature for Copilot+ PCs”
Today, we are sharing an update on the Recall (preview) feature for Copilot+ PCs, including more information on the set-up experience, privacy controls, and additional details on our approach to security…
Listening to and acting on customer feedback
Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards. With that in mind, we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.
* First, we are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall. If you don’t proactively choose to turn it on, it will be off by default.
* Second, Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall.
* Third, we are adding additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-In Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.
CNBC reported Microsoft has been trying to balance competing interests of late as it moves to incorporate new generative AI tools into its products and to keep up with the competition.
Microsoft is adding security protections to Recall in addition to requiring people to manually turn it on once Copilot+ PCs become available on June 18. The search index database will be encrypted, Microsoft said.
In my opinion, I am really happy that I don’t use a PC. Copilot+ appears to be really unpopular with a lot of people, especially when it comes to security.