Microsoft Unveils Recall Security: Keeping Users in Control at All Times

Microsoft has announced an update focusing on security and privacy protection for Recall, its new AI assistant. The detailed blog post lays out the steps Microsoft is taking to prevent potential data privacy issues, including enhanced security architecture and technical measures. Notably, Recall is an optional feature, although Microsoft clarified that it cannot be completely uninstalled. The comprehensive post addresses the various security challenges associated with Recall, emphasizing that "the user is always in control." When setting up a new Copilot+ PC, users will have the choice to opt in to Recall.

Recall will only operate on PCs that meet the Copilot+ eligibility requirements, which include stringent hardware standards designed to enhance security. These requirements feature Trusted Platform Module (TPM) 2.0, System Guard Secure Launch, and Kernel DMA Protection. Returning to user control, you can decide whether to enable Recall during setup; if you opt out, it will remain off by default. Microsoft has also indicated that users can remove Recall within Windows settings, although it remains unclear if this means complete uninstallation from the device.

If you choose to enable Recall, you have the option to filter out specific apps or websites, preventing Recall from saving related data. Browsing in Incognito mode is also not saved. Users can manage how long Recall retains data and allocate disk space for those snapshots. Furthermore, you can delete snapshots from specific time frames or erase all content associated with particular apps or websites. In summary, all data stored within Recall can be deleted at any time. Microsoft will introduce a tray icon to indicate whether Recall is actively collecting snapshots, and users can pause this feature whenever desired. Additionally, access to Recall content will require biometric authentication, utilizing Windows Hello for security.

Microsoft assures that all sensitive data within Recall is encrypted and safeguarded via the TPM, linked specifically to your Windows Hello identity. Other users on the same PC will not have access to your Recall data, which is securely housed within the Virtualization-based Security (VBS) Enclave. Only authorized data can exit the VBS upon request. The architecture description states: "Processes outside the VBS Enclaves never directly receive access to snapshots or encryption keys and only receive data returned from the enclave after authorization." Moreover, sensitive content filtering is in place to exclude sensitive information such as passwords, ID numbers, and credit card details from Recall's memory.

Finally, Microsoft is collaborating with a third-party security vendor to conduct a penetration test, ensuring Recall's security measures are robust. Overall, it appears that Microsoft has committed considerable effort to address security concerns, but only time will reveal the effectiveness of these measures. Will these steps be sufficient to sway those who have been skeptical of Recall from the outset? While it’s uncertain, Microsoft's proactive approach indicates an awareness of ongoing controversies and a determination to show that its AI assistant can earn users' trust.