Microsoft announced its Windows recall Feature last month and after listening to concerns from the PC community, it has decided to delay its rollout. The Windows recall feature, while on the surface could seem like a nifty tool for the forgetful-minded or someone wanting an easy way to find recently used items, was quickly criticized by members of the PC community who had serious concerns with its security measures. Microsoft has since said that, for now, the new feature will only be available to members of its Windows Insider Program where it will be rolled out on June 18. It has also begun implementing new security features while making other changes to recall.
Per Windows Blog:
“Update: June 13, 2024: Today, we are communicating an additional update on the Recall (preview) feature for Copilot+ PCs. Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks. Following receiving feedback on Recall from our Windows Insider Community, as we typically do, we plan to make Recall (preview) available for all Copilot+ PCs coming soon.
We are adjusting the release model for Recall to leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security. This decision is rooted in our commitment to providing a trusted, secure and robust experience for all customers and to seek additional feedback prior to making the feature available to all Copilot+ PC users. Additionally, as we shared in our May 3 blog, security is our top priority at Microsoft, in line with our Secure Future Initiative (SFI). This is reflected in additional security protections we are providing for Recall content, including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates. The development of Copilot+ PCs, Recall and Windows will continue to be guided by SFI.
When Recall (preview) becomes available in the Windows Insider Program, we will publish a blog post with details on how to get the preview. To try Recall (preview) WIP customers will need a Copilot+ PC due to our hardware requirements. We look forward to hearing Windows Insider feedback.”
Microsoft has detailed the many changes it has made in its lengthy blog post. The Windows recall feature definitely has the potential to be useful and it appears that Microsoft is now listening to the community for assistance in providing its best launch. From enhanced sign-in requirements to added decryption and hardware-based security enforcement, Microsoft is attempting to make Recall as secure as possible. Microsoft has added that Recall snapshots are stored locally, not in the cloud nor shared with MS, and that Recall will notify users when snapshots are being saved.
Per Microsoft:
- First, we are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall. If you don’t proactively choose to turn it on, it will be off by default.
- Second, Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall.
- Third, we are adding additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.
Security Features (per Microsoft):
- All Copilot+ PCs will be Secured-core PCs, bringing advanced security to both commercial and consumer devices. In addition to the layers of protection in Windows 11, Secured-core PCs provide advanced firmware safeguards and dynamic root-of-trust measurement to help protect from chip to cloud.
- Microsoft Pluton security processor will be enabled by default on all Copilot+ PCs. Pluton is a chip-to-cloud security technology – designed by Microsoft and built by silicon partners – with Zero Trust principles at the core. This helps protect credentials, identities, personal data and encryption keys, making them significantly harder to remove from the device, even if a user is tricked into installing malware or an attacker has physical possession of the PC.
- All Copilot+ PCs will ship with Windows Hello Enhanced Sign-in Security (ESS). This provides more secure biometric sign ins and eliminates the need for a password.
Snapshot Handling Details (per Microsoft):
- Snapshots are stored locally. Copilot+ PCs have powerful AI that works on your device itself. No internet or cloud connections are used to store and process snapshots. Recall’s AI processing happens exclusively on your device, and your snapshots are kept safely on your local device only. Your snapshots are yours and they are not used to train the AI on Copilot+ PCs.
- Snapshots are not shared. Recall does not send your snapshots to Microsoft. Snapshots are not shared with any other companies or applications. Recall doesn’t share snapshots with other users who are signed into the same device, and per-user encryption ensures even administrators cannot view other users’ snapshots.
- You will know when Recall is saving snapshots. You’ll see Recall pinned to the taskbar when you reach your desktop. You’ll have a Recall snapshot icon on the system tray letting you know when Windows is saving snapshots.
- Digital rights managed or InPrivate browsing snapshots are not saved. Recall does not save snapshots of digital rights managed content or InPrivate browsing in supported web browsers.
- You can pause, filter and delete what’s saved at any time. You’re always in control of what’s saved as a snapshot. You can disable saving snapshots, pause them temporarily, filter applications and websites from being in snapshots, and delete your snapshots at any time.
- Enterprise and customer choice. For customers using managed work devices, your IT administrator is provided the control to disable the ability to save snapshots. However, your IT administrator cannot enable saving snapshots on your behalf. The choice to enable saving snapshots is solely yours.