The recent announcement of Windows Recall captured significant attention, coinciding with the launch of Surface Laptop 7 and Surface Pro 11 this June.
Windows Recall empowers users to retrace their digital activities using a timeline scrubber or a natural-language search. For instance, if you were searching for an orange couch but forgot to bookmark the link, you can simply search “orange couch,” and Recall will help you locate it.
Despite its innovative features, Windows Recall has raised privacy concerns among experts who deem it a potential “privacy nightmare.” The feature records every action, from casual browsing to sensitive entries like online banking passwords.
In light of these concerns, Microsoft has postponed the Recall debut to October, revealing plans to enhance security for this feature.
Windows Recall: Key Security Improvements by Microsoft
Currently in preview, Windows Recall will initially be available only to Windows Insiders in October, but Microsoft has detailed security measures for this AI-enhanced feature.
1. Opt-in Feature
Recall will not be enabled by default on eligible devices like Surface Laptop 7 and Surface Pro 11. Users will receive a prompt to opt into Recall before using their Copilot+ PCs.
2. Complete Deletion Option
Users have the option to entirely remove Recall from their Copilot+ PC if they choose not to use it. This addresses earlier concerns regarding the lack of an uninstall feature.
3. Enhanced Data Encryption
Microsoft assures that any data stored via Recall is encrypted. The encryption keys are managed through a security chip known as the TPM, coupled with Windows Hello Enhanced-Sign-in Security, ensuring that only secure and authorized access is permitted.
Recall’s data is additionally protected through biometric authentication methods such as facial recognition and fingerprint scanning. The data is processed in a Virtualization-based Security Enclave, a secure environment separate from the main operating system, further safeguarding sensitive information.
Importantly, Microsoft has affirmed that it does not share users’ Recall data with third parties or other users on the same device. Furthermore, users have the ability to customize their Recall preferences by filtering certain applications and websites.
Microsoft emphasizes user control, stating that individuals can delete snapshots, pause the feature, or disable it entirely at any time. Any future data-sharing features will require clear and informed consent from users.
