Microsoft’s Recall feature will now be opt-in and double-encrypted after privacy protests

7 Min Read

VB Transform 2024 returns in July! More than 400 business leaders will gather in San Francisco July 9-11 to delve into the advancement of GenAI strategies and engage in thought-provoking community discussions. Find out how you can attend here.

Microsoft has announced big changes to the recently unveiled AI-powered Recall feature, part of the new line of Copilot+ PCs, in response to blistering criticism from security researchers about potential privacy risks. The company said it would make the feature opt-in, require biometric authentication to access stored data and add additional layers of encryption.

Introduced last month, To remind was touted as a groundbreaking capability that would automatically take screenshots as users worked, allowing them to search their computer history using natural language searches. But security experts quickly raised red flags, warning that the feature’s massive data collection and lack of robust protections created serious privacy and security vulnerabilities.

In a blog postPavan Davuluri, Microsoft’s Corporate Vice President for Windows + Devices, acknowledged the “clear signal” from critics that the company needed to strengthen security and make it easier for users to choose whether or not to enable Recall. The changes, which will be implemented ahead of the feature’s public release on June 18, include:

  • Set up recall opt-in during PC setup, with the feature disabled by default
  • Requires Windows Hello biometric registration and “proof of presence” to view the Recall timeline and search its contents
  • Adding “just in time” decryption of the Recall database, protected by Windows Hello Enhanced Sign-in Security (ESS)
  • Coding the search index database
See also  7 essential tips for using Gmail on your phone

The additional encryption is especially notable, as it should make it significantly more difficult for attackers or unauthorized users to access the potentially sensitive data captured by Recall, even if they gain access to the database. Saved screenshots are now double encrypted and can only be decrypted using the authenticated user’s biometric data on the registered device.

VB Transform 2024 Registration is open

Join business leaders in San Francisco from July 9 to 11 for our flagship AI event. Connect with colleagues, explore the opportunities and challenges of generative AI, and learn how to integrate AI applications into your industry. register now

Critics, including leading cybersecurity companies and privacy advocates, argued that the continued storage and processing of screenshots could become a target for malicious actors. The outrage reached a peak when a investigative report by the BBC revealed vulnerabilities which could potentially be misused to access sensitive information without adequate user consent.

In response to the criticism, Microsoft published a blog post on their Windows Experience Blog detailing their decision to make Recall an opt-in feature during the preview phase. “Privacy and security come first,” the message said, highlighting that the company is taking steps to reassess the feature’s impact on user privacy.

The future of Recall: balancing innovation with user trust

The decision to make the feature opt-in was met with mixed reactions. Some industry analysts are praising Microsoft for moving quickly in response to user feedback. “It turns out that speaking out works,” said Kevin Beaumont, a cybersecurity researcher in a post on “Microsoft is making significant changes to Recall, including making it sign in specifically, requiring Windows Hello facial scanning to activate and use it, and actually trying to encrypt the database, they say.”

See also  Federal investigators are investigating the recall of Tesla's Autopilot after 20 crashes

On the other hand, some users express disappointment, as they had anticipated the convenience that Recall promised. “Honestly, I’ve seen zero positivity about Recall (the Windows feature that takes screenshots every five seconds), which leads me to believe no one thinks this is a good feature,” says Dr. Owain Kenway in a post on “But is there a secret undercurrent of pro-Recall users who are embarrassed and silent?”

Microsoft has committed to a thorough review and review of Recall’s security measures. According to their press release, the company plans to conduct extensive testing with select users who sign up for the post-review preview to collect more data and refine the feature’s security framework.

This incident underlines the delicate balance that technology companies must maintain between innovating with cutting-edge AI technologies and ensuring the privacy and security of their users. It also highlights the growing role of public and expert control in shaping the development and deployment of new technologies in the digital age. As Microsoft tackles these challenges, the technology community and its users will no doubt be keeping a close eye on how Recall evolves and how it can set precedents for future AI integrations in consumer technology.

See also  Research into privacy risks in children's apps
Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *