Microsoft has detailed in more detail how its Windows Recall tool will work, months after it delayed the release of the snapshot capture tool due to a privacy and security backlash.
Windows Recall is part of the AI-powered Copilot+ system. The tool, if enabled by a user, would take screenshots every few seconds of everything happening on the screen, saving the images in an encrypted file.
That would allow the user to search for images, rather than having to search through files to find the content they need or answer questions. The system would not crack passwords, and users could turn off recovery for a period of time or disable it for specific apps, Microsoft said. All data would be saved locally instead of in the cloud.
Microsoft has now said in a blog post that Recall will be released starting in November, detailed further security improvements and confirmed that it will allow users to easily uninstall the tool; Whether that is enough to encourage widespread acceptance of the AI tool remains to be seen.
For starters, Recall will now be disabled by default and users must actively choose to use it, although it can be challenging to say no to employers who require spy snaps to be enabled. Additionally, Microsoft allows Recall to be completely uninstalled from your PC, including the AI models that power the system.
On the privacy front, Recall will never collect images from private browsing sessions, and users can choose apps and websites to ignore, choose how long to keep Recall images, and delete a time range or all content from an app if accidentally collected.
Encryption and virtualization in Windows Recall
In addition to those options for users, Microsoft has also properly encrypted all sensitive aspects of Recall, including the snapshot collection. To access the images, the computer must be authenticated with Windows Hello, using fingerprint, facial recognition or PIN.
“Recall leverages Windows Hello's enhanced sign-in security to authorize Recall-related operations,” David Weston, vice president of enterprise and operating system security, explained in the Microsoft post.
“This includes actions such as changing Recall settings and runtime authorization of access to the Recall user interface (UI). Recall also protects against malware through rate-limiting and anti-hammering measures. Currently, Recall supports PIN as a fallback method only after Recall is configured, and this is to prevent data loss if a secure sensor is damaged.”
The key is to enclose the snapshot system, search, and images within a virtualization-based security enclave (VBS Enclave).
“Within Recall, services that operate on screenshots and associated data or perform decryption operations reside within a secure VBS Enclave,” Weston said. “The only information that comes out of VBS Enclave is what the user requests when actively using Recall.”
To access that isolated area you need credentials, he added. “This area acts as a locked box that can only be accessed after the user grants permission via Windows Hello,” Weston said. “VBS Enclaves provide an isolation boundary from both administrative users and the kernel.”
Change enough?
Those safety features sound like they should have been in place when Recall was first introduced, but why weren't they included? Weston said Microsoft saw Recall as a preview product safely still in development and, after the backlash, moved forward on that work to include such features at launch.
“It's not just about Recall, in my opinion, we now have one of the most robust platforms for doing sensitive data processing at the edge and you can imagine there are a lot of other things we can do with that,” Weston said The edge.
“I think it made a lot of sense to bring forward some of the investments we were going to make and then make Recall the primary platform for that.”
Remember history
Microsoft first introduced recovery tool in May, instantly sparking a backlash focused on privacy and security, even though Recall was only intended to be available on Copilot+ PCs and not all Windows machines.
Security experts immediately criticized the tool, with one former Microsoft employee calling it a “new security nightmare.” saying The feature fundamentally undermines Windows security.
The feature's announcement also caught the attention of the UK's data watchdog, the Information Commissioner's Office, which said at the time that it was “conducting consultations with Microsoft to understand the safeguards put in place to protect user privacy.” .
The furor led Microsoft to delay the feature's availability. The recall was first supposed to go live in mid-June, but was delayed for more security testing and would initially go live as a preview through the Windows Insider program in the “coming weeks.”
In August that was delayed until October; Now, the tool won't be available until November.
So, in the beginning of septemberCareful Windows watchers spotted an option to uninstall the tool in a preview version of the operating system. However, Microsoft noted that including the settings in the Windows Control Panel was a mistake.
Last week, the ICO said it had nothing to add about the impending launch of Recall, but after the news Microsoft acknowledged the “series of changes” and said it would continue to evaluate the product ahead of launch.