What to know

  • Recall is now an opt-in feature only. Unless enabled proactively, it will be off by default.
  • Windows Hello is required to enable and use Recall.
  • Additional layers of data protection are applied, including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security. 

After much scrutiny and public outcry over its security compromises, Microsoft has finally made some much-needed changes to how the Recall feature will function on the Copilot+ PCs. Here are all the preventive measures that Microsoft is taking to fix the security issues on the new Recall feature. 

7 preventive measures Microsoft is taking to fix Recall’s security issues

Since it was announced, the Recall feature has been a controversial addition to the Windows experience. Not only was it discovered to store data unencrypted on the device, but the data, stored in the form of snapshots of your PC taken every 5 seconds, could easily be hacked into using tools like TotalRecall

Fortunately, Microsoft recently announced several changes that prioritize security at all costs. Here’s a look at what each of these changes purportedly do.  

1. Recall is off by default (will require users to proactive turn it on)

Recall is now disabled by default and is a completely optional feature. This is the biggest change made by Microsoft that should allay the fears of users who previously felt the company was unnecessarily foisting the ‘photographic memory’ of Recall upon them. 

Image: blogs.windows

At the time of setting up a Copilot+ PC, users will be given a clear choice to opt-in to saving snapshots using Recall. If you’re not into it, simply select No, don’t save and carry on.  

2. Recall needs authentication via face, fingerprint, or PIN

For those who choose to opt into the feature, Microsoft has also made Windows Hello enrollment mandatory to enable Recall. As such, you will have to authenticate using your face, fingerprint, or PIN when setting up Recall.   

3. Recall requires proof of presence to view timeline and search

Following on the Windows Hello requirement, you will also need to provide a proof of presence when viewing the Recall timeline or searching in Recall. That means every time you try accessing Recall, you’ll need to authenticate using Windows Recall. 

Image: blogs.windows

4. Recall’s search index database is now encrypted

Recall’s search index database, which was earlier left unencrypted and was a glaring security loophole, is also being encrypted. Although this should’ve been the case from the start, it’s good to see Microsoft listening to feedback and making the adjustments to secure the snapshots. 

5. ‘Just-in-time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS)

The now-encrypted data saved by Recall will be protected by additional layers of data security, including the Windows Hello Enhanced Sign-in Security (ESS). With it, your data remains encrypted until you authenticate and use the Recall app. When using Recall, the data is decrypted “just-in-time” for your use.  

6. Copilot+ PCs will have a Microsoft Pluton security processor

All Copilot+ PCs also have the Microsoft Pluton security processor enabled by default. Being a chip-to-cloud security technology, it helps protect your personal data and encryption keys even if your PC is infected by malware or is in the physical possession of someone else. 

7. Other ways Recall snapshots are protected

Apart from the recent changes made to Recall, there are other security features that remain unchanged. Here’s a quick look at them:

Local storage

All the snapshots captured by Recall are stored locally and on device. For the sake of both speed and security, at no point do the snapshots leave the device, even though users may not be willing to believe in Microsoft on this point.  

InPrivate browsing snapshots are not saved

Recall also doesn’t capture snapshots while you’re browsing privately. However, this is the case for Microsoft Edge only. If you’re a Chrome user, you’ll have to resort to the following means.

Pause, filter, and delete snapshots anytime

Recall can be paused or stopped altogether at any time. You can also filter apps and websites that you don’t want recorded from Recall’s Settings page. And in case you forget, you can always delete the snapshots manually. 

FAQ

Let’s consider a few commonly asked questions about Recall’s security on Copilot+ PCs.

Does Windows Recall use cloud to analyze your screenshots?

No, Windows Recall doesn’t use cloud to analyze your snapshots. All analyses is done by the on-device AI and your snapshots stay on your machine.

Can Windows Recall be uninstalled completely?

Since Windows Recall is a system feature, it can only be disabled, not uninstalled. 

Although trust in Microsoft is not exactly at a high, changes to Recall’s security and privacy features should assuage some users. Leaked internal memos also suggest that CEO Satya Nadella wants employees to prioritize security over anything else. 

We hope this guide helped you get clarity on the security and privacy adjustments that Microsoft has made to make the Recall feature a little less of a privacy nightmare. Until next time!

RELATED: Why Windows Recall Isn’t as Big a Privacy Threat as You Think