Microsoft has enhanced its Recall AI feature in Windows 11 for Copilot+ PCs with new security measures.

Description

Microsoft has introduced updates to the Recall AI feature in Windows 11 for Copilot+ PCs. These updates include making Recall optional [3] [4], requiring Windows Hello for access [3] [5], and encrypting all locally stored data. Users can now opt-in to save snapshots of their activity, with Windows Hello biometric authentication for secure proof of identity. A “proof of presence” is necessary to access the Recall timeline and search its contents [8]. Recall stores screenshots every few seconds and encrypts data until authentication, with “just in time” decryption for added security [2]. This feature will initially be available on Copilot+ PCs with Qualcomm processors, expanding to Intel and AMD systems later. Arm PCs can enable Recall using a third-party script. Despite these improvements, concerns remain about the effectiveness of the security measures in protecting sensitive information. Critics argue that Recall [1], like other AI products [1], is being rushed to market without adequate security measures [1]. Moreau suggests that AI could help identify sensitive data in Recall screenshots [1], but Microsoft has not explored this option [1]. The Recall rollback follows a series of cybersecurity incidents for Microsoft [6], prompting a renewed focus on security as a top priority [6].

Conclusion

Microsoft’s enhancements to the Recall AI feature in Windows 11 for Copilot+ PCs aim to address security concerns and improve user privacy. The introduction of new security measures, such as optional Recall, Windows Hello authentication [1] [5] [7] [9], and data encryption [8] [9], demonstrates a commitment to protecting sensitive information. However, ongoing concerns about the effectiveness of these measures highlight the need for continuous evaluation and improvement. As Microsoft continues to develop and refine the Recall feature, it is essential to prioritize security and privacy to ensure user trust and confidence in the product.

References

[1] https://www.darkreading.com/application-security/microsoft-modifies-recall-ai-feature-privacy-security-failings
[2] https://www.computerworld.com/article/2140187/microsoft-makes-windows-recall-opt-in-after-privacy-security-backlash.html
[3] https://www.pcgamer.com/software/operating-systems/microsoft-makes-recall-an-optional-feature-on-copilot-pcs-after-it-heard-a-clear-signal-from-the-public/
[4] https://www.thurrott.com/mobile/copilot-pc/303683/microsoft-provides-update-on-recall-addresses-complaints
[5] https://arstechnica.com/gadgets/2024/06/microsoft-makes-recall-feature-off-by-default-after-security-and-privacy-backlash/
[6] https://www.wired.com/story/microsoft-recall-off-default-security-concerns/
[7] https://liliputing.com/microsofts-recall-feature-for-copilot-pcs-will-be-opt-in-by-default-in-response-to-feedback-and-criticism/
[8] https://www.zdnet.com/article/after-brutal-critiques-microsoft-recall-will-get-these-major-privacy-and-security-changes/
[9] https://www.windowscentral.com/software-apps/windows-11/microsoft-addresses-windows-recall-backlash-promises-to-fix-security-issues-and-make-it-opt-in