At the Copilot+ PC event, Microsoft introduced the highly anticipated Recall feature, which captures screenshots of your screen and performs AI analysis in the background. This allows you to later retrieve activities and information through semantic search. However, just days after the announcement, a security researcher uncovered several vulnerabilities in Recall’s implementation, labeling it a potential privacy nightmare.
The primary concern was that once a user logged in, the vector index remained unencrypted, leaving it accessible to any app or script. Additionally, Recall was enabled by default with no option to disable it during the onboarding process.
After significant public outcry, Microsoft has addressed the issue. In a blog post, Pavan Davuluri, Microsoft’s VP for Windows and Devices, confirmed that users can now choose to enable or disable Recall during the onboarding process, making the feature opt-in by default, which is a positive approach.
Microsoft is now enhancing Recall’s security with an added layer of protection. The local database will stay encrypted and will only be decrypted when the user authenticates through Windows Hello, utilizing the Windows Hello Enhanced Sign-in Security (ESS) for “just-in-time” decryption.
Additionally, accessing your activity history and timeline in Recall will now require Windows Hello authentication for added security. This means that enrolling in Windows Hello is a strict prerequisite for using the Recall feature. This update addresses concerns that law enforcement or abusive partners could exploit the Recall timeline to uncover sensitive information without the user’s consent.
Moreover, Microsoft has clarified that “Recall doesn’t share snapshots with other users signed into the same device, and per-user encryption ensures that even administrators cannot access other users’ snapshots.” We’ll need to test whether snapshots are truly inaccessible to other users on the same PC.
These changes to Recall are set to take effect before the Copilot+ PCs launch on June 18. It’s clear that Microsoft has made significant improvements based on user feedback, which should help in building user trust. I’m also pleased to see that Microsoft has made Recall an opt-in feature by default.
Will you take advantage of this new AI feature, or will you choose to disable Recall on your PC? Let us know in the comments below.
0 Comments