img.aligncenter {
aspect-ratio: 1.5740291262136;
}
img.aligncenter {
aspect-ratio: 1.8142681426814;
}
img.aligncenter {
aspect-ratio: 1.7798377752028;
}
Microsoft
Microsoft has just released an update concerning the security and privacy safeguards in Recall. The blog post outlines the measures Microsoft is taking to prevent a data privacy catastrophe, including security architecture and technical controls. Many of the features highlight that Recall is optional, even though Microsoft recently confirmed that it cannot be uninstalled.
Microsoft’s post is extensive and covers nearly every aspect of the security challenges that its new AI assistant has to face. One of the key design principles is that “the user is always in control.” Users will have the option of whether to opt in and use Recall when setting up their new Copilot+ PC.
Recommended Videos
Microsoft also notes that Recall will only operate on PCs that are eligible for Copilot+, and this comes with a set of stringent hardware requirements that enhance security. This includes Trusted Platform Module (TPM) 2.0, System Guard Secure Launch, and Kernel DMA Protection.
Microsoft
Let’s return to the fact that the user has control over what Recall can or cannot access. During the setup process, you can choose whether to use it or not; if you don’t choose to use it, it will be disabled by default. Microsoft now also states that you can completely remove Recall from the Windows settings, although it’s unclear whether this means it will be uninstalled from the PC entirely.
If you choose to opt in, you can filter out certain apps or websites and prevent Recall from saving data related to them. Incognito browsing will also not be saved. You will be able to control how long Recall retains your data and how much disk space you are willing to allocate for those snapshots. And if you ever want to delete something, you can get rid of snapshots from a certain time period or all content from a specific website or app. In summary, everything in Recall can be deleted at any time.
Microsoft is also adding an icon to the system tray. This will indicate whether Recall is currently collecting snapshots, and you can pause this at any time. Additionally, you won’t be able to access Recall content without biometric credentials, meaning the use of Windows Hello.
Microsoft
Microsoft promises that sensitive data in Recall is always encrypted and protected through the TPM and tied to your Windows Hello identity. Other users on the same PC will not be able to access your Recall data; it will only be accessible within the Virtualization-based Security Enclave (VBS Enclave). That is where all the Recall data resides, and only selected bits are allowed to leave the VBS when requested.
Microsoft also described the Recall architecture in more detail, saying: “Processes outside the VBS Enclaves never directly receive access to snapshots or encryption keys and only receive data returned from the enclave after authorization.” Sensitive content filtering is also in place to filter out things like passwords, ID numbers, and credit card details from what Recall can remember.
Lastly, Microsoft says that it is working with a third-party security vendor to conduct a penetration test and confirm that Recall is secure. All in all, it seems that the company has done its homework, but we will have to wait and see how it all unfolds when Recall becomes widely available.
Will these new measures be sufficient to alleviate the concerns of those who have been boycotting Recall from the very beginning? It’s difficult to say, but it is clear that Microsoft is aware of the controversies and is taking steps to prove that its AI assistant can be trusted.