Microsoft has once more delayed the rollout of Windows Recall, an AI-powered feature designed for Copilot+ PCs, reports The Verge. Initially scheduled for testing with Windows Insiders in October, Recall’s release is now expected in December. Senior product manager Brandon LeBlanc confirmed the delay, citing the company’s focus on security and privacy improvements. “We are committed to delivering a secure and trusted experience,” he emphasized, as the company continues to address concerns that have haunted Recall since its announcement in May .
The Long Road to Make Windows Recall Secure
Windows Recall was introduced at Build 2024 as a tool to capture and organize snapshots of on-device user activities, making them searchable through Copilot. The initial excitement quickly gave way to controversy, however, as privacy advocates raised alarms over potential data security issues. Tests revealed that data was stored unencrypted, posing significant risks. Microsoft responded by delaying the June launch and implementing stringent measures like encryption and automatic sensitive data filtering.
On September 30, Microsoft announced key updates to Windows Recall, including a feature powered by Microsoft Purview. This tool, commonly used for enterprise data protection, now automatically censors sensitive information such as passwords and credit card numbers. The processing is done entirely on-device, ensuring that this data remains secure and never leaves the user’s PC.
Technical Safeguards: How Recall Protects User Data
To address the security concerns that marred its early development, Microsoft has overhauled Recall’s data protection framework. Screenshots are now encrypted and stored within Virtualization-Based Security (VBS) enclaves, isolated from the rest of the operating system. These enclaves create secure memory regions that malware cannot access. Additionally, each snapshot is protected with a unique encryption key stored in the Trusted Platform Module (TPM), a hardware-based security component that secures cryptographic keys. Only the device’s owner can view these snapshots, using biometric authentication through Windows Hello.
Despite these robust measures, critics are still skeptical. Mozilla’s Chief Product Officer, Steve Teixeira, has pointed out the risks associated with Recall storing browser history and user-inputted data. “Even with encryption, the feature could create new vulnerabilities, especially on shared computers,” he warned. Teixeira’s concerns highlight the persistent fear that Recall, if compromised, could expose users to cyberattacks.
From Privacy Backlash to Opt-In Features
For now, Recall is exclusive to Copilot+ PCs, which must support high-level security features like TPM 2.0 and BitLocker encryption. These devices also leverage Secured-core protections to defend against attacks targeting the hardware and firmware layers. Microsoft’s decision to limit Recall’s availability to such secure devices has been both praised for its safety measures and criticized for restricting access.
Facing pressure from privacy advocates and regulators, Microsoft has made Recall an opt-in experience. Users must explicitly activate the feature, and even then, they can choose to pause or delete stored data. The European Commission’s Digital Markets Act may also force Microsoft to make Recall fully removable in the EU, similar to measures previously enacted for Edge. In August, Microsoft introduced an option to uninstall Recall through the Windows Features list, though this initially appeared in the Control Panel as a bug.
Recent updates to Recall’s interface include a grid layout for snapshots and a Topics feature that categorizes user activity. Copilot integration has been expanded, enabling users to search for images, describe content, and open related apps directly from the Recall dashboard. These features are aimed at improving usability, but whether they are enough to overcome privacy criticisms remains uncertain. Microsoft is expected to roll out these improvements for public testing in December, but the clock is ticking.
Community-Driven Alternatives
While Microsoft continues refining Recall, developers have launched open-source tools that mimic its functionality. OpenRecall, for example, is compatible with Windows, macOS, and Linux, using Hugging Face AI components. However, OpenRecall lacks crucial security features like encryption, raising similar concerns. The community’s interest in such tools suggests demand for a more transparent and customizable version of Recall, but experts caution against the security risks they pose.
Windows enthusiast Albacore has developed Amperage, an app that brings Recall-like features to x86 systems using Intel and AMD processors. Recall was originally intended for ARM64 hardware, but Amperage broadens its accessibility. Users should be aware, however, that installing third-party software comes with its own set of risks, and Amperage is still a work in progress.
Last Updated on November 7, 2024 2:14 pm CET