Friday, September 27th 2024

Microsoft Revamps Recall for Copilot+ PCs With a Focus on Security Concerns

Today Microsoft published an extensive blog post about the controversial Recall feature that was intended to launch with Copilot+ enabled Windows 11 PCs. To recap on Recall: Recall was announced as a service that creates and stores 'snapshots' of the user's activity on their PC, and uses the neural processing hardware within a Copilot+ certified machine to filter search requests by the user in order to find what they had previously seen. In effect, it took constant screenshots and would index the contents of those screenshots to assist with vague search queries. Saw a very funny picture in Discord a week ago and can't find it but can describe what it looked like? Search Recall and with the power of neural processing it would sift through its index of stored screenshots and attempt to provide you the exact image you described. Or, you could scroll back through the gallery of snapshots yourself to find what you wanted.

The idea of a program or service running in the background taking screenshots of your activity every few seconds yielded some pretty unsavory reactions from just about everyone. To assuage privacy concerns Microsoft did release an update in June committing to a broad set of security improvements to Recall before the preview would be available to test. This latest blog post titled, "Update on Recall security and privacy architecture", outlines more improvements on top of those announced back in June.
Here is the latest outline for Windows Recall:

Recall requires a Copilot+ PC running Windows 11
Copilot+ PCs are those that meet Microsoft's requirements for AI performance and features, as well as the Secured-core standard. To configure Recall at all a machine needs BitLocker, Device Encryption, TPM 2.0, virtualization-based protection of code integrity, Measured Boot, System Guard Service Launch, and Kernel DMA Protection.

Recall will be exclusively opt-in, remaining disabled by default
During initial Windows set up the user will be given a simple opt-in page for Recall with clearly marked "Yes, save" and "No, don't save" buttons to check. The option to save will continue on to configuring Recall, while the option to not save will disable Recall entirely, though it will not uninstall it. If a user skips past Windows' OOBE setup environment by some method and is never presented with this screen, Recall will default to being disabled.
Recall can be removed entirely at any time
Users will be given the option to completely uninstall and remove Recall from their PC at any time. This will hopefully not be the old "uninstall" Cortana fiasco from Windows 10, where the service would still linger in the background and opportunistically reinstall itself with every Windows update. Recall will be presented under the Optional Features menu for users to configure, and should remain uninstalled across updates.

Recall is tied to Windows Hello Sign-in Security and data is always encrypted
All snapshots and associated information are stored within a vector database and encrypted. The encryption keys are protected via TPM, are tied to only that user's Windows Hello identity, and can only be accessed within a Virtualization-based Security Enclave, or VBS Enclave. This means a PC that has multiple users will not allow each to snoop on the other's activity, even if they somehow get into another user's account all Recall data is protected behind biometrics. Services related to Recall operation are isolated and protected as well to safeguard them against malware. Measures for authentication rate limiting and anti-hammering will also be in place.

Security settings are also stored in the VBS Enclave just like encryption keys, and the same Windows Hello authorization will be required to make any changes. If any tampering is detected, the settings will revert to their secure defaults. A fallback access PIN can be configured after Recall has been set up to avoid losing access should any sensors required for Windows Hello be damaged.
Recall cannot capture private browsing, and more comprehensive privacy settings
Recall's default configuration will not capture snapshots of in-private browsing windows on any supported browsers (including Edge, Chrome, Firefox, and Opera) and users can configure filters to disable snapshots of specific websites or apps. Sensitive content filters are enabled by default using Microsoft's Purview privacy toolset, meaning Recall cannot capture passwords, national ID numbers and credit card information. Users also get options for how long snapshots are retained by Recall, how much disk space is utilized for captures, and for wiping any captures from a specified date range or app. A system tray icon for Recall will allow for pausing snapshots at any time, as well as indicate when snapshots are being saved.

After nearly six months of comprehensive security rework, Microsoft hopes to deliver the Recall preview to Windows Insiders in October for further testing before it decides to ship the feature to the masses.
Source: Microsoft
Add your own comment

77 Comments on Microsoft Revamps Recall for Copilot+ PCs With a Focus on Security Concerns

#1
Chaitanya
Win 11 is a spyware even without these "AI" features that costs too much for its worth.
Posted on Reply
#2
Soul_
How about a GTFO MS? I dont usually swear, but this "feature" takes the spyware context of this OS to the next level. So, pretty please with a cherry on top....
Posted on Reply
#3
Ravenmaster
This needs to be completely removed from the OS and never put on an OS ever again. Such an intrusive tool can be likened voyeurism. It can and it will eventually be hacked and abused.
Posted on Reply
#4
Steevo
Ahh the dying kicks of MS, they can't create anything new so they venture into the nuance of it all. The difference of 11 and 10.is like painting a room and calling it a new home, but installing cameras to see where else to make money.

Soon they will be a patent troll.
Posted on Reply
#5
lexluthermiester
@microsoft
Here's what we want: Choice. Stop forcing this crap on us. Let choose to use it, or not, as we see fit. If we choose not, it is fully removed(deleted) from our systems.

This is the only acceptable scenario.

(Hint: If you don't give us these options we will find a way for forcibly remove these unwanted things from our systems.)
Posted on Reply
#6
Lycanwolfen
Oh great Bit Locker has to be enabled. Our office went to Intune and Bitlocker and it turned into a complete nightmare sometimes. You cannot upgrade any hardware with bit locker 2.0 turned on so if you change say memroy or cpu you have to decrypt the drive. Then upgrade or ghost to new hard drive then you have to encrypt it again. Also some updates can cause bitlocker to ask for a key on boot up this pisses off our users quite a bit. Bitlocker is a total joke IF MS had not invented it ransomware would not have been invented as well.
Posted on Reply
#7
lexluthermiester
LycanwolfenOh great Bit Locker has to be enabled.
Yeah, that's a complete deal-breaker. Some people do not and will not use bitlocker.
Posted on Reply
#8
64K
Soul_How about a GTFO MS? I dont usually swear, but this "feature" takes the spyware context of this OS to the next level. So, pretty please with a cherry on top....
When you say, "No Microsoft. Leave me the hell alone with your unwanted features".

What MS hears, "Just push it on us harder and we will accept it".

MS is the most out of touch with their customers company on this planet.
Posted on Reply
#9
Fouquin
lexluthermiesterHere's what we want: Choice. Stop forcing this crap on us. Let choose to use it, or not, as we see fit. If we choose not, it is fully removed(deleted) from our systems.
Well the good news is it sounds like you'll be getting exactly what you want. Choice to install it, choice to uninstall it, and if you decide not to choose then you've still made a choice; it won't install and it won't enable.
LycanwolfenOh great Bit Locker has to be enabled.
That part stood out to me too. I understand why they're doing it. They want every single security feature they can muster thrown behind Recall so that nobody can argue it's a security risk. But... BitLocker is just bad. That said anyone worried about the security implications that also hates BitLocker will rejoice in the fact that no BitLocker means no Recall either. Two birds with one stone.
Posted on Reply
#10
lexluthermiester
FouquinWell the good news is it sounds like you'll be getting exactly what you want. Choice to install it, choice to uninstall it, and if you decide not to choose then you've still made a choice; it won't install and it won't enable.
They say that, but as you mentioned, they've said that before and not just with Cortana. It's been an ongoing problem with several unwanted apps. With Cortana, you had to uninstall the app, but the service was not only left intact but left running in it's default state. The only way to remove it is to hop into the CLI and delete it manually.
FouquinI understand why they're doing it. They want every single security feature they can muster thrown behind Recall so that nobody can argue it's a security risk.
That isn't an unfair thing, though it doesn't make it acceptable.
Posted on Reply
#11
jak_2456
This is just making me even more inclined to switch my XPS 15 7590 to Linux. I don't know who'd be comfortable with this on their PC!
Posted on Reply
#12
CosmicWanderer
I'm really happy to see that they're going all out on securing Recall. It's going to be a really useful feature for me, but I was ready to completely disable it if it was released as-is. Looks like I won't have to do that anymore.

I'll only be enabling it on my productivity PC and laptop though. I have no need for it on my gaming PC.
Posted on Reply
#13
umeng2002
Optional? Or do you only have the option to "delete" the data it collects?
Posted on Reply
#14
Hyderz
Dear Microsoft can you not try to break things and improve upon existing platform first
Posted on Reply
#15
JLP
So glad I switched to GNU/Linux years ago when Windows was already bad. And every time I have to use the new versions of Windows at work it has just gotten more terrible. Just bloated spyware and adware. And getting worse, slowly boiling the frogs.
Posted on Reply
#16
GoldenX
Yet more reasons to use LTSC builds until frog-protocols or wayland-experimental shows up on Linux distros.
Posted on Reply
#17
_roman_
Some People do not care for privacy. Some are just talkers and will never change from their MS Windows and Iphones.

There are other choices for operating systems. Hardly anyone talks about Freebsds.
lexluthermiesterYeah, that's a complete deal-breaker. Some people do not and will not use bitlocker.
Some people will not use a microsoft windows online account, secure boot and tpm.
Posted on Reply
#18
phanbuey
leave it to microsoft to come up with the most unappealing use of consumer AI...

"Hey bro AI is really cool. What if it like... watched you and remembered EVERYTHING YOU DO ON YOUR COMPUTER!?!?!"

"Have you ever thought... Gee I wish a something could watch me 24/7, in a non-biblical, literal sense?"

"Well now it can - THANKS MICROSOFT!"

Posted on Reply
#19
N3utro
I imagine how Microsoft staff reunions go:

- Our popularity is falling off, what should we do?
- Let's put all our efforts on something nobody requested, something very intrusive, with no protection, that everyone will hate.
- Sounds good, let's do it!
Posted on Reply
#20
Broken Processor
I can't help but think about the horrible work place implications. I know that screen recording has been available for over 20 years and your boss was able to watch everything you did but Recall is basically free with being included with the OS and I'd be very surprised if someone including Microsoft isn't already working on a front end client to view these screenshots with ease like tabing right in your photo gallery and when not if it will happen it will make it all easier to abuse.
Posted on Reply
#21
SL2
lexluthermiesterYeah, that's a complete deal-breaker. Some people do not and will not use bitlocker.
Deal breaker for what? You're interested in Recall?

I see no problem with this sentence. Or am I missing something lol
"To configure Recall at all a machine needs BitLocker"
Posted on Reply
#22
Squuiid
Nobody wants, nor asked for, this Microsoft. Bin it.
Posted on Reply
#23
close
FouquinWell the good news is it sounds like you'll be getting exactly what you want. Choice to install it, choice to uninstall it, and if you decide not to choose then you've still made a choice; it won't install and it won't enable.



That part stood out to me too. I understand why they're doing it. They want every single security feature they can muster thrown behind Recall so that nobody can argue it's a security risk. But... BitLocker is just bad. That said anyone worried about the security implications that also hates BitLocker will rejoice in the fact that no BitLocker means no Recall either. Two birds with one stone.
If only. I bet they'll eventually enable it and just claim the user is responsible for the lack of security if they choose to leave BitLocker disabled. Because eventually it will surface that Recall is for Microsoft so they need it on every PC.
Posted on Reply
#24
AusWolf
How could a living human being ever think this was a good idea is beyond me.
phanbueyleave it to microsoft to come up with the most unappealing use of consumer AI...

"Hey bro AI is really cool. What if it like... watched you and remembered EVERYTHING YOU DO ON YOUR COMPUTER!?!?!"

"Have you ever thought... Gee I wish a something could watch me 24/7, in a non-biblical, literal sense?"

"Well now it can - THANKS MICROSOFT!"

Imagine a popup in the middle of a call with your boss:
"Hey, remember that porn clip you watched 2 weeks, 3 days, 6 hours and 18 minutes ago on your browser in incognito mode? Well, we do, and we thought you might like these, too."
Posted on Reply
Add your own comment
Oct 13th, 2024 18:46 EDT change timezone

New Forum Posts

Popular Reviews

Controversial News Posts