- The Windows Recall database and snapshots will now be encrypted on the computer.
- You will also have to sign in every time you want to access your timeline.
- The Windows 11 Setup will include an option to enable or keep the controversial feature disabled.
In light of the increased number of complaints, Microsoft has listened and announced critical changes to fix the security and privacy concerns for the Windows Recall feature, which is expected to arrive with the release of Windows 11 24H2 for Copilot+ PCs.
Windows Recall is a new feature that records everything you do on your computer by taking screenshots every few seconds and then uses multiple on-device AI models to scan and understand the content and content and make the information available for search using natural language.
Although it could be a really helpful feature, shortly after the original announcement, it was discovered that Recall wasn’t as secure as it was believed to be since the snapshots and database were easily accessible and stored in clear text that could make it easier for hackers to target this data to scrape your information. (I have created instructions detailing how to access your Windows Recall data on Windows 11.)
However, things are now changing. In short, the company will be adding several extra protection layers. For example, it will encrypt the Recall data on the computer, and Windows Hello authentication will be required to access the timeline. Also, you will have a new setting during the setup to enable or disable the feature even before getting to the desktop.
Windows Recall AI upcoming security changes
Right from the start, the Windows 11 Setup experience (or the Out-of-box Experience (OOBE)) will include a setting that clearly helps users choose to turn the Recall AI feature on or off.
Originally, Microsoft was planning to enable the controversial feature by default, but that’s no longer the case.
Also, the controversial feature will now be tied to Windows Hello, which means that if you don’t configure a PIN, face, or fingerprint as an authentication method, you won’t be able to enable the Recall AI feature.
Once you turn on the feature, the system will require “proof of presence” to access the “Recall” app, meaning that you will have to authenticate using Windows Hello to access your timeline. So, if you leave your computer signed in and step away, no one can access your timeline.
However, the company doesn’t specify whether the app will time out after a specific time of inactivity. If you leave the timeline open, other people may be able to access your information if you step away from the computer.
Microsoft has also taken a more aggressive approach to encrypting the data that Windows Recall collects to operate. First, the company is enabling the Windows Hello Enhanced Sign-in Security (ESS) to add the “just in time” description capability so that the Recall snapshots are encrypted on the device and will only be decrypted when you sign in to your computer using Windows Hello.
Furthermore, and perhaps more importantly, the Windows Sematic Index, the database that holds the information Recall collects from your activities, will now be encrypted.
These new changes are in addition to the previously announced security precautions, which include Secured-core PCs offering advanced firmware safeguards and dynamic root-of-trust measurement to help protect from chip to cloud, the Microsoft Pluton security processor to protect credentials, identities, personal data, and encryption keys, and the Windows Hello Enhanced Sign-in Security (ESS) implementation to offer biometric sign-in to access the feature.
Microsoft also emphasizes that the screenshots and any data the feature collects will stay on your computer and won’t be uploaded to the cloud, nor will any information be used to train its AI models.
Also, the feature has been designed so that if it’s enabled, the Recall icon will appear in the System Tray of the Taskbar, which you can move or remove while the feature is turned on.
If you use Google Chrome, Microsoft Edge, or another Chromium-based browser, the controversial timeline feature captures your activities while using InPrivate or Incognito mode. Also, the feature won’t screenshot content with digital rights.
You can also pause, resume, or disable the Windows Recall feature anytime. Or you can configure the settings to exclude apps and websites you want the feature to track.
Furthermore, at any time, you can delete one or every snapshot that the feature has taken from the “Recall & snapshots” settings page.
The company says it’s taking action even before the Windows Recall feature becomes available on June 18, 2024. It’s important to note that the feature will be exclusive to Copilot+ PCs, meaning that computers currently compatible with Windows 11 won’t be able to run this feature.
Do you think that these changes are enough for you to trust the Recall feature on Windows 11? Let me know in the comments.
Update June 14, 2024: Microsoft has announced that it is temporarily pausing the rollout of the Windows Recall AI feature as it needs more time for testing and ensuring security. As a result, Copilot+ PCs won’t get the feature on June 18.