Microsoft Alters Recall on Copilot+ Windows PCs to Address Privacy Concerns

Why Trust Techopedia
Key Takeaways

  • Microsoft is changing Recall to tackle privacy and security concerns.
  • There will be stricter security and a clearer opt-in request.
  • Researchers were concerned Recall was too easy to compromise.

Microsoft is changing how the Recall feature will work on Copilot+ Windows PCs following criticisms of its privacy and security.

The setup process will provide a “clearer” opt-in to the functionality, which lets you search for files, websites and other content in your computer’s timeline. You’ll need Windows Hello authentication to enable Recall, and will have to be physically present to both look at your timeline and conduct searches.

Microsoft is also adding more security layers, including just-in-time decryption that only works when you authenticate with Hello. The search index database will now be encrypted, too.

All the modifications will be ready in time for the Recall preview’s release on June 18th.

Recall works by taking snapshots of system activity every five seconds and locally analyzing those shots for content. Ideally, you can find something even if you don’t remember its name. It’s not so much an Apple Time Machine-style backup as it is an advanced system search.

As unveiled, though, Recall raised privacy and security fears. Researcher Alex Hagenah determined that Recall’s database was unencrypted plain text, making it a potentially easy target for anyone who has compromised a PC’s security. Information stealing tools already exist, but Recall might have made it easier to grab that data.

The modifications theoretically make it that much harder for someone to infiltrate Windows and grab Recall content. It’s too soon to say how these updates will work in the real world, but they might reassure users who would otherwise avoid Copilot+ PCs.