David Weston, Microsoft’s VP for enterprise and OS security, posted an update on the privacy measures for Recall in the company’s blog.
Weston expanded on Microsoft’s privacy and security measures to address the community’s concerns. Here are a few takeaways from the article.
A Quick Reminder
The Recall feature captures screenshots of the device’s activity to help users visually search through them. Since the announcement in May, Recall has met a significant backlash in the community.
Check out this article if you want to refresh your memory on the feature.
Recall | Source: Windows blog
An Opt-In Feature
Weston states that Recall is an opt-in feature. This means that no data will be captured or stored if the feature is not enabled.
“If a user doesn’t proactively choose to turn it on, it will be off, and snapshots will not be taken or saved.” He writes in the article. “Users can also remove Recall entirely by using the optional features settings in Windows.”
Microsoft added the option to uninstall the feature only recently, and as the company stated earlier, it was initially meant only for European users.
Security Model
Weston details that snapshots and associated data are encrypted and stored locally. Encryption keys are secured using the Trusted Platform Module and protected in VBS Enclave, which segments memory, providing isolation and protection against system-level attacks. Security architecture includes measures like rate-limiting and anti-hammering to protect against malware.
According to the blog post, data is available only after biometric authentication using Windows Hello.
Security architecture | Source: Windows blog
Privacy Design
Weston states that Recall won’t share snapshots with Microsoft. Users will be able to delete snapshots or turn the function off at any time. According to the blog post, they will be in control over what data is stored, being able to filter out specific apps or sensitive content to “reduce passwords, national ID numbers, and credit card numbers from being stored in Recall.”
Only on Copilot+ PCs
The Recall feature will only operate on Copilot+ PCs that meet the Secured-core standard and include:
- BitLocker and Device Encryption TPM 2.0
- Virtualization-based security and hypervisor enforced code integrity
- Measured Boot and System Guard Secure Launch
- Kernel DMA Protection against peripheral attacks
Security Reviews
According to Weston, Microsoft conducted a set of security assessments, including penetration tests, an independent security design review, and a Responsible AI Impact Assessment.