Microsoft is not giving up on its controversial Windows Recall, though says it will give customers an option to opt in instead of having it on by default, and will beef up the security of any data the software stores.
Recall, for those who missed the dumpster fire, was announced on May 20 as a “feature” on forthcoming Copilot+ Windows PCs. It takes a snapshot of whatever is on the user’s screen every few seconds. These images are stored on-device and analyzed locally by an AI model, using OCR to extract text from the screen, to make past work searchable and more accessible.
The ultimate goal for Recall is to record nearly everything the user does on their Windows PC, including conversations and app usage, as well as screenshots, and present that archive in a way that allows the user to remind themselves what they were doing at some point in the past and pull up relevant files and web pages to interact with again. The archive can be searched using text, or the user can drag a control along a timeline bar to recall activities.
But security testers have raised doubts about the safety of recorded information and have developed tools that can extract these snapshots and whatever sensitive information they contain. The data is for now stored as an easy to access non-encrypted SQLite database in the local file system.
This comes at a time when Microsoft is being roundly hammered for its vulnerabilities and poor security – and now the OS maker wants everyone to trust it more than ever. Recall is a boon for cyber-crooks as well as lawyers requesting discovery of someone’s computer, and a nightmare for anyone handling medical and other sensitive records.
As Kevin Beaumont, director of emerging threats for Arcadia Group (and a former Microsoft threat analyst) put it in a personal blog post, Recall “fundamentally undermines Windows security.”
And the more people looked, the worse things got for Recall. James Forshaw, a security researcher with Google’s Project Zero, wrote an analysis on Monday in which he explored how one might get access to the Recall database by gaining administrative privileges.
Two days later, he amended his post to observe that privilege escalation isn’t necessary as a user can simply deploy a readily available token that provides access to the Recall database. “Turns out I was wrong about Recall being secure,” he wrote.
Finally, after three weeks of withering criticism and acting as if everything is fine, Microsoft has decided to change a few things.
“Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards,” said Pavan Davuluri, corporate VP of Windows and Devices, in a blog post on Friday.
“With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.”
Davuluri said that henceforth Recall will be offered as an opt-in service during the set-up process for Copilot+ PCs rather than as a default. In addition, Microsoft will require enrollment in Windows Hello to enable Recall, as well as proof of presence when viewing your timeline or searching in the app.
Finally, Davuluri said that Microsoft is adding “additional layers of data protection including ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.”
Was there no one at Microsoft who looked at Recall and said: This really sucks
“We are on a journey to build products and experiences that live up to our company mission to empower people and organizations to achieve more, and are driven by the critical importance of maintaining our customers’ privacy, security and trust,” said Davuluri.
“As we always do, we will continue to listen to and learn from our customers, including consumers, developers and enterprises, to evolve our experiences in ways that are meaningful to them.”
Maybe next time, the listening and learning part will occur prior to the product release announcement.
“Obviously, I recommend you do not enable Recall, and you tell your family not to enable it too,” said Beaumont, in response to the Microsoft announcement, in a Mastodon post. ®