Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns

JUN 08, 2024

Jun 08, 2024


Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in.

Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by capturing screenshots of what appears on users' screens every five seconds, which are subsequently analyzed and parsed to surface relevant information.

But the feature, meant to serve as some sort of an AI-enabled photographic memory, was met with instantaneous backlash from the security and privacy community, which excoriated the company for having not thought through enough and implementing adequate safeguards that could prevent malicious actors from easily gaining a window into a victim's digital life.

The recorded information could include screenshots of documents, emails, or messages containing sensitive details that may have been deleted or shared temporarily using disappearing or self-destructing formats popular on instant messaging platforms.

WIRED's Andy Greenberg called Recall an "unrequested, pre-installed spyware built into new Windows computers." Windows Central reported that Microsoft was "overly secretive" about Windows Recall during development and chose not to test it publicly.

In an effort to counter the mounting barrage of criticism, Microsoft said users are in complete control of the entire Recall experience and that it launched the feature in preview to help gather customer feedback.

Among the substantial changes introduced to the feature include security updates and a new setup process to enable it, giving users a choice to entirely opt out of periodically saving screenshots using Recall.

The security changes also require users to enroll for Windows Hello biometric scanning to enable Recall, with proof of presence necessary in order to view the timeline and perform searches.

Besides encrypting the search index database (which previously was stored in an unencrypted SQLite database), the tech giant noted that Recall snapshots will only be decrypted and accessible upon user authentication.

"Copilot+ PCs will launch with 'just in time' decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates," Pavan Davuluri, Microsoft's corporate vice president for Windows + Devices, said.

"This gives an additional layer of protection to Recall data in addition to other default enabled Window Security features like SmartScreen and Defender which use advanced AI techniques to help prevent malware from accessing data like Recall."

Redmond further reiterated that Recall snapshots are stored and processed locally on-device and that they are not shared with other companies or applications. It also said users can pause, filter, and delete what's saved at any given point in time.

For users on managed work devices within enterprise environments, IT administrators have the control to disable Recall, although they cannot enable it themselves. Microsoft emphasized that the choice is solely left to the users.

"You'll see Recall pinned to the taskbar when you reach your desktop," Davuluri said. "You'll have a Recall snapshot icon on the system tray letting you know when Windows is saving snapshots."

"Turns out speaking out works," security researcher Kevin Beaumont, who was a vocal critic of Recall's original implementation, said. "There are obviously going to be devils in the details – potentially big ones – but there's some good elements here. Microsoft needs to commit to not trying to sneak users to enable it in the future."

"I think overall having a choice around opting in on home systems will save a lot of people security problems further down the line. It never should have been enabled by default."

Microsoft's course reversal comes in the midst of a series of security debacles the company has faced in recent years at the hands of Russian and Chinese nation-state actors, prompting the company to prioritize security above all else as part of its Secure Future Initiative (SFI).

"If you're faced with the tradeoff between security and another priority, your answer is clear: Do security," Microsoft CEO Satya Nadella said in a memo issued to his employees last month. "In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems."

Found this article interesting? Follow us on Twitter ? and LinkedIn to read more exclusive content we post.