Back in May, Microsoft unveiled one of its most controversial features called Recall. The company then “recalled” the feature as it faced some massive backlash from the tech community. Well, Microsoft doesn’t want to give up this feature, as it announced that Recall will return, and it will be safer.
If you don’t remember, Recall was a feature that would basically take screenshots of everything you do on your computer. If you ever needed to retrace your steps and recall something that you did online, you could ask the tool. It will use AI to find what you were doing.
For example, if you created a file on your computer, and you forgot where you put it, you can ask the tool about the file, and it will be able to remember where you put that file and help you surface it. This is the gist of Recall.
So, it seems like a useful feature to help you recall files, folders, applications, webpages, and so on when you can’t seem to remember them. It’s a useful feature in and of itself, but that’s not to say that it didn’t have its fatal flaws.
Windows Recall was a privacy nightmare, and the tech community picked up on it quickly. Users found out that the files that Recall stored, which had snapshots of EVERYTHING you did on your computer, were stored in an easily accessible location in an easily readable format. If someone gains access to your computer, they’d be able to find these files and have a play-by-play of everything you do on your computer.
Windows Recall will return with some safety improvements
Microsoft was quick to take this feature down, but that didn’t mean that it was finished with it. Today, Microsoft announced that Recall is not dead, and it will be landing on Microsoft Copilot+ PCs in November.
The company wants to extinguish any worries that people might have, so it made a lengthy blog post about what it plans to do to make it more secure. Going forward, the screenshots that the feature produces will be encrypted, which was one of the biggest gripes that people had.
Microsoft will encrypt the screenshots, and protect those keys using VBS Enclaves. This is a secure “software-based trusted execution environment (TEE) inside a host application.” The keys will basically be stored away in an environment separate from the rest of your system.
Next, Recall will only be active if you opt-in to it. You’ll have the option to opt-in when setting up your computer. If you decide that you don’t like the feature, then you’ll be able to disable it altogether.
Protecting what matters most
Since Recall took a snapshot of everything you did on your computer, people wondered about sensitive information like passwords. Well, Microsoft stated that Recall will not store any sensitive data like passwords. It’ll filter this information so that, just in case someone does access your snapshots, they won’t have access to it. The feature also won’t save your data across different browsers.
Microsoft wants to do it right this time
So, it’s clear that the company wants to make Recall as air-tight as a Ziploc bag. As such, it had the feature looked at by a third-party company, but it didn’t tell us what company it tapped. This company did a penetration test to see how easy it is to access the encrypted data. Along with that, the company’s internal research team MORSE (Microsoft Offensive Research and Security Engineering) tested it out.
These are all security measurements that the company should have implemented from the get-go, to be honest. The security measures that the company initially used were laughable. It almost seems like Microsoft rushed the feature to the market to keep pace with the competition. Hopefully, that’s not the case, as privacy and security are much more important than the latest and shiniest AI features.
