September 27, 2024 at 01:46PM
Microsoft has revamped the controversial Windows Recall feature with enhanced security measures, including proof-of-presence encryption and anti-tampering checks. The AI-powered technology, which creates a searchable digital memory of user activity, will now be turned off by default and comes with tools for permanent deletion. The redesign aims to address privacy and security concerns.
From the meeting notes, it appears that Microsoft has made significant updates to the security architecture of the Windows Recall feature in response to concerns about privacy and security risks. The updates include the implementation of proof-of-presence encryption, anti-tampering and DLP checks, and the management of screenshot data in secure enclaves outside the main operating system.
The feature, which utilizes artificial intelligence to create a searchable digital memory of user activities on a Windows computer, will now be turned off by default and equipped with tools to permanently delete it from the operating system. Users will also have the option to completely remove the feature if they choose not to use it.
The revamp of the security architecture aims to reduce the attack surface on Copilot+ PCs and minimize the risk of malware attackers targeting the screenshot data store. The snapshots and associated information will be encrypted with keys protected by the Trusted Platform Module (TPM) and tied to a user’s Windows Hello Enhanced-Sign-in Security identity.
Importantly, Recall will now be an “opt-in experience” during setup, with users having to proactively choose to activate it. Access to Recall’s settings or user interface will be controlled by Windows Hello Enhanced Sign-in Security, and actions like changing settings will require user presence verification via camera or fingerprint sensor.
Furthermore, the system leverages a just-in-time authorization model, where access is granted temporarily, and all data is removed from memory when the session ends. DLP technology from the Microsoft Purview enterprise product is also integrated to proactively block private information from being stored in Recall and offer users the ability to filter specific apps or websites, determine data retention periods, and limit disk space allocation for snapshots.
Additionally, Recall is designed to never save data from in-private browsing sessions and offers users the ability to delete specific data from a range of time, content from individual apps or websites, or clear all stored information. Real-time visibility into when snapshots are being saved, along with the ability to pause the feature at any time, will be facilitated by a system tray icon.
Overall, these updates aim to address the privacy and security concerns related to the Windows Recall feature and provide users with more control over their data and the use of the feature itself.