Microsoft recently announced changes to its new Windows feature, Recall, to address security concerns. Originally, Recall was intended to provide an AI-enabled memory for devices. However, criticisms have likened it more to a defective product recall due to privacy issues.
Up to now, Recall was enabled by default on Copilot+ compatible versions of Windows. Still, with this change Microsoft has made it an opt-in feature, adding new security measures to encrypt data and require authentication for access. “We are updating the setup experience to give users a clearer choice to opt-in to Recall,” stated Pavan Davuluri, Microsoft’s corporate VP for Windows and devices.
Security experts have criticized Recall for storing a screenshot of users’ activity every five seconds, comparing it with spyware. This data, including sensitive information like bank logins and passwords, was stored locally on users’ machines, making it accessible to hackers. Dave Aitel, a former NSA hacker, explained that any brief system breach could expose a user’s entire history.
To improve security, Microsoft implemented required identity verification through its Microsoft Hello authentication function whenever Recall is enabled or accessed. This includes PIN or biometric checks. Recall’s data will remain encrypted until the user authenticates.
Jake Williams, another former NSA hacker, acknowledged these improvements but still sees risks. Williams highlighted that users might still enable Recall due to Microsoft’s marketing, facing potential privacy issues from domestic abusers, subpoenas, or lawsuits.
Microsoft’s recent cybersecurity incidents, including data leaks and breaches, have heightened scrutiny. CEO Satya Nadella emphasized prioritizing security in a recent memo. However, the initial Recall rollout seemed to contradict this priority, reflecting Microsoft’s pattern of launching features, facing backlash, and then rushing to fix security flaws.