Microsoft updates controversial Recall feature amid security concerns

10 Jun 2024

Image: © A2Z AI/

Microsoft will give users a ‘clearer choice to opt in’ to the Recall feature, which aims to help users find content more easily by taking regular screenshots of their activities.

Microsoft has announced some updates to the Recall feature for Copilot+ PCs after security experts raised concerns about the feature.

The Recall feature helps users find content that they have previously seen on their Copilot+ PCs by taking regular screenshots of a user’s activities. These screenshots are then encrypted and stored on the PC for users to access when needed.

But various security experts have spoken out against this optional feature, raising issues around privacy and cybersecurity, as stored data is always a target for criminals. In response to these concerns, the UK’s Information Commissioner’s Office is looking into the Recall feature.

Other experts claim to have found distressing security flaws within this feature. A former NASA hacker claimed it would be easy to gain access to all of a user’s data by penetrating a computer for “even a second”, Wired reports. Last week, one security researcher told WindowsCentral that the data Recall collects is actually unencrypted when a user is logged on to their device.

In response, Microsoft has shared some updates that will go into effect before the Recall preview is made available to customers on 18 June. One of these updates is to give users a “clearer choice to opt in” when setting up their Copilot+ PCs.

Pavan Davuluri, Microsoft’s corporate VP of Windows and devices, said that Recall will be off by default unless users “proactively choose to turn it on”. He also said that Windows Hello enrollment is required to enable the Recall feature.

“In addition, proof of presence is also required to view your timeline and search in Recall,” Davuluri said. “We are adding additional layers of data protection including ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security so Recall snapshots will only be decrypted and accessible when the user authenticates.”

Microsoft also reiterated the security aspects to this Recall feature, such as having screenshots stored locally on Copilot+ PCs. The company also said these screenshots will not be used to train the AI on these PCs.

“As we always do, we will continue to listen to and learn from our customers, including consumers, developers and enterprises, to evolve our experiences in ways that are meaningful to them,” Davuluri said.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic