Microsoft upgrades security and privacy measures for controversial 'Recall' feature
What's the story
Microsoft has rolled out some new security measures for its controversial Recall feature, which is set to be introduced in the upcoming Windows 11 update.
The tech giant faced criticism over potential privacy issues with the feature, which continuously captures screenshots of user activity.
Critics argued that this information was not being securely stored, leading to a delay in its rollout for Windows Insider beta testers.
New protocols
Recall's security measures: Opt-in and biometric authentication
Microsoft has responded to the backlash by announcing stricter security measures for Recall in June.
The company has now made the feature opt-in by default and will require biometric authentication through Windows Hello for access.
Additionally, the screenshot database will be encrypted to further enhance user privacy and data protection.
These changes are part of Microsoft's strategy to address concerns about potential misuse of personal information captured by the Recall feature.
Enhanced security
Snapshots and related data to be protected
Microsoft has dropped some details about Recall's security features.
The company said that Recall's snapshots and related data will be protected by VBS Enclaves, a software-based trusted execution environment (TEE) within a host application.
They also highlighted that encryption will be key to the entire Recall experience.
"Recall also protects against malware through rate-limiting and anti-hammering measures," said David Weston, Microsoft's VP of OS and enterprise security.
Privacy assurance
User control and privacy settings
Weston said that users will always have control over their data with Recall.
By default, it won't save private browsing data from supported browsers like Edge, Chrome, and Firefox.
It will also have sensitive content filtering on by default to prevent storing information such as passwords and credit card numbers.
External evaluation
Third-party security review of Recall
Microsoft has announced that Recall has undergone a security review by an unnamed third-party vendor, who conducted a penetration test and security design overview.
The Microsoft Offensive Research and Security Engineering team (MORSE) has been testing the feature for months.
These steps are part of Microsoft's efforts to ensure robust security for the Recall feature, in response to initial criticisms about potential privacy risks.