Microsoft’s upcoming Recall feature in Windows 11 has ignited a firestorm of controversy due to significant security flaws uncovered during early testing. The initial version of Recall was designed to save screenshots and keep a plaintext database of user activities. However, it was discovered that this data could be easily accessed and stolen without administrative privileges, leading to serious privacy concerns. Additionally, the feature failed to redact sensitive information from its records.
Microsoft’s Swift Response
In light of the backlash, Microsoft has announced significant changes to Recall before its release on the first wave of Copilot+ PCs later this month. Pavan Davuluri, Corporate Vice President for Windows and Devices, emphasized the company’s commitment to user privacy and security. “We have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards,” Davuluri stated in a blog post.
To address these concerns, Microsoft will make Recall an opt-in feature by default. This means users will need to actively decide to enable it, a crucial change given that many users typically do not alter their default settings, thereby previously risking unintended data exposure.
Enhanced Security Measures
Microsoft is also introducing additional security measures. Users will now need to enable Windows Hello—a biometric and PIN authentication process—to use Recall. Each time a user wants to access the Recall app, they must authenticate via Windows Hello, whether through facial recognition, fingerprint scanning, or a PIN.
Moreover, both the screenshots and the SQLite database used for Recall searches will be encrypted and will require Windows Hello authentication for decryption. This enhancement addresses the critical issue where any user logged into the PC, or malware accessing the filesystem, could previously view and copy Recall data without restriction.
Development and Local Data Processing
Despite these updates, the current testing builds of Windows 11 still use the unsecured version of Recall. The new Surface hardware review units have been delayed to integrate these updates.
Microsoft has reiterated that all Recall data is processed locally and is never transmitted to Microsoft servers. Users will be notified when Recall is active via taskbar and system tray icons, and they can disable the feature or exclude specific apps or sites from being recorded at their discretion.
Ongoing Concerns from Security Experts
While Microsoft’s changes are a step in the right direction, concerns remain. Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory, highlighted potential risks with making Recall opt-in. She questioned whether users would be fully aware of their consent and raised concerns about the feature’s potential misuse by employers or domestic abusers. “There is simply no good reason for this feature; nobody was asking for it, and the non-creepy use cases are too minor to justify the creepy ones. It should be killed entirely,” Pfefferkorn argued.
The Purpose and Initial Criticism
Recall aims to help users locate previously viewed content on their devices. Initially, Microsoft claimed that users would have control over the type of screenshots collected and stored. These snapshots were to be kept locally and protected using data encryption. However, security professionals criticized these measures as insufficient, arguing that Recall could become another vector for data theft.
Proof-of-Concept Exploit Exposes Flaws
Security researcher Alexander Hagenah recently developed a proof-of-concept tool called TotalRecall, demonstrating how data could be extracted from the Recall feature. Hagenah urged Microsoft to recall and rework the feature and review the internal decision-making process that led to its initial release. “Encryption at rest only helps if somebody physically steals your laptop — that isn’t what criminal hackers do,” Hagenah explained, highlighting the persistent threat of InfoStealer trojans that could be adapted to exploit Recall.
Future of Recall on Copilot+ PCs
Recall is designed for Copilot+ PCs, a new category requiring fast neural processing units, at least 16GB of RAM, and 256GB of storage. Initially, Qualcomm’s Snapdragon X Elite and X Plus processors will power these PCs. Intel and AMD systems meeting the Copilot+ requirements will not be available until later this year, with no specified timeline for Copilot+ features on non-Arm PCs.