Under fire for a week, Microsoft has just announced several major changes to strengthen the security of the new Recall function in Windows 11.
It’s been a week of high tension for Microsoft and it must have put the nerves of its teams to the test. On May 20, the Redmond firm unveiled to the world a whole new category of Windows computers powered by artificial intelligence, identified by its PC Copilot+ label. To illustrate the capabilities of these new machines, Microsoft highlighted several innovative functions for Windows 11, including the famous Recall, a kind of super omniscient history based on AI which we told you about in a previous article.
Unfortunately, what was to be the standard-bearer of the new Copilot+ family of PCs quickly aroused legitimate fears, even outright hostility, from Windows users. Beyond questions about the revolutionary or dystopian nature of the Recall function, many people have looked into its concrete implementation and the possible security flaws that it could present. As we explained to you in an article at the beginning of the week, a French cybersecurity researcher sharply alerted the company to major security gaps discovered in the new function.
Throughout the week, the media and many specialists have echoed the real concerns weighing on Recall. Very bad press, which Microsoft would certainly have done without as the release of the first Copilot+ PCs approaches, scheduled for June 18. So much so that the company has just published a long blog post, in which it announces that it is making several radical changes to the Recall function, less than two weeks before its official deployment, in order to put out the fire and provide concrete responses to the security problems identified.
Windows 11 Recall: three major changes for AI super history
In a very polite formulation, typical of crisis communication, Microsoft therefore announces that it has “heard a clear signal” from its users and is making significant changes which “will come into effect before the delivery of Recall (Preview) to customers June 18. Three major changes are presented, all of which aim to improve security, privacy and ultimately user confidence in the Recall function.
First of all, Recall will not ultimately be activated by default on Copilot+ PCs, but will have to be activated manually. This was a strong concern about the feature, leading to fears that many users would leave it enabled by default without really understanding the implications and associated risks. From now on, when a Copilot+ PC is first started and during the Windows 11 configuration phase, a page dedicated to Recall will be presented to the user, explaining how it works and allowing them to opt for its activation or not.
Then, the use of biometric identification via Windows Hello will be necessary to activate Recall and begin continuous recording of activity. Microsoft also says that a user’s “proof of presence” will be required to search and view Recall history. We therefore imagine that biometric authentication, by facial recognition or fingerprint, will be necessary each time the function is activated and consulted.
Finally, Recall’s screenshot indexing database, a sort of summary of activity history, will be fully encrypted, which was surprisingly not the case until now and constituted a security vulnerability major point highlighted by various observers. The Recall index database and snapshots will now be decrypted only when needed, in a method described as “just in time” by Microsoft, relying on the security mechanism Windows Hello Enhanced Sign-in Security (ESS).
All these changes, announced somewhat in a hurry as the launch of Recall approaches, aim to strengthen the security of the function and restore the confidence of Windows users, which Microsoft seems to need. In the rest of its blog post, the company discusses at length the various layers of security integrated into Copilot+ PCs, such as securing the kernel or Microsoft Pluton, a security system integrated into the hardware components of the computer.
The firm also insists strongly on the fact that Recall was designed with the aim of protecting the privacy of users. Microsoft reminds that the screenshots taken by Recall are recorded and analyzed directly on the device and are never sent over the Internet, that the user will be permanently informed of the recording by a non-deactivatable icon in the taskbar , and that it will always be possible to “pause, filter and delete everything that is recorded”.
While these reminders and reversals are welcome and reassuring, it is unclear whether they are enough to allay the concerns surrounding Recall. For most users who will soon acquire a Copilot+ PC, whether they are enthusiastic or reluctant about this function, it will undoubtedly be more reasonable to deactivate it initially, in order to wait for feedback. and security analyzes from parties independent of Microsoft.