Microsoft makes Windows Recall opt-in, secures data with Windows Hello

Following massive customer pushback after it announced the new AI-powered Recall for Copilot+ PCs last month, Microsoft says it will update the feature to be more secure and require customers to opt in to enable it.

To further improve the feature’s privacy and security, the company will also require users to prove that they’re in front of the computer via Windows Hello to enable and use Recall.

“We are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall. If you don’t proactively choose to turn it on, it will be off by default,” said Windows & Devices Corporate Vice President Pavan Davuluri.

“Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall.”

Davuluri said the search index database will also get an additional layer of decryption protection by Windows Hello Enhanced Sign-in Security (ESS), which will only allow the users to access the encrypted data after authenticating.

Microsoft initially claimed that the Windows Recall databases were secure because they were encrypted by Bitlocker and only decrypted when the user logged in to Windows 11. However, if malware was running on the computer, it could access the database fully because it runs after a user logs in and the data is decrypted.

After this change goes live, the Windows Recall data will remain encrypted until a user authenticates with Windows Hello when they open the app. This adds an additional layer of security to the database.

“Recall data protection includes ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security so Recall snapshots will only be decrypted and accessible when the user authenticates,” Microsoft told BleepingComputer.

“In addition, we encrypted the search index database. Windows Hello ESS biometrics need to be enrolled before Recall will start collecting data AND need to be enrolled to launch Recall.”

These privacy and security updates will be shipped to customers with Copilot+ PCs when Recall (preview) ships on June 18.

The company has yet to share if the future will also be turned off by default in corporate environments, which was a big issue raised by enterprise customers after the initial announcement.

Windows Recall is a feature designed to help you access past information on your computer by using a simple search function.

It works by taking screenshots of your active window every few seconds and recording your Windows activities for up to three months by default.

These screenshots are then analyzed by an on-device Neural Processing Unit (NPU) and an AI model to extract data. The extracted data is saved in a semantic index, allowing Windows users to browse their screenshot history or search using natural language queries.

With Recall’s “virtual and completely private photographic memory” (as Davuluri described today), users can find historic information loaded in apps, websites, images, and documents.

Currently, this feature is only available on Copilot+ PCs running Snapdragon X ARM processors, but Microsoft is working to make it compatible with Intel and AMD CPUs.

Today’s announcement aligns with Microsoft’s recent pledge to prioritize security above all else after regular users and cybersecurity experts tagged the Recall’s initial iteration as a privacy nightmare.

“If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security. In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems,” Microsoft’s CEO Satya Nadella said in an email to Microsoft employees.

“This is key to advancing both our platform quality and capability such that we can protect the digital estates of our customers and build a safer world for all.”