Microsoft Adds Security Features to AI-Powered Recall After Users Express Concerns Over Privacy

Share

Microsoft unveiled new artificial intelligence (AI) features with the introduction of Copilot+ PCs at last month’s Microsoft Surface and AI event. However, one feature, dubbed Recall, faced user backlash once it was added in the preview to let users test the feature. Many users took to social media to express concerns about its privacy and lack of an opt-in mechanism. Now, the tech giant has addressed the concerns by introducing three new security features to help users trust the AI-powered feature that enables visual tracking of user history.

Microsoft Recall gets three new features

In a Windows blog post, the company acknowledged the criticism from users and highlighted the changes it was making. The post stated, “We have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards. With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.”

There are three changes in total. First, Recall will be completely opt-in. The setup process of the feature shows a screen where users can disable it. Further, the feature will remain off by default, so the only way to turn it on is by proactively going through the setup process.

Next, Microsoft is integrating Windows Hello, the security feature that requires biometric information or a PIN code to allow the user access to the device, with Recall. Now, to enable the feature, users must enable and set up Windows Hello. Additionally, the tech giant said the device will require a “proof of presence” to view the timeline and search in Recall.

Finally, the Windows maker is adding encryption to Recall to make it harder for bad actors to access the data. The first layer of encryption comes from Windows Hello and apart from that, it is also encrypting the search index database of Recall’s snapshots so they cannot be accessed by a hacker.

What is the Recall feature

Announced on May 20, Recall is an AI-powered search history tracking functionality for the entire device. It takes periodic screenshots of the PC and via computer vision, it can answer user queries. Users can ask the AI about a specific task done on a certain day or show the highlight of a day and Recall will be quickly able to share the information.

Even at launch, Microsoft had added some security features to make the invasive nature of the feature more palatable to users. The snapshots taken by Recall were stored locally and were locked for every user account on the PC. Once Recall is activated, users are also sent persistent notifications to remind them that the feature is taking screenshots periodically. Users were also given the choice to disable the feature for certain apps.

Further, Recall did not take snapshots of digital rights managed content or InPrivate browsing, which is supported in some PCs. Users are also given control over the screenshots that are being saved. The feature can be paused or filtered, and users can manually delete snapshots. Additionally, the feature is also protected by Copilot+ PCs’ chip-to-cloud security technology, Microsoft Pluton security processor based on Zero Trust principles.

Despite these features, many netizens complained that the snapshots were not encrypted and that the lack of an opt-in mechanism made the feature feel forced. Microsoft has now addressed all of these concerns.