We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

“Anything sensitive is always encrypted:” Microsoft’s controversial Windows Recall feature that remembers everything you do using AI is finally secure, but will trust follow?

September 29, 2024

Microsoft has taken significant strides to enhance the security of its Windows Recall feature, addressing previous vulnerabilities that raised concerns about data protection. The company has outlined a series of improvements designed to ensure that users can engage with Recall confidently and securely.

What you need to know

  • Microsoft has detailed how it’s improved Recall’s security with encryption and Windows Hello authentication.
  • Recall’s data is now isolated in a VBS Enclave, meaning it’s no longer readable by third-party apps and users.
  • Snapshots will now automatically filter out sensitive information like passwords and credit card details.
  • Recall never uploads data to the cloud, and can be uninstalled from the system if you don’t want it.

Initially, Windows Recall faced scrutiny for storing data in an unencrypted format, making it vulnerable to unauthorized access. In response, Microsoft has implemented robust encryption measures and ensured that user presence is required for data access. The enhancements boil down to four pivotal changes:

  • Recall data is now stored in an encrypted state within a VBS Enclave.
  • Snapshots will automatically filter out sensitive information such as passwords, credit cards, and national IDs.
  • Access to Recall data necessitates Windows Hello authentication each time.
  • Recall is optional, turned off by default, and can be uninstalled if desired.

Recall operates exclusively on Copilot+ PCs, requiring a Neural Processing Unit (NPU) capable of delivering at least 40 TOPS of power. For eligible devices, Microsoft has tackled the primary concerns regarding local data storage. All data collected by Recall is now securely housed in a VBS Enclave, a virtual machine that isolates it from the rest of the system. This means that access to the data is tightly controlled and requires a decryption key provided by the Recall app upon user authentication via Windows Hello.

An attacker is unable to infiltrate Recall’s services that handle snapshots and data.
(Image credit: Microsoft)

David Weston, Microsoft’s VP of Enterprise and OS Security, emphasized that sensitive data is always encrypted, with keys securely protected within the enclave. This architecture ensures that even administrative users cannot access the data stored within the VBS Enclave.

Another critical enhancement is the requirement for user presence to access any Recall data. This means that even if an unauthorized individual gains physical access to a device, they cannot retrieve Recall data without the legitimate user being present. Weston noted, “The user has to be present to set up Recall, the user has to be present to decrypt anything. In fact, their identity is what releases the [encryption] keys.”

Windows Hello is now a key part of the Recall encryption process.
(Image credit: Microsoft)

Weston further explained that the actual encryption keys are stored in the Trusted Platform Module (TPM) and are only released through a biometric match. This ensures that sensitive data remains protected within the enclave, only accessible in limited amounts based on user queries after proper authorization.

In addition to these security measures, Microsoft has introduced a feature that automatically filters out sensitive information during the snapshot process, utilizing Purview technology. This means that even if an attacker were to access the VBS Enclave, they would find minimal sensitive information available.

Importantly, Microsoft has reiterated that all data collected by Recall remains on the device and is never uploaded to the cloud. Weston assured, “We’re not sending any of this information anywhere. Microsoft could never even decrypt this [data] even if we wanted to.” The only data shared is basic diagnostic information for troubleshooting purposes.

The final noteworthy change is that Recall is now entirely optional, remaining off by default. Users will have the opportunity to enable it during the setup of a Copilot+ PC, but if they opt out, Recall will stay inactive. Furthermore, users can uninstall Recall if they prefer not to have it on their system.

This is where you can choose to enable or disable Recall during setup.
(Image credit: Microsoft)

Concerns about automatic activation of Recall have been addressed, with Weston confirming that there are currently no plans to enable it by default or prompt users to re-enable it in the future. Additionally, he clarified that Windows Recall is not installed by default on Windows 11 Enterprise; it remains an optional component that enterprises can choose to implement.

As Microsoft prepares to test Windows Recall with Windows Insiders in October on Copilot+ PCs featuring Arm-based processors, the anticipation grows. Soon after, Intel- and AMD-based Copilot+ PCs will also be included in the Recall preview. The cybersecurity community will undoubtedly scrutinize these enhancements, eager to evaluate the effectiveness of Microsoft’s new security measures in safeguarding user data.

Winsage
"Anything sensitive is always encrypted:" Microsoft's controversial Windows Recall feature that remembers everything you do using AI is finally secure, but will trust follow?