John Tuyen

Adventures of Functional Mediocrity

10 Jun 24

Microsoft Recall Response to Criticism

Update on the Recall preview feature for Copilot+ PCs

Previous commentary:

First, we are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall. If you don’t proactively choose to turn it on, it will be off by default.

Second, Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall.

Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.

Copilot+ PCs will launch with “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates. This gives an additional layer of protection to Recall data in addition to other default enabled Window Security features like SmartScreen and Defender which use advanced AI techniques to help prevent malware from accessing data like Recall.

Overall, decent response to address the critics about the security concerns. On the technical side of things, Windows Hello and ESS is a good choice and so far there aren't any known attack vectors but it's not fully bulletproof due to hardware vendors not complying with the SDCP standard.

Lastly, with all this conundrum around privacy concerns, Microsoft should release a Windows version without all this Copilot AI bloatware. Although, I doubt this would happen considering the value it may bring to both parties. Similar to Windows 10/11, power users are going to be running mandatory bloatware removal scripts when starting fresh but even then there is no guarantee that it won't be enabled in the future updates.