Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

Microsoft Bows to Public Pressure, Disables Controversial Windows Recall by Default

Amidst public pressure, Microsoft changes the set-up experience of Copilot+ PCs to disable the controversial Windows Recall feature by default.

Microsoft Copilot Risks

Microsoft has bowed to public pressure to turn off its controversial Windows Recall feature by default on Copilot+ PCs.

The feature, widely panned as a security and privacy risk, was turned on by default and required users to go through checkboxes to opt-out of the software that uses AI to create a searchable digital memory of everything ever done on a Windows computer.

Just this week, security researchers documented several ways malware could be designed to steal Windows Recall data and Google Project Zero researcher James Forshaw provided evidence that Windows Recall data is poorly protected on Windows.

As the criticism spread to mainstream media, the software maker reversed course, announcing Friday it would change the set-up experience of Copilot+ PCs to give Windows users “a clearer choice to opt-in to saving snapshots using Recall.”

“If you don’t proactively choose to turn it on, it will be off by default,” the company said in a note published Friday.

Redmond’s software engineers will now require Windows Hello enrollment to enable the Recall feature and “proof of presence” will be required to view and search through screenshots saved in Recall.

The company said it will also add additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. 

“In addition, we encrypted the search index database,” the company added.

Advertisement. Scroll to continue reading.

Even as it rolled back the on-by-default setup configuration, Microsoft is pushing ahead with marketing the controversial feature, arguing that fine-grained user controls are available to allow users to personally customize how the tool works.

Microsoft insists there is a major security barrier because the screenshots are stored locally on Copilot+ PCs with powerful AI tooling that works on the device itself. 

“No internet or cloud connections are used to store and process snapshots. Recall’s AI processing happens exclusively on your device, and your snapshots are kept safely on your local device only. Your snapshots are yours and they are not used to train the AI on Copilot+ PCs,” the company stressed.

Related: Researchers Show How Malware Could Steal Windows Recall Data

Related: Microsoft’s Windows Recall: Cutting-Edge Search Tech or Creepy Overreach?

Related: Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report

Related: Microsoft’s Security Chickens Have Come Home to Roost

Related:Microsoft Hires New CISO in Major Security Shakeup

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

More People On The Move

Expert Insights