MANILA, Philippines – Microsoft said on Friday, June 7, it was retooling how it would make its controversial Recall feature for Copilot+ PCs available for use following feedback from prospective users, in addition to addressing security concerns for the feature.
Shown off back in May, Recall essentially keeps track of a user’s activities on a Copilot+ PC locally, taking snapshots of a user’s activity and allowing users to search through those snapshots to find information they’re actively looking for.
The Verge, in a June 3 report, explained how security researchers and privacy campaigners considered it a potential “privacy nightmare” as sufficiently skilled hackers might be able to exfiltrate the data for their own ends. Tools were also developed based on initial information available to exfiltrate Recall data as Recall was said to have stored that data in plain text rather than having the data encrypted.
Opt-in and other assurances
Pavel Davuluri, corporate vice president for Windows + devices, said in a blog post it would be making Recall an opt-in feature. Said Davuluri, “If you don’t proactively choose to turn it on, it will be off by default” on Copilot+ PCs.
Users are also now required to be enrolled to Windows Hello – meaning authentication via face recognition, fingerprint, or a PIN – to enable Recall, with proof of presence required to view your timeline and search in Recall.
Further, Davuluri said, “Third, we are adding additional layers of data protection including ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.”
Additionally, Davuluri reassured potential users that snapshots are locally stored and processed on-device. “Your snapshots are yours and they are not used to train the AI on Copilot+ PCs,” he said. There are also options to pause snapshot collection, filter the snapshots taken, and delete snapshots at one’s urging.
“As we always do, we will continue to listen to and learn from our customers, including consumers, developers and enterprises, to evolve our experiences in ways that are meaningful to them,” Davuluri added. – Rappler.com