The initial announcement of the AI feature Recall is a great example of shooting yourself in the foot. When Microsoft announced Recall, it floated on a wave of positive and encouraging AI news and developments.
Recall was never tested in Insider builds prior to the announcement, at least to my knowledge. While the reason for that decision is unknown, it is possible that Microsoft wanted to launch the new Copilot+ PCs with a banger.
Microsoft did not anticipate the criticism that it received after the announcement. These complaints were valid and could have been avoided if Microsoft would have received feedback from beta testers outside the company.
Privacy and security were at the center of the issue. Recall was enabled by default, which meant that users had to disable it, if they did not want to use it. It recorded the screen every 5 seconds and saved the data in a database that was not protected during runtime.
Microsoft pulled Recall shortly thereafter and promised to do better. Today. Microsoft revealed the improved version of Recall on its Windows Experience website.
Has it improved? Lets find out.
Recall Security
Microsoft makes four statements in regards to security:
- Recall is opt-in — The option is shown during the setup experience and users need to enable the feature to use it.
- Recall data is encrypted — Snapshots and information is stored in an encrypted database. Keys are protected using TPM and are linked to the user’s Windows Hello Enhanced Sign-in Security identity.
- A core service is further isolated — Microsoft says that the service responsible for accessing snapshots and data runs in a secure VBS Enclave. Only data that the user requests is getting outside, according to Microsoft.
- Recall uses Windows Hello Enhanced Sign-in Security – This is done to authorize Recall operations.
Particularly interesting is the fact that users may uninstall Recall. Microsoft introduced the option under Optional Features some time ago, then pulled it again saying that it was a bug. Now it turns out that Recall can be uninstalled fully, if the user so desires.
Microsoft addresses main criticisms with the change. Making Recall opt-in will reduce usage, but it ensures that unsuspecting users do not have screenshots of their activity taken every five seconds by the feature.
Recall Privacy
Next to security, Microsoft says that it has also improved privacy controls. Apart from making Recall opt-in, Microsoft highlights the following options to users who choose to enable the AI-feature.
- In-private browsing data is never captured or saved. This is true for supported browsers. Microsoft lists Edge, Chrome, Firefox, Opera and other Chromium-based browsers.
- Specific apps or websites viewed in browsers may be filtered. Works only in Edge, Chrome, Firefox and Opera.
- Users control how much disk space Recall uses and how long content is retained.
- Sensitive content filtering is enabled by default. This helps protect passwords, credit card numbers and the like to a degree.
- Options to delete a time range, or all content from an app or website, or “anything and everything found in Recall search”.
- An icon visualizes when snapshots are saved. Allows to pause snapshots.
Closing Words
Some of the features existed in the first version already. Microsoft has addressed the major points of criticism. While it is too early to tell how this will all work out, as Recall has not been released yet, it is giving users who are interested in the feature more control and better security.
Those who have no interest in the feature can either ignore it, by making sure not to opt-in during setup, or to remove it from the system entirely, if they prefer that.
You can check out the full blog post, which includes many security details, here.
What is your take on the changes? Do they go far enough, or is still something amiss? Feel free to leave a comment down below.
Can it really be not installed? Will it nag you if you do not install it? I will never use this as I don’t see any reason for it other than data havesting.
I remember Michael Jordan meme; “Stop It”. Can you post GIF memes here?
Of course, Microsoft will roll down all of those security features one by one eventually and will comply with court subpoenas like any other software provider. Can you imagine that you live in UK and somebody will complain that you misgendered somebody (which is crime in UK)? UK Court can request subpoena on your electronic devices. So police will not even need your computer password, and they will know what you typed since recall feature installed.
Every 5 seconds. 12 times a minute. 720 times an hour. 5760 screenshots a day (assuming PC is awake for 8 hours a day.)
5760 x 475KB (size of fullscreen capture I just grabbed with the snipping tool) (3840×1440)
That’s 2.736GB per day?
Even broken down to 342MB/hr where’s all this going to be stored?
I’m just curious as I’m firmly in the “When hell freezes over” camp on this one.
My guess is that they use optimizations, e.g., when the content on the screen has not changed, do not create a new screenshot. Also compression.
Searching picture files with compression can slow the computer down considerably. When they used in insecure (uncompressed/not-password protected) mode at the very beginning, I saw people using full existing recall functionality without new additional AI CPU. Just with newer CPU and powerful GPU.
Now, they must be storing files in some other format that is more searchable? Or these AI chips are that powerful?
A screenshot will be created every 5 seconds, but if it is identical to the previous one it will not be stored and the timestamp will give a link to the previous screenshot. However, if you work hard on computer, there is a distinct possibility to run out of space before three months that it supposed to hold.
They will of course be uploaded to OneDrive and you will run out of space very fast, so Microsoft will WARN you about it constantly and offer you a wonderful deal with lots of storage. Then that will also fill up in no time and Microsoft will offer you an even better deal for just 500 dollars per year, so you can have aaaaaaaaall your important snapshots safe in the cloud where no one but Microsoft and the American authorities have access to your data. The day when Linux gaming catches up with Windows, Microsoft starts to die.
@Bobo
Have you read the Steam EULA? The access you give them to your system by clicking “I Accept” is quite thorough. The games themselves aren’t much better.
Maybe you know better. I heard from few tech YouTubers, it is better to run big games on Windows because those game launchers and anti-cheats do better on Windows (fewer conflicts/errors). Also, Windows maximizes graphic card performance better than Linux. It is relevant to newer AAA games. If you are playing AA games or older AAA games, performance is somewhat on par.