Microsoft (MSFT) is finally releasing its long-delayed Recall feature for Windows 11. The software option, which the company announced in May, saves screenshots of virtually everything you do on your computer so you can search and work with them later.
For example, if you booked a hotel room but forgot which website you used, or if you need to find an old document but can’t remember the name, you can use Recall to describe the site or document and it will find it. Search for those screenshots.
While this is a useful concept, security researchers quickly expressed concern that hackers or malware could access these screenshots and steal user data, potentially viewing some of your most sensitive information.
Microsoft responded by delaying the feature and deciding to introduce its Copilot+ PCs without Recall. Microsoft claims that the software has been updated and is now ready for usage, guaranteeing that user data will be protected to the highest standard. However, Microsoft has not yet disclosed the launch date.
“I think this is really a statement from Microsoft saying we`re going to put our full power into making AI secure,” David Weston, Microsoft vice president of Enterprise and OS Security, told Yahoo Finance.
One of the biggest changes to Recall is that it’s now optional. If you want to use it, you have to check a specific box indicating that you do. Previously, Recall was enabled by default.
Microsoft also says that users’ screenshots, or Snapshots, as the company calls them, are encrypted and that the only way to access them is using Microsoft’s Windows Hello, which requires you to authenticate that you are who you say you are using your laptop’s fingerprint reader or facial recognition capabilities.
Microsoft says that in order to stop dangerous software from accessing your data, it employs anti-hammering and rate-limiting when a user’s laptop becomes infected with malware. Rate-limiting and anti-hammering measures require users to reauthenticate using their fingerprint or face ID when they attempt to log into a program too frequently in a short period of time.
Microsoft also said that Recall now uses the company’s Purview software, which protects enterprise systems and prevents the platform from storing users’ passwords, ID numbers, credit card numbers, and more. Purview includes a database that detects what these types of numbers look like and prevents Recall from taking photos of the numbers, according to Weston.
Additionally, Microsoft said that users can choose what types of screenshots Recall can take. For example, they can tell Recall not to take snapshots of certain apps, web browsers, or certain types of documents. If you don’t want to use Recall on your computer at all, you can also disable it or uninstall it completely.
Additionally, the software detects when you’re using private or incognito mode in your web browser and stops taking pictures of what you’re viewing.
To demonstrate its security expertise, Microsoft says it conducted a months-long security review using its Microsoft Offensive Research and Security Engineering team and third-party security experts to ensure the software is secure.
The recall was one of the standout features of Microsoft’s Copilot+ PCs, a designation for laptops that meet certain performance and feature thresholds and run the latest version of Windows 11. But launching the software without a recall meant that users would still have access to the Copilot assistant software, but not the features that Microsoft wanted to make a key selling point of its AI offensive.
All Microsoft needs to do is make sure the software is as safe as it promises.