When the first batch of Copilot+ PCs release to retail next week (they're
already up for preorder), they'll be missing a key AI feature that Microsoft remains bullish on—Recall, which aims to make it easier for users to retrace their steps by taking snapshots every five seconds. While the intent of this functionality has plenty of merit, how it's being executed is drumming up privacy concerns from users and security experts alike.
The chorus of outcries grew too loud for Microsoft to ignore, and so last week it
published a blog post explaining how it's retooling Recall to be more secure. Microsoft outlined a few changes in an attempt to quell concerns, such as making Recall an opt-in feature rather than turning it on by default on supported PCs.
Microsoft also stated that Windows Hello will be required in order to use Recall, as a mechanism to prove a user's presence and stave off potential remote hacks.
Lastly, Microsoft said it's adding "additional layers of data protection including 'just in time' decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database."
Those new mechanisms should go a long way towards easing some of the privacy and security concerns that have been raised in recent weeks, especially after a white hat hacker posted a tool on GitHub called TotalRecall that startlingly demonstrates how a malicious actor could extract sensitive data from the Recall feature in Windows 11.
Just shy of a week later, Microsoft has updated its blog post to say it's delaying the release of Recall after receiving feedback from users in its Windows Insider program.
"We are adjusting the release model for Recall to leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security. This decision is rooted in our commitment to providing a trusted, secure and robust experience for all customers and to seek additional feedback prior to making the feature available to all Copilot+ PC users," Microsoft states in its update.
The original plan was to make Recall broadly available on Copilot+ PCs on June 18, 2024 (next Tuesday). Now the plan is to hold off with pushing Recall out to users in a few days, and instead release it as a preview sometime in the "coming weeks."
It's now going to be a slower and much more gradual release, which is the right move, considering the immense privacy and security implications. The feature itself could potentially reshape how searching works on Windows PCs, but it's obviously imperative that Microsoft take every precaution to ensure it's secure.