Three months after pulling previews of the Windows Recall feature due to public backlash, Microsoft has announced a major overhaul of the security architecture behind the controversial technology.
The revamped feature, which uses artificial intelligence to create a searchable digital memory of everything ever done on a Windows computer, will now be completely overhauled with proof-of-presence encryption, anti-tampering, and DLP checks. The new design aims to quell fears that the technology poses a major security and privacy risk.
Under the hood, the updated Windows Recall feature uses advanced security measures such as:
- Proof-of-presence encryption: This ensures that only authorized users can access the feature.
- Anti-tampering: Measures are in place to prevent unauthorized access or tampering with the feature’s data.
- DLP checks: Data protection and labeling technology is used to proactively block private information from being stored.
Key Changes to Windows Recall
In an interview with SecurityWeek, Microsoft Vice President David Weston explained that the company’s engineers rewrote the security model of Windows Recall to reduce the attack surface on Copilot+ PCs and minimize the risk of malware attackers targeting the screenshot data store.
“We’ve never built anything on the client side this significant,” Weston said. “It’s now fully encrypted, and tied to the user’s physical presence.”
Weston also emphasized that users will have full control over the feature, with options to opt-in or out at any time during setup. If a user doesn’t proactively choose to turn it on, it will be off, and snapshots will not be taken or saved.
New Design Features
The updated Windows Recall feature includes several new design features aimed at enhancing security and privacy:
- Opt-in experience: Users can choose to enable or disable the feature during setup.
- Secure Virtualization-Based Security (VBS) enclaves: The system’s services that handle snapshots and sensitive data operate within secure Virtualization-Based Security enclaves, ensuring that no information leaves the enclave unless actively requested by the user.
- Windows Hello Enhanced Sign-in Security: Access to Recall’s settings or user interface is controlled by Windows Hello Enhanced Sign-in Security, requiring user presence verification via camera or fingerprint sensor.
Weston argues that this design protects against malware and unauthorized access through rate-limiting, anti-hammering measures, and PIN fallback mechanisms. Sensitive data, including screenshots and extracted text, is encrypted and isolated so that even a system administrator cannot access it.
Overall, Microsoft’s revamped Windows Recall feature aims to address concerns around security and privacy while providing users with greater control over their digital memories.