Friday, September 27th 2024
Microsoft Revamps Recall for Copilot+ PCs With a Focus on Security Concerns
Today Microsoft published an extensive blog post about the controversial Recall feature that was intended to launch with Copilot+ enabled Windows 11 PCs. To recap on Recall: Recall was announced as a service that creates and stores 'snapshots' of the user's activity on their PC, and uses the neural processing hardware within a Copilot+ certified machine to filter search requests by the user in order to find what they had previously seen. In effect, it took constant screenshots and would index the contents of those screenshots to assist with vague search queries. Saw a very funny picture in Discord a week ago and can't find it but can describe what it looked like? Search Recall and with the power of neural processing it would sift through its index of stored screenshots and attempt to provide you the exact image you described. Or, you could scroll back through the gallery of snapshots yourself to find what you wanted.
The idea of a program or service running in the background taking screenshots of your activity every few seconds yielded some pretty unsavory reactions from just about everyone. To assuage privacy concerns Microsoft did release an update in June committing to a broad set of security improvements to Recall before the preview would be available to test. This latest blog post titled, "Update on Recall security and privacy architecture", outlines more improvements on top of those announced back in June.
Here is the latest outline for Windows Recall:
Recall requires a Copilot+ PC running Windows 11
Copilot+ PCs are those that meet Microsoft's requirements for AI performance and features, as well as the Secured-core standard. To configure Recall at all a machine needs BitLocker, Device Encryption, TPM 2.0, virtualization-based protection of code integrity, Measured Boot, System Guard Service Launch, and Kernel DMA Protection.
Recall will be exclusively opt-in, remaining disabled by default
During initial Windows set up the user will be given a simple opt-in page for Recall with clearly marked "Yes, save" and "No, don't save" buttons to check. The option to save will continue on to configuring Recall, while the option to not save will disable Recall entirely, though it will not uninstall it. If a user skips past Windows' OOBE setup environment by some method and is never presented with this screen, Recall will default to being disabled.
Recall can be removed entirely at any time
Users will be given the option to completely uninstall and remove Recall from their PC at any time. This will hopefully not be the old "uninstall" Cortana fiasco from Windows 10, where the service would still linger in the background and opportunistically reinstall itself with every Windows update. Recall will be presented under the Optional Features menu for users to configure, and should remain uninstalled across updates.
Recall is tied to Windows Hello Sign-in Security and data is always encrypted
All snapshots and associated information are stored within a vector database and encrypted. The encryption keys are protected via TPM, are tied to only that user's Windows Hello identity, and can only be accessed within a Virtualization-based Security Enclave, or VBS Enclave. This means a PC that has multiple users will not allow each to snoop on the other's activity, even if they somehow get into another user's account all Recall data is protected behind biometrics. Services related to Recall operation are isolated and protected as well to safeguard them against malware. Measures for authentication rate limiting and anti-hammering will also be in place.
Security settings are also stored in the VBS Enclave just like encryption keys, and the same Windows Hello authorization will be required to make any changes. If any tampering is detected, the settings will revert to their secure defaults. A fallback access PIN can be configured after Recall has been set up to avoid losing access should any sensors required for Windows Hello be damaged.
Recall cannot capture private browsing, and more comprehensive privacy settings
Recall's default configuration will not capture snapshots of in-private browsing windows on any supported browsers (including Edge, Chrome, Firefox, and Opera) and users can configure filters to disable snapshots of specific websites or apps. Sensitive content filters are enabled by default using Microsoft's Purview privacy toolset, meaning Recall cannot capture passwords, national ID numbers and credit card information. Users also get options for how long snapshots are retained by Recall, how much disk space is utilized for captures, and for wiping any captures from a specified date range or app. A system tray icon for Recall will allow for pausing snapshots at any time, as well as indicate when snapshots are being saved.
After nearly six months of comprehensive security rework, Microsoft hopes to deliver the Recall preview to Windows Insiders in October for further testing before it decides to ship the feature to the masses.
Source:
Microsoft
The idea of a program or service running in the background taking screenshots of your activity every few seconds yielded some pretty unsavory reactions from just about everyone. To assuage privacy concerns Microsoft did release an update in June committing to a broad set of security improvements to Recall before the preview would be available to test. This latest blog post titled, "Update on Recall security and privacy architecture", outlines more improvements on top of those announced back in June.
Recall requires a Copilot+ PC running Windows 11
Copilot+ PCs are those that meet Microsoft's requirements for AI performance and features, as well as the Secured-core standard. To configure Recall at all a machine needs BitLocker, Device Encryption, TPM 2.0, virtualization-based protection of code integrity, Measured Boot, System Guard Service Launch, and Kernel DMA Protection.
Recall will be exclusively opt-in, remaining disabled by default
During initial Windows set up the user will be given a simple opt-in page for Recall with clearly marked "Yes, save" and "No, don't save" buttons to check. The option to save will continue on to configuring Recall, while the option to not save will disable Recall entirely, though it will not uninstall it. If a user skips past Windows' OOBE setup environment by some method and is never presented with this screen, Recall will default to being disabled.
Users will be given the option to completely uninstall and remove Recall from their PC at any time. This will hopefully not be the old "uninstall" Cortana fiasco from Windows 10, where the service would still linger in the background and opportunistically reinstall itself with every Windows update. Recall will be presented under the Optional Features menu for users to configure, and should remain uninstalled across updates.
Recall is tied to Windows Hello Sign-in Security and data is always encrypted
All snapshots and associated information are stored within a vector database and encrypted. The encryption keys are protected via TPM, are tied to only that user's Windows Hello identity, and can only be accessed within a Virtualization-based Security Enclave, or VBS Enclave. This means a PC that has multiple users will not allow each to snoop on the other's activity, even if they somehow get into another user's account all Recall data is protected behind biometrics. Services related to Recall operation are isolated and protected as well to safeguard them against malware. Measures for authentication rate limiting and anti-hammering will also be in place.
Security settings are also stored in the VBS Enclave just like encryption keys, and the same Windows Hello authorization will be required to make any changes. If any tampering is detected, the settings will revert to their secure defaults. A fallback access PIN can be configured after Recall has been set up to avoid losing access should any sensors required for Windows Hello be damaged.
Recall's default configuration will not capture snapshots of in-private browsing windows on any supported browsers (including Edge, Chrome, Firefox, and Opera) and users can configure filters to disable snapshots of specific websites or apps. Sensitive content filters are enabled by default using Microsoft's Purview privacy toolset, meaning Recall cannot capture passwords, national ID numbers and credit card information. Users also get options for how long snapshots are retained by Recall, how much disk space is utilized for captures, and for wiping any captures from a specified date range or app. A system tray icon for Recall will allow for pausing snapshots at any time, as well as indicate when snapshots are being saved.
After nearly six months of comprehensive security rework, Microsoft hopes to deliver the Recall preview to Windows Insiders in October for further testing before it decides to ship the feature to the masses.
10 Comments on Microsoft Revamps Recall for Copilot+ PCs With a Focus on Security Concerns
Soon they will be a patent troll.
Here's what we want: Choice. Stop forcing this crap on us. Let choose to use it, or not, as we see fit. If we choose not, it is fully removed(deleted) from our systems.
This is the only acceptable scenario.
(Hint: If you don't give us these options we will find a way for forcibly remove these unwanted things from our systems.)
What MS hears, "Just push it on us harder and we will accept it".
MS is the most out of touch with their customers company on this planet.