Friday, September 27th 2024
Microsoft Revamps Recall for Copilot+ PCs With a Focus on Security Concerns
Today Microsoft published an extensive blog post about the controversial Recall feature that was intended to launch with Copilot+ enabled Windows 11 PCs. To recap on Recall: Recall was announced as a service that creates and stores 'snapshots' of the user's activity on their PC, and uses the neural processing hardware within a Copilot+ certified machine to filter search requests by the user in order to find what they had previously seen. In effect, it took constant screenshots and would index the contents of those screenshots to assist with vague search queries. Saw a very funny picture in Discord a week ago and can't find it but can describe what it looked like? Search Recall and with the power of neural processing it would sift through its index of stored screenshots and attempt to provide you the exact image you described. Or, you could scroll back through the gallery of snapshots yourself to find what you wanted.
The idea of a program or service running in the background taking screenshots of your activity every few seconds yielded some pretty unsavory reactions from just about everyone. To assuage privacy concerns Microsoft did release an update in June committing to a broad set of security improvements to Recall before the preview would be available to test. This latest blog post titled, "Update on Recall security and privacy architecture", outlines more improvements on top of those announced back in June.
Here is the latest outline for Windows Recall:
Recall requires a Copilot+ PC running Windows 11
Copilot+ PCs are those that meet Microsoft's requirements for AI performance and features, as well as the Secured-core standard. To configure Recall at all a machine needs BitLocker, Device Encryption, TPM 2.0, virtualization-based protection of code integrity, Measured Boot, System Guard Service Launch, and Kernel DMA Protection.
Recall will be exclusively opt-in, remaining disabled by default
During initial Windows set up the user will be given a simple opt-in page for Recall with clearly marked "Yes, save" and "No, don't save" buttons to check. The option to save will continue on to configuring Recall, while the option to not save will disable Recall entirely, though it will not uninstall it. If a user skips past Windows' OOBE setup environment by some method and is never presented with this screen, Recall will default to being disabled.
Recall can be removed entirely at any time
Users will be given the option to completely uninstall and remove Recall from their PC at any time. This will hopefully not be the old "uninstall" Cortana fiasco from Windows 10, where the service would still linger in the background and opportunistically reinstall itself with every Windows update. Recall will be presented under the Optional Features menu for users to configure, and should remain uninstalled across updates.
Recall is tied to Windows Hello Sign-in Security and data is always encrypted
All snapshots and associated information are stored within a vector database and encrypted. The encryption keys are protected via TPM, are tied to only that user's Windows Hello identity, and can only be accessed within a Virtualization-based Security Enclave, or VBS Enclave. This means a PC that has multiple users will not allow each to snoop on the other's activity, even if they somehow get into another user's account all Recall data is protected behind biometrics. Services related to Recall operation are isolated and protected as well to safeguard them against malware. Measures for authentication rate limiting and anti-hammering will also be in place.
Security settings are also stored in the VBS Enclave just like encryption keys, and the same Windows Hello authorization will be required to make any changes. If any tampering is detected, the settings will revert to their secure defaults. A fallback access PIN can be configured after Recall has been set up to avoid losing access should any sensors required for Windows Hello be damaged.
Recall cannot capture private browsing, and more comprehensive privacy settings
Recall's default configuration will not capture snapshots of in-private browsing windows on any supported browsers (including Edge, Chrome, Firefox, and Opera) and users can configure filters to disable snapshots of specific websites or apps. Sensitive content filters are enabled by default using Microsoft's Purview privacy toolset, meaning Recall cannot capture passwords, national ID numbers and credit card information. Users also get options for how long snapshots are retained by Recall, how much disk space is utilized for captures, and for wiping any captures from a specified date range or app. A system tray icon for Recall will allow for pausing snapshots at any time, as well as indicate when snapshots are being saved.
After nearly six months of comprehensive security rework, Microsoft hopes to deliver the Recall preview to Windows Insiders in October for further testing before it decides to ship the feature to the masses.
Source:
Microsoft
The idea of a program or service running in the background taking screenshots of your activity every few seconds yielded some pretty unsavory reactions from just about everyone. To assuage privacy concerns Microsoft did release an update in June committing to a broad set of security improvements to Recall before the preview would be available to test. This latest blog post titled, "Update on Recall security and privacy architecture", outlines more improvements on top of those announced back in June.
Recall requires a Copilot+ PC running Windows 11
Copilot+ PCs are those that meet Microsoft's requirements for AI performance and features, as well as the Secured-core standard. To configure Recall at all a machine needs BitLocker, Device Encryption, TPM 2.0, virtualization-based protection of code integrity, Measured Boot, System Guard Service Launch, and Kernel DMA Protection.
Recall will be exclusively opt-in, remaining disabled by default
During initial Windows set up the user will be given a simple opt-in page for Recall with clearly marked "Yes, save" and "No, don't save" buttons to check. The option to save will continue on to configuring Recall, while the option to not save will disable Recall entirely, though it will not uninstall it. If a user skips past Windows' OOBE setup environment by some method and is never presented with this screen, Recall will default to being disabled.
Users will be given the option to completely uninstall and remove Recall from their PC at any time. This will hopefully not be the old "uninstall" Cortana fiasco from Windows 10, where the service would still linger in the background and opportunistically reinstall itself with every Windows update. Recall will be presented under the Optional Features menu for users to configure, and should remain uninstalled across updates.
Recall is tied to Windows Hello Sign-in Security and data is always encrypted
All snapshots and associated information are stored within a vector database and encrypted. The encryption keys are protected via TPM, are tied to only that user's Windows Hello identity, and can only be accessed within a Virtualization-based Security Enclave, or VBS Enclave. This means a PC that has multiple users will not allow each to snoop on the other's activity, even if they somehow get into another user's account all Recall data is protected behind biometrics. Services related to Recall operation are isolated and protected as well to safeguard them against malware. Measures for authentication rate limiting and anti-hammering will also be in place.
Security settings are also stored in the VBS Enclave just like encryption keys, and the same Windows Hello authorization will be required to make any changes. If any tampering is detected, the settings will revert to their secure defaults. A fallback access PIN can be configured after Recall has been set up to avoid losing access should any sensors required for Windows Hello be damaged.
Recall's default configuration will not capture snapshots of in-private browsing windows on any supported browsers (including Edge, Chrome, Firefox, and Opera) and users can configure filters to disable snapshots of specific websites or apps. Sensitive content filters are enabled by default using Microsoft's Purview privacy toolset, meaning Recall cannot capture passwords, national ID numbers and credit card information. Users also get options for how long snapshots are retained by Recall, how much disk space is utilized for captures, and for wiping any captures from a specified date range or app. A system tray icon for Recall will allow for pausing snapshots at any time, as well as indicate when snapshots are being saved.
After nearly six months of comprehensive security rework, Microsoft hopes to deliver the Recall preview to Windows Insiders in October for further testing before it decides to ship the feature to the masses.
77 Comments on Microsoft Revamps Recall for Copilot+ PCs With a Focus on Security Concerns
I think Microsoft just needs another lawsuit against Windows and I think they will find it.
In the mind of Microsoft though, the reason they don't do that is because their strategy has invested in AI to provide their OS a unique selling point, and Recall is that thing for them, because the overall sentiment thus far really is 'the consumer doesn't really think much about AI' and 'there's just not much that is of true benefit to consumers just yet'. So you get these turds flying at walls. Solutions looking for problems. This was never about privacy or security, it was, is and will always be all and only about Microsoft clasping their market share tightly to their chest, hoping you might stay because they've just done some magic for you. They're not too keen on telling you that magic is actually secure, that's just an afterthought - and only after the fact people complained scanned shit was just available in plain text.
And that makes you all warm and cozy inside. Okay.
This is done on purpose. It isn't just Microsoft being dumb. This feature would push it to in-your-face. They're going to be ever more intrusive in invading your privacy as time goes on.
Took recovering files from a borked windows install from a 5 minute job to multiple hours, or impossible. Especially when intune sees the machine but doesnt enroll it in entra, or vice versa, or a wipe fails, or......
MS software sucks MAJOR arse.Without getting too deep into conspiracy theories: Look up the five eyes, and the fourteen eyes, and imagine why they'd want to be able to see a recording of anyone's desktop at any time. Then see how much gov't funding MS has received every year.
Either way, may it prove useful to folks with less...well, concerns./s
If it will be proven that it's safe, it will be a gamechanger (that's if it will not be used as a Big Brother thingy by corporations).
Also lol at all the Bitlocker claims here, just lol.
FWIW for actual work use most clients are going to require encryption. Bitlocker is the least nasty of the options and causes the least headaches.
But making screenshots of your activity every other second to index the AI, that's a very big no-no.
I don't understand what the hell is so wrong at Microsoft. Ever since Windows 7, they completely lost the plot. To be fair Windows 7 was so good because it was just what Vista should have been in the first place.