Friday, September 27th 2024
Microsoft Revamps Recall for Copilot+ PCs With a Focus on Security Concerns
Today Microsoft published an extensive blog post about the controversial Recall feature that was intended to launch with Copilot+ enabled Windows 11 PCs. To recap on Recall: Recall was announced as a service that creates and stores 'snapshots' of the user's activity on their PC, and uses the neural processing hardware within a Copilot+ certified machine to filter search requests by the user in order to find what they had previously seen. In effect, it took constant screenshots and would index the contents of those screenshots to assist with vague search queries. Saw a very funny picture in Discord a week ago and can't find it but can describe what it looked like? Search Recall and with the power of neural processing it would sift through its index of stored screenshots and attempt to provide you the exact image you described. Or, you could scroll back through the gallery of snapshots yourself to find what you wanted.
The idea of a program or service running in the background taking screenshots of your activity every few seconds yielded some pretty unsavory reactions from just about everyone. To assuage privacy concerns Microsoft did release an update in June committing to a broad set of security improvements to Recall before the preview would be available to test. This latest blog post titled, "Update on Recall security and privacy architecture", outlines more improvements on top of those announced back in June.
Here is the latest outline for Windows Recall:
Recall requires a Copilot+ PC running Windows 11
Copilot+ PCs are those that meet Microsoft's requirements for AI performance and features, as well as the Secured-core standard. To configure Recall at all a machine needs BitLocker, Device Encryption, TPM 2.0, virtualization-based protection of code integrity, Measured Boot, System Guard Service Launch, and Kernel DMA Protection.
Recall will be exclusively opt-in, remaining disabled by default
During initial Windows set up the user will be given a simple opt-in page for Recall with clearly marked "Yes, save" and "No, don't save" buttons to check. The option to save will continue on to configuring Recall, while the option to not save will disable Recall entirely, though it will not uninstall it. If a user skips past Windows' OOBE setup environment by some method and is never presented with this screen, Recall will default to being disabled.
Recall can be removed entirely at any time
Users will be given the option to completely uninstall and remove Recall from their PC at any time. This will hopefully not be the old "uninstall" Cortana fiasco from Windows 10, where the service would still linger in the background and opportunistically reinstall itself with every Windows update. Recall will be presented under the Optional Features menu for users to configure, and should remain uninstalled across updates.
Recall is tied to Windows Hello Sign-in Security and data is always encrypted
All snapshots and associated information are stored within a vector database and encrypted. The encryption keys are protected via TPM, are tied to only that user's Windows Hello identity, and can only be accessed within a Virtualization-based Security Enclave, or VBS Enclave. This means a PC that has multiple users will not allow each to snoop on the other's activity, even if they somehow get into another user's account all Recall data is protected behind biometrics. Services related to Recall operation are isolated and protected as well to safeguard them against malware. Measures for authentication rate limiting and anti-hammering will also be in place.
Security settings are also stored in the VBS Enclave just like encryption keys, and the same Windows Hello authorization will be required to make any changes. If any tampering is detected, the settings will revert to their secure defaults. A fallback access PIN can be configured after Recall has been set up to avoid losing access should any sensors required for Windows Hello be damaged.
Recall cannot capture private browsing, and more comprehensive privacy settings
Recall's default configuration will not capture snapshots of in-private browsing windows on any supported browsers (including Edge, Chrome, Firefox, and Opera) and users can configure filters to disable snapshots of specific websites or apps. Sensitive content filters are enabled by default using Microsoft's Purview privacy toolset, meaning Recall cannot capture passwords, national ID numbers and credit card information. Users also get options for how long snapshots are retained by Recall, how much disk space is utilized for captures, and for wiping any captures from a specified date range or app. A system tray icon for Recall will allow for pausing snapshots at any time, as well as indicate when snapshots are being saved.
After nearly six months of comprehensive security rework, Microsoft hopes to deliver the Recall preview to Windows Insiders in October for further testing before it decides to ship the feature to the masses.
Source:
Microsoft
The idea of a program or service running in the background taking screenshots of your activity every few seconds yielded some pretty unsavory reactions from just about everyone. To assuage privacy concerns Microsoft did release an update in June committing to a broad set of security improvements to Recall before the preview would be available to test. This latest blog post titled, "Update on Recall security and privacy architecture", outlines more improvements on top of those announced back in June.
Recall requires a Copilot+ PC running Windows 11
Copilot+ PCs are those that meet Microsoft's requirements for AI performance and features, as well as the Secured-core standard. To configure Recall at all a machine needs BitLocker, Device Encryption, TPM 2.0, virtualization-based protection of code integrity, Measured Boot, System Guard Service Launch, and Kernel DMA Protection.
Recall will be exclusively opt-in, remaining disabled by default
During initial Windows set up the user will be given a simple opt-in page for Recall with clearly marked "Yes, save" and "No, don't save" buttons to check. The option to save will continue on to configuring Recall, while the option to not save will disable Recall entirely, though it will not uninstall it. If a user skips past Windows' OOBE setup environment by some method and is never presented with this screen, Recall will default to being disabled.
Users will be given the option to completely uninstall and remove Recall from their PC at any time. This will hopefully not be the old "uninstall" Cortana fiasco from Windows 10, where the service would still linger in the background and opportunistically reinstall itself with every Windows update. Recall will be presented under the Optional Features menu for users to configure, and should remain uninstalled across updates.
Recall is tied to Windows Hello Sign-in Security and data is always encrypted
All snapshots and associated information are stored within a vector database and encrypted. The encryption keys are protected via TPM, are tied to only that user's Windows Hello identity, and can only be accessed within a Virtualization-based Security Enclave, or VBS Enclave. This means a PC that has multiple users will not allow each to snoop on the other's activity, even if they somehow get into another user's account all Recall data is protected behind biometrics. Services related to Recall operation are isolated and protected as well to safeguard them against malware. Measures for authentication rate limiting and anti-hammering will also be in place.
Security settings are also stored in the VBS Enclave just like encryption keys, and the same Windows Hello authorization will be required to make any changes. If any tampering is detected, the settings will revert to their secure defaults. A fallback access PIN can be configured after Recall has been set up to avoid losing access should any sensors required for Windows Hello be damaged.
Recall's default configuration will not capture snapshots of in-private browsing windows on any supported browsers (including Edge, Chrome, Firefox, and Opera) and users can configure filters to disable snapshots of specific websites or apps. Sensitive content filters are enabled by default using Microsoft's Purview privacy toolset, meaning Recall cannot capture passwords, national ID numbers and credit card information. Users also get options for how long snapshots are retained by Recall, how much disk space is utilized for captures, and for wiping any captures from a specified date range or app. A system tray icon for Recall will allow for pausing snapshots at any time, as well as indicate when snapshots are being saved.
After nearly six months of comprehensive security rework, Microsoft hopes to deliver the Recall preview to Windows Insiders in October for further testing before it decides to ship the feature to the masses.
77 Comments on Microsoft Revamps Recall for Copilot+ PCs With a Focus on Security Concerns
schneegans.de/windows/unattend-generator/While that's true, it doesn't mean it's a great solution for everyone.
So I got the android app working, and then within a day it notifies me it has created an album from all photos on my phone done in September. Luckily you can turn this option off, but only if you have auth'd on the app. It still creates these albums even with the app installed not linked to an account, and with no account setup the app settings cant be accessed.
After I turned that off, I noticed it kept adding pictures on the home screen in a "for you" section, I had at this point blocked access to the phone's file system whilst I decide whether to ditch onedrive on android, but I do still automatically backup all my pictures on PC to one drive, and it was picking random picture's uploaded from my PC to show in the android app in a "for you" section. Microsoft have completely lost the plot, I dont want a online drive app to be a media presentation app, and unlike the first feature this cannot be turned off, you can only disable the app notifying you. There is a thread on reddit where someone linked to a Microsoft support post which states they are complying with privacy laws and have no plans to make the feature optional.
I had issues with google's windows app installing a background process that scans running processes on the system, the reason I stopped using google drive for my main cloud storage, at this point I might just order a hetzner storage cloud account, I just want a no thrills cloud storage that supports multiple methods of access, but not sure how well that can interact with the android file sharing api.
Half of the issues here are anecdotal at best and more than likely made by people who do not read the documentation or believe in clickbait stories.
Edit: It reminds me... What about GDPR? Isn't the forced use of Copilot a violation of it?
Interesting. Recall is now apparently a dependency of Windows' File Manager, as of update 24h2.
Remove Copilot, set some settings - done.
Yes, it's not for normal users and it's bad for them, but otherwise - I don't see a problem.
This "Cloud Content" has been there for a long time, most of you use it if you haven't turned it off ;)
There's probably a difference between 10 and 11, but you've had it, so - Enjoy!