# Microsoft’s Recall Feature: A Renewed Effort for Secure Onboarding
Microsoft is making another attempt at its contentious **Recall** feature for **Copilot+ Windows PCs**, after a troublesome initial launch that encountered considerable pushback from security experts and testers. The first iteration of Recall, unveiled in May 2024, sparked serious privacy concerns by capturing screenshots and Optical Character Recognition (OCR) text of all user activity, storing this information in an unencrypted format. This left it open to unauthorized access, either by other users on the same PC or by remote attackers.
Originally scheduled for a June 18, 2024 release, Microsoft postponed its debut indefinitely following widespread criticism. The company has pledged to redesign the feature and put it through the standard Windows Insider testing process prior to its public release. Now, Microsoft has released additional insights into the revamped Recall, highlighting improved security and user control.
## What Is Recall?
Recall is a functionality aimed at capturing and archiving user activity on a Windows PC. The goal is to establish a searchable record of all user actions, including screenshots and text from applications, thus facilitating easier information retrieval later. While this concept offers potential productivity enhancements, it also poses notable privacy threats, particularly if the collected data lacks sufficient protection.
## Key Changes in the New Recall
### 1. **Opt-In by Default**
A pivotal change in the revised version of Recall is that it is now **opt-in by default**. This means users are required to actively enable the feature, rather than having it enabled automatically. This marks a significant pivot from the previous design, which forced users to opt out if they wished to prevent their activity from being recorded.
### 2. **Enhanced Security Framework**
The updated Recall feature has received a comprehensive security revamp. All locally stored data, including screenshots and related metadata, will now be **encrypted at rest** using keys that reside in the system’s **Trusted Platform Module (TPM)**. This setup ensures that even if an attacker gains access to the PC, reading the stored data will be challenging.
Moreover, Recall functionality will only be active if **BitLocker** or **Device Encryption** is enabled, providing an additional layer of security. The feature will also mandate the activation of **Virtualization-Based Security (VBS)** and **Hypervisor-Protected Code Integrity (HVCI)**, which are intended to segregate and safeguard data in memory from the broader system.
### 3. **VBS Enclave for Data Segregation**
The reimagined Recall operates within a **VBS enclave**, a secure space that isolates sensitive information from the rest of the system. According to Microsoft, this enclave functions as a “locked box” that can only be opened once the user provides consent through **Windows Hello**. Such isolation defends Recall data against both malware and unauthorized access by administrative users.
### 4. **Biometric Verification**
To retrieve saved Recall information, users must re-authenticate with **Windows Hello**. This can involve biometric options such as facial recognition or fingerprint scanning. While a **PIN** can serve as a backup, it is only set up after establishing the feature with biometric verification. This ensures that only the approved user can access the archived data.
### 5. **Regular Re-Authentication**
Even after the initial authentication, users will be required to periodically re-authorize access to Recall data. This precaution means that if someone else accesses the PC, they won’t be able to view the saved data without re-authenticating first.
### 6. **Sensitive Content Filtering**
A newly introduced element in the updated Recall is **sensitive content filtering**, which seeks to minimize the risk of recording sensitive information such as passwords, national ID numbers, and credit card details. This relies on Microsoft’s **Purview Information Protection** technology, already utilized by enterprise users.
### 7. **User Control and Customization**
Microsoft has implemented more detailed controls for users to manage Recall’s data collection. Users can:
– Control the disk space that Recall consumes.
– Determine how long Recall snapshots remain stored.
– Exclude specific applications and websites from recording.
– Delete items manually from their Recall database.
– Completely disable Recall through the “optional features” settings in Windows.
A system tray icon will also alert users when Recall is actively in operation, enhancing transparency.
## Tackling Security Issues
Microsoft has implemented multiple measures to resolve the security issues that plagued the initial Recall feature. The company’s **Offensive Research and Security Engineering Team** has undertaken comprehensive design reviews and penetration testing on the renewed version of Recall. Additionally, an independent security audit has been conducted by a third-party security vendor.
Nonetheless, one question persists: why did the first Recall feature come close to launching in an unsecured state? Microsoft has yet to provide a clear rationale for the feature sidestepping the customary Windows Insider testing process or what internal modifications occurred.
