Microsoft has addressed ongoing concerns about the security and privacy of its Recall AI assistant with a detailed update outlining new features designed to protect user data. The update focuses on user control, robust security architecture, and rigorous data protection measures.
One of the key design principles of Recall is that users are always in control. During setup, users can choose whether or not to enable Recall, and it will be disabled by default if they choose not to use it. Users can also opt out of saving data from specific apps or websites, and incognito mode browsing data will never be saved.
Microsoft is also implementing granular controls for users. Users can determine the duration for which Recall saves their data and the amount of disk space allocated for data snapshots. They can also selectively delete snapshots from specific time ranges or delete all content from a particular website or app. This means that users can completely delete all data collected by Recall at any time.
To provide users with a clear visual indication of Recall’s activity, Microsoft will add an icon to the system tray. This icon will visually represent whether Recall is currently collecting snapshots, and users can pause this process at any time.
Recall data will be inaccessible without biometric authentication, requiring Windows Hello. Microsoft emphasizes that sensitive data stored in Recall is encrypted and protected by the Trusted Platform Module (TPM) and linked to a user’s Windows Hello identity. Furthermore, Recall data is stored within a secure Virtualization-based Security Enclave (VBS Enclave) on the user’s PC, and only authorized access is granted to specific data elements.
To further strengthen security, Microsoft has implemented sensitive content filtering. This feature prevents Recall from collecting sensitive information such as passwords, ID numbers, and credit card details. Microsoft is also collaborating with a third-party security vendor to conduct penetration testing to confirm the overall security of Recall.
While the new security measures seem promising, it remains to be seen whether they will successfully alleviate concerns from those who have expressed reservations about Recall’s privacy implications. Microsoft’s efforts to address these concerns through enhanced security and user control mechanisms demonstrate the company’s commitment to ensuring user trust in its AI assistant.