(Credit: Microsoft)
UPDATE 6/13: Microsoft is delaying the Recall launch and limiting it to the Windows Insider Program for now. Windows 11 Copilot+ PCs will ship without Recall when they launch June 18.
Original Story:
Facing a privacy backlash, Microsoft will make its controversial Windows 11 Recall feature opt-in.
"If you don’t proactively choose to turn it on, it will be off by default,” Microsoft says.
Recall is slated to roll out in a new class of Qualcomm-powered laptops called Copilot+ PCs on June 18. A screenshot originally indicated that Microsoft planned on enabling Recall on eligible PCs by default. But on Friday, the company clarified that people will be able to turn off the function when they first start up and configure a Windows 11 Copilot+ PC.
(Credit: Microsoft)The other major change is that Recall can only be enabled if the user also enrolls into Windows Hello, which unlocks a Windows PC through a face or fingerprint scan or a PIN. The idea is to ensure the correct user—not a stranger—accesses a user’s history through the Recall feature.
"Proof of presence is also required to view your timeline and search in Recall," Microsoft says.
(Credit: Microsoft)Finally, the company will encrypt user data saved by Recall. Recorded information should "only be decrypted and accessible when the user authenticates," Microsoft adds.
The company designed Recall to act as a “photographic memory” for your PC, enabling users to instantly pull up old websites, files, and other data accessed on the computer. But critics, including numerous security researchers and privacy experts, have condemned Recall as invasive spyware that could be easily abused to steal data from consumers. This week, one such security researcher even released a demo tool that shows it would be simple for malware to exploit Recall to loot a whole user history from a Copilot+ PC.
Microsoft appears to be well aware of the harsh reception. “Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards," Microsoft Corporate Vice President Pavan Davuluri wrote in Friday’s blog post.
Still, Redmond isn’t ready to abandon the feature. In the same post, Davuluri touted Recall’s benefits. “Some (early test users) love the way it makes remembering what they’ve seen across the web so much easier to find than reviewing their browser history,” he wrote. “Others like the way it allows them to better review an online course or find a PowerPoint. And people are taking advantage of the controls to exclude apps they don’t want captured in snapshots, from communication apps or Teams calls, or to delete some or all their snapshots.”
His post reiterates that Recall saves snapshot data locally to the user’s PC—never to Microsoft’s servers. Users can also “pause, filter and delete what’s saved at any time,” he said. In addition, Microsoft is bringing protections to Copilot+ PCs to prevent malware from infecting the system or tampering with the encryption.
Although Microsoft isn’t killing off Recall as some critics hoped, security researcher Kevin Beaumont says the changes are significant. "There are obviously going to be devils in the details—potentially big ones,” he added in a post on Mastodon. “Microsoft needs to commit to not trying to sneak users to enable it in the future, and it needs turning off by default in Group Policy and Intune for enterprise orgs.”