Before Copilot+ PCs hit the market, Microsoft is already altering its contentious Recall feature. Recall, central to Copilot+, captures snapshots of user activity and employs a local AI model to analyze this data. Due to significant backlash, Microsoft has announced changes to Recall via a Windows blog post.
Initially, Recall will now be opt-in rather than opt-out. Previously set as the default on Copilot+ laptops, Recall will now feature an explanatory screen during setup. Users who skip this screen will find Recall turned off.
Additionally, Windows Hello authentication is now mandatory for using Recall. Users must verify their identity via facial recognition or fingerprint to access Recall, with “proof of presence” required to view saved snapshots. This change addresses potential privacy and security concerns if a Copilot+ PC is left unattended. Moreover, Microsoft is implementing “just in time” decryption for the Recall database and encrypting the search index. Snapshots will only be decrypted immediately after Windows Hello authentication.
Recall has stirred controversy due to its extensive tracking of user activity, from web searches to private messages. Although the AI processing is device-based and not sent to a data center, privacy and security concerns persist. These changes aim to enhance Recall’s security.
The most significant adjustment is making Recall inactive by default. Microsoft appears to want Recall integrated into the broader Windows ecosystem, but this change suggests they are responding to the intense backlash by preventing unsuspecting users from inadvertently feeding data into Recall. Traditionally, Microsoft enables its services by default in Windows, highlighting the severity of the reaction to Recall.
