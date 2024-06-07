Key Takeaways Microsoft promised groundbreaking features with Copilot+, including Cocreator and Live Captions, but Recall has become a PR nightmare.

Concerns about Recall being a security risk have led to backlash and panic among users due to data access vulnerabilities.

Microsoft has been silent on Recall issues but is finally taking action to address the security concerns and ensure user control.

When Microsoft announced Copilot+ at a special event in Redmond, the energy was pretty electric. The company was promising features that could make a real difference in a user's day-to-day PC usage. These features included Cocreator, which helps you draw, and Live Captions. They also included Recall, which has ultimately been a PR nightmare pretty much since the beginning.

Indeed, from edited videos that conveniently leave out how it works, to legitimate concerns, the backlash around Recall has been real. It's been so big that Microsoft can't ignore it, and the company finally announced today that it's doing something about it.

But first, why is Recall so bad?

It could be a security risk

First, we have to start with what Recall is, and how it works. Every few seconds, Windows is taking screenshots of whatever you're doing. It then allows you to search those images. For example, you might say that you're looking for a photo you were viewing where your friend was wearing a red shirt and the setting was a park. It can do that using real-world language.

All of your data is stored on-device; that's why it needs an NPU to run. All the AI it takes to do this is running locally. Nothing is sent to the cloud, and nothing is used to train AI models. You also have complete control. You can choose to exclude certain apps, set maximum amounts of storage it can use, and even just pause it if you're doing something that you don't want Recall to remember.

Without any immediate documentation, the FUD train arrived at the station. Videos were shared on Twitter about how Windows is taking screenshots of your PC at all times, conveniently editing out parts that detailed what they would be used for and that they'd never leave your PC. People panicked, and it's understandable, as it sounds pretty scary that Windows is recording everything you do.

The more damning evidence came a few days ago. Some people got Recall running on existing hardware, which it isn't supposed to be able to do, and it turns out that the data being recorded is surprisingly easy to access. The information is just stored in a plain-text database, and it isn't encrypted while in use, meaning that malware could grab your data whenever it wants. And given that it's recording everything you do, that could end up including some pretty sensitive stuff.

We reached out to Microsoft for a comment, and the company has been radio silent, until now.

What Microsoft is doing to fix it

It's actually going to be opt-in

One of the key complaints about Recall is that it was opt-out. In the setup experience, Windows just tells you that it's on, and lets you check a box to open settings after setup is complete. Now, you'll have to choose to turn it on during the out-of-box experience, so it's totally opt-in.

Secondly, you'll have to use Windows Hello in order to turn on Recall. The idea is that in order to access it, Windows will have to know it's you.

Finally, Windows is going to use just-in-time decryption, meaning everything will be encrypted until you've been authenticated. Microsoft also confirmed that it's encrypted the search index database, which was one of the key call-outs in the report from earlier this week.

Microsoft also noted that all Copilot+ PCs are Secured-core, so they're designed to be secure. They have Microsoft Pluton security chips, so there's hardware-level protection going on there.

Why did this take so long?

Anyone could have predicted this

Microsoft is a company that's actually pretty good at security, so it's surprising that the company was ready to send Recall out the door with issues that were obviously going to upset users. Moreover, the service was only announced a couple of weeks ago, and the major part of the backlash is just days old. It didn't take the firm long to come up with a fix.

So, it would seem that in the entire time that Copilot+ was in development, this never occurred to the Windows team. One would have to ask how that's possible.

Interestiingly, this hasn't changed the launch date of Copilot+ PCs, which are still going to hit shelves on June 18.

