Sep 30, 2024 11:13:00

Details of security measures taken for Windows' PC operation history search AI 'Recall', whose release has been postponed, have been revealed

Microsoft announced the operation history search AI '

Recall ' as a highlight feature of Copilot + PC in May 2024, but the release date was postponed due to a large number of concerns about security and privacy. David Weston , Microsoft's vice president of enterprise and OS security, explains the security and privacy measures taken for Recall.

Update on Recall security and privacy architecture | Windows Experience Blog
https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/

Recall is an AI feature that takes a 'screen snapshot' every 5 seconds and analyzes the content, such as images and text, displayed on the screen to make it searchable. Recall was announced on May 20, 2024 as a feature for Copilot+ PCs with high AI processing power, but in response to concerns about security and privacy, it was announced on June 7, 2024 that ' Recall will be disabled until the user gives permission .' Furthermore, on June 13, 2024, it was decided to postpone the release of Recall itself. After that, on August 21, 2024, it was reported that 'Recall will be released for Windows Insiders in October 2024.'

Microsoft announces that the controversial 'Recall' feature will be available for Windows Insiders from October 2024 - GIGAZINE

On September 27, 2024, details about security and privacy measures were released ahead of the release of Recall. According to Weston's explanation, during the initial setup of Copilot+ PC, the following screen will be displayed, allowing you to choose whether or not to use Recall. If the user does not enable Recall, snapshots will not be taken or saved, and there will also be an option to delete Recall in Windows settings.

Even if Recall is enabled, snapshots and other Recall-related information are always encrypted. The encryption key is protected by the TPM and can only be operated in a virtualization-based security space called a '

VBS enclave .' For this reason, user authentication with Windows Hello is required to access the encryption key, and even other users using the same PC cannot access the encryption key.

Not only encryption keys, but also Recall-related services such as snapshot analysis are designed to run within the VBS enclave, and user authentication with Windows Hello is required to approve access to the Recall UI or change settings. These measures limit the data breach caused by malware.

In addition, Weston lists the following privacy protection measures taken by Recall:
Snapshots and related data are stored locally
Snapshots and associated data are not shared with Microsoft or other users on the same device.
- Users can 'delete', 'pause' and 'disable' snapshots at any time.
- Users can set the period for which snapshots are to be saved and storage capacity limits
- Private browsing is not saved for 'Edge', 'Firefox', 'Opera', 'Chrome' and 'Chromium-based browsers'.
- You can disable saving for specific websites in Edge, Firefox, Opera, and Chrome.
Sensitive information such as passwords and credit card numbers are filtered by default
- You can delete 'content you did not intend to save' that appears in search results at any time.
- You can check the snapshot saving status and pause it with the icon in the system tray

In addition, Recall has undergone several months of design review and penetration testing by the Microsoft Offensive Research & Security Engineering team (MORSE) , as well as independent design review and penetration testing by third-party security vendors. Weston claims that these designs and tests have provided 'strong control against known threats.'