Microsoft is reworking Recall after researchers point out its security problems
Enlarge / Microsoft's Recall feature is switching to be opt-in by default, and is adding new encryption protections in an effort to safeguard user data. (credit: Microsoft)
Microsoft's upcoming Recall feature in Windows 11 has generated a wave of controversy this week following early testing that revealed huge security holes. The initial version of Recall saves screenshots and a large plaintext database tracking everything that users do on their PCs, and in the current version of the feature, it's trivially easy to steal and view that database and all of those screenshots for any user on a given PC, even if you don't have administrator access. Recall also does little to nothing to redact sensitive information from its screenshots or that database.
Microsoft has announced that it's making some substantial changes to Recall ahead of its release on the first wave of Copilot+ PCs later this month.
"Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards," wrote Microsoft Windows and Devices Corporate Vice President Pavan Davuluri in a blog post. "With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18."