Microsoft (NASDAQ: MSFT) has announced significant changes to its brand-new Recall feature, responding to widespread privacy and security concerns. Originally set to release on June 18th and be enabled by default on Windows 11 Copilot+ devices, the Recall feature repeatedly captures and stores screenshots of user activity, allowing customers to look back on their previous actions and search for things they may have forgotten. After dealing with a sustained backlash from cybersecurity experts and privacy activists since announcing the feature on May 20th, Microsoft will now make the feature opt-in only and include thorough decryption and authentication policies.
Security researchers quickly identified the potential for Recall to be exploited by malicious actors, prompting Microsoft to revise its approach to mitigate concerns about unauthorized access to screenshots, including potentially sensitive personal or business data.
Much of the criticism came from the fact that the product and its features directly contradict Microsoft’s recent commitment to a “security first” mindset and its rollout of the Secure Future Initiative, which was recently implemented after the company faced several cybersecurity incidents in the past year and received criticism from regulatory review boards for its less-than-ideal cyber policies.
Why it matters: This product, and its shortcomings, are yet another example of a lack of balance between innovative tech solutions and user data protection. Microsoft’s decision to alter the feature reflects the company’s responsiveness to public and expert feedback, and willingness to adjust company programs and features that may be deemed insecure or hazardous.
- Enhanced Security Protocol: The Recall feature, initially designed to be a default setting on Windows 11 Copilot+ devices, will be changed so the user must manually opt into the feature. Microsoft has also added additional layers of data protection including decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates.
- User Control: Users will also be able to customize their Recall experience, excluding certain applications from being captured and having the ability to pause, filter, or delete snapshots. IT administrators in enterprise environments will be able to disable Recall, but cannot enable it on behalf of users.
- Industry Implications: Microsoft’s willingness to address the backlash, and change core features of the Recall program to be more secure, highlights the company’s commitment to security and privacy. The changes could also influence how other tech companies approach the development and deployment of new features, prioritizing user privacy and security to avoid similar controversies and ensure user trust.
Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns – The Hacker News