"Anything sensitive is always encrypted:" Microsoft's controversial Windows AI that remembers everything you do on your PC is finally secure, but will trust follow?

News
By
published

After fierce blowback, Microsoft has outlined new fixes to Recall's security, but questions remain about whether people will opt to use it.

Windows Recall
(Image credit: Windows Central)

What you need to know

  • Microsoft has detailed how it's improved Recall's security with encryption and Windows Hello authentication.
  • Recall's data is now isolated in a VBS Enclave, meaning it's no longer readable by third-party apps and users.
  • Snapshots will now automatically filter out sensitive information like passwords and credit card details.
  • Recall never uploads data to the cloud, and can be uninstalled from the system if you don't want it.

Microsoft is finally ready to detail how it’s updating Windows Recall to ensure it’s a secure experience that can’t be easily hacked or tampered with. After the monumental failure that was Recall's original debut, the company is now confident that Recall is a safe experience that users should feel comfortable using.

Originally, Windows Recall was discovered to be storing data in an unencrypted state, making it ripe for third-party attackers to scrape sensitive information collected by the Recall process. Microsoft has now addressed this concern, moving to encrypting the data and ensuring the user is actively present to access it. 

The company has published a detailed article detailing all the security improvements it’s making to Windows Recall, but it boils down to four key changes:

  • Recall data is now stored in an encrypted state in isolation via a VBS Enclave
  • Snapshots will now automatically filter out passwords, credit cards, and national IDs
  • Access to Recall data requires Windows Hello authentication every time
  • Recall is optional, off by default, and can be uninstalled

An attacker is unable to infiltrate Recall's services that handle snapshots and data.  (Image credit: Microsoft)

Recall is still Copilot+ PC exclusive and requires an NPU that can output at least 40 TOPS of power. This means most PCs won't even be eligible to use Recall. For the PCs that are, Microsoft has addressed the biggest concerns people had with Recall, including how it stores data locally on your device.

Now, any data that Recall collects is stored in an encrypted VBS Enclave, which is essentially a secure virtual machine that is isolated from the rest of the system, meaning the data stored inside it is inaccessible without a decryption key, which the Recall app provides when the user authenticates with Windows Hello.

"Anything sensitive is always encrypted and the keys for that are fully protected" said Microsoft VP of Enterprise and OS Security, David Weston, speaking with Windows Central. "All of the sensitive Recall processes, so screenshots, screenshot processing, vector database, are now in a VBS Enclave. We basically took Recall and put it in a virtual machine, so even administrative users are not able to interact in that VM or run any code or see any data."

This change alone is the biggest improvement to Recall, ensuring that the data it collects is safely stored on your device and inaccessible by anyone but you. Not even Microsoft can see the data stored by Recall in the VBS Enclave, even if it wanted to. Recall will also rate limit attempts to access encrypted data, so potential malware won’t be able to brute force entry through the Recall app itself.

Another important change is that Recall now requires the user to be actively present to access any data via Windows Hello. This means that even if an attacker has physical access to your device, Recall's data is inaccessible unless you are actively sitting in front of your PC. "The user has to be present to set up Recall, the user has to be present to decrypt anything. In fact, their identity is what releases the [encryption] keys."

Windows Hello is now a key part of the Recall encryption process. (Image credit: Microsoft)

Weston continues: "The actual encryption keys are stored in the TPM, and they're only released through a biometric match. They're never released outside of the enclave, the keys are all protected inside of the enclave. Your screenshots, your vector database, anything that you would consider sensitive is in there, and it's only released outside of that in small amounts based on a query, after the user is authorised."

In addition to securing how the data is stored on your PC, Microsoft has also added a new feature to the snapshot process that will locally and automatically filter out sensitive information such as passwords, national IDs, and credit card numbers using Purview. So even if an attacker was able to briefly gain access to the VBS Enclave, they wouldn’t be able to find much in the way of sensitive information.

It's also important to stress that snapshots and the data collected from them are never uploaded to the cloud. Recall operates entirely on-device. This is a promise Microsoft made when Recall was originally announced back in May, and it's remaining committed to that promise today.

"We're not sending any of this information anywhere" Weston tells me. "Microsoft could never even decrypt this [data] even if we wanted to. The only thing we send back is basic diagnostic usage to fix bugs and user-controlled feedback." The company really wants you to know that the data Recall collects never moves from your device, and can be filtered and deleted with ease.

The last big change to Recall is that the entire experience is now completely optional and is off by default. Users will be prompted to enable it when setting up a Copilot+ PC, but if they choose not to the Recall service will remain off. Additionally, Microsoft says you will be able to remove Recall from your system if you’re not comfortable with it being present in the OS.

This is where you can choose to enable or disable Recall during setup. (Image credit: Microsoft)

If you're worried that Microsoft might attempt to automatically enable Recall down the line, it doesn't sound like that's something Microsoft is interested in doing. Weston said "there are no plans that I'm aware of to turn this on by default or ask users to re-enable. That doesn't mean those plans can't change in the future, but certainly for now, that's not in the plans."

Weston also confirmed to me that Windows Recall is actually not installed by default on Windows 11 Enterprise. Recall is an optional component that enterprises can opt to include, but by default Recall is not present in the OS image. "On the Enterprise SKU the bits for Recall are not there at all. It's an optional component you have to install. It's actually not on the machine by default."

If an does Enterprise choose to use Recall on company computers, Weston assures me that employers won't be able to use it as a tool see what employees are doing during the workday. "No, an employer cannot see that information. It's fully encrypted, [accessible] only to the logged in user."

Microsoft is just about ready to begin testing Windows Recall out in the open, and intends to begin doing so with Windows Insiders in October on Copilot+ PCs with an Arm-based processor. Copilot+ PCs with Intel- and AMD-based processors will be able to join the Recall preview soon after.

Of course, it remains to be seen just how bullet-proof Microsoft's new solutions for storing Recall data really are. Once the preview rolls out in a few weeks, there will almost definitely be cybersecurity researchers all over it attempting to break into the secure enclave. We'll have to wait and see how this plays out.

Zac Bowden
Zac Bowden
Senior Editor

Zac Bowden is a Senior Editor at Windows Central. Bringing you exclusive coverage into the world of Windows on PCs, tablets, phones, and more. Also an avid collector of rare Microsoft prototype devices! Keep in touch on Twitter and Threads