Microsoft is making a major U-turn on its new “Recall” feature for Windows 11, which takes screenshots of everything you do on your PC. The company will now make it an opt-in feature, addressing privacy fears raised by security experts and users alike.

Recall was unveiled last month as part of the upcoming Copilot Plus PCs. This feature uses artificial intelligence to capture screenshots of your screen periodically, allowing you to search your activity and find things you’ve seen before. While the idea of a searchable history sounds convenient, the privacy implications were concerning.

Security researchers pointed out that Recall, if not implemented securely, could be a goldmine for attackers. The data collected by Recall could be used to steal passwords, credit card information, and other sensitive details.

Related /

• Microsoft Recall: security nightmare or productivity booster?
• Recall: the AI-powered time machine for your PC
• Microsoft announces Copilot Plus PCs with AI chips and GPT-4 support

Thankfully, Microsoft listened to the complaints. Here’s how they’re addressing the privacy concerns:

• Opt-in feature: Previously planned to be enabled by default, Recall will now require users to explicitly turn it on during the setup process of new Copilot Plus PCs.
• Windows Hello authentication: To activate Recall and access your timeline, you’ll need to authenticate using Windows Hello, which uses facial recognition, fingerprint scanning, or a PIN. This adds an extra layer of security.
• Enhanced data protection: Microsoft is adding encryption to the data collected by Recall. This includes “just-in-time” decryption, which means the data will only be decrypted when you authenticate with Windows Hello. Additionally, the search index database is also being encrypted.

These changes come after security experts discovered that the initial version of Recall stored data in plain text, making it vulnerable to malware attacks. Tools were even being developed to exploit this weakness and extract user data from Recall.

Microsoft is keen to emphasize that Recall is part of its Secure Future Initiative (SFI), a program aimed at improving the security of its software after a series of high-profile cyberattacks. CEO Satya Nadella has even called on employees to prioritize security above all else, even if it means delaying new features.

While Microsoft claims they’re following its SFI principles, some experts believe these security issues should have been caught internally before the initial announcement.

It’s also important to note that Recall will only be available on new Copilot Plus PCs, which are designed with advanced security features like firmware safeguards and a special security processor to protect user data.

Microsoft says it will continue to listen to user feedback and prioritize privacy, safety, and security when developing new features. This is a welcome change, and hopefully, it signifies a stronger commitment to user privacy from Microsoft in the future.