Microsoft backtracks on PC screenshot feature after outcry
How does the "Recall" feature function and what type of user activity does it capture?
The "Recall" feature is an AI-powered tool designed for Copilot+ PCs running on Windows 11. It functions by taking screenshots of user activities every few seconds, allowing users to search and retrieve past activities on their PC. These activities include interactions within apps, live meetings, and websites visited for research purposes.
The feature uses on-device AI to analyze and triage the captured content, enabling semantic search for anything users have ever done on their computer4. This means users can search for things just by describing them, and Windows Recall will bring up all instances where the search term has appeared on screen.
Recall works by taking snapshots of the screen every few seconds, which are then stored locally and analyzed with AI to understand their contents, including images and text. It does not record audio or save continuous video. The feature is designed to work with certain languages, including English, Simplified Chinese, French, German, Japanese, and Spanish.
To use Recall, users need to have a Copilot+ PC with specific system requirements, including an NPU with 40+ TOPS, 16GB RAM, 256GB storage, and 8 logical processors. The feature is not automatically enabled and users will be prompted to enable it during the Windows setup process. If users choose not to set it up during setup, they can set it up later by launching the Windows Recall app.
Recall has raised privacy concerns as it potentially allows hackers to misuse the tool and its saved screenshots. In response to these concerns, Microsoft is making the feature opt-in instead of automatic. The company has also built privacy into Recall's design, allowing users to control what is captured, such as by opting out of capturing certain websites or not capturing private browsing on Microsoft's browser, Edge.
What were the initial privacy concerns raised about the "Recall" feature?
The initial privacy concerns raised about the "Recall" feature were related to the potential for hackers to misuse the tool and its saved screenshots. Since the feature captures and stores screenshots of desktop activity, critics claimed that it could be a "privacy nightmare" if the data fell into the wrong hands. The UK's Information Commissioner's Office (ICO) also expressed concerns and was "making enquiries" with Microsoft about the tool.
What specific changes is Microsoft implementing to the "Recall" feature in response to privacy concerns?
In response to privacy concerns, Microsoft is implementing several changes to the "Recall" feature. Firstly, they are making the feature opt-in instead of being enabled by default. This means that during the set-up process of Copilot+ PCs, users will be given a clearer choice to opt-in to saving snapshots using Recall3. If users do not proactively choose to turn it on, it will remain off by default.
Secondly, Windows Hello enrollment will be required to enable Recall. Windows Hello is a biometric authentication system that provides an extra layer of security. In addition, proof of presence will also be required to view the timeline and search in Recall. This means that users will need to authenticate themselves with their face or fingerprint in front of the screen to access their Recall data.
Lastly, Microsoft is adding additional layers of data protection, including "just in time" decryption protected by Windows Hello Enhanced Sign-in Security (ESS). This ensures that Recall snapshots will only be decrypted and accessible when the user authenticates. Furthermore, the search index database will also be encrypted.
These changes aim to address the privacy and security concerns raised by users and experts, providing them with more control over their data and ensuring that sensitive information is better protected.