Microsoft explains the data privacy protection guidelines for the Recall feature in Windows 11, which captures PC screens for easier retrospective data retrieval. The feature was introduced in May but faced security and privacy criticisms, leading Microsoft to postpone its release, improve it, and prepare to test it with Insider groups in October.
David Weston, Microsoft’s Vice President of Operating System Security, confirmed that Recall is an opt-in feature, and users can uninstall it completely if they choose not to use it, as per previous rumors.
The security architecture of Recall stores all screen data in VBS Enclaves, sensitive data storage areas isolated from the operating system itself using Hyper-V (VBS stands for Virtualization Based Security). All data is encrypted and can only be unlocked through Windows Hello authentication, inaccessible from the OS kernel or system admins, addressing previous concerns about storing some data in plaintext.
Microsoft emphasizes that users can choose to disable Recall for certain websites or apps, omitting screen capture during password entry and excluding personal information such as social security numbers or credit card numbers. It does not capture browser screens in private mode (compatible with Edge, Chrome, Firefox, Opera, and all Chromium-based browsers).
Recall operates only on Copilot+ PCs, requiring BitLocker/Device Encryption, TPM 2.0, and VBS, which are fundamental security measures of Windows 11 in today’s era.
TLDR: Microsoft addresses security and privacy concerns by explaining the Recall feature in Windows 11, emphasizing user control, data encryption, and restricted access, ensuring a balance between functionality and privacy protection.
Leave a Comment