Sunday, 19 January 2025
25.9 C
Singapore

Microsoft reveals new Recall security features, ensuring user control

Microsoft outlines security updates for Recall AI, emphasising user control, encryption, and third-party testing to address privacy concerns.

Microsoft has shared an update on the security and privacy protections in its latest AI tool, Recall. In a detailed blog post, the company outlined the measures to safeguard users’ data and prevent potential privacy issues. Key topics in the post include Recall’s security architecture and technical controls designed to ensure users remain in control of their data. Despite these assurances, it is important to note that while Recall is optional, it cannot be fully uninstalled from your device, as recently confirmed by Microsoft.

The blog post dives deep into the security challenges Recall faces. One of the main design principles outlined is that “the user is always in control.” This means that users can decide whether or not to enable Recall during the setup of their new Copilot+ PC. Microsoft emphasises that Recall will only run on devices that meet strict security requirements, which include features such as Trusted Platform Module (TPM) 2.0, System Guard Secure Launch, and Kernel DMA Protection. These hardware demands aim to boost the overall security of the system.

Recall’s user control features

The company highlighted the importance of keeping users responsible for Recall’s data access. During your device’s initial setup, you can choose to opt out of using Recall. If you choose not to activate it, Recall will remain off by default. Microsoft has also clarified that users can disable Recall via Windows settings, although it remains to be seen if this action will completely remove the tool from your system.

Should you decide to use Recall, you can filter certain apps or websites, preventing Recall from saving any data linked to them. Additionally, any information gathered while browsing in incognito mode will not be saved. You will also have full control over how long Recall retains your data and how much disc space it uses for storing snapshots. If you ever want to delete specific data, you can erase snapshots from a particular time range or remove all data related to a particular app or website.

Microsoft adds a system tray icon to indicate when Recall is collecting snapshots. You can pause the data collection at any time. For added security, accessing Recall content will require biometric verification, such as Windows Hello. Microsoft has confirmed that all sensitive information stored by Recall is encrypted and linked to your Windows Hello identity. This ensures that no other users on the same device can access your Recall data. It remains secure within a Virtualisation-based Security Enclave (VBS Enclave), with only certain portions of the data allowed to leave the VBS when authorised.

Encryption and sensitive data

Microsoft has also provided more details on Recall’s architecture. They confirmed that “processes outside the VBS Enclaves never directly receive access to snapshots or encryption keys.” Instead, external processes only get the data that has been authorised and released from the enclave. To further safeguard sensitive content, filters are in place to block Recall from saving certain types of information, such as passwords, credit card numbers, and ID details.

In another step towards bolstering security, Microsoft works with a third-party vendor to conduct a penetration test, ensuring that Recall meets high-security standards. This third-party verification aims to assure users that Recall is a secure tool, as Microsoft acknowledges the existing concerns surrounding its use.

Will the new measures be enough?

The introduction of these new security features reflects Microsoft’s awareness of the scepticism surrounding Recall. Since its launch, some users have voiced concerns about potential privacy issues, and a small group has even boycotted the AI tool entirely. Whether these new measures will alleviate these concerns remains to be seen. However, Microsoft is making strides to prove that its AI assistant can be trusted to handle sensitive data safely.

Hot this week

ChatGPT’s head of product to testify in US antitrust case against Google

ChatGPT’s head of product, Nick Turley, will testify in the US government’s antitrust case against Google, addressing AI and competition issues.

ASUS introduces ProArt Display 5K PA27JCV for creative professionals

ASUS unveils the ProArt Display 5K PA27JCV, a 27-inch monitor offering 5K resolution, Delta E<2 colour accuracy, and advanced features for creators.

Amazon pauses drone deliveries in the US after testing crash

Amazon halts US drone deliveries after crashes during testing, citing safety concerns and working on software updates for its fleet.

Amazon to acquire Indian BNPL startup Axio for over US$150M

Amazon is acquiring Indian BNPL startup Axio for over US$150M, strengthening its push into financial services in one of its fastest-growing markets.

Asus ProArt Display 5K delivers stunning visuals and exceptional accuracy

ASUS launches the ProArt Display 5K PA27JCV in Singapore, which costs S$1,099 and offers precision colour accuracy, HDR support, and LuxPixel tech.

ASUS introduces ProArt Display 5K PA27JCV for creative professionals

ASUS unveils the ProArt Display 5K PA27JCV, a 27-inch monitor offering 5K resolution, Delta E<2 colour accuracy, and advanced features for creators.

Character AI tests games on its platform to boost user engagement

Character AI introduces games to its platform to boost user engagement and enhance its entertainment offerings.

Canoo files for bankruptcy, ending seven years of EV innovation

Canoo, a seven-year-old EV startup, filed for bankruptcy and ceased operations after failing to secure funding.

Perplexity acquires Read.cv, a professional networking platform

Perplexity acquires professional networking platform Read.cv, ending its operations. Users can export data until May 16 as domains shift to Hello.cv.