Microsoft has confirmed that, finally, the controversial Recall function powered by Artificial Intelligence (AI) can be uninstalled from Windows, after initially pointing out that it was an error, while also announcing new security functions to protect data from the users.
Recall is a new feature that the company announced in May of this year as a tool integrated into Copilot+ computers, which will use AI to take screenshots of the computer and create a kind of ‘photographic memory’ so that the user can later scroll through a timeline to find the content that has been previously searched for in any application, document or website.
This function generated controversy when it was understood that could put users’ private information at risk despite the fact that the database would be stored on the computer, locally. This is because it is a tool that saves screenshots every few seconds and stores them as unencrypted data.
In response to criticism, Microsoft updated Recall in June to be disabled by default and require Windows Hello sign-in. Following this line, Recall was initially going to arrive as a preview for users along with Copilot+ computers in June, but Microsoft decided, a few days before, to delay this launch, and facilitate the function first in the Windows Insider testing program in October.
Later, at the end of August, it was announced that Microsoft would allow the Recall feature to be uninstalled for those users who did not want to have it. However, a few days later the technology company indicated that this possibility had been a mistake and that it was working to solve it.
Despite all these changes, Microsoft has now shared that finally, the Recall feature can be completely uninstalled from Windows, making it a completely optional tool for users.
This has been confirmed by Microsoft’s vice president of business security and operating systems, David Weston, in statements to The Verge, where he noted that “There is no longer a predetermined experience, you have to choose it“, in reference to the Recall tool. In this sense, Weston has indicated that they have understood that it is an important option for those who do not wish to have this photographic memory on their devices.
In this way, those users who prefer to avoid Recall will be able to uninstall the Windows 11 function permanently, even including the AI models that Microsoft uses to boost the functions of this photographic memory, according to the technology manager.
More security with Windows Hello
Following this line, Microsoft has shared new security measures for the Recall function in a statement on its blog, among them that, now, Anything captured by Recall will be fully encrypted and will require confirming the user’s ID with Windows Hello to access the data..
As explained by the technology company, the snapshots and any associated information will always be encrypted and protected through the Trusted Platform Module (TPM) of Windows 11. With this, the keys will be stored in the TPM and, to access them, you must Sign in with Windows Hello.
Therefore, users will only be able to access the data captured by Recall through authentication using facial recognition, fingerprint or a PIN. All of this, with the intention of preventing malicious actors or other people from using ‘malware’ to access personal information.
Furthermore, all of this can only be executed within the secure environment that Microsoft refers to as Virtualization-Based Security Enclave (VBS). As you have detailed, the only information that comes out of the VBS enclave is that requested by the user when actively using Recall, this guarantees that other users cannot access these keys stored in the TPM and, therefore, cannot decrypt the information.
Besides Microsoft has also reminded that Recall will only be available on PC Copilot+ computers so it will not be possible to install it on other Windows computers. Additionally, it will be necessary to meet security requirements such as having BitLocker, TPM device encryption, secure boot with system protection, and kernel DMA protection.
For all this, the technology company has indicated that it has carried out security reviews by the Microsoft Security Engineering and Offensive Research (MORSE) team, as well as by an external security provider. Thus, the release of Recall continues to be planned for a preview with Windows Insiders in October.