Microsoft Reverses Course on Controversial AI Feature Recall, Makes It Opt-In

In response to mounting criticism from the security and privacy community, Microsoft announced on Friday that it will disable its much-criticized AI-powered Recall feature by default and make it an opt-in option. The feature, which captures screenshots of users' screens every five seconds to create an "explorable visual timeline," faced backlash for potential security risks and privacy violations.

Recall, currently in preview mode and set to launch exclusively on Copilot+ PCs on June 18, 2024, was intended to function as an AI-enabled photographic memory. However, concerns were raised about the lack of adequate safeguards that could potentially give malicious actors access to sensitive information, such as screenshots of documents, emails, or temporary messages shared on instant messaging platforms.

Critics, including Wired's Andy Greenberg, labeled Recall as "unrequested, pre-installed spyware built into new Windows computers," while Windows Central reported that Microsoft had been overly secretive during its development and chose not to test it publicly.

Microsoft responded to the criticism by emphasizing that users have complete control over the Recall feature. The company launched it in preview mode in order to gather customer feedback and has since implemented several significant changes. These changes include enhanced security updates and a new setup process that allows users to opt out of periodically saving screenshots using Recall altogether.

To enable Recall, users will now need to enroll for Windows Hello biometric scanning, with proof of presence required to view the timeline and perform searches. The tech giant also emphasized that Recall snapshots will only be decrypted and accessible upon user authentication, offering an additional layer of protection. Additionally, the search index database, previously stored in an unencrypted SQLite database, will now be encrypted.

Microsoft assured users that Recall snapshots are stored and processed locally on the device and are not shared with other companies or applications. Users can pause, filter, and delete saved snapshots at any given point in time. For managed work devices within enterprise settings, IT administrators have the authority to disable Recall, although they cannot enable it.

Notably, Microsoft's decision to reverse course on Recall aligns with its commitment to prioritize security in its Secure Future Initiative. The company has faced several security breaches orchestrated by nation-state actors in recent years, prompting CEO Satya Nadella to emphasize the importance of placing security above all else.

While security researcher Kevin Beaumont, a vocal critic of Recall's initial implementation, acknowledged the positive changes, he called on Microsoft to commit to not attempting to enable the feature by default in the future. Beaumont highlighted the importance of giving users a choice to opt in, stating that it will ultimately prevent security issues down the line.

As Microsoft continues to address security concerns and prioritize user privacy, the reversal on Recall serves as another step towards safeguarding customer data. By making the feature opt-in, the company aims to empower users to make informed choices regarding the use of AI technologies within their Windows systems.