Microsoft says Windows Recall is not a security issue anymore and it has the proof for it

Microsoft has released more details about its upcoming Recall security and privacy features in the latest Windows 11 update. Recall is a new AI-powered feature designed to help users find information, documents, and more that they have seen on their PC.

Recall works by taking “snapshots” of your PC activity, including web pages, documents, emails, and more. You can then search through these snapshots using text or images to find something you remember seeing but can’t quite remember where.

Security and privacy are among the most significant concerns around a feature like Recall. You don’t want a record of everything you see and do on your PC stored and accessed by other parties. And Microsoft says that it has worked to address those concerns with Recall.

In a blog post, Microsoft says that Recall’s “snapshots and associated data” are stored in secure enclaves in Windows 11 that use the Trusted Platform Module (TPM) and Windows Hello biometric data as keys.

To access that data, apps must use Microsoft’s Recall User Activity API and request the user’s permission through Windows Hello. All the recall data is also encrypted, and Microsoft says the information stays on the user’s device.

Recall is designed so that the user and only the user is in control of their information. No data or information is sent to Microsoft or any third party, and only the user can manage and delete their data.

Microsoft says Recall also supports enterprise-grade privacy controls, so admins can manage how It works on corporate machines. Users can also completely disable recall in Windows settings.

In addition to the security model, Microsoft also details the underlying architecture of Recall. Multiple components, including a secure settings store, a semantic index, a snapshot store, the Recall user interface, and more power the feature. Microsoft says that Recall’s data stores are isolated from other Windows APIs and apps and that the data is “rate-limited” to prevent abuse.

Recall will be available as a preview in the weeks ahead, and Microsoft says it’s working with several partners to build integrations with third-party apps to make user activity within those apps searchable.

So, is this enough to alleviate privacy and security concerns about Windows Recall? We’ll likely see much discussion of this question in the coming weeks.