Controversial feature for enhanced AI search set to return in Oct 2024

Subsequently, in a 27 Sep blog post, the firm had declared the feature to be sufficiently sanitized, and would be rolled out to Windows Insiders in Oct 2024. Reassurances include:

• First, since the feature is “designed with security and privacy in mind” like all other software by the firm, ergo, the revised feature can be trusted by trusting users.
• Next, users do not even have to use the feature, as it is not active until manually turned on. The feature can also be removed entirely via optional settings in Windows.
• When in use, the feature’s snapshots and associated information in the vector database are stored locally on the host devices, and always encrypted and protected by the Trusted Platform Module tied to users’ Windows Hello Enhanced Sign-in Security. The data can be used only by operations within a Virtualization-based Security Enclave. Enclaves also have rate limiting and anti-hammering protections to mitigate the risk of brute force attacks.
• The blog explained: “Services that operate on screenshots and associated data or perform decryption operations reside within a secure VBS Enclave. The only information that leaves the VBS Enclave is what is requested by the user when actively using Recall.”
• The feature currently supports personal identity numbers as a fallback method after configuration, to avoid data loss if a secure sensor is damaged. Users are always in control, and can delete, pause or turn them off at any time. “Any future options for the user to share data will require fully informed explicit action by the user.”
• The feature will not recall certain things content in private browsing on supported browsers. Activities within user-designated apps and websites (only via supported browsers) can also be excluded.