Microsoft, Please Address the Recall Concerns Immediately (Premium)

In what can only be described as the most avoidable PR nightmare in recent Microsoft history, the withering criticism of Windows 11 Recall continues unabated. This is an issue Microsoft should have predicted and countered with thorough documentation proving its security and privacy claims.

But this isn’t just on Microsoft: From the BBC to every Microsoft hater on the planet, the claims that Recall is easily hacked are easy to debunk, and range from basic scare tactics to outright misinformation. I’ve already made the case that Windows 11 Recall isn’t a privacy concern. And nothing written since then to the contrary has proven otherwise.

And yet here we are.

Let’s frame this discussion properly. Any argument about Recall that starts with an individual needing to sign in to the PC in question with admin privileges, in-person or remotely, can be ignored. This is a basic security issue that has nothing to do with Recall in many ways, but if a PC is so insecure that such a thing is possible, there are more immediate concerns.

I spent most of last December documenting how one can and should correctly secure their Microsoft account (MSA), and a big part of why you should do so is that you can sign in to your Windows PC securely. And that requires a PIN, at minimum–this policy is enabled by default in Windows 11–but more ideally a more secure Windows Hello biometric authentication type, like facial or fingerprint recognition.

If you do these things–secure your MSA, sign in to Windows 11 with that MSA, and enable Windows Hello–you’re secure. Your sign-in is secure, and the PC’s disk will automatically be encrypted. Together, these things ensure that someone else with physical access to the PC, like a thief, can’t sign in to your account and can’t remove the PC’s storage or otherwise read its contents. This is the baseline.

But Copilot+ PCs, the only PCs that can use Recall, are even more secure than that because they introduce further security requirements into this chain of protection. This is described below, but this simple fact negates any issues raised by those who got Recall working on non-Copilot+ PC hardware: Those systems are not secured as well as Copilot+ PCs, rendering those discussions moot.

Tied to this, I would like you to think–really think– about what it is these people are complaining about. To “prove” that Recall is insecure, they have ripped the application/service out of software code, enabled it on insecure, non-compliant PCs using local admin access, and then claimed they’ve found some soft underbelly. Now think about who Recall is for: Normal people who will buy a new PC, review this option, enable it if desired, and then use it on a PC that’s secure. People who will never hack Recall to make it work on non-compliant hardware. This whole conversation is idiotic.

OK. So, what makes a Copilot+ PC more secure?

Copilot+ PCs have a Microsoft Pluton security processo...